JP2013251000A - User verification device, method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a user verification device which offers enhanced accuracy of user verification without degrading user's convenience.SOLUTION: A user verification device comprises: extraction means which extracts user identification information and terminal information included in a packet received from a user terminal; information management means which stores the terminal information extracted from a packet received from the user terminal in its storage means in association with the user identification information; first determination means which determines whether the extracted user identification information is stored by the information management means; second determination means which determines whether the extracted terminal information matches the terminal information stored in association with the user identification information; and third determination means which performs re-authentication processing using information different from the information used by the first determination means when the first determination means has determined that the extracted user identification information is stored by the information management means and also the second determination means has determined that the terminal information extracted by the extraction means does not match the terminal information stored in association with the user identification information.

Description

  The present invention relates to a user confirmation device, method and program, and in particular, a user confirmation device for confirming whether or not a user operating a terminal device is a valid user, a user confirmation method applicable to the user confirmation device, and The present invention relates to a user confirmation program for causing a computer to function as the user confirmation device.

  In a website that provides a predetermined service online to a user registered in advance, a user who has accessed the website via a terminal device is allowed to input a user ID and password, and the set of the entered user ID and password A user confirmation method for confirming whether the accessing user is a valid user based on whether or not the registration is registered is generally adopted. However, the above-described user confirmation method makes it possible for a person who knows the user ID and password to impersonate a legitimate user and gain unauthorized access if the user ID and password are leaked to others. There is a disadvantage that it will.

  In relation to the above, in Patent Document 1, in addition to the user ID and password, it is also determined whether or not the telephone number of the caller notified from the telephone exchange matches the telephone number of the telephone line used by the registered user. Thus, a technique for authenticating a user is disclosed.

  Also, in Patent Document 2, an IP address (and link source URL) that allows the use of a service is stored in a database together with an ID and a password, and in addition to authentication based on the ID and password, an access source IP address is registered in the database. Whether the use of the service is permitted or not (and if the link source URL is present in the access signal, the link source URL is registered in the database). Techniques for determining whether or not are disclosed.

JP 2000-209284 A JP-A-2001-325229

  The techniques described in Patent Literatures 1 and 2 are users who operate an access source terminal device by determining whether the access source terminal device is a valid terminal device using a telephone number or an IP address. Is a legitimate user (whether a third party is not impersonating a legitimate user). However, although the technique described in Patent Document 1 has an advantage that a terminal device can be uniquely specified by using a telephone number, it cannot be applied to a device other than a terminal device connected to a network via a telephone exchange. There is a problem.

Moreover, although the IP address used in the technique described in Patent Document 2 is always constant as long as it is a terminal device to which a global IP address is fixedly assigned, there are very few such terminal devices. Most terminal devices, for example, have an arbitrary IP address from among a large number of global IP addresses held by an Internet service provider (Internet service provider, hereinafter simply referred to as “provider”) when accessing the Internet. Since the address is automatically assigned, the IP address is different every time access is performed. For this reason, as in the technique described in Patent Document 2, when the user is confirmed or authenticated based on whether or not the IP addresses match, access by a legitimate user is erroneously determined as unauthorized access, There is a risk of misjudging an unauthorized user as an authorized user.

  As a technique for preventing spoofing and improving security, a technique for authenticating a terminal device using an electronic certificate prior to user authentication based on a user ID and a password is also known. If this technology is applied, even if the user ID and password are leaked to others, it is illegal unless a person who knows the user ID and password operates a terminal device with a legitimate electronic certificate installed. Can be prevented. However, in order to apply this technique, it is necessary to perform a complicated operation of installing an electronic certificate in the terminal device, which causes a problem that the burden on the user is heavy.

  The present invention has been made in view of the above facts, and an object thereof is to obtain a user confirmation device, a user confirmation method, and a user confirmation program that can improve the accuracy of user confirmation without impairing the convenience of the user. is there.

HTTP (HyperText) as an application layer protocol for communication with terminal devices
When Transfer Protocol) is applied, an HTTP header is added to a packet received from a terminal device, and this HTTP header includes user-agent information. The user agent information does not have a format or the like defined on the HTTP protocol, and an arbitrary character string can be set. For example, if the terminal device is a PC (Personal
When the application that transmits a packet from the computer is a browser (browser: browsing software), the default setting of the browser operates as the user agent information on the computer. Information including the version of the operating system (OS) and the information including the version of the browser are set. In addition, depending on the user who operates the computer, the settings of the browser and the like may be changed in advance so that a desired character string is transmitted as user agent information.

  The user agent information set by the default setting browser includes not only the OS and browser version but also information such as how far the patch has been applied to the OS and browser. When information is set, although there are terminal devices that transmit the same user agent information, the degree of difference between user agent information transmitted by individual terminal devices is high. The user agent information is changed when a new patch is applied to the OS or browser, or when the version is upgraded or replaced, but a new patch is applied to the OS or browser. Since the frequency at which the contents are changed due to version upgrade or replacement is very low, the user agent information transmitted from each terminal device can be regarded as approximately constant. Further, when the user sets in advance such that a desired character string is transmitted as user agent information, the degree of difference in user agent information transmitted by each terminal device is further increased.

  The inventor of the present application pays attention to the above facts, stores the entire user agent information set in the HTTP header of a packet previously received from a terminal device operated by a certain user, and the user who is estimated to be the same operates The format and content of the user agent information were changed and set in advance by checking the entire user agent information set in the HTTP header of the packet received from the terminal device to be compared with the entire stored user agent information. However, without detecting this, it is possible to determine whether the terminal device that transmitted the packet received this time is the same as the terminal device that transmitted the previously received packet, thereby improving the accuracy of user confirmation. The present invention has been made in view of the fact that it can be performed.

  Based on the above, the user confirmation device according to the first invention is set in the HTTP header of the packet from the packet received from the terminal device to which IP is applied as the protocol of the Internet layer and HTTP is applied as the protocol of the application layer. Extraction means for extracting the access source IP address from the packet and the access source IP address extracted by the extraction means from the packet received from the terminal device operated by each user And information management means for storing the entire user agent information in the storage means in association with the user identification information of each individual user, and the access source IP address extracted by the extraction means from the packet received from any terminal device And user agent The entire agent information is collated with the user identification information of the user who is operating the arbitrary terminal device and is compared with the access source IP address and the entire user agent information stored in the storage unit, and stored in the storage unit Determining means for determining whether or not the user operating the arbitrary terminal device is a valid user by determining whether or not each of the access source IP address and the entire user agent information corresponds to each other. The access means for the access source IP address extracted from the received packet is equal to or greater than a threshold value in a predetermined bit unit match rate with the access source IP address stored in the storage means. The access source IP address extracted from the received packet is stored in the storage means It is determined whether or not it corresponds to the access source IP address, and it is determined whether or not the entire user agent information extracted from the received packet is the same as the entire user agent information stored in the storage means Thus, it is determined whether or not the entire user agent information extracted from the received packet corresponds to the user agent information stored in the storage means.

