JP2013171509A - System, apparatus, and program for preventing unjust authentication - Google Patents

Abstract

PROBLEM TO BE SOLVED: To prevent unjust authentication even when authentication equipment is stolen.SOLUTION: An unjust authentication prevention apparatus rejects unjust authentication request from authentication reception devices. Every time an information group comprising at least user identification information, usage date and time, and a location of a device being used sent from the device being used is received, the unjust authentication prevention apparatus adds a record comprising at least the usage date and time and the location of the device being used on the basis of the information group to user specific usage history information. Upon receiving an authentication request from the authentication reception device, the unjust authentication prevention apparatus determines whether or not the authentication request was made by a legitimate user on the basis of the usage history information, and the authentication request is rejected if the authentication request is determined to have been made by a user other than the legitimate user.

Description

  The present invention relates to an unauthorized authentication prevention system, an unauthorized authentication prevention apparatus, and an unauthorized authentication prevention program for preventing unauthorized authentication.

  For example, when a credit card is used, electronic money is used, or cash is withdrawn in an ATM (Automatic teller machine), user authentication is generally performed.

  In this case, the user is authenticated by inputting an ID, inserting an IC card, inputting a personal identification number, holding a palm, or the like.

  However, for example, the password may be leaked. A stronger authentication can be realized by combining various authentications so as to cope with such an unexpected situation.

  An example of such a technique relating to authentication is described in Patent Document 1.

  The technique described in Patent Document 1 will be described with reference to FIG. Here, FIG. 1 is a diagram corresponding to FIG. In the technique described in Patent Literature 1, the service request terminal device 50 receives an authentication request from a user. Then, the service request terminal device 50 makes an authentication request to the authentication server 30. The authentication server 30 acquires the location information of the service request terminal device 50 that is the authentication request source as the first location. In addition, the time when the first position is acquired is also acquired. Moreover, the authentication server 30 acquires the position information of the portable terminal 20 as the second position. In addition, the time when the second position is acquired is also acquired.

  Then, the authentication server 30 can move between the start point and the end point that can move within the time at which the first position is acquired from the time at which the second position is acquired, with the second position as the start point and the first position as the end point. The travel route search is performed to determine whether or not there is another travel route. Then, as shown in the upper table <Example 1> in FIG. 2, when a movement route is found, it is determined that the authorized user is requesting authentication, and authentication is performed. On the other hand, as shown in the lower table <Example 2> in FIG. 2, if a movement route is not found, it is determined that the request is an authentication request by an unauthorized user and authentication is not performed.

JP 2008-134849 A

  As described above, in the technique described in Patent Document 1, when an authentication request is made even though there is no moving path, it is determined that the impersonation is performed by an unauthorized user and authentication is not performed, thereby further increasing security. Can be improved.

  However, the technique described in Patent Document 1 does not consider a denial measure when the terminal is stolen.

  Specifically, the information on the latest position of a specific terminal is used as the second position, and this specific one terminal is stolen, thereby enabling authentication by another person, that is, unauthorized authentication. There is a problem that. That is, when the latest location information is updated due to the theft of the mobile terminal, there is a problem that the theft is successfully authenticated.

  Accordingly, an object of the present invention is to provide an unauthorized authentication prevention system, an unauthorized authentication prevention device, and an unauthorized authentication prevention program that can prevent unauthorized authentication even when a certain device is stolen. And

  According to a first aspect of the present invention, there is provided an unauthorized authentication preventing apparatus for rejecting an unauthorized authentication request requested from an authentication accepting device, wherein user identification information transmitted from a use device, use date and time, use device position Each time an information group including at least one of the information group is received, a means for adding a record including at least a use date and a use device position for each user to the use history information based on the information group, and an authentication request from the authentication receiving device. When received, based on the usage history information, it is determined whether or not the authentication request is made by an authorized user, and it is determined that the authentication request is made by a user other than the authorized user. In such a case, there is provided an unauthorized authentication preventing apparatus comprising an authentication denial means for denying the authentication request.

  According to a second aspect of the present invention, there is provided a fraud prevention system including a device used by a user and a fraud authentication preventing apparatus connected to the device, wherein the device is used by the user. And a means for transmitting the date and time of use and the location of the device to the unauthorized authentication preventing apparatus when the unauthorized authentication preventing apparatus is provided according to the first aspect of the present invention. There is provided an unauthorized authentication preventing system characterized by being an apparatus.

  According to a third aspect of the present invention, there is provided a fraud authentication preventing program for causing a computer connected to a device used by a user to function as a fraud authentication preventing device, wherein the computer is transmitted from the using device. Means for adding a record including at least the use date / time and the use device position for each user to the use history information based on the information group each time an information group including at least the user identification information, use date / time, and use device position is received When the authentication request is received from the authentication receiving device, it is determined whether the authentication request is made by a regular user based on the usage history information, and the authentication request is a user other than the regular user. If it is determined that the authentication request has been made, the unauthorized authentication prevention apparatus includes an authentication denial means for denying the authentication request. Unauthorized authentication prevention program for causing a is provided.

  According to the fourth aspect of the present invention, a spoofing detection apparatus that pretends to be a legitimate user and uses the legitimate user's identification information, the user identification information transmitted from the user equipment, the user date and time, the user equipment Each time an information group including at least a position is received, a means for adding, to the usage history information, a record including at least a use date and a use device position for each user based on the information group, and an authentication request from the authentication receiving device Is received based on the usage history information, it is determined whether or not the authentication request is made by a regular user, and it is determined that the authentication request is made by a user other than the regular user. In such a case, there is provided a spoofing detection device comprising spoofing detection means for determining that spoofing is being performed.

