JP2009230625A - Terminal authentication system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide technology of reducing load in authenticating a terminal to simplify authentication. <P>SOLUTION: This terminal authentication system includes: a portable terminal equipped with a short-range radio communication device; a reader/writer device communicating with the portable terminal by short-range radio communication; and an authentication server connected to the reader/writer device through a network to perform authentication for the portable terminal through the reader/writer. The authentication server includes an identification information issue part for generating identification information for identifying the portable terminal and transmitting it to the portable terminal through the reader/writer device, and an identification information registering part storing the identification information transmitted by the identification information issue part in the server when receiving registering permission information for permitting registration of identification information from the portable terminal. The portable terminal includes an identification information managing part for transmitting the registration permission information to the authentication server and storing the received identification information in the terminal on receiving the identification information transmitted from the authentication server and accepting input of designation for permitting registration of the identification information. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to a terminal authentication system, and more particularly to a terminal authentication system that performs authentication of a terminal including a short-range wireless communication device via short-range wireless communication and a network.

  A non-contact IC card technology such as Felica (registered trademark) has been developed, and in recent years, it is mounted on an information processing terminal such as a mobile phone and used for user authentication and settlement of the terminal. For example, an ID, which is identification information for identifying a user, is stored in a non-contact IC card, and user authentication and settlement are performed by transmitting this ID to an IC card reader or the like.

  On the other hand, the ID can be used for various purposes, but prior to its use, mutual authentication is performed via a network between a service provider providing a certain service and the user, It is necessary to register a PIN code in a contactless IC card application that uses an ID. According to such a method, the ID can be managed safely. However, when it is not an important use such as settlement, there is a problem that the use is not promoted for both the user and the service provider. In other words, it is necessary for the user to register his / her own information with the service provider side, which causes a problem of lowering the security, and for the service provider, there are users who hesitate to use. This causes a problem that the number of users cannot be increased.

JP 2006-293500 A JP 2006-221282 A JP 2001-117878 A JP 2006-285329 A

  For example, Patent Document 1 describes an authentication technique for settlement using a mobile terminal. Further, as a specific method of authentication using mobile, Patent Document 2 discloses a technique using face authentication, and Patent Document 3 discloses a technique that combines biometric authentication such as fingerprint. Since these identification information is strictly managed, it is suitable for important authentication such as payment and security, but the procedure is troublesome when used for simple personal identification for marketing purposes. Also, since the system becomes complicated, it is difficult to increase the use of the user.

  In Patent Document 4, a system for realizing the ease of authentication is described. However, the system has both the ease of authentication while strengthening security, and is a method of combining a plurality of authentications. The authentication system according to this method needs to store important authentication identification information and simple authentication identification information in combination in case a higher level of authentication is used. For this reason, it is necessary to strictly manage the information used for authentication, and the system becomes complicated, so that there is a problem that use is still not promoted for both users and service providers.

  Therefore, an object of the present invention is to provide a technique that enables simple authentication by reducing the burden on both the user and the service provider in terminal authentication, which is the above-described problem.

Therefore, a terminal authentication system according to an aspect of the present invention is
A portable terminal equipped with a short-range wireless communication device, a reader / writer device capable of communicating with the portable terminal by short-range wireless communication, and a portable terminal connected to the reader / writer device via a network and via the reader / writer device An authentication server for performing authentication of
When the authentication server receives identification information issuing unit that generates identification information for identifying the portable terminal and transmits the identification information to the portable terminal via the reader / writer device, and registration permission information that permits registration of the identification information from the portable terminal And an identification information registration unit that stores the identification information transmitted by the identification information issuing unit in its own server,
When the portable terminal receives the identification information transmitted from the authentication server and receives an instruction to permit registration of the identification information, the portable terminal transmits the registration permission information to the authentication server and displays the received identification information. Equipped with an identification information management unit to store in its own terminal,
The structure is adopted.

