JP2008040909A - Passcode information processor, passcode information processing program, and passcode information processing method - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a passcode information processor that detects requesting of a passcode from the system side with an onetime password generator, and can automatically transmit an adaptive passcode. <P>SOLUTION: The passcode information processor connectable to an IC card having tamper resistance detects a tag for commanding passcode generation by onetime password method in a Web site. When the tag for commanding passcode generation is detected, the information processor specifies information about the seed as the source for generating the passcode. When the seed is specified, the information processor inputs a personal identification number by operation by an operator, provides the input personal identification number and the information about the specified seed to the IC card, acquires the generated passcode, and transmits the acquired passcode to the Web site. <P>COPYRIGHT: (C)2008,JPO&INPIT

Description

  The present invention can generate a passcode in a passcode information processing apparatus capable of connecting an IC card having tamper resistance and a passcode information processing apparatus capable of connecting an IC card having tamper resistance. The present invention relates to a passcode information processing method and a passcode information processing method for generating a passcode in a passcode information processing apparatus that can connect an IC card having tamper resistance.

It is important to ensure security when accessing a system through an open network to receive a service specific to an individual. For this purpose, authentication is required to confirm that the person can receive the service.
For authentication, a password that proves that the user is a legitimate user is used. There is a password called a one-time password (disposable password). This possesses a small device (one-time password generator, generally called a token) that can be carried by the user, and displays a six-digit password that switches, for example, every 60 seconds. A password is shared by the same program on the system side that logs in. Even if the password is stolen via the network, the password can be changed immediately (the password can be thrown away), so that high security can be ensured.
The password that is switched every certain number of seconds is generated by a certain algorithm based on the seed (SEED, seed, prime of random number).

  For example, Patent Document 1 discloses that a mobile terminal such as a mobile phone functions as a token. The invention described in Patent Document 1 provides a one-time password generation module, a distribution system, and a distribution method that can eliminate the complexity of hardware distribution and software installation management and can improve security. The one-time password generation module distribution system creates a one-time password generation module and a portable terminal that requests the one-time password management server to create a one-time password generation module for generating a one-time password. The one-time password management server that outputs to the web server and the one-time password generation module that is output from the one-time password management server and holds it, and responds to requests from mobile terminals. The is intended to include a web server to be output to the portable terminal in binary code form.

  Further, for example, Patent Document 2 discloses a passcode setting using a mobile terminal. An object of the invention described in Patent Document 2 is to provide a terminal registration system in which a user of a mobile terminal can easily register the mobile terminal and prevent unauthorized registration. Receives the terminal identifier and communication identifier of the mobile terminal from the registration terminal, generates a passcode and transmits it to the registration terminal. The registration terminal displays the passcode and notifies the user of the mobile terminal. The user of the terminal inputs the passcode displayed on the registration terminal, the mobile terminal transmits the input passcode to the information server, and the information server matches the generated passcode with the generated passcode. The terminal identifier of the portable terminal is registered in association with the user only when it is done.

A service using a mobile terminal via the Internet is disclosed in Patent Document 3, for example. The invention described in Patent Document 3 provides a service providing method and system capable of providing a service having a different added value with respect to a procedure performed when a predetermined procedure is performed on the Internet. After logging in to the service providing server from the PC terminal, performing the original procedure, and transmitting the address of the mobile terminal, the password issuing unit issues a passcode for using the additional service, along with the content directory On the other hand, the data control unit records the URL of the service providing server to the mobile terminal and notifies the PC terminal of the passcode and provides the service from the mobile terminal using the received URL. When the server is accessed and the passcode is sent, the passcode authentication unit authenticates and authenticates correctly. When it is, in which the corresponding content is transmitted is extracted from the content storage unit in the portable terminal.
JP 2002-278929 A JP 2005-269571 A JP 2004-133855 A

However, such a conventional technique has a problem that when a pass code is requested from the system side, the operator must manually input the pass code. In particular, the fact that the operator has to input manually even though the one-time password generator is connected to the system via a communication line or the like is cumbersome for the operator, and the passcode is incorrect. There was a problem that could be input.
The present invention has been made paying attention to such problems of the conventional technology. The one-time password generator detects that a passcode is requested from the system side, and requests the passcode. It is an object of the present invention to provide a passcode information processing apparatus, a passcode information processing program, and a passcode information processing method that can transmit a passcode adapted to the system side.

The gist of the present invention for achieving the object lies in the inventions of the following items.
[1] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag that instructs generation of a passcode is detected by the one-time password tag detection unit, a seed specifying unit that specifies information about a seed that is a source for passcode generation;
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device.

[2] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
If a tag for instructing passcode generation is detected by the one-time password tag detection means, information on the seed that is a source for passcode generation stored in the IC card via the IC card interface Seed list acquisition means for acquiring a list;
Seed identification means for identifying a seed by an operation of an operator from a list of information on seeds acquired by the seed list acquisition means;
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
Seed list providing means for providing a list of information about seeds stored in the seed storage means via the IC card interface;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device.

[3] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
A seed specifying means for specifying information relating to a seed that is a source for generating a passcode according to attribute information of the tag when a tag that instructs generation of a passcode is detected by the one-time password tag detecting means; ,
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device.

[4] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detection means, information on the seed used as a source for passcode generation according to the attribute information of the tag and the address information of the website Seed identification means for identifying
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device.

[5] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
Seed specifying means for specifying information related to a seed for generating a passcode according to the address information of the Web site when a tag for instructing passcode generation is detected by the one-time password tag detecting means When,
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device.

[6] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detecting means, a first information specifying a seed that is a source for generating a passcode is determined according to address information of the Web site Seed identification means;
If one seed cannot be specified by the first seed specifying means, a seed list acquiring means for acquiring a list of information related to the corresponding seed stored in the IC card via the IC card interface;
Second seed specifying means for specifying a seed by an operation of an operator from a list of information on seeds acquired by the seed list acquiring means;
When the seed is specified by the second seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
Seed list providing means for providing a list of information about seeds stored in the seed storage means via the IC card interface;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device.