  According to the present invention, it is possible to prevent unauthorized authentication even when a certain device is stolen.

1 corresponds to FIG. 1 of Patent Document 1, and is a diagram illustrating the entire system described in Patent Document 1. FIG. It is a conceptual diagram showing about the determination in patent document 1. FIG. It is a figure showing the basic composition of the whole embodiment of the present invention. It is a block diagram showing the management server in embodiment of this invention. It is a figure showing an example of the history information in the embodiment of the present invention. It is a block diagram showing the authentication request | requirement server in embodiment of this invention. It is a figure showing the specific example of the apparatus group in embodiment of this invention. It is a flowchart showing the basic operation | movement of embodiment of this invention. It is a conceptual diagram of the movement path | route search which denies authentication in embodiment of this invention. It is a conceptual diagram of the movement path | route search which makes authentication successful or restrict | limited in embodiment of this invention. It is a conceptual diagram of the movement path | route search which makes authentication successful or restrict | limited in embodiment of this invention. It is a flowchart showing the basic operation | movement of the 1st modification of embodiment of this invention. It is a conceptual diagram of the movement path | route search which makes authentication successful or a restriction | limiting in the 2nd modification of embodiment of this invention.

  Next, embodiments of the present invention will be described in detail with reference to the drawings.

  Referring to FIG. 3, the present embodiment includes a management server 100, an authentication request server 200, a network 300, and a device group 400.

  The management server 100, the authentication request server 200, and the device group 400 are connected to each other via the network 300.

  The management server 100 manages the usage history when the user uses the devices included in the device group 400. In addition, when there is an authentication request via the authentication request server 200, the management server 100 manages this authentication request as a history. Furthermore, the management server 100 determines whether or not authentication is possible in response to the authentication request from the authentication request server 200.

  The authentication request server 200 receives an authentication request from a user and inquires of the management server 100 whether authentication is possible.

  The device group 400 includes various devices used by the user.

  The network 300 is a network for transmitting and receiving data among the management server 100, the authentication request server 200, and the device group 400. Data transmission / reception can be performed according to any communication method. The network 300 may be realized by a wired connection, or a part or all of the network 300 may be a wireless connection. Furthermore, although it may conform only to a single communication method, it may conform to a plurality of communication methods. That is, the network 300 may be a set of a plurality of networks. The network 300 may be a dedicated network dedicated to the present embodiment, but a part or all of the network 300 may be a public network such as the Internet.

  Next, the configuration of the management server 100 will be described with reference to FIG.

  Referring to FIG. 4, the management server 100 includes a control unit 101, a communication unit 102, a history database 103, and a movement route database 104.

  The control unit 101 includes an arithmetic device such as a CPU (Central Processing Unit). And the control part 101 controls the management server 100 whole by performing a calculation process based on the program integrated in the management server 100. FIG.

  The communication unit 102 transmits / receives data to / from other devices via the network 300.

  The history database 103 is a database in which history regarding each user is stored as a table. Examples of the history to be stored include a usage history when using any device in the system and an authentication history when performing authentication with any device in the system. These histories are created and managed in units of users together with the date and time when the use and authentication are performed.

  Here, an example of information stored in the history database 103 will be described with reference to FIG.

  Referring to FIG. 5, user usage history information is stored in chronological order from the oldest usage date to the newest usage date. In addition to the use date and time, position information (used device position information) indicating the position of the used device and the name of the used device (used device name) are stored as a table. This table is created for each user. However, all users may be managed by one table to which a user ID field is added.

  Further, when the same user as the user whose usage history information is created operates a certain device to request authentication, this certain device (hereinafter referred to as “authentication accepting device”) is used as the authentication history information. (Name of the device that accepts authentication) is stored. The location information (authentication acceptance information location information) is also stored together with the authentication acceptance device name. This position information will be described.

  Here, “use device location information” and “authentication accepting device location information” included in the use history information and authentication history information are information indicating the device used by the user and the location where the authentication accepting device is installed. is there. However, if the device used by the user is movable like a portable terminal, it is information indicating the position that existed when the user used, not the installed position. The used device position information and the authentication-accepting device position information may be registered in the management server 100 when the device is installed. However, when each device transmits data to the management server 100, GPS (Global Positioning) The position may be measured and notified using a positioning function such as System).

  In the present embodiment, the user normally requests authentication by directly operating the devices included in the device group 400. The authentication request server 200 functions as a server for devices included in the device group 400. In this case, the user operates a device included in the device group 400, for example, a personal computer at home, and requests authentication from the authentication request server 200 via the network 300. In such a case, the authentication request server 200 confirms the installation position of the personal computer at the user's home. In this case, the installation position of the personal computer at the user's home is stored in the history database 103 as the authentication acceptance device location information as the location information of the authentication acceptance device. Furthermore, there may be a case where the user operates the mobile phone and requests authentication from the server via the network. In such a case, a position positioning function such as GPS of the mobile phone is used, and the position where the mobile phone currently exists is stored in the history database 103 as the authentication receiving device position information.

  On the other hand, in this embodiment, the user may request authentication by directly operating the authentication request server 200 itself, instead of making an authentication request using the devices included in the device group 400. In this case, the authentication request server 200 also serves as an authentication accepting device. Therefore, the location where the authentication request server 200 exists is stored in the history database 103 as “authentication receiving device location information” included in the authentication history information.