Moreover, the portable terminal which is the other form of this invention,
A portable terminal equipped with a short-range wireless communication device,
Short-distance wireless communication is possible with a reader / writer device connected via a network to an authentication server that performs authentication of the mobile terminal,
When the authentication server generates identification information for identifying the portable terminal and transmits the identification information issuing unit for transmitting the identification information to the portable terminal via the reader / writer device, and registration permission information for permitting registration of the identification information from the portable terminal. And an identification information registration unit for storing the identification information transmitted by the identification information issuing unit in its own server,
When the identification information transmitted from the authentication server is received and the input of the instruction permitting the registration of the identification information is accepted, the registration permission information is transmitted to the authentication server and the received identification information is stored in the own terminal. With an identification information management unit
The structure is taken.

Moreover, the program which is the other form of this invention is:
To a mobile terminal equipped with a short-range wireless communication device,
The portable terminal is capable of short-range wireless communication with a reader / writer device connected via a network to an authentication server that authenticates the portable terminal, and the authentication server generates identification information for identifying the portable terminal. The identification information issuance unit that transmits to the portable terminal via the reader / writer device, and the identification information that is transmitted by the identification information issuance unit when receiving registration permission information that permits registration of identification information from the portable terminal is stored in its own server And an identification information registration unit for storing,
When the identification information transmitted from the authentication server is received and the input of the instruction permitting the registration of the identification information is accepted, the registration permission information is transmitted to the authentication server and the received identification information is stored in the own terminal. The identification information management unit is implemented.

Moreover, the authentication server which is the other form of this invention is:
An authentication server connected via a network to a reader / writer device capable of communicating with a portable terminal equipped with a short-range wireless communication device via short-range wireless communication, and authenticating the portable terminal via the reader / writer device,
When the mobile terminal receives identification information for identifying the mobile terminal transmitted from the authentication server and receives an input of an instruction for permitting registration of the identification information, the registration information is transmitted to the authentication server. When it has an identification information management unit that stores the received identification information in its own terminal,
An identification information issuing unit that generates identification information and transmits the identification information to the portable terminal via the reader / writer device;
An identification information registration unit for storing the identification information transmitted by the identification information issuing unit in the own server when registration permission information permitting registration of the identification information is received from the mobile terminal;
The structure that is equipped with.

Moreover, the program which is the other form of this invention is:
An authentication server connected via a network to a reader / writer device capable of communicating with a portable terminal equipped with a short-range wireless communication device via short-range wireless communication, and authenticating the portable terminal via the reader / writer device,
When the mobile terminal receives identification information for identifying the mobile terminal transmitted from the authentication server and receives an input of an instruction for permitting registration of the identification information, the registration information is transmitted to the authentication server. When it has an identification information management unit that stores the received identification information in its own terminal,
An identification information issuing unit that generates identification information and transmits the identification information to the portable terminal via the reader / writer device;
When registration permission information permitting registration of identification information is received from the mobile terminal, an identification information registration unit that stores the identification information transmitted by the identification information issuing unit in its own server is adopted. .

Furthermore, a terminal authentication method according to another aspect of the present invention includes:
A terminal authentication method for authenticating a mobile terminal equipped with a short-range wireless communication device,
An authentication server connected via a network to a reader / writer device capable of communicating with a portable terminal via short-range wireless communication generates identification information for identifying the portable terminal and carries the identification information via the reader / writer device. An identification information issuing process to be transmitted to the terminal;
When the mobile terminal receives the identification information transmitted from the authentication server and accepts an input of an instruction to permit registration of the identification information, the mobile terminal transmits the registration permission information to the authentication server, and the received identification information An identification information management process stored in its own terminal;
When the authentication server receives registration permission information from the portable terminal, the identification information registration step for storing the identification information transmitted to the portable terminal in the identification information issuing step in the own server;
It has the configuration of having.

  Since the present invention is configured as described above, it is very easy to handle identification information used for authentication. Therefore, the user can easily use the authentication service, and the service provider It has an excellent effect that various services using simple authentication can be provided.

  The present invention is characterized in that authentication can be easily performed and security is excellent.