According to a first aspect of the present invention, an IP (Internet Protocol) is applied as an Internet layer protocol, HTTP is applied as an application layer protocol, and a user agent set in an HTTP header of the packet from a packet received from a terminal device Extraction means for extracting the access source IP address from the packet as well as extraction of the entire information, the information management means is the access respectively extracted by the extraction means from the packet received from the terminal device operated by each user The original IP address and the entire user agent information are stored in the storage means in association with the user identification information of each individual user. As the user identification information, for example, a user ID input by an individual user who operates the terminal device or other identification information uniquely determined from the user ID can be applied. In addition, the entire user agent information may be stored in the storage unit as it is. However, for security reasons, it is better to store the user agent information in the storage unit after encryption by applying a known encryption method such as a method using a hash function. preferable.

  Further, the judging means according to the first invention is the user of the user operating the arbitrary terminal device, using the access source IP address and the entire user agent information extracted by the extracting means from the packet received from the arbitrary terminal device. Whether the access source IP address and the entire user agent information stored in the storage unit in association with the identification information are checked, and whether the access source IP address and the entire user agent information are stored in the storage unit. By determining each, it is determined whether or not the user operating any terminal device is a valid user.

As described above, the user agent information transmitted from each terminal device can be regarded as approximately constant. When HTTP is applied as an application layer protocol, user agent information is always set in the HTTP header of a packet received from a terminal device. Therefore, the user (terminal device) confirmation using the entire user agent information is as follows: It is more versatile than the technology described in Patent Document 1 that cannot be applied to terminals other than terminal devices connected to a network via a telephone exchange, and is more confirmed than a technology that uses only an IP address that may change at each access. It is highly accurate and does not require complicated work such as installing an electronic certificate in the terminal device. Also, by collating the entire user agent information, for example, the user agent information format or content is changed such that the user agent information is changed and set by the user so that a desired character string is transmitted as the user agent information. Even if it is changed and set in advance, it is possible to determine whether or not the user operating any terminal device is a valid user without detecting this.

  In addition, although the IP address assigned to each terminal device may be different for each access, the IP address (global IP address) held by each provider for assignment to the terminal is within a certain range. However, since each terminal device accesses via a certain provider, the IP address assigned to each terminal device for each access is not always the same. The high order bits have a high degree of coincidence, such as being always constant.

  Based on the above, in the first invention, the entire user agent information and the access source IP address are extracted from the packet received from the terminal device, and the extracted access source IP address and the entire user agent information are associated with the user identification information. Each of the access source IP address and the entire user agent information extracted from a packet received from an arbitrary terminal device is associated with the entire user identification information of the user operating the arbitrary terminal device. By determining whether the access source IP address and the entire user agent information stored in the storage means correspond to each other, it is determined whether the user operating any terminal device is a valid user. doing. Further, the determination unit determines whether or not the access source IP address extracted from the received packet has a predetermined bit unit matching rate with the access source IP address stored in the storage unit is equal to or greater than a threshold value. And determining whether or not the access source IP address extracted from the received packet corresponds to the access source IP address stored in the storage means, and the entire user agent information extracted from the received packet is stored Whether or not the entire user agent information extracted from the received packet corresponds to the entire user agent information stored in the storage means by determining whether or not the entire user agent information stored in the means is the same It is comprised so that it may determine. Thereby, it is accurately determined whether or not the access source IP address and the entire user agent information extracted from the received packet correspond to the access source IP address and the entire user agent information stored in the storage unit. Whether the user operating the terminal device receiving the current packet is a valid user based on whether the terminal device receiving the current packet is a terminal device used in the past by the same user. Therefore, the accuracy of user confirmation can be improved without impairing user convenience.

In addition, in the second invention according to the first invention, in order to allow each user to access from an indefinite terminal device, the information management means includes an access source IP address extracted from the received packet and As a result of collating the entire user agent information with the access source IP address and the entire user agent information stored in the storage unit, the access unit IP address and the entire user agent information extracted from the received packet by the determination unit are stored. If the access source IP address and the entire user agent information stored in the packet are determined not to correspond to each other, the access source IP address and the entire user agent information extracted from the received packet are associated with the user identification information. Additional storage is performed in the storage means, and the determination means is optional. When a plurality of sets of the access source IP address and the entire user agent information associated with the user identification information of the user who operates the terminal device are stored in the storage means, it is extracted from a packet received from any terminal device Whether the user operating an arbitrary terminal device is a valid user by collating the access source IP address and the entire user agent information with the access source IP address and the entire user agent information stored in a plurality of sets. It is characterized by judging.

  In the second invention, when an individual user accesses through a new terminal device that has not been used in the past, the access source IP address and the entire user agent information extracted from the received packet by the judging means are The access source IP address and the entire user agent information stored in the storage means are determined, and it is determined that the user is not a valid user. In this case, the access source IP address and user agent extracted from the received packet The entire information is additionally stored in the storage means in association with the user identification information by the information management means. The judging means receives from the arbitrary terminal device when a plurality of sets of the access source IP address and the entire user agent information associated with the user identification information of the user operating the terminal device are stored in the storage means. By comparing the access source IP address and the entire user agent information extracted from the received packet with the entire access source IP address and the entire user agent information stored in a plurality of sets, the user operating any terminal device Since it is determined whether or not the user is a legitimate user, it is determined that the user is a legitimate user in subsequent access through the new terminal device.

  Thus, in the second invention, each user accesses using a desired terminal device among a plurality of terminal devices such as a terminal device installed at home or a terminal device installed at work. Is also possible. Even when individual users are allowed to access from indefinite terminal devices, the number of terminal devices used by individual users is almost always limited. It is extremely rare that a user is determined to be a legitimate user every time access is made through the apparatus.

  In the second invention, it is determined that the access source IP address and the entire user agent information extracted from the received packet do not correspond to the access source IP address and the entire user agent information stored in the storage unit. In this case, the information management means only accesses the access source IP address and the entire user agent information only when the user operating the packet transmission source terminal device is confirmed to be a valid user by a method different from the judgment means. May be additionally stored in the storage means.

  Further, in the second invention, the determining means, as described in the third invention, for example, the access source IP address and user agent information associated with the user identification information of the user operating any terminal device When the whole is stored in a plurality of sets in the storage means, the entire access source IP address and user agent information extracted from the received packet is the entire plurality of sets of access source IP addresses and user agent information stored in the storage means When it is determined that each corresponds to at least one set of the access source IP address and the entire user agent information, the user operating any terminal device is determined to be a valid user can do. Thereby, even when a legitimate user performs access by selectively using a plurality of terminal devices, the legitimate user can be accurately determined.