  The location information in the “usage device location information” in the usage history information and the “authentication acceptance device location information” in the authentication history information may be expressed in coordinates by latitude and longitude. .. ”May be represented by an address, or may be represented by an identification code unique to the present embodiment. In addition, the “use device name” of the use history information and the “authentication accepting device name” of the authentication history information may be specific names, but an ID number created by a combination of numbers or the like is assigned and managed. May be.

  The movement route database 104 stores a movement route for moving from one position to another position. Further, the travel route database 104 stores the time required to travel from one position to another through this travel route. For example, the movement path for moving from position A to position B and the time required for movement via the movement path are stored.

  Here, when there are a plurality of movement paths for moving from the position A to the position B, the time required for movement for each movement path may be stored, but the most of the plurality of movement paths is stored. Only the travel route with a short travel time may store the time required to travel.

  Further, more detailed elements may be stored regarding the movement route. For example, if a certain travel route uses a train, store the start and end times of the day, and do not consider this travel route in the time zone after the last train departs. May be.

  The history database 103 and the movement route database 104 can be realized by a single storage device. However, each or any of the history database 103 and the movement route database 104 may be realized by a plurality of storage devices. In addition, a storage device provided outside the management server 100 may be used to implement the history database 103 and the movement route database 104.

  Further, regarding the movement route, the movement route database 104 may be referred to, but an inquiry may be made to an external server and a response to this inquiry may be used.

  Next, the configuration of the authentication request server 200 will be described with reference to FIG.

  Referring to FIG. 6, the authentication request server 200 includes a control unit 201, a communication unit 202, an operation reception unit 203, and a request source storage unit 204.

  The control unit 201 includes an arithmetic device such as a CPU. Then, the control unit 201 controls the entire authentication request server 200 by performing arithmetic processing based on a program incorporated in the authentication request server 200.

  The communication unit 202 transmits / receives data to / from other devices via the network 300.

  The operation reception unit 203 has a function of receiving an operation related to an authentication request from a user. The operation accepting unit 203 is realized by, for example, a keyboard or a software key displayed on a display, and accepts an ID for identifying a user, a password, or the like. Further, it is realized as a sensor, and reads data for biometric authentication using a palm or the like. The operation reception unit 203 is used when the authentication request server 200 also serves as an authentication reception device.

  The request source storage unit 204 is a storage unit used when a device included in the device group 400 becomes an authentication receiving device. When a certain device included in the device group 400 receives an authentication request from a user, the certain device authenticates information for identifying the user, the date and time when the authentication request is received, and the position information of the certain device. Transmit to request server 200. Upon receiving these pieces of information, the authentication request server 200 stores these pieces of information in the request source storage unit 204. Thereafter, the authentication request server 200 transmits information stored in the request source storage unit 204 to the management server 100 and confirms whether or not authentication is possible. The authentication result is transmitted from the management server 100 to the authentication request server 200, and the authentication result is transmitted from the authentication request server 200 to a certain device that has received an authentication request from the user. Note that the authentication result may be directly transmitted from the management server 100 to a certain device that has received an authentication request from the user.

  Next, specific examples of devices included in the device group 400 will be described with reference to FIG.

  With reference to FIG. 7, the present embodiment includes a management server 100, an authentication request server 200, a network 300, and a device group 400.

  The device group 400 includes a mobile terminal base station 410 and a mobile terminal 411. The device group 400 includes an entrance / exit management device 420 and an entry / exit authentication item 421. The device group 400 further includes a network terminal 430, a stationary personal computer 431, an access point 432, and a mobile personal computer 433. Further, the device group 400 includes a network connection type telephone 440. Furthermore, the device group 400 includes a legacy circuit switch 450 and a legacy circuit connection type telephone 451. The device group 400 further includes a server 460 having a personal identification function, a monitoring camera 461, and a personal computer connection camera 462.

  The components of the device group 400 are generally grasped as a single device such as a network-connected telephone 440. Of course, there are general cases in which each is recognized as one system, such as a combination of the entrance / exit management device 420 and the entry / exit authentication item 421 and a combination of the mobile terminal base station 410 and the mobile terminal 411. However, in the description of the present embodiment, all devices including those that are generally grasped as one system are collectively referred to as “devices”.

  Here, the authentication request server 200, the portable terminal 411, the entrance / exit management device 420, the stationary personal computer 431, the mobile personal computer 433, the access point 432, the network terminal 430, and the network connection type telephone 440. A legacy line connection telephone 451, a legacy line switch 450, a monitoring camera 461, a personal computer connection camera 462, and a server 460 having a personal identification function for identifying a user who uses the device. It has a function of transmitting information and device position information to the management server 100. That is, the authentication request server 200 includes a mobile terminal 411, an entrance / exit management device 420, a stationary personal computer 431, a mobile personal computer 433, an access point 432, a network terminal 430, and a network connection type telephone 440. Collecting user identification information and device location information from legacy line connection telephone 451, legacy line switch 450, surveillance camera 461, personal computer connection camera 462, and server 460 having a personal identification function It has a function.

  Further, the entrance / exit management device 420 manages the entrance / exit of the user. For example, the user holds the entry / exit authentication item 421 over the entrance / exit management device 420 in order to pass through a door provided in the office. The entrance / exit management device 420 manages the time when the user entered or exited using the entry / exit authentication item 421 and whether the user is currently entering or leaving. . These pieces of information are transmitted to the management server 100. In addition to these pieces of information, user identification information and location information of the entrance / exit management device 420 are transmitted to the management server 100. The entrance / exit management device 420 is installed, for example, at the entrance of an office, and is used for the purpose of grasping entrance / exit of employees and the like. In addition, for example, it is installed at a ticket gate of a train and used for the purpose of grasping passengers entering and leaving.