And the terminal authentication system which is one form of this invention,
A portable terminal equipped with a short-range wireless communication device, a reader / writer device capable of communicating with the portable terminal by short-range wireless communication, and a portable terminal connected to the reader / writer device via a network and via the reader / writer device An authentication server for performing authentication of
When the authentication server receives identification information issuing unit that generates identification information for identifying the portable terminal and transmits the identification information to the portable terminal via the reader / writer device, and registration permission information that permits registration of the identification information from the portable terminal And an identification information registration unit that stores the identification information transmitted by the identification information issuing unit in its own server,
When the portable terminal receives the identification information transmitted from the authentication server and receives an instruction to permit registration of the identification information, the portable terminal transmits the registration permission information to the authentication server and displays the received identification information. Equipped with an identification information management unit to store in its own terminal,
The structure is taken.

  In addition, the portable terminal includes an access unit that transmits identification information stored in the own terminal to the authentication server via the reader / writer device, and requests authentication from the authentication server. The terminal authentication unit that authenticates the portable terminal by comparing the identification information transmitted from the reader / writer device with the identification information stored in the local server is employed. At this time, the terminal authentication unit included in the authentication server requests identification information from the mobile terminal in response to access from the mobile terminal, and the access unit included in the mobile terminal responds to a request for identification information from the authentication server. The identification information stored in the terminal is transmitted to the authentication server.

  In addition, the identification information registration unit included in the authentication server automatically receives the identification non-permission information that prohibits registration of identification information from the mobile terminal. The identification information management unit included in the mobile terminal does not store the identification information transmitted from the authentication server in the own terminal when receiving an instruction to prohibit registration of identification information. Without registration, registration non-permission information is transmitted to the authentication server.

  Moreover, the identification information management part with which the said portable terminal is provided takes the structure of deleting the identification information memorize | stored in an own terminal, when the deletion instruction | indication of identification information is input.

  In addition, when the identification information is not stored in the terminal, the access unit included in the portable terminal transmits information indicating that the identification information is not stored to the authentication server via the reader / writer device, The identification information issuing unit and the identification information registration unit provided in the authentication server operate when receiving information indicating that the portable terminal does not store the identification information from the portable terminal via the reader / writer device. Take. Further, the identification information issuing unit and the identification information registration unit provided in the authentication server are configured to operate when authentication of the mobile terminal by the terminal authentication unit provided in the authentication server fails.

  According to the above invention, first, the authentication server generates identification information for identifying the mobile terminal. Then, the authentication server requests to register the generated identification information by transmitting it to the terminal device. On the other hand, the mobile terminal accepts the identification information transmitted from the authentication server, and in response to the identification information registration request, registration permission information that permits registration, which is an instruction input by the user, or registration Is sent to the authentication server. At this time, when registration non-permission information is input from the user, the mobile terminal discards the identification information and does not store it in the own terminal, and the authentication server that received the registration non-permission information also The identification information is discarded and not stored in the own server. On the other hand, when the registration permission information is input from the user, the portable terminal stores the identification information in its own terminal, and the authentication server that has received the transmission of the registration permission information also stores the identification information in its own server. To remember.

  After that, when the portable terminal makes an authentication request to the authentication server, the identification information stored in the terminal is transmitted to the authentication server via the reader / writer device. Receiving this, the authentication server authenticates the portable terminal by checking whether or not the received identification information matches the identification information stored in its own server. If they do not match or the identification information is not transmitted, as described above, the authentication server generates new identification information and registers the authentication server and the portable terminal. Do.

  As described above, in the present invention, since the exchange between the portable terminal and the authentication server is performed via the reader / writer device, the user does not need to register personal information stored in the portable terminal with the service provider, Identification information necessary for authentication can be registered. In particular, since the identification information used for authentication is registered when the registration is permitted by the user, it is very easy to handle the identification information. Furthermore, the user can delete the stored identification information at an arbitrary timing. Even when the identification information is deleted, it is possible to perform authentication by performing the identification information registration process again.

  Therefore, the user can easily use the authentication service, and the service provider can provide various services using simple authentication.

<Embodiment>
An embodiment of the present invention will be described with reference to FIGS. FIG. 1 is a block diagram showing the configuration of the terminal authentication system. FIG. 2 is a functional block diagram showing the configuration of the user terminal, and FIG. 3 is a functional block diagram showing the configuration of the service provider server. 4 to 5 are sequence diagrams showing the operation of the terminal authentication system, and FIGS. 6 to 8 are flowcharts showing the operation of the service provider server.