Further, in the second invention, the determination means, as described in the fourth invention, for example, the access source IP address and user agent information associated with the user identification information of the user operating any terminal device When a plurality of sets are stored in the storage means, each of the plurality of sets of access source IP addresses and user agent information corresponds to each of the access source IP address and the entire user agent information extracted from the received packet. When the combination of the access source IP address determined to be present and the entire user agent information does not exist, it is possible to determine that the user operating any terminal device is not a valid user. Accordingly, even when a third party who is not a valid user accesses, it is determined that the user is not a valid user based on the fact that at least one of the access source IP address and the entire user agent information is different from the past access. It is possible to accurately determine a third party who is not a legitimate user.

In the fourth aspect of the invention, even if the user operating the packet transmission source terminal device is a legitimate user, for example, accessing from a number of terminal devices using a different terminal device each time. Although the terminal device is accessed using a certain terminal device, the terminal device used for access is a portable terminal device such as a notebook PC, and a different hot spot (HOTSPOT: public wireless LAN can be used each time) When the usage environment is special, such as when accessing using a location, etc., it is received in a plurality of sets of access source IP addresses and the entire user agent information stored in the storage means. Access source IP address and user agent determined to correspond to the access source IP address and the entire user agent information extracted from the received packet, respectively. The fact that the entire set of gent information does not exist causes the inconvenience that it is determined that the user is not a valid user.

  In consideration of the above, in the fourth invention, as described in the fifth invention, for example, the information management means is a confirmation method in which the user who is judged not to be a valid user by the judgment means is different from the user confirmation by the judgment means When it is notified that the user is determined to be a legitimate user, the predetermined identification information is associated with the user identification information of the user and stored in the storage unit, and the determination unit operates any terminal device. Predetermined identification information is stored in the storage means in association with the user identification information of the user, and the access extracted from the received packet in the plurality of sets of access source IP addresses and the entire user agent information There are multiple sets of access source IP addresses and user agent information that are determined to correspond to the original IP address. Or, when there are a plurality of sets of access source IP addresses and user agent information that are determined to correspond to the entire user agent information extracted from the received packet, an arbitrary terminal device is operated. It is preferable that the user is determined to be a valid user.

  In the fifth invention, when it is notified that a user who is determined not to be a valid user by the determination means is determined to be a valid user by a confirmation method different from the user confirmation by the determination means, Assuming that the environment is special, the predetermined identification information is stored in the storage means in association with the user identification information of the user. For a user whose predetermined identification information is stored in the storage means, it corresponds to the access source IP address extracted from the received packet in the plurality of sets of access source IP addresses and user agent information. The access source IP address and the entire user agent information determined to correspond to the plurality of combinations of the determined access source IP address and the entire user agent information or the entire user agent information extracted from the received packet When there are a plurality of sets, it is determined that the user operating any terminal device is a valid user.

Thus, for example, when a legitimate user accesses each time using a different terminal device from among a large number of terminal devices, a plurality of stored access source IP addresses and the entire user agent information are stored. If the user is a legitimate user based on the fact that there are a plurality of combinations of the access source IP address and the entire user agent information determined to correspond to the access source IP address extracted from the received packet. Judgment can be made. In addition, when a legitimate user uses a portable terminal device and accesses using a different hot spot each time, a plurality of stored access source IP addresses and the entire user agent information are stored. Therefore, it is determined that the user is a legitimate user based on the fact that there are a plurality of combinations of the access source IP address and the entire user agent information determined to correspond to the entire user agent information extracted from the received packet. can do. Therefore, according to the fifth aspect, even when the user's usage environment is special, user confirmation can be performed with high accuracy.

  In the first invention, as described in the sixth invention, for example, an e-mail address storage means for storing each e-mail address used by each user in association with the user identification information of each user. And a predetermined unit for confirming whether or not the user is a valid user by a method different from the determination unit when the determination unit determines that the user operating the arbitrary terminal device is not a valid user. It is preferable that there is further provided a transmission means for transmitting the electronic mail with the link to the web page to the electronic mail address stored in the electronic mail address storage means in association with the user identification information of the user. This makes it easy for the user who is determined not to be a legitimate user by the judgment means to receive confirmation as to whether the user is a legitimate user by a method different from the judgment means, and the user who is judged not to be a legitimate user. Can be reduced.

  In the second invention, as described in the seventh invention, for example, as described in the seventh invention, a plurality of sets of access source IP addresses extracted from received packets and the entire user agent information are stored in the storage means. Access source IP address in which a plurality of sets of access source IP addresses and user agent information extracted from the received packet by the judging means are stored in the storage means as a result of collation with the access source IP address and the entire user agent information. And the access source IP address and the user agent which are determined to correspond to none of the user agent information and stored in the storage means in association with the user identification information of the user who is operating any terminal device When the total number of information sets reaches the specified upper limit When the access source IP address and the entire user agent information extracted from the received packet are stored in the storage unit among a plurality of sets of the access source IP address and the entire user agent information stored in the storage unit The oldest access source IP address and the entire set of user agent information may be overwritten and stored in the storage means.

  Thereby, for each user, the set of the access source IP address and the entire user agent information is prevented from being stored in the storage means beyond the upper limit value, and the storage capacity of the storage means can be reduced. Since the number of sets of the access source IP address and the entire user agent information to be compared with the access source IP address and the entire user agent information extracted from the received packet is also less than or equal to the upper limit value, a great load may be applied to the determination means. Can be prevented.

  In the seventh invention, any one of the access source IP address and the entire user agent information in which a plurality of sets of the access source IP address and the entire user agent information extracted from the received packet are stored in the storage means by the determining means. The number of sets of the access source IP address and the entire user agent information stored in the storage means in association with the user identification information of the user who is determined to be incompatible and who is operating any terminal device is predetermined. The information management means received only when it is confirmed that the user operating the terminal device of the packet transmission source is a legitimate user by a method different from the determination means. The new access source IP address extracted from the packet and the entire user agent information are stored in the storage means. It may be allowed to write storage.

On the other hand, in the seventh invention, any one of the access source IP address and the entire user agent information in which a plurality of sets of the access source IP address and the entire user agent information extracted from the received packet are stored in the storage unit by the determination unit. The number of sets of the access source IP address and the entire user agent information stored in the storage means in association with the user identification information of the user who is determined to be incompatible and who is operating any terminal device is predetermined. When the upper limit value of the information is reached, the information management means unconditionally confirms the new access source IP address and the entire user agent information (as described above, it is confirmed that the user is a legitimate user by a method different from the judgment means. If it is overwritten (regardless of whether or not it has been changed), a new access source IP address and user If the entire agent information is information corresponding to unauthorized access, the information corresponding to the legitimate user may be overwritten and deleted. It is determined that the unauthorized access has been made.