[7] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag that instructs generation of a passcode is detected by the one-time password tag detection unit, a seed specifying unit that specifies information about a seed that is a source for passcode generation;
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site.

[8] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
If a tag for instructing passcode generation is detected by the one-time password tag detection means, information on the seed that is a source for passcode generation stored in the IC card via the IC card interface Seed list acquisition means for acquiring a list;
Seed identification means for identifying a seed by an operation of an operator from a list of information on seeds acquired by the seed list acquisition means;
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site.

[9] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
A seed specifying means for specifying information relating to a seed that is a source for generating a passcode according to attribute information of the tag when a tag that instructs generation of a passcode is detected by the one-time password tag detecting means; ,
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site.

[10] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detection means, information on the seed used as a source for passcode generation according to the attribute information of the tag and the address information of the website Seed identification means for identifying
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site.

[11] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
Seed specifying means for specifying information related to a seed for generating a passcode according to the address information of the Web site when a tag for instructing passcode generation is detected by the one-time password tag detecting means When,
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site.

[12] A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detecting means, a first information specifying a seed that is a source for generating a passcode is determined according to address information of the Web site Seed identification means;
If one seed cannot be specified by the first seed specifying means, a seed list acquiring means for acquiring a list of information related to the corresponding seed stored in the IC card via the IC card interface;
Second seed specifying means for specifying a seed by an operation of an operator from a list of information on seeds acquired by the seed list acquiring means;
When the seed is specified by the second seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site.

[13] The passcode information processing apparatus is a mobile phone or a data communication card, and the IC card is a USIM card. [1], [2], [3], [4], [5 ], [6], [7], [8], [9], [10], [11] or [12].

[14] A passcode information processing program capable of causing a passcode information processing apparatus capable of connecting an IC card having tamper resistance to generate a passcode,
In the passcode information processing apparatus,
An IC card interface function for performing input / output with the IC card;
A one-time password tag detection function for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detection function, a seed specifying function for specifying information on a seed that is a source for passcode generation;
When the seed is specified by the seed specifying function, a personal identification number input function for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing function for providing information related to the personal identification number input by the personal identification number input function and the seed specified by the seed specifying function to the IC card via the IC card interface function;
A passcode acquisition function for acquiring a passcode generated by the IC card via the IC card interface function;
A passcode information processing program for realizing a passcode transmission function for transmitting a passcode acquired by the passcode acquisition function to the website.

[15] A passcode information processing method for causing a passcode information processing apparatus capable of connecting an IC card having tamper resistance to generate a passcode,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
Detect a tag instructing passcode generation by the one-time password method in the website,
When a tag instructing passcode generation is detected by the detection, specify information on a seed that is a source for passcode generation,
If the seed is specified, enter the personal identification number by the operation of the operator,
Providing the entered personal identification number and information about the identified seed to the IC card via the IC card interface;
Obtaining a passcode generated by the IC card via the IC card interface;
The passcode information processing method characterized by transmitting the acquired passcode to the website.

The present invention operates as follows.
The passcode information processing apparatus, passcode information processing program, and passcode information processing method according to the present invention detect a tag instructing generation of a passcode by a one-time password method in a website, and a tag instructing generation of a passcode is detected. If it is detected, information related to the seed that is the basis for passcode generation is specified. If the seed is specified, the personal identification number is input by the operation of the operator. Information on the identified seed is provided to the IC card, a passcode generated by the IC card is acquired, and the acquired passcode is transmitted to the website. On the other hand, the IC card stores a plurality of information related to seeds, acquires information related to the provided personal identification number and seeds, and selects and acquires the stored seeds according to the acquired information related to seeds. A pass code is generated by a one-time password method using the personal identification number and the selected seed. It is also possible for the operator to input his / her own personal identification number and perform authentication using the personal identification number and passcode.
As a result, a passcode request from the system side can be detected and a suitable passcode can be transmitted, so that the operability and convenience for the operator can be further improved.

  According to the passcode information processing apparatus, passcode information processing program, and passcode information processing method according to the present invention, it is possible to detect a passcode request from the system side and transmit a suitable passcode. The operability and convenience for the operator can be further improved.

Hereinafter, preferred embodiments of the present invention will be described with reference to the drawings.
Each figure shows an embodiment of the present invention. FIG. 1 is a conceptual module configuration diagram of an embodiment of the present invention.
The module generally refers to a component such as software or hardware that can be logically separated. Therefore, the module in the present embodiment indicates not only a module in a program but also a module in a hardware configuration. Therefore, the present embodiment also serves as an explanation of a program, a system, and a method. In addition, the modules correspond almost one-to-one with the functions. However, in mounting, one module may be composed of one program, or a plurality of modules may be composed of one program. A plurality of programs may be used. The plurality of modules may be executed by one computer, or one module may be executed by a plurality of computers in a distributed or parallel environment. Hereinafter, “connection” includes not only physical connection but also logical connection.
In addition, the system includes a configuration in which a plurality of computers, hardware, devices, and the like are connected via a network or the like, and includes a case where the system is realized by a single computer.

Hereinafter, a cellular phone or a PC connected to the cellular phone as a passcode information processing device, a USIM (Universal Subscriber Identity Module) card as a tamper-resistant IC card, and a URL (Uniform) as website address information A Resource Locator) will be mainly described as an example.
The mobile phone 10 can incorporate a USIM card 20, and as shown in FIG. 1, a communication module 110, a PIN input module 120, a seed attribute acquisition module 130, a time information acquisition module 140, a seed provision module 115, a browser 190, an OTP tag detection module 191, a seed identification module 192, a PIN / seed provision module 193, a passcode acquisition module 194, a passcode transmission module 195, a seed list acquisition module 196, and a USIM card interface 150. Data is exchanged between them, and other module calls are controlled. On the other hand, the USIM card 20 includes a passcode generation module 210 and a seed DB 240. The USIM card 20 exchanges data between the modules, and controls the calling of other modules. The mobile phone 10 including the USIM card 20 may also be called. The USIM card 20 has tamper resistance. In other words, techniques for preventing falsification such as forgery and alteration, prohibiting copying of electronic data, and the like have been implemented. The USIM card 20 can store phone numbers, subscriber information, phone book information, etc., but is not only a memory, but also a CPU core, a DMAC that supports high-speed communication, and various coprocessors. It has an OS and can execute various applications. This makes it possible to serve as a token for generating a one-time password, and as a result, the entire mobile phone 10 can be used as a highly functional token.