[Constitution]
As shown in FIG. 1, the terminal authentication system according to the present embodiment includes a user terminal 1 (portable terminal) operated by a user U (user), a store terminal 3 and a reader / writer 2 installed in the store, and a service provision Service provider server 4 (authentication server) managed by a person. Then, the service provider provides various services to the user U who uses the store by authenticating the user terminal 1 of the user U. Hereinafter, a configuration for authenticating the user terminal 1 will be described in detail.

  First, the configuration of the user terminal 1 will be described with reference to FIG. The user terminal 1 is a portable information processing device such as a mobile phone or a PDA, and includes a non-contact IC card (RFID card) called a Felica (registered trademark), that is, a short-range wireless communication unit 10. Thereby, near-field wireless communication is possible with the reader / writer 2 connected to the store terminal 3, and the service providing server 4 connected to the network N via the store terminal 3 connected to the reader / writer 2 Data communication is possible.

  And the user terminal 1 is provided with the access part 11 and the identification information management part 12 which were constructed | assembled by incorporating a predetermined program in arithmetic devices, such as CPU equipped. An identification information storage unit 13 is formed in a storage unit such as a flash memory.

  The access unit 11 starts communication with the reader / writer 2 by short-range wireless communication in order to access the service provider server 4 to receive a predetermined service, thereby providing the service via the reader / writer 2. Data communication with the operator server 4 becomes possible. Specifically, the user terminal 1 communicates with the reader / writer 2 by short-range wireless communication, and the destination communicates with the service provider server 4 via the store terminal 3 and the network N such as the Internet.

  And the access part 11 receives the request | requirement of the identification information transmitted via the reader / writer 2 from the service provision server 4 so that it may mention later, The identification information memorize | stored in the identification information memory | storage part 44 is used as a service provider server. 4 to send. At this time, the access unit 11 transmits the identification information to the service provider server 4 when the identification information transmitted from the service provider server 4 is stored in the identification information storage unit 44 as described later. To do. However, the access unit 11 sends the information indicating “no identification information” to the service provider when the service provider server 4 transmitted and registered from a different service provider server 4 or when no identification information is registered. Send to server 4.

  As will be described later, the identification information storage unit 13 stores the identification information and information specifying the service provider server 4 in association with each other, or specifies the service provider server 4 in the identification information. Information to be included. For this reason, the access part 11 can specify the identification information corresponding to the service provider server 4 which has requested the identification information.

  In addition, as described above, the access unit 11 transmits the information “no identification information” to the service provider server 4 or the authentication of the identification information is not successful in the service provider server 4 and the identification information When it is determined that registration is necessary, new identification information is transmitted from the service provider server 4, and this is transferred to the identification information management unit 12.

  The identification information management unit 12 receives the identification information transmitted from the service provider server 4 as described above, and asks the user U whether or not to permit registration of identification information. For example, a message asking whether the registration is permitted or not is displayed on the display of the user terminal 1. In response to this, when information for instructing permission / denial of registration of identification information is input from the user U to the operation unit 14, the identification information management unit 12 inputs the information regarding permission / non-permission of registration. Accept. And when the identification information management part 12 receives the information of registration permission, the identification information received from the said service provider server 4 is memorize | stored in the identification information storage part 13 in the own terminal 1. FIG. At this time, when the information for identifying the service provider server 4 is included in the identification information, such information is also stored, or the identification information and the information for identifying the service provider server 4 are stored in association with each other. To do. Further, the identification information management unit 12 transmits registration permission information for permitting registration of the identification information to the service provider server 4 via the reader / writer 2.

  On the other hand, when the identification information management unit 12 receives an instruction from the user U to prohibit registration of identification information, the identification information management unit 12 discards the identification information received from the service provider server 4 and identifies the identification information in the own terminal 1. It is not stored in the storage unit 13. In addition, the identification information management unit 12 transmits registration non-permission information that prohibits registration of identification information to the service provider server 4 via the reader / writer 2.

  In addition, although the above-described permission / denial of registration of identification information may cause the user U to input an instruction each time, the user terminal 1 automatically operates as permit / deny of registration of identification information. , May be set in advance. For example, when it is set to permit registration of all identification information, even if the identification information is received from any service provider server 4, the registration is automatically permitted, or a specific It may be set to permit registration of only the identification information from the service provider server.