  The entrance / exit management device 420 may only be configured to grasp the user's passing time and not to enter / exit. In this case, the management server 100 receives the user's passage time, and manages the user's entrance / exit based on the user's passage time.

  The server 460 having a personal identification function has a function of acquiring an image or a moving image from the monitoring camera 461 and the personal computer connected camera 462 and identifying the individual. Then, the server 460 having the personal identification function transmits to the management server 100 information specifying the user identified in this way and position information of the monitoring camera 461 or the personal computer connected camera 462 from which the image is acquired. . Further, the server 460 having the personal identification function transmits the time at which the individual is identified to the management server 100 as the use date and time.

  As described above, each of the devices included in the device group 400 identifies a user who uses the device 400 and transmits information for specifying the user to the management server 100. The user identification at this time is performed based on, for example, the user ID input by the user or the ID number stored in the IC card used by the user. That is, when a certain device is used using an ID assigned to a certain user, information for specifying the certain user is transmitted to the management server 100.

  Depending on the device, there are devices that do not require unique authentication when used, but there are devices that perform unique authentication that is not related to the authentication request server 200 and the management server 100. In the latter case, for example, after a user ID is entered, it cannot be used unless a valid password is entered. In this case, information for specifying the user may be transmitted to the management server 100 only when a valid password is input and the device is actually used. Further, if the device is a device that performs biometric authentication, information for specifying the certain user may be transmitted to the management server 100 when the biometric authentication of the certain user is successful.

  If a user ID or password is leaked to an unauthorized user, there is a case where the unauthorized user impersonates a legitimate user and illegally uses the device. In this case, an illegally used device cannot recognize the fact of impersonation. However, in the present embodiment, the use history of devices other than this device is referred to. Therefore, the management server 100 of the present embodiment may notice that there has been a fraudulent fact due to the above-mentioned impersonation. In this case, the management server 100 can deny authentication via the authentication request server 200. In this way, a legitimate user who has been spoofed with respect to a certain device may leak a user ID, a password, or the like regarding another device. Accordingly, there is a possibility that the user ID, the password, etc. are leaked regarding the authentication receiving device. Therefore, it is preferable to deny authentication for such users. In other words, in the present embodiment, it is possible to deny authentication regarding a spoofed user at an intermediate stage of the usage history, and more accurate authentication can be performed.

  In addition, as described above, when there is no movement route, there is a possibility that a user other than the authorized user is using the user identification information of the authorized user. Therefore, by using this, it is possible to detect impersonation in which a user other than a legitimate user uses the user identification information of the legitimate user. That is, this embodiment can be used not only as a system that denies authentication regarding a user who has been impersonated in the middle of the usage history, but also as a system that detects impersonation.

In this embodiment, the authentication using the following user usage history information and authentication history information is performed instead of the authentication using a single terminal as described in the cited document 1. Using an electronic card or a magnetic card Use history information and authentication history information of personal authentication system ・ Use history information and authentication history information of personal authentication system based on biometric information ・ System authentication history information using authentication such as password and information of network terminal location ・Information on service usage history of identifiable public institutions and information on the location where the service was enjoyed ・ Usage history information on systems that can identify individuals using surveillance cameras installed on streets and buildings, etc. The authentication history information is merely an example, and in the present embodiment, various other usage history information are used. It is possible to perform authentication by using a fine-authentication history information.

  Next, the operation of this embodiment will be described with reference to the flowchart of FIG.

  When the user uses any device included in the device group 400 or when an authentication request is made through the authentication request server 200, information such as information for identifying the user is transmitted to the management server 100 (step) S500). The management server 100 that has received the information first determines whether or not the transmission source of this information is an authentication request to the management server 100 (step S501).

  When the information transmission source is not the authentication accepting device (No in step S501), the management server 100 displays the usage date and time, the used device position information, and the used device name, which are each item of the usage history information, together with the user identification information in the history database 103. (Step S502).

  In addition, authentication is performed as in the entrance / exit management device 420. This authentication is performed without using the authentication server 100, and in the case of a device that is performed by a unique authentication function, the usage history information is also used together with user identification information. It transmits to 100 (step S502).

  On the other hand, when the information transmission source is the authentication acceptance device (Yes in step S501), the authentication request server 200 performs authentication request date and time, authentication acceptance device location information, which is each item of the authentication history information together with the user identification information, The authentication acceptance device name is transmitted to the management server 100 (step S503).

  The management server 100 extracts the usage history information of this user based on the information specifying the user transmitted in step S503. Then, a movement route search between each position included in the usage history information is performed (step S504).

  Then, as illustrated in FIG. 9, when there is no movement route for all or a part between the positions included in the usage history information (No in step S505), the management server 100 determines that an authentication error has occurred. Judgment is made, and a response indicating an authentication error is transmitted to the authentication request server 200 or the authentication receiving device (steps S507-2 and S508). In the example of FIG. 9, it is shown that there is no movement path between the position B and the position C and no movement path between the position C and the position D. For example, when the example shown in FIG. 5 is used, the travel route travels between position B and position C within 1 hour 30 minutes, which is the elapsed time from time 14:00 to time 15:30. Indicates that it does not exist. The usage history information indicates that a device WW of a certain user U exists at position B at 14:00 and a device XX of the user U exists at position C at 15:30. Therefore, if there is a movement route that can move from position B to position C within 1 hour 30 minutes, which is the elapsed time from time 14:00 to time 15:30, “device WW at position 14:00 It is not possible to deny that the user who used the device and the device XX at the time 15:30 at the position C is the user U. On the other hand, if there is no movement route that can move from position B to position C within 1 hour and 30 minutes, which is the elapsed time from time 14:00 to time 15:30, “device WW at position 14:00 It is correct to deny that the user who used the device and the device XX at the time 15:30 and the user who uses the device XX are both the user U ".