  In the second invention, as described in the eighth invention, for example, the information management means stores a plurality of sets of the access source IP address extracted from the received packet and the entire user agent information in the storage means. Access source IP address in which a plurality of sets of access source IP addresses and user agent information extracted from the received packet by the judging means are stored in the storage means as a result of collation with the access source IP address and the entire user agent information. And the access source IP address and the entire user agent information extracted from the received packet when it is determined that it corresponds to a specific set of the access source IP address and the entire user agent information. At least user agent The entire preparative information, it is preferable to store the overwriting and storing means access source IP address and user-agent information across a particular set.

  As described above, when the default settings of the application such as the browser are used, the contents of the user agent information change when a new patch is applied to the OS or browser, or when the version is upgraded or replaced. If the user has set the desired character string to be transmitted as user agent information, the content is changed when the user performs an operation to change the character string to be transmitted as user agent information. Once the content has been changed, the content will not change for the time being. For this reason, as described above, the access source IP address and user agent information determined to correspond to at least the entire user agent information of the access source IP address and the entire user agent information extracted from the received packet. By overwriting the entire specific group and storing it in the storage means, the latest information is stored in the storage means at least for the entire user agent information, and the accuracy of subsequent user confirmation can be improved. . In the eighth invention, needless to say, the access source IP address extracted from the received packet may be overwritten and stored together with the entire user agent information.

According to a ninth aspect of the present invention, in the user confirmation method, the extraction unit sets IP in the HTTP header of the packet from the packet received from the terminal device to which IP is applied as the Internet layer protocol and HTTP is applied as the application layer protocol. And the access source IP address is extracted from the packet received from the terminal device operated by each user by the extraction unit. The original IP address and the entire user agent information are stored in the storage means in association with the user identification information of each individual user, and the access extracted by the extracting means from the packet received from any terminal device by the judging means Former IP address and user agent The entire agent information is collated with the user identification information of the user who is operating the arbitrary terminal device and is compared with the access source IP address and the entire user agent information stored in the storage unit, and stored in the storage unit It is determined whether or not the user operating the arbitrary terminal device is a valid user by determining whether or not the access source IP address and the entire user agent information correspond to each other. The determination unit determines whether or not the access source IP address extracted from the received packet has a predetermined bit unit match rate with the access source IP address stored in the storage unit or more. The access source IP address stored in the storage means is the access source IP address extracted from the received packet. It is determined whether or not it corresponds to an address, and for the entire user agent information extracted from the received packet, it is determined whether or not it is the same as the entire user agent information stored in the storage unit, Since it is determined whether or not the entire user agent information extracted from the received packet corresponds to the user agent information stored in the storage means, as in the first aspect of the invention, The accuracy of user confirmation can be improved without impairing the convenience.

  According to a tenth aspect of the present invention, there is provided a user confirmation program that uses a computer having storage means to receive a packet from a packet received from a terminal device to which IP is applied as an Internet layer protocol and HTTP is applied as an application layer protocol. The entire user agent information set in the HTTP header is extracted, and the extraction means for extracting the access source IP address from the packet and the extraction means respectively extracted from the packet received from the terminal device operated by each user. The access source IP address and the entire user agent information are extracted by the information management means for storing in the storage means in association with the user identification information of each individual user, and the extraction means from the packet received from any terminal device. Access Matching the original IP address and the entire user agent information with the access source IP address and the entire user agent information stored in the storage means in association with the user identification information of the user operating the arbitrary terminal device; It is determined whether or not the user operating the arbitrary terminal device is a valid user by determining whether or not the access source IP address and the entire user agent information stored in the storage unit correspond to each other. The determination means functions as a determination means, and for the access source IP address extracted from the received packet, the determination means has a threshold value of a matching rate in a predetermined bit unit with the access source IP address stored in the storage means. The access source IP address extracted from the received packet is determined by The user agent stored in the storage means for the entire user agent information extracted from the received packet. It is determined whether or not the entire user agent information extracted from the received packet corresponds to the user agent information stored in the storage unit by determining whether or not the information is the same as the entire information. It is said.

  The user confirmation program according to the tenth invention is a program for causing a computer provided with storage means to function as the extraction means, the information management means, and the determination means, so the computer confirms the user confirmation according to the tenth invention. By executing the program, the computer functions as the user confirmation device of the first invention, and as in the first invention, the accuracy of the user confirmation can be improved without impairing the convenience for the user. it can.

As described above, the present invention extracts the entire user agent information and the access source IP address from the packet received from the terminal device, and corresponds the extracted access source IP address and the entire user agent information to the user identification information of each user. The access means IP address and the entire user agent information extracted from the packet received from the arbitrary terminal device are stored in association with the user identification information of the user operating the arbitrary terminal device. By comparing each of the access source IP address and the entire user agent information stored in the means, and determining whether each corresponds to the entire access source IP address and the user agent information stored in the storage means. The user operating the terminal device is a legitimate user As for the access source IP address extracted from the received packet, it is determined whether or not the matching rate in a predetermined bit unit with the access source IP address stored in the storage means is equal to or higher than a threshold value. Determining whether the access source IP address extracted from the received packet corresponds to the access source IP address stored in the storage means, and for the entire user agent information extracted from the received packet, By determining whether or not the entire user agent information stored in the storage means is the same, the entire user agent information extracted from the received packet corresponds to the entire user agent information stored in the storage means. Therefore, the accuracy of user confirmation is not compromised without sacrificing user convenience. It can be improved, with the excellent effect that.

It is a block diagram which shows schematic structure of the computer system which concerns on this embodiment. It is a conceptual diagram explaining the addition and removal of a header in each layer in transmission of HTTP data from a client terminal to a server. It is a flowchart which shows the content of the user authentication process performed by an application server. It is the schematic which shows the content of usage history information. It is a table | surface which shows the determination conditions of authentication OK / NG based on use history information. It is an image figure which shows an example of a re-authentication request mail. It is a flowchart which shows the content of the use history table update process. It is an image figure which shows an example of a confirmation mail.

  Hereinafter, an example of an embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 shows a computer system 10 according to the present embodiment. The computer system 10 according to the present embodiment includes a web server 12 installed in a specific financial institution. The web server 12 includes a CPU 12A, a memory 12B including a RAM, a hard disk drive (HDD) 12C, and a network interface (I / F) unit 12D. The HDD 12C stores an authentication information database (DB) and a usage history table (both will be described in detail later), and corresponds to the storage means according to the present invention. The HDD 12C is installed with a user authentication program for the CPU 12A to perform user authentication processing to be described later. The user authentication program corresponds to the user confirmation program of the tenth invention, and the web server 12 functions as a user confirmation device according to the present invention by the CPU 12A executing the user authentication program.