  Further, when the identification information management unit 12 receives a deletion instruction of the identification information stored in the identification information storage unit 13 from the user U via the operation unit 14, the identification information management unit 12 deletes the identification information from the identification information storage unit 13. .

  Next, the configuration of the service provider server 4 will be described with reference to FIG. The service provider server 4 is a general server computer connected to a network N such as the Internet. As shown in FIG. 3, the service provider server 4 includes a terminal authentication unit 41, an identification information issuing unit 42, an identification unit constructed by incorporating a predetermined program into an arithmetic device such as an equipped CPU. And an information registration unit 43. In addition, an identification information storage unit 44 is formed in a storage device such as a hard disk.

  When receiving access from the user terminal 1, the terminal authentication unit 41 requests the user terminal 1 to transmit identification information. And the terminal authentication part 41 will collate whether this identification information and the identification information memorize | stored in the identification information memory | storage part 44 will correspond, if the identification information transmitted from the user terminal 1 in response to a request | requirement is received. . The identification information storage unit 44 stores the same identification information as the identification information stored in the user terminal 1 by the identification information registration unit 43 described later.

  Then, the terminal authentication unit 41 collates the identification information transmitted from the user terminal 1 with the identification information stored in the identification information storage unit 41, and determines that the authentication is successful if they match. Provide various services. For example, the purchase history in the store of the user U who operates the authenticated user terminal 1 is recorded, or the product guidance analyzed from the purchase history is displayed on the user terminal 1 or the store terminal 3.

  Further, the terminal authentication unit 41 collates the identification information transmitted from the user terminal 1 with the identification information stored in the identification information storage unit 41, and determines that the authentication has failed if they do not match. Then, the fact is notified to the identification information issuing unit 42. Thereby, the identification information issuing part 42 and the identification information registration part 43 operate | move so that it may mention later. Further, when the terminal authentication unit 41 receives no “identification information” information from the user terminal 1 when the identification information is not registered in the user terminal 1 as described above, the identification information issuance unit 42 is notified. Thereby, the identification information issuing part 42 and the identification information registration part 43 operate | move so that it may mention later.

  Further, upon receiving a notification from the terminal authentication unit 41 that the authentication has failed or that the user terminal 1 has not stored the identification information, the identification information issuing unit 42 generates identification information for identifying the user terminal 1. Then, the data is transmitted to the user terminal 1 that has been accessed via the store terminal 3 and the reader / writer 2. At this time, the identification information issuing unit 42 requests the user terminal 1 to register the transmitted identification information.

  In addition, the identification information registration unit 43 responds whether the identification information is transmitted from the user terminal 1 in response to the identification information issuing unit 42 requesting the user terminal 1 to register the identification information. Receive. At this time, when registration permission information permitting registration is received, the identification information transmitted by the identification information issuing unit 42 is stored in the identification information storage unit 44 in the server 4 itself. On the other hand, when registration non-permission information that prohibits registration is received, the identification information transmitted by the identification information issuing unit 42 is discarded without being stored in the identification information storage unit 44.

  And the identification information memorize | stored in the identification information storage part 44 in the said identification information registration part 43 is utilized for the authentication process at the time of the access from the user terminal 1 after that in the terminal authentication part 41 as mentioned above.

[Operation]
Next, the operation of the entire terminal authentication system configured as described above will be described with reference to the sequence diagrams of FIGS. 4 to 5, and the operation of the service provider server will be described with reference to the flowcharts of FIGS. In the following, description of the store terminal 3 is omitted, but it is treated as being integrated with the reader / writer 2. Further, the user terminal 1 and the reader / writer 2 (store terminal 3) communicate with each other by short-range wireless communication, and the reader / writer 2 (store terminal 3) and the service provider server 4 have a network N such as the Internet. To communicate through.