  On the other hand, as illustrated in FIG. 10A, when there is a movement route between all the positions included in the usage history information (Yes in step S505), the management server 100 determines that the authentication is successful. Then, a response that the authentication is successful is transmitted to the authentication accepting device (steps S507-1, S508).

  Thereby, authentication using a plurality of devices can be realized. This is because the use history information and authentication history information of a plurality of devices are used to verify whether or not the user can actually act and determine whether or not authentication is possible. Therefore, even if a certain device is stolen, unauthorized authentication can be prevented.

  In the above description, whether or not there is a moving route is searched for between all positions. However, not all but a part may be confirmed. 10-2, for example, between the position A and the position C, between the position A and the position D, between the position A and the position E, between the position B and the position D, and between the position C and the position E. The travel route search may not be performed for the interval.

  In addition, as a result of the search, it may be determined that the authentication is successful even when some of the movement routes do not exist. This takes into consideration the possibility that not all the routes that actually exist in the route database 104 are registered, and the possibility that the position information measured by the device may be inaccurate. However, from the viewpoint of performing highly accurate authentication, it is preferable to determine that the authentication has failed if some of the movement paths do not exist as a result of the search.

  In addition to the two authentication results of the authentication success and the authentication error, an authentication result (for example, a partial authentication success) that is intermediate between the authentication success and the authentication error may be transmitted. For example, when the authentication is authentication for requesting the use of a certain service, the use of all services is permitted if the authentication is successful, and the use of some services is permitted if the authentication is partially successful. For example, if authentication is successful, both cash withdrawal and balance inquiry are allowed, and if authentication is partially successful, only balance inquiry is allowed.

  Then, the 1st modification of this embodiment is demonstrated with reference to FIG. In this modification, in addition to the search for the travel route in step S505, the entrance history and exit history managed by the entrance / exit management device 420 are used to determine whether or not the authentication acceptance device is appropriate in light of the entrance / exit record. To do.

  Specifically, in this modification, there is an entry history in the entrance / exit management device 420, but when there is no subsequent exit history, a device outside the management area of the entrance / exit management device 420 is designated as an authentication acceptance device. Deny the requested authentication.

  For example, if there is an entrance history of a station building and no exit history, or if an authentication request is issued for devices outside the station building and outside the route, the authentication is denied.

  On the other hand, if there is no entrance history after the last exit history in the entrance / exit management device 420, or if the entrance history itself does not exist, an authentication request is made with a device in the management area of the entrance / exit management device 420 as an authentication acceptance device. deny.

  For example, if there is no entry history of a station building, or if an authentication request is issued with the devices in the station building and in the route as authentication receiving devices, the authentication is denied.

  Note that the entry / exit history includes not only public institutions, but also private areas such as houses and offices.

  Referring to FIG. 11, in the present modification, when the answer is Yes in step S <b> 505, the management server 100 determines whether the authentication accepting device matches the entry / exit record from the use history information of the entry / exit management device 420 used by the user. In step S506, it is verified that it is appropriate. If all the routes exist (yes in step S505) and the entrance / exit record is appropriate (yes in step S506), the management server 100 determines that authentication is successful and returns a response indicating that authentication is successful. Send to.

  On the other hand, even if all the routes exist (Yes in step S505), at least one of the combination of the use date / time, the use device position information, and the use device name included in the use history information in light of the entry / exit record is If it is not appropriate (No in step S506), it is determined that the management server 100 is an authentication error, and a response indicating the authentication error is transmitted to the authentication receiving device.

Next, a second modification of the present embodiment will be described with reference to FIG.
In this modified example, the management server 100 determines in step S505 that the table of ○ × as shown in FIGS. 9, 10-1, and 10-2 (○ indicates that there is a moving route, and × indicates movement This indicates that there is no route.) Is used for grouping. Specifically, using the table of ○ ×, the used device positions are connected by ○, and the used device positions are grouped by cutting by ×. As a result of the grouping, if it is confirmed that there are two or more connected groups, it is determined that a group with higher reliability is a regular user group. Then, the location indicated by the authentication acceptance device location information is based on the usage device location information of the usage history included in the group other than the regular user group, rather than the location indicated by the usage device location information of the usage history included in the regular user group. If it is close to the indicated position, the authentication request is denied.

  Here, the determination of which group is more reliable or a group can be determined by an arbitrary criterion. For example, a group including devices that are difficult to be illegally used, such as devices that require biometric authentication for use, may be determined as a group with higher reliability. Further, a group having a large number of used devices included in the group may be determined as a group having higher reliability.

  This will be described with reference to the example shown in FIG. Here, A to E are all devices that are considered to be used by a certain user. The authentication receiving device is assumed to be F, and F is not included in the table. Further, it is assumed that the device A is a highly reliable device that is difficult to illegally use.

  When grouping is performed with respect to FIG. 12, two groups of groups I (A, C, E) and II (B, D) are obtained. Here, (A, E) and (C, E) are included in the group I and need not be considered.