  The network I / F unit 12D of the web server 12 is directly connected to a computer network (Internet) 16 in which a large number of web servers are connected to each other via a communication line. It is also connected to an intranet (LAN) 26 installed in the network. A billing system 28 is connected to the intranet 26. A large number of client terminals 18 each consisting of a PC or the like are connected to the Internet 16. A browser is installed in each client terminal 18 and corresponds to the terminal device according to the present invention. The connection form of each client terminal 18 to the Internet 16 is a case where the client terminal 18 is directly connected to the Internet 16 as in the case of a client terminal denoted by reference numeral “18A” (in detail, connected via a provider not shown). In some cases, the client terminal may be connected to the Internet 16 via the proxy server 22 installed in the company, such as a client terminal denoted by reference numeral “18B”.

Next, the operation of this embodiment will be described. The specific financial institution according to the present embodiment uses an online financial transaction website operated by the web server 12 as a service that enables a user who has opened an account with a specific financial institution to perform online financial transactions. An online financial transaction acceptance service is provided that accepts online financial transaction execution instructions from users. In financial transactions using this online financial transaction reception service,
A user browses a web page of an online financial transaction website via the client terminal 18 and inputs necessary information on the web page to instruct execution of a financial transaction desired by the user. Information (financial transaction instruction information) is transmitted from the client terminal 18 to the web server 12. Then, the financial transaction instruction information is transferred from the web server 12 to the account system 28 connected to the intranet 26, so that the financial transaction instructed by the user based on the financial transaction instruction information is performed. To be executed by.

  A user who uses an online financial transaction acceptance service applies to a specific financial institution in advance to use the service. The specified financial institution assigns a user ID (corresponding to the user identification information according to the present invention) to the user every time the user applies for the use of the service, and the assigned user ID is set with a password (this It is registered in the authentication information DB stored in the HDD 12C of the web server 12 together with the e-mail address notified by the user (e-mail address used by the user). Thus, the HDD 12C corresponds to the e-mail address storage means of the sixth invention.

Next, a packet transmitted from the client terminal 18 to the web server 12 when the user instructs access to the online financial transaction website via the client terminal 18 will be described. In communication between the client terminal 18 and the web server 12 via the Internet 16, IP is applied as the Internet layer protocol, TCP (Transmission Control Protocol) is applied as the transport layer protocol, and the application layer HTTP is applied as a protocol. An instruction to access the online financial transaction website is given by the user operating the input device of the client terminal 18 while the browser is activated on the client terminal 18, and the URL (Uniform Resource) of the online financial transaction website. This is done by performing an operation such as specifying (Locator).

  When access to the online financial transaction website is instructed, the browser, which is an application program that performs processing corresponding to the application layer, requests the web server 12 to deliver a web page corresponding to the specified URL. HTTP data in which necessary information is set is generated, and an HTTP header in which information corresponding to the application layer is set is added to the head of the HTTP data (see FIG. 2). When an authentication request packet, which will be described later, is transmitted from the client terminal 18 to the web server 12, information including a user ID and a password input by the user via the client terminal 18 is set in the HTTP data. The information set in the HTTP header includes user agent information. In the default setting of the browser, the user agent information includes the OS running on the client terminal 18, the version of the browser itself, and the patch. Information indicating how far is hit is set. It is also possible to change the browser settings so that an arbitrary character string is fixedly set as user agent information. If such a setting change has been made, the character string specified in advance is changed. Set as user agent information.

In addition, on the client terminal 18, processing modules that perform processing corresponding to the transport layer, the Internet layer, and the network interface layer are also operating, and as shown in FIG. HTTP data with an HTTP header added) is sequentially transferred from the processing module of the upper layer to the processing module of the lower layer, and the processing module of each layer performs processing corresponding to each layer, and at the head of the transferred information, A process of adding a header in which information corresponding to a layer is set is sequentially performed. Accordingly, the client terminal 18 receives HTTP data to which a network header corresponding to the network interface layer, an IP header corresponding to the Internet layer, a TCP header corresponding to the transport layer, and an HTTP header corresponding to the application layer are added. It is transmitted to the web server 12 as a packet.

  In the IP header, information such as a destination IP address indicating a destination of a packet and a source IP address (IP address given to the client terminal 18) as information corresponding to the Internet layer by a processing module corresponding to the Internet layer. In the TCP header, information such as a TCP port number is set as information corresponding to the transport layer by the processing module corresponding to the transport layer.

  The processing modules of each layer are also operating on the web server 12, and packets from the client terminal 18 are sequentially delivered from the processing module of the lower layer to the processing module of the upper layer, and the processing modules of each layer are delivered. The header corresponding to each layer added to the head of the received packet is referenced, the processing corresponding to each layer is performed based on the information set in the header, and then the header is removed sequentially . As a result, the processing module of the application layer that operates on the web server 12 (this processing module includes a processing module that performs user authentication processing described later) includes HTTP data with only an HTTP header added to the head. Delivered.

  In the user authentication process described later, the web server 12 performs processing using the transmission source IP address (access source IP address) set in the IP header of the packet received from the client terminal 18. Since the IP header has already been removed when the processing module to receive the packet, the source IP address cannot be detected as it is. For this reason, the processing module in the Internet layer that operates on the web server 12 performs processing such as adding the transmission source IP address set in the IP header of the packet received from the client terminal 18 to the HTTP data. The transmission source IP address is transmitted to a processing module in the application layer (a processing module that performs user authentication processing).

  In the web server 12, when any packet is received from the client terminal 18 via the Internet 16, HTTP data is transmitted by a predetermined processing module (this processing module is also a processing module corresponding to the application layer) operating on the web server 12. It is determined whether or not the packet received from the client terminal 18 is an authentication request packet based on whether or not predetermined information is set in

  An online financial transaction website is a collection of a large number of web pages linked to each other by links, and by following the links from the home page of the website, conditions of financial transactions that the user desires to execute The financial transaction execution instruction page that can be instructed to be executed is displayed, but the homepage of the online financial transaction website has an input field for entering a user ID and password A message that prompts the user to perform a login operation (input of a user ID and a password) is also displayed. Then, when the user inputs a user ID and password in the corresponding input field of the homepage and instructs transmission, an authentication request packet in which predetermined information is set in HTTP data is transmitted from the client terminal 18 operated by the user. The

When the predetermined processing module determines that the packet received from the client terminal 18 is not an authentication request packet, the processing corresponding to the received packet, for example, data on the home page of the online financial transaction website is sent to the requesting client terminal 18. Processing such as generating HTTP data for distribution and adding an HTTP header to the generated HTTP data is performed. The HTTP data and the HTTP header are transmitted as a packet to the client terminal 18 through a process reverse to the process shown in FIG. As a result, the web page requested by the user for distribution via the client terminal 18 is displayed on the display of the client terminal 18.