  First, the case where identification information is already registered between the user terminal 1 and the service provider server 4 will be described mainly with reference to FIG. First, the user U visits a store and tries to receive a service provided by a service provider. At this time, the user U brings the user terminal 1 close to the reader / writer 2 installed in the store to perform short-range wireless communication, and accesses the service provider server 4 (step S1 in FIG. 4). Then, the service provider server 4 requests the accessing user terminal 1 to transmit identification information (step S2 in FIG. 4 and step S21 in FIG. 6).

  On the other hand, when the identification information corresponding to the requested service provider server 4 is stored in the own terminal 1, the identification information is transmitted (steps S3 in FIG. 4 and in FIG. 6). Step S22). Accordingly, when receiving the identification information, the service provider server 4 determines that “there is identification information” (Yes in step S23 in FIG. 6), and proceeds to the authentication process shown in FIG. 7 (step S24 in FIG. 6).

  Subsequently, the service provider server 4 compares and compares the identification information received from the user terminal 1 with the identification information stored in the service provider server 4 (step S4 in FIG. 4, step in FIG. 7). S31). If there is identification information that matches the received identification information, authentication OK processing is executed (step S5 in FIG. 4, step S32 in FIG. 7), and various services are received from the service provider server 4. Provided. At this time, if the identification information that matches the received identification information does not exist in the service provider server 4 (No in step S31 in FIG. 7), the identification information registration process shown in FIG. 7 step S33) is executed.

  Next, an operation when registration of identification information is not performed between the user terminal 1 and the service provider server 4 will be described mainly with reference to FIG. First, as described above, the user U visits a store and tries to receive a service provided by a service provider. At this time, the user U brings the user terminal 1 close to the reader / writer 2 installed in the store to perform short-range wireless communication, and accesses the service provider server 4 (step S11 in FIG. 5). Then, the service provider server 4 requests the accessing user terminal 1 to transmit identification information (step S12 in FIG. 5 and step S21 in FIG. 6).

  At this time, if the user terminal 1 does not store the identification information corresponding to the requested service provider server 4 in its own terminal 1, information indicating “no identification information” is transmitted to the service provider server 4 ( Step S13 in FIG. 5 and Step S22 in FIG. 6). Then, when receiving the information “No identification information”, the service provider server 4 determines “No identification information” (No in step S23 of FIG. 6), and proceeds to the registration process shown in FIG. 8 (FIG. 6). Step S25).

  Subsequently, the service provider server 4 issues identification information that can uniquely identify the user terminal 1 (step S14 in FIG. 5 and step S41 in FIG. 8). And the service provider server 4 transmits the identification information issued with respect to the user terminal 1, and requests | requires the preservation | save of the identification information (step S15 of FIG. 5, step 42 of FIG. 8, identification information issuing process). Thus, the service provider server 4 can request the user terminal 1 to store the identification information without performing any registration for the user terminal 1 in advance.

  Subsequently, the user terminal 1 (user U) who has requested storage of identification information from the service provider server 4 determines whether or not the transmitted identification information can be stored, unlike existing mutual authentication and PIN authentication (FIG. 8 step S43). At this time, the determination as to whether or not the identification information can be stored may be made each time whether the user terminal 1 displays and stores a message or the like for the user every time a request is received from the service provider server 4. Alternatively, the user terminal 1 automatically selects a setting value prepared in advance, such as “Allow all” or “Allow all requests from a specific server”, and based on the selected setting, the user terminal 1 automatically A determination as to whether or not to save may be performed.

  When the user U selects the storage of identification information, registration permission information for identification information is transmitted from the user terminal 1 to the service provider server 4 (step S16 in FIG. 5). And the user terminal 1 preserve | saves the identification information received from the service provider server 4 in the own terminal 1 (step S17 of FIG. 5, identification information management process). The service providing server 4 that has received the registration permission information from the user terminal 1 (Yes in step S43 in FIG. 8) stores the issued identification information in the server 4 (step S18 in FIG. 5, step in FIG. 8). S44, identification information registration step).

  On the other hand, when the user U selects not to store the identification information, the registration prohibition information of the identification information is transmitted from the user terminal 1 to the service provider server 4. Then, the user terminal 1 discards the identification information received from the service provider server 4 without storing it in the own terminal 1. Further, the service providing server 4 that has received the registration disapproval information from the user terminal 1 (No in step S43 in FIG. 8) discards the issued identification information without storing it in the own server 4 (step S45 in FIG. 8). ).