The communication module 110 performs data communication with the outside, which is an original function of the mobile phone 10.
The PIN input module 120 inputs a PIN, which is a code (personal identification number) that can identify the person, by the operation of the operator. The entered PIN is passed to the USIM card 20 by the PIN / seed provision module 193, and the PIN is combined with the token code generated by the passcode generation module 210 and the PIN, and used when generating a passcode. It is done. PIN is an abbreviation for Personal Identification Number, which is a personal identification number (for example, four digits) set by the operator, and is used to identify the person who uses the service in the service using the mobile phone 10. Used for. The PIN input module 120 is activated when the seed is specified by the seed specifying module 192.
The seed attribute acquisition module 130 uses the communication module 110 to acquire, from the outside, seed information that is a source for passcode generation or attribute information related to the seed.
The time information acquisition module 140 acquires time information from the clock of the mobile phone 10. The time information is used to generate a token code by a one-time password method. Necessary to generate the same token code as the authenticating system.
The seed provision module 115 provides the USIM card 20 with the seed information acquired by the seed attribute acquisition module 130 or attribute information about the seed via the USIM card interface 150.

The browser 190 is connected to an external system via the communication module 110, and when the connection destination is a website, the content of the page is displayed on the display 1210 of the mobile phone 10.
The OTP tag detection module 191 detects an otp tag from the contents of the website read by the browser 190. That is, when the connection destination of the browser is a website and is described in Markup Language such as HTML, an opt tag (specifically, <opt />, <opt id = “222” />, etc.) And “seed identification information” is designated as an attribute of the opt tag). The opt tag is for the system side to request a passcode using a one-time password, that is, an instruction to generate a passcode for the mobile phone 10.
If the OTP tag detection module 191 detects an otp tag, the seed identification module 192 identifies information regarding the seed. The information to be referred to in the identification is as follows.
(1) Information selected by the operator's operation from the list of information regarding seeds acquired by the seed list acquisition module 196 (2) Attribute information of the opt tag (3) URL of the Web site
(4) Otp tag attribute information and website URL
(5) When one seed cannot be specified by the URL of the Web site, information selected by the operator's operation from the list of information related to the seed acquired by the seed list acquisition module 196. This is the source information for. The information about the seed is information for identifying the seed, for example, the seed itself, or attribute information such as a name given to the seed.

The seed list acquisition module 196 acquires a list of information on seeds stored in the USIM card 20 via the USIM card interface 150 when the OTP tag is detected by the OTP tag detection module 191.
The PIN / seed providing module 193 provides the USIM card 20 with information about the PIN input by the PIN input module 120 and the seed specified by the seed specifying module 192 via the USIM card interface 150.
The passcode acquisition module 194 instructs the USIM card 20 to generate a passcode via the USIM card interface 150, and acquires the generated passcode.
The passcode transmission module 195 transmits the passcode acquired by the passcode acquisition module 194 to the website requesting the passcode via the communication module 110. That is, the generated passcode is delivered to the browser 190, and the browser 190 transmits the passcode to the Web site for authentication.
The USIM card interface 150 connects the mobile phone 10 and the USIM card 20 and performs input / output with the USIM card 20.

The passcode generation module 210 has (1) functions related to seed acquisition and storage, (2) functions related to PIN acquisition and synthesis, and (3) functions related to token code generation. Further, the passcode generation module 210 may be composed of a plurality of modules.
The passcode generation module 210 has a function of receiving seed or seed-related attribute information from the seed providing module 115 via the USIM card interface 150 of the mobile phone 10 and storing it in the seed DB 240. Further, the passcode generation module 210 has a function of receiving information related to the seed specified by the seed specifying module 192 from the PIN / seed providing module 193 and storing it in the seed DB 240. In addition, the mobile phone 10 has a function of providing a list of attribute information related to seeds stored in the seed DB 240 via the USIM card interface 150 to the modules in the mobile phone 10. And it has a function which can manage a plurality of seeds and attribute information about seeds.

The pass code generation module 210 is a module that generates a pass code by obtaining a PIN and synthesizing the PIN and the token code. The PIN input by the user is acquired from the PIN input module 120 of the mobile phone 10 via the USIM card interface 150. Next, using the PIN, a passcode is generated by combining with the token code generated in the passcode generation module 210. The passcode is provided to the passcode acquisition module 194 of the mobile phone 10. Also, the PIN used to generate the passcode is deleted from the USIM card 20.
The pass code generation module 210 generates a token code using the seed stored in the seed DB 240 and the time information acquired from the time information acquisition module 140 via the USIM card interface 150 of the mobile phone 10 to generate a pass code. It has a function required in the module 210 or a function of providing a token code to the module of the mobile phone 10. The seed selection uses information related to the seed specified by the seed specifying module 192 received from the PIN / seed providing module 193 by the passcode generation module 210.

The seed DB 240 stores a plurality of seed information acquired by the passcode generation module 210 or attribute information related to the seed. If there are multiple seeds, the operator selects which seed to select. To that end, the passcode generation module 210 provides the seeds to the seed identification module 192 via the USIM card interface 150, and the seed identification module 192 displays and selects the seeds for the operator. Prompt. The selected seed is passed to the USIM card 20 via the USIM card interface 150.
The attribute information related to the seed stored in the seed DB 240 includes, for example, seed name, skin identification information, display order on the seed selection screen, seed update page URL, seed expiration date, language file, initial value of each attribute information, and the like. Yes, it may contain the seed itself.
Further, although depending on the storage capacity of the seed DB 240, the attribute information related to the seed (other than the seed) may be stored in a memory other than the USIM card 20, and only the seed may be stored in the seed DB 240. At that time, the seed information in the seed DB 240 and the attribute information (other than the seed) related to the seed in the external memory are related to each other, and an integrated search or the like is possible.