  On the other hand, when it is determined that the packet received from the client terminal 18 is an authentication request packet, the predetermined processing module activates a processing module that performs user authentication processing. Thereby, the user authentication program is executed by the CPU 12A, and the user authentication process shown in FIG. 3 is performed.

  In this user authentication process, first, in step 30, the user ID and password are extracted from the HTTP data of the received authentication request packet, and in the next step 32, the combination of the user ID and password extracted in step 30 is the authentication information DB. An authentication process is performed to search whether or not it is registered. In step 34, based on whether or not the combination of the user ID and the password is extracted from the authentication information DB by the search in step 32, it is determined whether or not the authentication is successful in the authentication process in step 32. If the determination is negative, the process proceeds to step 74, the authentication failure is notified to the predetermined processing module at the start source, and the user authentication process is terminated. In this case, error processing such as displaying a message notifying that the input user ID or password is incorrect is performed on the display of the client terminal 18 that is the transmission source of the authentication request packet by a predetermined processing module.

  On the other hand, if the authentication is successful in the authentication process in step 32, the determination in step 34 is affirmed and the process proceeds to step 36, and the access source IP address (source IP address) is obtained from the HTTP data of the received authentication request packet. At the same time as extracting, user agent information is extracted from the HTTP header of the authentication request packet. This step 36 corresponds to the extraction means according to the present invention. In the next step 38, the usage history information corresponding to the user ID extracted in the previous step 30 is extracted from the usage history table stored in the HDD 12C, and the extracted usage history information is stored in the memory 12B. .

  The usage history table according to the present embodiment stores usage history information as shown in FIG. 4 for individual users (legitimate users) who have applied for the use of the online financial transaction reception service in advance and have been given a user ID. Each of which is provided with a customer ID, a transaction stop flag, a special environment flag, a threshold value for collation determination, and an index in the use history information storage area corresponding to each user. / Registration area is provided, and further, an area where two sets of access source IP address and user agent information can be registered is provided.

In the customer ID area, a customer ID generated using a hash function from the account number registered in the customer master is registered in advance. Further, the transaction stop flag is a flag indicating whether or not authentication on the normal route (authentication based on the access source IP address and user agent information) is to be stopped. Is set to 0 (meaning that authentication in the normal route is valid). The special environment flag is a flag indicating whether or not the user's usage environment is special. Initially, 0 (which means a normal environment), which is the initial value of the special environment flag, is set in the special environment flag area. The index id is information indicating which of the two sets of access source IP addresses and user agent information (IP0, UA0 and IP1, UA1) registered as usage history information is the latest, Initial value 0 (representing that IP0 and UA0 are the latest) is set. In addition, a blank (no information) is set as an initial value in each access source IP address area and user agent information area.

In step 38 described above, the account number of the account held by the user given the user ID is extracted by searching the customer master (not shown) using the user ID extracted in the previous step 30 as a key. Then, the customer ID is obtained from the extracted account number using a hash function, and the usage history information corresponding to the user ID is extracted by searching the usage history table using the obtained customer ID as a key. In the next step 40, it is determined whether or not the transaction stop flag in the extracted use history information is 1. If the determination is negative, the process proceeds to step 42, and it is determined whether one or more sets of access source IP address and user agent information are registered in the extracted use history information.

  As described above, a blank is set as an initial value in the access source IP address area and the user agent information area in the usage history information area, but the online financial transaction is requested by the user who applied for the use of the online financial transaction reception service. When the access to the website is performed once or more, the access source IP address and user agent information extracted from the authentication request packet in step 36 are registered as usage history information (details will be described later). If the access source IP address and the user agent information are already registered as use history information, the determination in step 42 is affirmed and the process proceeds to step 44, and the access source IP address and user agent extracted from the authentication request packet in step 36 The information is collated with the access source IP address and user agent information registered as usage history information.

  The IP address verification is performed as follows. That is, although the IP address is 4-byte data, in this embodiment, when registering the access source IP address in the access source IP address area, a hash value is calculated for each byte using a hash function, and 4 Is registered as the access source IP address. For this reason, also for the access source IP address extracted in step 36, a hash value is calculated for each byte, and the obtained four hash values are compared with the four hash values registered in the access source IP address area. And the matching rate in units of hash values is obtained. Then, the obtained matching rate is compared with the threshold value for collation determination set as the usage history information. When the matching rate is equal to or higher than the threshold value, the current access source IP address is “corresponding to the registered IP address”. If the match rate is less than the threshold value, it is determined that the current access source IP address is “not compatible” with the registered IP address.

  In the form directly connected to the Internet 16 as in the client terminal 18A shown in FIG. 1, the IP address (global IP address) of the client terminal 18A is fixed in advance by a contract with a provider, and the Internet 16 An indefinite IP address (any IP address within a certain range reserved in advance by the provider for assignment) may be assigned by the provider every time the connection is made. Further, in a connection form installed in a company and connected to the Internet 16 via a proxy server 22 as in the client terminal 18B shown in FIG. 1, for example, the company acquires a unique domain and is within a certain range for allocation. If the IP address of the client has been secured in advance, the packet transmitted from the client terminal 18B has the source IP address set in the IP header secured by the proxy server 22 for allocation by the company in advance. After being overwritten with any IP address within a certain range, the IP address is sent to the Internet 16.

  Therefore, even if the assigned IP address is an indefinite client terminal 18, the assigned IP address is within a certain range (the upper few bytes are the same). Based on whether or not the match rate is equal to or higher than the threshold, it is determined whether or not the IP address is supported, so that the same access source (on the Internet 16 as when the online financial transaction website was accessed before) When the online financial transaction website is accessed from the location of the client terminal 18), it can be determined that the IP address corresponds.

  Note that the user agent information is determined to be “corresponding” if the current user agent information is the same as the registered user agent information, and the current user agent information is registered as the user agent information. If they are not the same, it is determined that they do not correspond. Performing the above determination by collating the access source IP address and the user agent information corresponds to the first invention. When two sets of access source IP address and user agent information are registered as usage history information, the access source IP address and user agent information extracted from the authentication request packet are used as two registered access sources. Each IP address and user agent information are collated.

  In the next step 46, the authentication for the user operating the client terminal 18 that is the authentication request packet transmission source is “success” or “conditional success” based on the access source IP address and the user agent information collation result in step 44. It is determined whether it corresponds to any of “failure”, and the process branches according to the determination result. The above determination is performed according to the determination table shown in FIG. Note that “◯” in FIG. 5 corresponds to the case where “corresponding” is determined in the collation in step 44, and “×” corresponds to the case where it is determined “not compatible”. In addition, the “latest” access source IP address and user agent information in FIG. 5 indicate the index id of the usage history information among the two sets of access source IP addresses and user agent information registered as the usage history information. The access source IP address and user agent information of “previous” represent the other access source IP address and user agent information. Further, when only one set of access source IP address and user agent information ("latest information") is registered as usage history information, the result of collation with "previous" access source IP address and user agent information Are determined to be “not supported”, the determination of step 46 is performed. In addition, said step 44,46 respond | corresponds to the determination means (specifically the determination means of the 1st-5th invention) which concerns on this invention with step 64 mentioned later.