  Note that the user U can discard the identification information stored in the user terminal 1 at an arbitrary timing. For example, when the user U selects identification information desired to be discarded via the operation unit 14 of the user terminal 1 and inputs a discard command, the identification information stored in the user terminal 1 is erased. At this time, no notification is given to the service providing server 4. Even in such a case, even if the user terminal 1 that has discarded the identification information accesses the service provider server 4 that has received the identification information again, the service provider server 4 does not authenticate successfully. Since it is determined that there is no identification information and the user is recognized as a new user, the registration process is executed again as shown in FIG.

  As described above, in the present invention, since the user terminal 1 and the service provider server 4 that performs authentication are exchanged via the reader / writer 2, the user U does not need to register personal information with the service provider, and authentication is performed. Necessary identification information can be registered and authentication can be executed. In particular, since the user terminal 1 and the service provider server 4 register the identification information used for authentication only when the user U permits registration, the handling of the identification information is extremely easy. Further, the user U can delete the stored identification information at an arbitrary timing. Therefore, the user U can easily use the authentication service, and the service provider can provide various services such as marketing using simple authentication.

  The present invention can be used for, for example, marketing research as a system that can easily perform terminal authentication, and has industrial applicability.

It is a block diagram which shows the structure of a terminal authentication system. It is a functional block diagram which shows the structure of a user terminal. It is a functional block diagram which shows the structure of a service provider server. It is a sequence diagram which shows operation | movement of a terminal authentication system. It is a sequence diagram which shows operation | movement of a terminal authentication system. It is a flowchart which shows operation | movement of a service provider server. It is a flowchart which shows operation | movement of a service provider server. It is a flowchart which shows operation | movement of a service provider server.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 User terminal 2 Reader / writer 3 Store terminal 4 Service provider server 10 Near field communication part 11 Access part 12 Identification information management part 13 Identification information storage part 14 Operation part 41 Terminal authentication part 42 Identification information issuing part 43 Identification information registration part 44 Identification information storage unit N Network U User

Claims (12)