A system configuration example including a system that performs authentication will be described with reference to FIG. The mobile phone 10 incorporating the USIM card 20 is connected to the remote access server 50 or the Web server 60 via the Internet or a public line 80. The remote access server 50 or the Web server 60 and the authentication management server 70 constitute one system and are connected to each other via a communication line. The remote access server 50 and the Web server 60 are servers that serve as entrances for user access, and perform authentication proxy. The authentication management server 70 is a user authentication verification server and a management server, and performs authentication management.
User authentication is performed as follows.
(1) The remote access server 50 or the Web server 60 requests a pass code from the mobile phone 10 by an access using the mobile phone 10 by an operator.
(2) The remote access server 50 or the Web server 60 transmits the passcode transmitted from the mobile phone 10 by the operator to the authentication management server 70.
(3) The authentication management server 70 performs user authentication.
(4) Permit or disallow user access according to the result of user authentication.

As shown in FIG. 3, the mobile phone 10 is a character input device for inputting characters such as a telephone number or PIN, and a microphone 1250 that can input voice so as to have a function as a telephone, a speaker 1240 that can output voice. A key 1220, an antenna 1230 for transmitting and receiving radio waves, and a display 1210 for displaying a result of character input by the key 1220, a result of reception, and the like. In addition, a camera or the like may be provided.
Further, the mobile phone 10 can incorporate a USIM card 20. There is a slot for the USIM card 20 near the location where the battery of the mobile phone 10 is stored, and it is stored there when the mobile phone 10 is used. The battery must be removed before it can be inserted or removed. This is because the power must be turned off at the time of insertion / removal to prevent destruction of data in the USIM card 20.
Note that the hardware configuration example of the mobile phone 10 described here shows one example of the device, and is not limited to this configuration, and any configuration that can execute the processing according to the present embodiment may be used. For example, the slot of the USIM card 20 may not be near the location where the battery is stored.

The software configuration inside the mobile phone 10 will be exemplified and described with reference to FIG. The software in the mobile phone 10 has two layers, the upper layer has an application 160 and a GUI 170, and the lower layer has a middleware 180.
The application 160 includes various applications using the mobile phone 10, but here requires high security that requires a passcode. For example, there are applications such as bank account management.
The GUI 170 controls output to the display 1210 in accordance with an instruction from the application 160. It is independent of the middleware 180 and has a function of changing the skin of the user interface in accordance with a skin information file that is seed attribute information.
The middleware 180 mainly has a function of an interface with the USIM card 20. The application 160 and the GUI 170 are independent. The middleware 180 can be used from the application 160 in the mobile phone 10. The module in the USIM card 20 is accessible only from the middleware 180 to the mobile phone 10, and conversely, the application 160 in the mobile phone 10 is restricted from calling the module in the USIM card 20 directly. Further, it has a function of acquiring time information from a secure clock in the mobile phone 10 and providing time information to a module in the USIM card 20.
The module configuration in the USIM card 20 is as described in FIG. 1, but the seed DB 240 is written and read by the passcode generation module 210.

With reference to FIG. 5, the software configuration inside the mobile phone 10 and the PC 30 will be exemplified and described. The function as a token of the mobile phone 10 can also be provided to an information processing apparatus such as the PC 30. That is, since the mobile phone 10 has a standard interface such as a USB so that it can be connected to the PC 30, the PC 30 can use the token function, that is, the USIM card 20 via the mobile phone 10. it can. The software in the PC 30 has two layers, the upper layer has a PC GUI 31, and the lower layer has a PC middleware 32.
The PC GUI 31 is the same as the GUI 170 described with reference to FIG. That is, output to the screen of the PC 30 is controlled in accordance with an instruction from another application. It is independent of the PC middleware 32 and has a function of changing the skin of the user interface in accordance with a skin information file that is seed attribute information.
The PC middleware 32 receives a token code and a pass code generated in the USIM card 20 in cooperation with the middleware 180 in the mobile phone 10. It is independent of the PC GUI 31.
The software configurations in the mobile phone 10 and the USIM card 20 are the same as those in FIG. Note that the application 160 and the GUI 170 in the mobile phone 10 are not shown in FIG. 5, but may be mounted, and may not function when the PC 30 is connected.

Next, the function and operation (operation) will be described.
The case where cooperation with the browser 190 of the mobile phone 10 is performed will be described with reference to FIG. The cellular phone 10 can be connected to the Web server 60 via the Internet or a public line 80. Some Web sites perform authentication that requires a passcode. FIG. 6 explains the cooperation in that case.
FIG. 6A shows a state in which the browser 190 of the mobile phone 10 is activated and connected to a website for authentication. On the display 1210 of the mobile phone 10, a user name column 217, a passcode column 218, a transmission button 219, a reset button 2191, and a cancel button 221 are displayed. Then, the user name is input to the user name column 217 by the operator.
FIG. 6B shows a state in which a PIN is input by the operator using the key 1220 of the mobile phone 10. That is, the operator inputs, for example, a 4-digit number (PIN) using the key 1220 of the mobile phone 10. The PIN input module 120 passes the input PIN to the USIM card 20 via the USIM card interface 150. The passcode generation module 210 in the USIM card 20 generates a passcode using the passed PIN and the token code generated in the passcode generation module 210. The combination of the PIN and the token code is a process of converting the token code using the PIN by a certain algorithm. The passcode is automatically delivered to the browser 190.
FIG. 6C shows that the passcode is automatically input to the passcode column 218 in the display 1210 of the mobile phone 10. In this case, the pass code is not displayed on the display 1210 of the mobile phone 10, and “*******”, which is an alternative display, is displayed. Here, when the operator selects the send button 219, authentication is performed on the corresponding Web site.