  The collation result in the previous step 44 is “at least one of the two sets of access source IP address and user agent information in which the access source IP address and user agent information extracted from the authentication request packet are registered as use history information”. If it is a result satisfying the condition of “corresponding to one set of access source IP address and user agent information” (referred to as the first condition for convenience), the same user has been online in the past. Since the access source is the same and the client terminal 18 can be regarded as the same as when the financial transaction website is accessed, the user operating the client terminal 18 of the authentication request packet transmission source is also a valid user. Very likely. Therefore, in step 46, in the above case, the authentication is determined to be “successful” as indicated by “authentication OK” in FIG.

  On the other hand, the collation result in the previous step 44 is “the access source IP address and user agent information extracted from the authentication request packet in the set of the access source IP address and user agent information registered as the usage history information, and If the result satisfies the condition that there is no pair determined to correspond to each other (referred to as the second condition for the sake of convenience), this access is made by the same user in the past in an online financial transaction. Since at least one of the access source and the client terminal 18 is different from when the website for access is accessed, there is a high possibility that the user operating the client terminal 18 of the authentication request packet transmission source is not a valid user. .

However, many users have, for example, a large number of client terminals 18 that can be used for accessing an online financial transaction website. From the large number of client terminals 18, an indefinite client terminal 18 is used. To access online financial transaction websites (in this case, the user agent information is likely to be different from each other), and each time using a portable client terminal 18 such as a notebook PC, a different hot spot There are users who have special usage environments, such as accessing the website for online financial transactions using Internet (in this case, there is a high possibility that the access source IP address will differ greatly in each access). There is a possibility that this kind of usage environment is also a special user who falls under the second condition.

  For this reason, in step 46, the collation result in step 44 indicates that both the two sets of access source IP addresses and user agent information registered as usage history information correspond to the access source IP addresses extracted from the authentication request packet. If the result satisfies the condition (referred to as the third condition for convenience) that is determined to be compatible with the user agent information extracted from the authentication request packet. In addition, as indicated by “conditional authentication OK” in FIG. 5, the authentication is determined as “conditional success”, and the collation result in step 44 satisfies the second condition described above and the third condition described above. If the condition is not satisfied, the authentication is determined as “failure” as indicated by “authentication NG” in FIG.

  If it is determined in step 46 that the authentication is “successful”, the process proceeds to step 48 to determine whether or not the special environment flag in the usage history information is “1”. If the determination is negative, the process proceeds to step 52, and a successful authentication is notified to a predetermined processing module of the activation source. In this case, the predetermined processing module performs processing such as distributing a predetermined web page distributed only to a user who has been confirmed to be a legitimate user to the client terminal 18 that has transmitted the authentication request packet. . In the next step 54, the access source IP address and the user agent information extracted from the authentication request packet indicate that the index id indicates the access source IP address and the user agent information registered as the usage history information. It is determined whether it is determined that the access source IP address and the user agent information correspond to each other.

  If the determination is affirmative, the process proceeds to step 60, where the access source IP address and user agent information extracted from the authentication request packet are used as the “latest” access source IP address and user agent information registered as usage history information. Overwriting and registering, and the process proceeds to step 62. If the determination in step 54 is negative, the process proceeds to step 56, where the access source IP address and user agent information extracted from the authentication request packet are registered as “previous” access source IP registered as usage history information. If the address and user agent information (access source IP address and user agent information not indicated by the index id) are overwritten and registered (if the access source IP address and user agent information to be overwritten are “blank”), step 56 The overwriting registration in (1) corresponds to “additional storage” of the second invention). In the next step 58, the bit of the index id is inverted to change the access source IP address and the user agent information overwritten and registered in step 56 to “latest”.

  In step 62, the usage history information stored in the memory 12B is written back to the usage history table to update the usage history information on the usage history table, and the user authentication process is terminated. As in steps 60 and 56 above, the access source IP address and user agent information extracted from the authentication request packet are overwritten on the access source IP address and user agent information registered as usage history information. By doing so, it is possible to improve the accuracy of collation in step 44 and determination in step 46 when user authentication processing is performed again for the same user. Steps 54 to 62 described above correspond to information management means according to the present invention (specifically, information management means of the eighth invention).

  On the other hand, if it is determined that the authentication is “failure” in the previous step 46, the process proceeds to step 68, and 1 is set in the transaction stop flag in the usage history information. In addition, even when the authentication is determined to be “failure” in step 46, there is a possibility that the user operating the client terminal 18 that is the transmission source of the authentication request packet is a valid user. In step 70, the e-mail address stored in the authentication information DB in association with the user ID extracted in step 32 is read, and a re-authentication request mail is transmitted to the read e-mail address. As shown in FIG. 6 as an example, this re-authentication request mail confirms whether or not the user operating the client terminal 18 that sent the authentication request packet is a legitimate user by an authentication method different from the normal route. A link 100 to a web page dedicated for re-authentication is added. Step 70 corresponds to the transmission means of the sixth invention.

  In the next step 72, an authentication failure is notified to a predetermined processing module of the activation source, and the process proceeds to step 54. Thus, as described above, the access source IP address extracted from the authentication request packet and the user agent information are overwritten on the usage history information, and the usage history information is written back to the usage history table, and the user authentication processing is performed. Exit.

  As described above, when the authentication is determined to be “failure” in step 46, the transaction stop flag is set to 1. Therefore, when the user authentication process is executed again for the same user, the determination in step 40 is affirmative. By proceeding to step 70, authentication in the normal route (authentication based on the access source IP address and user agent information) is not performed, and a re-authentication request mail is transmitted again (step 68), and a predetermined activation source The processing module is notified again of the authentication failure (step 72). Therefore, if the previous user authentication process in which the authentication was determined to be “failed” in step 46 was executed by unauthorized access by a third party who obtained the user ID and password illegally, then the authorized user is online. Even if an attempt is made to access a financial transaction website for authentication, the authentication will be “failed”, but it is possible to detect unauthorized access instead.