  Then, it is determined which of Group I and Group II is a valid group. If a group including a highly reliable device is a valid group, the group I including the device A is a valid group. Further, when a group having a large number of included devices is a valid group, a group I having a large number of devices is a valid group.

  In addition, for each of the group I and the group II, “a position obtained based on the use device position of the use history information included in the group” is calculated. This position is calculated by, for example, calculating “an average position or a weighted average position of use device positions of use history information included in a group” or “the closest use device position of use history information included in a group” This is done by calculating the “use device position paired with the use date”.

  After the calculation, the usage of the authentication acceptance device F is included in the group II that is a group other than the regular user group, rather than the location obtained based on the usage device location of the usage history information included in the group I that is the regular user group. If it is close to the position obtained based on the use position of the history information, the authentication request is denied. As a result, even if unauthorized use such as impersonation is performed in a partly used device, it is possible to authenticate a legitimate user.

  Next, a specific usage example of the present embodiment will be described.

<Specific example 1>
In addition to the above-described embodiment, when an authentication error or partial authentication succeeds due to the travel route search, there is a possibility that a third party impersonates the user and makes an authentication request. For this reason, not only the authentication is denied, but the authentication request may be issued to the user who may have been spoofed by a registered voice or e-mail. Notice.

<Specific example 2>
In addition to the above-described embodiment, the authentication availability condition may be that the usage history information or authentication history information of a specific device exists in the usage history information of the system for all or a part of the period.

<Specific example 3>
As a specific example of the specific example 2, the usage history information of the personal authentication system such as biometric authentication that is difficult to authenticate alone or the authentication history information exists in all or part of the system usage history information. Also good.

<Specific Example 4>
In addition to the above-described embodiment, in the case of receiving authentication beyond a specific range, in the authentication availability condition, in the usage history information of the system for all or part of the period, in a specific device or a specific device or a specific system outside the range It may be a condition that usage history information or authentication history information exists.

<Specific Example 5>
For example, the specific example of the specific example 4 may be based on the condition that the usage history information or the authentication history information of the monitoring camera 461 and the personal authentication system 462 of the personal computer connected camera exists.

  Note that each device included in the management server 100, the authentication request server 200, and the device group 400 can be realized by hardware, software, or a combination thereof. The unauthorized authentication prevention method performed by each device included in the management server 100, the authentication request server 200, and the device group 400 can also be realized by hardware, software, or a combination thereof. Here, “realized by software” means realized by a computer reading and executing a program.

  The program may be stored using various types of non-transitory computer readable media and supplied to the computer. Non-transitory computer readable media include various types of tangible storage media. Examples of non-transitory computer readable media include magnetic recording media (for example, flexible disks, magnetic tapes, hard disk drives), magneto-optical recording media (for example, magneto-optical disks), CD-ROMs (Read Only Memory), CD- R, CD-R / W, semiconductor memory (for example, mask ROM, PROM (Programmable ROM), EPROM (Erasable PROM), flash ROM, RAM (random access memory)). The program may also be supplied to the computer by various types of transitory computer readable media. Examples of transitory computer readable media include electrical signals, optical signals, and electromagnetic waves. The temporary computer-readable medium can supply the program to the computer via a wired communication path such as an electric wire and an optical fiber, or a wireless communication path.

  A part or all of the above-described embodiment can be described as in the following supplementary notes, but is not limited thereto.

(Supplementary note 1) An unauthorized authentication preventing apparatus for rejecting an unauthorized authentication request requested from an authentication receiving device,
Every time a group of information including at least user identification information, usage date and time, and usage device location transmitted from the usage device is received, a record including at least the usage date and time and usage device location for each user, based on the information group, Means to add to usage history information;
When receiving an authentication request from the authentication accepting device, it is determined whether or not the authentication request is made by an authorized user based on the usage history information, and the authentication request is made by a user other than the authorized user. Authentication denial means for denying the authentication request;
An unauthorized authentication preventing apparatus comprising:

(Supplementary note 2) The unauthorized authentication preventing apparatus according to supplementary note 1, wherein
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. Based on the result of the route existence determination as to whether or not there is a movement route that enables the use of the device using another record at the use date and time of a certain record, the authentication request is determined to be an authorized user. It is judged whether it is what was made | formed by this, The unauthorized authentication prevention apparatus characterized by the above-mentioned.

(Supplementary note 3) The unauthorized authentication preventing apparatus according to supplementary note 2, wherein
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. A route existence judgment as to whether or not there is a moving route that allows the use device of another certain record to be used at the use date and time of a certain record is performed between records adjacent in time series, An apparatus for preventing unauthorized authentication, wherein if there is no movement route between at least one record for which a route existence determination has been made, it is determined that the authentication request is made by a user other than a regular user.

(Supplementary note 4) The unauthorized authentication preventing apparatus according to supplementary note 2,
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. The existence of a route is determined for all combinations of records as to whether or not there is a moving route that can use a device that uses another record at the use date and time of a record. An unauthorized authentication preventing apparatus characterized in that, when there is no movement path between at least one record for which a determination has been made, it is determined that the authentication request is made by a user other than a regular user.

(Additional remark 5) It is an unauthorized authentication prevention apparatus of Additional remark 2,
The authentication denial means
Use of a device that uses the record at the use date and time of a record included in the use history information for the user who has made the authentication request, and then use another record included in the use history information The route existence judgment about whether or not there is a moving route that can use the device of another certain record at day and time is performed for all combinations of records,
Based on the result of the route presence determination, the records included in the usage history information are divided into one or more groups,
The most reliable group is determined to be a regular user group,
The position obtained based on the use device position of the use history information included in the group other than the normal user group, rather than the position obtained based on the use device position of the use history information included in the normal user group. If the authentication request is near, the authentication request is rejected.