The case where cooperation with the browser of PC30 is performed is demonstrated using FIG. Here, the pass code is generated using the USIM card 20 in the mobile phone 10, but is passed to the PC 30. In addition to the mobile phone 10, a data communication card 40 may be used. The USIM card 20 is also built in the data communication card 40.
FIG. 7A shows a state where the mobile phone 10 or the data communication card 40 is connected to the PC 30. Here, the PC 30 starts a browser and connects to the Web server 60 via the Internet or the public line 80.
FIG. 7B displays a display 310 that is a screen when a browser is activated and a Web site requiring authentication is accessed.
FIG. 7C is almost the same state as FIG. A state in which a PIN is input by the operator using the keyboard of the PC 30 is shown. Thereafter, the USIM card 20 performs processing similar to that described with reference to FIG. 6C from the PIN and seed to generate a passcode. However, the passcode is automatically passed to the browser.
FIG. 7D is almost the same state as FIG. This shows that the passcode is automatically entered in the passcode entry field in the display 310 of the PC 30. In this case, the pass code is not displayed on the display 310 of the PC 30, and “*******”, which is an alternative display, is displayed. Here, when the operator selects the send button, authentication is performed on the corresponding Web site. In this case, the pass code is not displayed on the display 1210 of the mobile phone 10.

  Next, a case where a new seed is installed will be described. The token application has a function of installing a new seed into the USIM card 20 in the mobile phone 10. The new seed is stored in an empty area of the seed area in the seed DB 240 of the USIM card 20. At the time of new seed installation, if there is no free space in the seed area in the seed DB 240 of the USIM card 20, an alert is displayed to the operator and the seed installation is forcibly stopped. Also, at the time of new seed installation, the seed name can be changed to an arbitrary value by the user. The seed name is stored in the seed DB 240 as a seed attribute.

The seed update alert will be described with reference to FIG. In order to improve security, the seed is updated to a new one.
If at least one seed stored in the USIM card 20 is about to expire, an alert to that effect is displayed when the token application is activated. The alert display is as shown in FIG. In other words, the expiration date message display 224 is displayed on the display 1210 of the mobile phone 10, and for example, a message that “the expiration date of the seed 01 is 30 days later” is displayed therein. In this display, there is a toggle switch 225 that can be specified not to display a message from the next time for an operator who feels it is troublesome to display such a message every time. When performing the update process, the operator selects an OK button 226. When the end button 222 is selected, the token application is ended, and when the menu button 223 is selected, a list of menus that can be selected in the scene is displayed.
The number of days before the expiration date can be displayed can be changed to any value by the user. A fixed number of days (for example, 30 days ago) can be set as the default value. Further, the operator can select whether or not to display the alert itself.
The seed update alert processing can notify the operator that the seed update is near, making this embodiment easier to use.

Next, seed update management will be described with reference to FIG.
The token application has a function of performing seed update when the seed stored in the USIM card 20 expires.
If the seed has expired, an alert to that effect is displayed. That is, the display as shown in FIG. An expiration message display 227 is displayed on the display 1210 of the mobile phone 10 to indicate that it has expired. Then, an OK button 228 and a cancel button 229 that allow the operator to select whether or not to apply for an update are displayed. When the OK button 228 is selected, a screen display as shown in FIG. A seed update page connection message display 2291 is displayed, and a message prompting connection to a Web page where a new seed can be obtained is displayed. Then, an OK button 231 and a cancel button 232 are displayed that allow the operator to select whether or not to connect. When the OK button 231 is selected, the Web page is connected and displayed as shown in FIG. The URL of the seed update Web page is stored as seed attribute information in the seed DB 240 and is used.
Accordingly, the seed update process can be performed even in the USIM card 20 having tamper resistance, and the security can be further improved.

The seed selection will be described with reference to FIG. In the above description, what is displayed by selecting the seed is the seed 01 or the like, which is difficult for the operator to understand. The seed includes attribute information, and a seed name that can be easily distinguished by humans can be used as the seed name. The operator can use the name of the system that uses the passcode, such as a bank name.
If a plurality of seeds are held in the USIM card 20, a screen for selecting seeds is displayed, and the operator selects the seeds to be used. That is, the seed name 2151 is displayed in the seed selection field 215 as shown in FIG. Also, a seed expiration date alert notification icon 2152 is displayed around the seed name 2151. This is displayed when the expiration date of the seed is approaching. Then, for example, it may be displayed in blue if it is 30 days before the seed expiration date, displayed in yellow if it is 15 days before the seed expiration date, and red if it is 7 days before the seed expiration date. This makes it possible to know the expiration date of the seed also on the seed selection screen. In addition, since the seed expiration date alert notification icon 2152 is changed in stages according to the number of remaining days until the expiration date, the operator can grasp the remaining days until the seed expiration date by using the seed expiration date alert notification icon 2152. It becomes like this.
If there are not a plurality of seeds stored in the USIM card 20, the seed selection screen can be skipped and the passcode display screen can be displayed after the token application is activated.

Using FIG. 11 to FIG. 15, a web site 3110 which is an external system is accessed using the browser 190 in the mobile phone 10, and the USIM in the case where the web site 3110 instructs generation of a passcode. The cooperation between the mobile phone 10 incorporating the card 20 and the display 1210 will be described. Although the browser 190 in the mobile phone 10 is used here, the PC 30 and the mobile phone 10 with the built-in USIM card 20 are connected, and the same applies to the cooperation with the display 310 using the browser in the PC 30. It is. The URL below represents only domain information. The address information of the Web site 3110 may be only domain information instead of the entire URL.
In FIG. 11, it is assumed that <opt /> is described as a tag description example 3111 of the Web site 3110. Also, it is assumed that the seed DB 240 in the USIM card 20 stores “seed 1”, “seed 2”, and “seed 3” as the seed attribute information 241.
In step 1A, the web site 3110 is accessed from the browser 190 of the mobile phone 10.
In step 2A, the authentication page including the <opt> tag is returned from the website 3110 to the mobile phone 10.
In step 3A, the OTP tag detection module 191 of the mobile phone 10 detects the <opt> tag. In other words, the necessity of authentication with a one-time password is recognized by the <opt> tag. Then, the mobile phone 10 acquires a seed list from the USIM card 20 and displays it on the display 1210.
In step 4A, the operator selects a seed to be used from the displayed seed list, and further inputs a PIN.
In step 5A, the PIN entered by the operator is handed over to the USIM card 20 to generate a passcode.
In step 6A, the passcode generated by the USIM card 20 is delivered to the passcode transmission module 195 of the mobile phone 10.
In step 7A, the passcode is automatically returned to the website 3110. Web site 3110 performs authentication.