A portable terminal equipped with a short-range wireless communication device, a reader / writer device capable of communicating with the portable terminal via short-range wireless communication, and the portable device connected to the reader / writer device via a network via the reader / writer device An authentication server for authenticating the terminal,
The authentication server generates identification information for identifying the portable terminal and transmits the identification information to the portable terminal via the reader / writer device, and registration permission information for permitting registration of the identification information from the portable terminal And an identification information registration unit that stores the identification information transmitted by the identification information issuing unit in its own server,
When the portable terminal receives the identification information transmitted from the authentication server and receives an instruction to permit registration of the identification information, the portable terminal transmits the registration permission information to the authentication server, and Provided with an identification information management unit that stores the received identification information in its own terminal,
A terminal authentication system characterized by that. The mobile terminal includes an access unit that transmits the identification information stored in the terminal to the authentication server via the reader / writer device, and requests authentication from the authentication server.
The authentication server includes a terminal authentication unit that authenticates the mobile terminal by comparing the identification information transmitted from the mobile terminal via the reader / writer device with the identification information stored in the server. The
The terminal authentication system according to claim 1. The terminal authentication unit included in the authentication server requests the identification information from the mobile terminal in response to access from the mobile terminal,
The access unit of the portable terminal transmits the identification information stored in the terminal in response to a request for the identification information from the authentication server, to the authentication server.
The terminal authentication system according to claim 2. The identification information registration unit included in the authentication server receives the registration non-permission information that prohibits registration of identification information from the portable terminal, and the identification information is transmitted to the portable terminal by the identification information issuing unit. Do not store information in your server
The identification information management unit provided in the portable terminal does not store the identification information transmitted from the authentication server in the own terminal when receiving an input of an instruction not permitting registration of the identification information, Sending the registration disapproval information to the authentication server;
The terminal authentication system according to claim 1, 2 or 3. The identification information management unit included in the portable terminal deletes the identification information stored in the terminal when an instruction to delete the identification information is input.
5. The terminal authentication system according to claim 1, 2, 3 or 4. When the identification information is not stored in the terminal, the access unit included in the portable terminal transmits information indicating that the identification information is not stored to the authentication server via the reader / writer device. And
When the identification information issuing unit and the identification information registration unit included in the authentication server receive information indicating that the portable terminal does not store the identification information from the portable terminal via the reader / writer device. Operate,
6. The terminal authentication system according to claim 2, 3, 4 or 5. The identification information issuing unit and the identification information registration unit included in the authentication server operate when authentication of the mobile terminal by the terminal authentication unit included in the authentication server fails.
The terminal authentication system according to claim 1, 2, 3, 4, 5, or 6. A portable terminal equipped with a short-range wireless communication device,
Near field communication is possible with a reader / writer device connected via a network to an authentication server that performs authentication of the mobile terminal,
An identification information issuing unit that generates identification information for identifying the portable terminal and transmits the identification information to the portable terminal via the reader / writer device; and registration permission information that permits registration of the identification information from the portable terminal. When receiving the identification information registration unit that stores the identification information transmitted in the identification information issuing unit in its own server,
When the identification information transmitted from the authentication server is received and an instruction to permit registration of the identification information is received, the registration permission information is transmitted to the authentication server, and the received identification information is Equipped with an identification information management unit to store in its own terminal,
A portable terminal characterized by that. To a mobile terminal equipped with a short-range wireless communication device,
The portable terminal is capable of short-range wireless communication with a reader / writer device connected via a network to an authentication server for authenticating the portable terminal, and the authentication server generates identification information for identifying the portable terminal. The identification information issuing unit that transmits to the portable terminal via the reader / writer device, and the identification information that is transmitted by the identification information issuing unit when receiving registration permission information that permits registration of identification information from the portable terminal. An identification information registration unit that stores information in its own server,
When the identification information transmitted from the authentication server is received and an instruction to permit registration of the identification information is received, the registration permission information is transmitted to the authentication server, and the received identification information is A program for realizing an identification information management unit stored in its own terminal. An authentication server connected via a network to a reader / writer device capable of communicating with a portable terminal equipped with a short-range wireless communication device via short-range wireless communication, and authenticating the portable terminal via the reader / writer device. ,
When the portable terminal receives identification information for identifying the portable terminal transmitted from the authentication server and receives an input of an instruction to permit registration of the identification information, the registration permission information is transmitted to the authentication server. And when it has an identification information management unit for storing the received identification information in its own terminal,
An identification information issuing unit that generates the identification information and transmits the identification information to the portable terminal via the reader / writer device;
When receiving the registration permission information permitting registration of the identification information from the mobile terminal, the identification information registration unit that stores the identification information transmitted by the identification information issuing unit in its own server;
An authentication server comprising: An authentication server connected via a network to a reader / writer device capable of communicating with a portable terminal equipped with a short-range wireless communication device via short-range wireless communication, and authenticating the portable terminal via the reader / writer device,
When the portable terminal receives identification information for identifying the portable terminal transmitted from the authentication server and receives an input of an instruction to permit registration of the identification information, the registration permission information is transmitted to the authentication server. And when it has an identification information management unit for storing the received identification information in its own terminal,
An identification information issuing unit that generates the identification information and transmits the identification information to the portable terminal via the reader / writer device;
When receiving the registration permission information permitting registration of the identification information from the mobile terminal, the identification information registration unit that stores the identification information transmitted by the identification information issuing unit in its own server;
A program to realize A terminal authentication method for authenticating a mobile terminal equipped with a short-range wireless communication device,
An authentication server connected via a network to a reader / writer device capable of communicating with the portable terminal by short-range wireless communication generates identification information for identifying the portable terminal, and the identification information is transferred to the reader / writer device. An identification information issuing step to be transmitted to the mobile terminal via
When the portable terminal receives the identification information transmitted from the authentication server and receives an input of an instruction to permit registration of the identification information, the portable terminal transmits registration permission information to the authentication server and receives the reception Identification information management step for storing the identification information in the terminal,
When the authentication server receives the registration permission information from the portable terminal, an identification information registration step for storing the identification information transmitted to the portable terminal in the identification information issuing step in its own server;
A terminal authentication method characterized by comprising:

Images