(Supplementary note 6) The unauthorized authentication preventing apparatus according to any one of supplementary notes 1 to 5,
As the use device, connected to an entrance / exit management device for managing the entrance / exit of the user in a predetermined management area,
Deny the authentication request if the user is using a device that exists outside the management area at a date and time when it can be determined that the user exists in the management area based on a notification from the entrance / exit management device. An unauthorized authentication prevention device characterized by the above.

(Supplementary note 7) The unauthorized authentication preventing apparatus according to any one of supplementary notes 1 to 6,
As the use device, connected to an entrance / exit management device for managing the entrance / exit of the user in a predetermined management area,
Deny the authentication request if the user is using a device that exists in the management area at a date and time when it can be determined that the user exists outside the management area based on a notification from the entrance / exit management device. An unauthorized authentication prevention device characterized by the above.

(Supplementary Note 8) An unauthorized authentication prevention system including a device used by a user and an unauthorized authentication prevention device connected to the device,
When the device is used by a user, the device includes means for transmitting the use date and time of use and the position of the device to the unauthorized authentication preventing device.
An unauthorized authentication preventing system, wherein the unauthorized authentication preventing apparatus is the unauthorized authentication preventing apparatus according to any one of appendices 1 to 7.

(Supplementary note 9) An unauthorized authentication prevention program for causing a computer connected to a device used by a user to function as an unauthorized authentication preventing device,
The computer,
Every time a group of information including at least user identification information, usage date and time, and usage device location transmitted from the usage device is received, a record including at least the usage date and time and usage device location for each user, based on the information group, Means to add to usage history information;
When receiving an authentication request from the authentication accepting device, it is determined whether or not the authentication request is made by an authorized user based on the usage history information, and the authentication request is made by a user other than the authorized user. Authentication denial means for denying the authentication request;
An unauthorized authentication preventing program for causing an unauthorized authentication preventing apparatus to function.

(Supplementary note 10) The unauthorized authentication prevention program according to supplementary note 9,
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. Based on the result of the route existence determination as to whether or not there is a movement route that enables the use of the device using another record at the use date and time of a certain record, the authentication request is determined to be an authorized user. An unauthorized authentication prevention program characterized in that it is determined whether or not it is made by.

(Supplementary note 11) The unauthorized authentication prevention program according to supplementary note 10,
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. A route existence judgment as to whether or not there is a moving route that allows the use device of another certain record to be used at the use date and time of a certain record is performed between records adjacent in time series, An unauthorized authentication prevention program characterized by determining that the authentication request is made by a user other than a legitimate user when the movement route does not exist between at least one record for which the route existence is determined.

(Supplementary note 12) The unauthorized authentication prevention program according to supplementary note 10,
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. The existence of a route is determined for all combinations of records as to whether or not there is a moving route that can use a device that uses another record at the use date and time of a record. An unauthorized authentication prevention program characterized by determining that the authentication request is made by a user other than a regular user when the movement route does not exist between at least one record for which the determination has been made.

(Supplementary note 13) The unauthorized authentication prevention program according to supplementary note 10,
The authentication denial means
Use of a device that uses the record at the use date and time of a record included in the use history information for the user who has made the authentication request, and then use another record included in the use history information The route existence judgment about whether or not there is a moving route that can use the device of another certain record at day and time is performed for all combinations of records,
Based on the result of the route presence determination, the records included in the usage history information are divided into one or more groups,
The most reliable group is determined to be a regular user group,
The position obtained based on the use device position of the use history information included in the group other than the normal user group, rather than the position obtained based on the use device position of the use history information included in the normal user group. If the authentication request is near, the authentication request is rejected.

(Supplementary note 14) The unauthorized authentication prevention program according to any one of supplementary notes 9 to 13,
As the use device, connected to an entrance / exit management program for managing user entrance / exit in a predetermined management area,
Deny the authentication request if the user is using a device outside the management area at a date and time when it can be determined that the user exists in the management area based on a notification from the entrance / exit management program. An unauthorized authentication prevention program characterized by

(Supplementary note 15) The unauthorized authentication prevention program according to any one of supplementary notes 9 to 14,
As the use device, connected to an entrance / exit management program for managing user entrance / exit in a predetermined management area,
Deny the authentication request when the user is using a device that exists in the management area at a date and time when it can be determined that the user exists outside the management area based on a notification from the entrance / exit management program. An unauthorized authentication prevention program characterized by

(Supplementary Note 16) A spoofing detection device that pretends to be a legitimate user and uses identification information of the legitimate user,
Every time a group of information including at least user identification information, usage date and time, and usage device location transmitted from the usage device is received, a record including at least the usage date and time and usage device location for each user, based on the information group, Means to add to usage history information;
When receiving an authentication request from the authentication accepting device, it is determined whether or not the authentication request is made by an authorized user based on the usage history information, and the authentication request is made by a user other than the authorized user. Impersonation detection means for determining that impersonation is being performed;
An impersonation detection device comprising:

(Supplementary Note 17) A spoofing detection program for causing a computer to function as a spoofing detection device that pretends to be a legitimate user and uses identification information of the legitimate user,
The computer,
Every time a group of information including at least user identification information, usage date and time, and usage device location transmitted from the usage device is received, a record including at least the usage date and time and usage device location for each user, based on the information group, Means to add to usage history information;
When receiving an authentication request from the authentication accepting device, it is determined whether or not the authentication request is made by an authorized user based on the usage history information, and the authentication request is made by a user other than the authorized user. Impersonation detection means for determining that impersonation is being performed;
An impersonation detection program for causing an impersonation detection device to function.