In FIG. 12, it is assumed that <opt id = “222” /> is described as the tag description example 3112 of the Web site 3110. Further, it is assumed that “seed 1 id = 111”, “seed 2 id = 222”, and “seed 3 id = 333” are stored as seed attribute information 242 in the seed DB 240 in the USIM card 20. This means that “the identification number of seed 1 is 111”, “the identification number of seed 2 is 222”, and “the identification number of seed 3 is 333”, respectively.
In step 1B, the web site 3110 is accessed from the browser 190 of the mobile phone 10.
In step 2B, the authentication page including the <opt> tag is returned from the website 3110 to the mobile phone 10.
In step 3B, the OTP tag detection module 191 of the mobile phone 10 detects the <opt> tag. In other words, the necessity of authentication with a one-time password is recognized by the <opt> tag. Then, the mobile phone 10 prompts the operator to input a PIN. In this case, the seed to be used is specified from the attribute information of the <opt> tag. That is, seed 2 which is “222” is selected as the seed identification number based on the attribute information of the <opt> tag.
In step 4B, the operator inputs a PIN.
In step 5B, the PIN input by the operator is transferred to the USIM card 20, and a passcode is generated.
In step 6B, the passcode generated by the USIM card 20 is delivered to the passcode transmission module 195 of the mobile phone 10.
In step 7B, the pass code is automatically returned to the website 3110. Web site 3110 performs authentication.

In FIG. 13, <opt id = “222” /> is described as a tag description example 3113 of the Web site 3110, and the URL is “http://bbb.com”. Further, in the seed DB 240 in the USIM card 20, as seed attribute information 243, “seed 1 id = 111 url = http: //aaa.com”, “seed 2 id = 222 url = http: //bbb.com” “Seed 3 id = 333 url = http: //ccc.com” is stored. This means that “the identification number of the seed 1 is 111 and the URL corresponding to the seed is http://aaa.com”, “the identification number of the seed 2 is 222 and corresponds to the seed. This means that the URL is http://bbb.com ”,“ the identification number of seed 3 is 333, and the URL corresponding to this seed is http://ccc.com ”.
In step 1C, the web site 3110 is accessed from the browser 190 of the mobile phone 10.
In step 2C, the authentication page including the <opt> tag is returned from the website 3110 to the mobile phone 10.
In step 3C, the OTP tag detection module 191 of the mobile phone 10 detects the <opt> tag. In other words, the necessity of authentication with a one-time password is recognized by the <opt> tag. Then, the mobile phone 10 prompts the operator to input a PIN. In this case, the seed to be used is specified from the URL of the Web site 3110 that is the access destination and the attribute information of the <opt> tag. In other words, the seed 2 that is “222” is selected as the seed identification number based on the attribute information of “http://bbb.com” that is the URL of the Web site 3110 and the <http> tag.
In step 4C, the operator inputs a PIN.
In step 5C, the PIN input by the operator is transferred to the USIM card 20 to generate a passcode.
In step 6C, the passcode generated by the USIM card 20 is delivered to the passcode transmission module 195 of the mobile phone 10.
In step 7C, the passcode is automatically returned to the website 3110. Web site 3110 performs authentication.

In FIG. 14, <opt /> is described as a tag description example 3114 of the Web site 3110, and its URL is “http://bbb.com”. In the seed DB 240 in the USIM card 20, “seed 1 url = http: //aaa.com”, “seed 2 url = http: //bbb.com”, and “seed 3 url = It is assumed that “http://ccc.com” is stored. This corresponds to “the URL corresponding to seed 1 is http://aaa.com”, “the URL corresponding to seed 2 is http://bbb.com”, and “seed 3”. “URL is http://ccc.com”.
In step 1D, the web site 3110 is accessed from the browser 190 of the mobile phone 10.
In Step 2D, the authentication page including the <opt> tag is returned from the Web site 3110 to the mobile phone 10.
In step 3D, the OTP tag detection module 191 of the mobile phone 10 detects the <opt> tag. In other words, the necessity of authentication with a one-time password is recognized by the <opt> tag. Then, the mobile phone 10 prompts the operator to input a PIN. In this case, the seed to be used is specified from the URL of the Web site 3110 that is the access destination. That is, the seed 2 is selected by “http://bbb.com” which is the URL of the Web site 3110.
In step 4D, the operator inputs a PIN.
In step 5D, the PIN input by the operator is transferred to the USIM card 20 to generate a passcode.
In step 6D, the passcode generated by the USIM card 20 is delivered to the passcode transmission module 195 of the mobile phone 10.
In step 7D, the passcode is automatically returned to the website 3110. Web site 3110 performs authentication.

In FIG. 15, “seed identification information” is specified as the attribute of the opt tag as the tag description example 3115 of the Web site 3110, and the system is “ΔΔ bank”. Also, in the seed DB 240 in the USIM card 20, “seed 1 XX company”, “seed 2 ΔΔ bank-account 1”, “seed 3 ΔΔ bank-account 2”, “seed 4” as seed attribute information 245. “□□ Service” is stored. This means that "the name of seed 1 is XX company", "the name of seed 2 is △△ bank-account 1", and "the name of seed 3 is △△ bank-account 2". ”,“ The name of the seed 4 is a □□ service ”. The operation in the case where the seed described in FIGS. 12 to 14 cannot identify one seed is described. That is, there are cases where a plurality of seeds correspond only from the address information of the Web site 3110 (in the example of FIG. 15, there are a plurality of accounts in one bank) and cannot be specified from the tag attribute information.
In step 1E, the web site 3110 is accessed from the browser 190 of the mobile phone 10.
In step 2E, the authentication page including the <opt> tag is returned from the website 3110 to the mobile phone 10.
In step 3E, the OTP tag detection module 191 of the mobile phone 10 detects the <opt> tag. In other words, the necessity of authentication with a one-time password is recognized by the <opt> tag. Then, the mobile phone 10 acquires a seed list from the USIM card 20 and displays it on the display 1210. However, what is displayed to the operator here is only the corresponding seed. That is, only seeds that match the address information of the Web site 3110 or the attribute information of the <opt> tag are displayed. By doing so, the number of seeds to be selected by the operator is reduced, and the operability can be improved. In this case, “seed 2” and “seed 3” having “ΔΔ bank” as an attribute are displayed as a list.
In step 4E, the operator selects a seed to be used from the displayed seed list, and further inputs a PIN.
In step 5E, the PIN input by the operator is transferred to the USIM card 20 to generate a passcode.
In step 6E, the passcode generated by the USIM card 20 is delivered to the passcode transmission module 195 of the mobile phone 10.
In step 7E, the passcode is automatically returned to the website 3110. Web site 3110 performs authentication.
As described above, according to the present embodiment, a passcode request from the website 3110 side can be detected and a suitable passcode can be transmitted, so that the operability and convenience for the operator are further improved. It has become something that can be made.