  The present invention is applicable to any device or system for performing authentication regardless of the use of the device or system as long as it is a device or system for performing authentication.

100 Management Server 200 Authentication Request Server 300 Network 400 Device Group 410 Mobile Terminal Base Station 411 Mobile Terminal 420 Entrance / Exit Management Device 421 Entrance / Exit Authentication Item 430 Network Termination Terminal 431 Stationary Personal Computer 432 Access Point 433 Mobile Personal Computer 440 Network Connection Type Telephone 450 Legacy line switch 451 Legacy line connection type telephone 460 Personal identification function server 461 Surveillance camera 462 Personal computer connection type camera

Claims (10)

An unauthorized authentication prevention device that denies unauthorized authentication requests requested from an authentication receiving device,
Every time a group of information including at least user identification information, usage date and time, and usage device location transmitted from the usage device is received, a record including at least the usage date and time and usage device location for each user, based on the information group, Means to add to usage history information;
When receiving an authentication request from the authentication accepting device, it is determined whether or not the authentication request is made by an authorized user based on the usage history information, and the authentication request is made by a user other than the authorized user. Authentication denial means for denying the authentication request;
An unauthorized authentication preventing apparatus comprising: The unauthorized authentication preventing apparatus according to claim 1,
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. Based on the result of the route existence determination as to whether or not there is a movement route that enables the use of the device using another record at the use date and time of a certain record, the authentication request is determined to be an authorized user. It is judged whether it is what was made | formed by this, The unauthorized authentication prevention apparatus characterized by the above-mentioned. An unauthorized authentication preventing apparatus according to claim 2,
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. A route existence judgment as to whether or not there is a moving route that allows the use device of another certain record to be used at the use date and time of a certain record is performed between records adjacent in time series, An apparatus for preventing unauthorized authentication, wherein if there is no movement route between at least one record for which a route existence determination has been made, it is determined that the authentication request is made by a user other than a regular user. An unauthorized authentication preventing apparatus according to claim 2,
The authentication denial means uses the use device of the certain record at the use date and time of a certain record included in the use history information for the user who has made the authentication request, and then includes the different information included in the use history information. The existence of a route is determined for all combinations of records as to whether or not there is a moving route that can use a device that uses another record at the use date and time of a record. An unauthorized authentication preventing apparatus characterized in that, when there is no movement path between at least one record for which a determination has been made, it is determined that the authentication request is made by a user other than a regular user. An unauthorized authentication preventing apparatus according to claim 2,
The authentication denial means
Use of a device that uses the record at the use date and time of a record included in the use history information for the user who has made the authentication request, and then use another record included in the use history information The route existence judgment about whether or not there is a moving route that can use the device of another certain record at day and time is performed for all combinations of records,
Based on the result of the route presence determination, the records included in the usage history information are divided into one or more groups,
The most reliable group is determined to be a regular user group,
The position obtained based on the use device position of the use history information included in the group other than the normal user group, rather than the position obtained based on the use device position of the use history information included in the normal user group. If the authentication request is near, the authentication request is rejected. An unauthorized authentication preventing apparatus according to any one of claims 1 to 5,
As the use device, connected to an entrance / exit management device for managing the entrance / exit of the user in a predetermined management area,
Deny the authentication request if the user is using a device that exists outside the management area at a date and time when it can be determined that the user exists in the management area based on a notification from the entrance / exit management device. An unauthorized authentication prevention device characterized by the above. An unauthorized authentication preventing apparatus according to any one of claims 1 to 6,
As the use device, connected to an entrance / exit management device for managing the entrance / exit of the user in a predetermined management area,
Deny the authentication request if the user is using a device that exists in the management area at a date and time when it can be determined that the user exists outside the management area based on a notification from the entrance / exit management device. An unauthorized authentication prevention device characterized by the above. A fraud authentication preventing system including a device used by a user and a fraud authentication preventing apparatus connected to the device,
When the device is used by a user, the device includes means for transmitting the use date and time of use and the position of the device to the unauthorized authentication preventing device.
An unauthorized authentication prevention system, wherein the unauthorized authentication prevention apparatus is the unauthorized authentication prevention apparatus according to any one of claims 1 to 7. An unauthorized authentication prevention program for causing a computer connected to a device used by a user to function as an unauthorized authentication preventing device,
The computer,
Every time a group of information including at least user identification information, usage date and time, and usage device location transmitted from the usage device is received, a record including at least the usage date and time and usage device location for each user, based on the information group, Means to add to usage history information;
When receiving an authentication request from the authentication accepting device, it is determined whether or not the authentication request is made by an authorized user based on the usage history information, and the authentication request is made by a user other than the authorized user. Authentication denial means for denying the authentication request;
An unauthorized authentication preventing program for causing an unauthorized authentication preventing apparatus to function. An impersonation detection device that pretends to be a legitimate user and uses identification information of the legitimate user,
Every time a group of information including at least user identification information, usage date and time, and usage device location transmitted from the usage device is received, a record including at least the usage date and time and usage device location for each user, based on the information group, Means to add to usage history information;
When receiving an authentication request from the authentication accepting device, it is determined whether or not the authentication request is made by an authorized user based on the usage history information, and the authentication request is made by a user other than the authorized user. Impersonation detection means for determining that impersonation is being performed;
An impersonation detection device comprising:

Images