In the above embodiment, the USIM card 20 is shown as an example. However, a GUSIM card, UIM card, SIM card, or the like may be used.
In the embodiment, the pass code is generated by combining the token code and the PIN. However, the pass code may be the token code as it is, and in this case, the token code can be authenticated.
In the above-described embodiment, the communication service using the mobile phone 10 and the data communication card 40 has been shown. However, other than these, data communication terminals such as PHS, notebook PCs and PDAs, game terminals, navigation systems, automobiles, etc. A communication portable terminal such as a telephone or a pager (registered trademark) may be used.
In the above embodiment, the URL is used as the address information of the Web site. However, the present invention is not limited to this, and any address indicating the location of the data group may be used. In particular, the seed or information related to the seed can be specified. Such address information is even better.
In the above-described embodiment, the Web site is described as being described in HTTP.
In the above-described embodiment, the time synchronization type in which a valid password is updated every fixed time has been described as a one-time password. However, the counter synchronization type in which a valid password is updated each time a client performs authentication. Can also be adopted. Also, other irregular one-time password generation methods can be adopted. For example, a one-time password generation method (generally called “transaction-linked authentication”) that generates a password for the requested transaction when the service user sends the transaction content to the service provider. May be).

In addition, about the program demonstrated, it is also possible to store in a recording medium, In that case, it can also grasp | ascertain as the following invention.
A passcode information processing apparatus readable recording medium recording a passcode information processing program capable of generating a passcode in a passcode information processing apparatus capable of connecting an IC card having tamper resistance,
In the passcode information processing apparatus,
An IC card interface function for performing input / output with the IC card;
A one-time password tag detection function for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag that instructs generation of a passcode is detected by the detection function, a seed specifying function that specifies information about a seed that is a source for passcode generation; and
When the seed is specified by the seed specifying function, a personal identification number input function for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing function for providing information related to the personal identification number input by the personal identification number input function and the seed specified by the seed specifying function to the IC card via the IC card interface function;
A passcode acquisition function for acquiring a passcode generated by the IC card via the IC card interface function;
A portable terminal-readable recording medium recorded with a passcode information processing program, which realizes a passcode transmission function for transmitting a passcode acquired by the passcode acquisition function to the website.
The “recording medium readable by the portable terminal on which the program is recorded” refers to a recording medium readable by the portable terminal on which the program is recorded, which is used for program installation, execution, program distribution, and the like.

The recording medium is, for example, a digital versatile disc (DVD), which is a standard established by the DVD Forum, such as “DVD-R, DVD-RW, DVD-RAM,” and DVD + RW. Standards such as “DVD + R, DVD + RW, etc.”, compact discs (CDs), read-only memory (CD-ROM), CD recordable (CD-R), CD rewritable (CD-RW), etc. MO), flexible disk (FD), magnetic tape, hard disk, read only memory (ROM), electrically erasable and rewritable read only memory (EEPROM), flash memory, random access memory (RAM), etc. It is.
The program or a part of the program can be recorded on the recording medium and stored or distributed. Also, by communication, for example, a local area network (LAN), a metropolitan area network (MAN), a wide area network (WAN), a wired network used for the Internet, an intranet, an extranet, etc., or wireless communication It can be transmitted using a transmission medium such as a network or a combination of these, and can also be carried on a carrier wave.
Furthermore, the above program may be a part of another program, or may be recorded on a recording medium together with a separate program.

It is a block diagram which shows the example of the whole module structure which concerns on one embodiment of this invention. It is a figure which shows the system configuration example including the system which performs authentication. It is explanatory drawing which shows the structural example of a mobile telephone. It is a block diagram which shows the software structural example inside a mobile telephone. It is a block diagram which shows the software structural example of a mobile telephone and PC. It is explanatory drawing which shows the display screen in the case of selecting a seed with a mobile phone. It is explanatory drawing which shows the display screen in the case of selecting a seed with PC. It is explanatory drawing which shows the display screen of a seed update alert. It is explanatory drawing which shows the display screen of seed update management. It is explanatory drawing which shows the display screen of seed selection. It is explanatory drawing of cooperation (1) with a Web browser. It is explanatory drawing of cooperation (2) with a Web browser. It is explanatory drawing of cooperation (3) with a Web browser. It is explanatory drawing of cooperation (4) with a Web browser. It is explanatory drawing of cooperation (5) with a Web browser.

Explanation of symbols

10 ... Mobile phone 20 ... USIM card 30 ... PC
31 ... GUI for PC
32 ... PC middleware 40 ... Data communication card 50 ... Remote access server 60 ... Web server 70 ... Authentication management server 80 ... Internet or public line 110 ... Communication module 115 ... Seed providing module 120 ... PIN input module 130 ... Seed attribute acquisition module 140 ... Time information acquisition module 150 ... USIM card interface 160 ... Application 170 ... GUI
180 ... middleware 190 ... browser 191 ... OTP tag detection module 192 ... seed identification module 193 ... PIN / seed provision module 194 ... passcode acquisition module 195 ... passcode transmission module 196 ... seed list acquisition module 210 ... passcode generation module 215 ... Seed selection field 217 ... User name field 218 ... Passcode field 219 ... Send button 221 ... Cancel button 222 ... End button 223 ... Menu button 224 ... Expiration date message display 225 ... Toggle switch 226 ... OK button 227 ... Expiration date message display 228 ... OK button 229 ... Cancel button 231 ... OK button 232 ... Cancel button 233 ... Seed update page 240 ... Seed DB
310 ... Display 315 ... Seed selection column 1210 ... Display 1220 ... Key 1230 ... Antenna 1240 ... Speaker 1250 ... Microphone 2151 ... Seed name 2152 ... Seed expiration date alert notification icon 2191 ... Reset button 2291 ... Seed update page connection message display 3110 ... Web site

Claims (15)

A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag that instructs generation of a passcode is detected by the one-time password tag detection unit, a seed specifying unit that specifies information about a seed that is a source for passcode generation;
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
If a tag for instructing passcode generation is detected by the one-time password tag detection means, information on the seed that is a source for passcode generation stored in the IC card via the IC card interface Seed list acquisition means for acquiring a list;
Seed identification means for identifying a seed by an operation of an operator from a list of information on seeds acquired by the seed list acquisition means;
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
Seed list providing means for providing a list of information about seeds stored in the seed storage means via the IC card interface;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
A seed specifying means for specifying information relating to a seed that is a source for generating a passcode according to attribute information of the tag when a tag that instructs generation of a passcode is detected by the one-time password tag detecting means; ,
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detection means, information on the seed used as a source for passcode generation according to the attribute information of the tag and the address information of the website Seed identification means for identifying
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
Seed specifying means for specifying information related to a seed for generating a passcode according to the address information of the Web site when a tag for instructing passcode generation is detected by the one-time password tag detecting means When,
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detecting means, a first information specifying a seed that is a source for generating a passcode is determined according to address information of the Web site Seed identification means;
If one seed cannot be specified by the first seed specifying means, a seed list acquiring means for acquiring a list of information related to the corresponding seed stored in the IC card via the IC card interface;
Second seed specifying means for specifying a seed by an operation of an operator from a list of information on seeds acquired by the seed list acquiring means;
When the seed is specified by the second seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
Pass code transmitting means for transmitting the pass code acquired by the pass code acquiring means to the website;
The IC card is
Seed storage means for storing a plurality of information on seeds;
Seed list providing means for providing a list of information about seeds stored in the seed storage means via the IC card interface;
A personal identification number seed acquisition means for acquiring information relating to the personal identification number and seed provided via the IC card interface;
Seed selection means for selecting a seed stored in the seed storage means according to information on the seed acquired by the personal identification number seed acquisition means;
Passcode generation means for generating a passcode by a one-time password method using the personal identification number acquired by the personal identification number seed acquisition means and the seed selected by the seed selection means Information processing device. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag that instructs generation of a passcode is detected by the one-time password tag detection unit, a seed specifying unit that specifies information about a seed that is a source for passcode generation;
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
If a tag for instructing passcode generation is detected by the one-time password tag detection means, information on the seed that is a source for passcode generation stored in the IC card via the IC card interface Seed list acquisition means for acquiring a list;
Seed identification means for identifying a seed by an operation of an operator from a list of information on seeds acquired by the seed list acquisition means;
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
A seed specifying means for specifying information relating to a seed that is a source for generating a passcode according to attribute information of the tag when a tag that instructs generation of a passcode is detected by the one-time password tag detecting means; ,
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detection means, information on the seed used as a source for passcode generation according to the attribute information of the tag and the address information of the website Seed identification means for identifying
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
Seed specifying means for specifying information related to a seed for generating a passcode according to the address information of the Web site when a tag for instructing passcode generation is detected by the one-time password tag detecting means When,
When the seed is specified by the seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site. A passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
A one-time password tag detection means for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detecting means, a first information specifying a seed that is a source for generating a passcode is determined according to address information of the Web site Seed identification means;
If one seed cannot be specified by the first seed specifying means, a seed list acquiring means for acquiring a list of information related to the corresponding seed stored in the IC card via the IC card interface;
Second seed specifying means for specifying a seed by an operation of an operator from a list of information on seeds acquired by the seed list acquiring means;
When the seed is specified by the second seed specifying means, a personal identification number input means for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing means for providing the IC card with information related to the personal identification number input by the personal identification number input means and the seed specified by the seed specifying means to the IC card via the IC card interface;
Passcode acquisition means for acquiring a passcode generated by the IC card via the IC card interface;
A passcode information processing apparatus comprising passcode transmission means for transmitting the passcode acquired by the passcode acquisition means to the Web site. The pass code information processing apparatus is a mobile phone or a data communication card, and the IC card is a USIM card. 1, 2, 3, 4, 5, 6, 7, 8, 9, 10 , 11 or 12. A passcode information processing program capable of causing a passcode information processing apparatus capable of connecting an IC card having tamper resistance to generate a passcode,
In the passcode information processing apparatus,
An IC card interface function for performing input / output with the IC card;
A one-time password tag detection function for detecting a tag instructing passcode generation by a one-time password method in a website;
When a tag for instructing passcode generation is detected by the one-time password tag detection function, a seed specifying function for specifying information on a seed that is a source for passcode generation;
When the seed is specified by the seed specifying function, a personal identification number input function for inputting a personal identification number by an operation of the operator;
A personal identification number seed providing function for providing information related to the personal identification number input by the personal identification number input function and the seed specified by the seed specifying function to the IC card via the IC card interface function;
A passcode acquisition function for acquiring a passcode generated by the IC card via the IC card interface function;
A passcode information processing program for realizing a passcode transmission function for transmitting a passcode acquired by the passcode acquisition function to the website. A passcode information processing method for generating a passcode in a passcode information processing apparatus capable of connecting an IC card having tamper resistance,
The passcode information processing apparatus
An IC card interface for performing input / output with the IC card;
Detect a tag instructing passcode generation by the one-time password method in the website,
When a tag instructing passcode generation is detected by the detection, specify information on a seed that is a source for passcode generation,
If the seed is specified, enter the personal identification number by the operation of the operator,
Providing the entered personal identification number and information about the identified seed to the IC card via the IC card interface;
Obtaining a passcode generated by the IC card via the IC card interface;
The passcode information processing method characterized by transmitting the acquired passcode to the website.

Images