  In addition, when the user who operates the client terminal 18 that is the authentication request packet transmission source is a valid user and the authentication is determined to be “failure” in step 46 as described above, the user The re-authentication request mail transmitted in step 70 is received, and an operation for accessing a web page dedicated to re-authentication is performed from the link 100 attached to the received re-authentication request mail, and is displayed on the display of the client terminal 18. A predetermined re-authentication procedure is received through a web page dedicated to re-authentication. When the re-authentication procedure confirms that the user is a valid user, the re-authentication success is notified to the processing module that performs the user authentication process. In addition, in order to access the web page dedicated to re-authentication, it is necessary to have an environment that can receive a re-authentication request email. Since the possibility of being a valid user at that time can be considered very high, it is possible to reduce the burden on the user by making the re-authentication procedure a relatively simple procedure.

On the other hand, when the re-authentication success is notified, the processing module that performs the user authentication process performs a use history table update process illustrated in FIG. That is, in the re-authentication notification, the user ID of a user who has been confirmed to be a valid user by the re-authentication procedure is added as information. First, in step 80, it is confirmed that the user is a valid user. Extract / acquire the user ID of the selected user. In the next step 82, the usage history information corresponding to the user ID acquired in step 80 is extracted from the usage history table, and the extracted usage history information is stored in the memory 12B. In step 84, the transaction stop flag is returned to 0 in the extracted use history information, and 1 is set in the special environment flag. Then, in the next step 86, the usage history information is written back to the usage history table, and the usage history table update process is terminated. By returning the transaction stop flag to 0 as described above, when the user authentication process is executed again for the same user, the determination in step 40 is denied and authentication in the normal route is resumed. become. Step 84 corresponds to the information management means of the fifth invention.

  If it is determined in the previous step 46 that the authentication is “conditionally successful”, the process proceeds to step 64 to set whether or not the special environment flag in the usage history information is “1”. When the authentication is “conditional success”, as described above, the user operating the client terminal 18 that is the transmission source of the authentication request packet is likely to be a user with a special usage environment. The possibility of unauthorized access by cannot be denied. For this reason, “conditional success” in the present embodiment is that the authentication succeeds in the above-described re-authentication procedure, and if the determination in step 64 is negative, that is, the re-authentication success is If not notified, the process proceeds to step 68 to perform processing such as transmission of the re-authentication request mail described above.

  If the determination in step 64 is affirmative, that is, if the re-authentication success is notified and the use history table update process (FIG. 7) is performed, the process proceeds to step 66 and the user ID extracted in step 32 The e-mail address stored in the authentication information DB in association with it is read, and a confirmation e-mail as shown in FIG. 8 is transmitted to the read e-mail address as an example. This confirmation email contains the date and time, etc. Even if this access was unauthorized access, an unauthorized user had received unauthorized access by referring to the confirmation email above. Can be detected. When the process of step 66 is performed, the process proceeds to step 52, and after a successful authentication is notified to a predetermined processing module of the activation source, the access source IP address and user agent information usage history extracted from the authentication request packet in step 54 and subsequent steps. Overwrite registration to information / Use history information is written back to the use history table, and the user authentication process is terminated. Thereby, even if the usage environment is a special user, it can be determined as a valid user.

  If the special environment flag is set to 1, the authentication is determined to be “successful” if the above-described third condition is satisfied in the determination in step 46, so that there is a disadvantage that the security is slightly lowered. Therefore, if the determination in step 46 satisfies the first condition and the authentication is determined to be “successful”, it is determined in step 48 whether or not 1 is set in the special environment flag. If the determination is affirmative, the special environment flag is returned to 0 in step 50, and then the process proceeds to step 52. Thereby, said fault can be eliminated.

  Finally, a case where a user who applied for the use of the online financial transaction reception service first accesses the online financial transaction website will be described. In this case, the access source IP address and the user agent information are not registered in the usage history information, and authentication in the normal route is difficult in this state. Therefore, the determination in step 42 is denied and the process proceeds to step 68. As described above, the transaction stop flag is set to 1 and a re-authentication request mail is transmitted to perform a predetermined re-authentication procedure via a web page dedicated to re-authentication. Also in this case, the access source IP address and the user agent information are registered in the use history information in step 60, and if the re-authentication is successful, the transaction stop flag is returned to 0. Authentication will be performed.

In the above description, a case where a maximum of two sets of access source IP addresses and user agent information are registered for individual users is not limited to this, and the number of registered sets of access source IP addresses and user agent information is not limited to this. It is good also considering the upper limit of 3 or more. In this case, among the combinations of the access source IP address and the user agent information that are already registered, it is determined that the new access source IP address and the user agent information extracted from the authentication request packet correspond to each other. If the number of registered access source IP addresses and user agent information sets reaches the upper limit, a new access source IP address and user agent information set is additionally registered until the number of registered access source IP addresses and user agent information is reached. After the number of registered addresses and user agent information reaches the upper limit, a new access source IP address and user agent information set is overwritten with the oldest access source IP address and user agent information set. And register it. The above matter corresponds to the seventh invention.

  Further, there is no need to set an upper limit on the number of registered sets of access source IP addresses and user agent information. For example, in consideration of a special use environment in which access is performed by selectively using a large number of client terminals 18 or a large number of types of access sources (for example, a large number of hot spots), a set of access source IP addresses and user agent information (Without the upper limit) (corresponding to the new access source IP address and user agent information extracted from the authentication request packet in the set of already registered access source IP address and user agent information, respectively) If there is a group determined to be present, the new access source IP address and user agent information are registered by overwriting the pair determined to be compatible, otherwise the new access source IP address and User agent information is additionally registered), and the length of elapsed time since registration Obtain or, it may be deleted a set of new access source IP address and user-agent information access count that is determined not to correspond exceeds a threshold based on IP address and user-agent information. In this mode, there is a drawback that the use history information may be enlarged. On the other hand, even if the usage environment is a special user, it can be determined that the authentication is “successful” in step 46. There is no need to provide “conditional success”, and the security can be further improved.

  Further, in the above description, the client terminal 18 composed of a PC or the like has been described as an example of the terminal device according to the present invention. It may be a terminal. This type of mobile terminal is connected to the Internet via a gateway server provided in the wireless communication network. Specifically, information transmitted from the mobile terminal to access an arbitrary website is temporarily received by the gateway server. And converted into a packet conforming to a protocol (Internet layer protocol: IP, transport layer protocol: TCP, application layer protocol: HTTP) applied to communication via the Internet 16 and a wireless communication carrier. Any IP address within a certain range reserved in advance for allocation is set as the source IP address in the IP header, and the name of the wireless carrier, the model of the mobile terminal, model number, browser Information including the version of HT is used as user agent information It is sent to the Internet 16 after being set to P header. Depending on the contract form with the wireless communication carrier, the gateway server and the specific web server are connected by a dedicated line, and the packet addressed to the specific web server does not pass through the Internet but passes through the dedicated line. However, even in such a communication mode, the source IP address and user agent information are set in the packet in the same manner as described above. The range of IP addresses reserved for allocation is different for each wireless communication carrier. Therefore, even if the terminal device is a mobile terminal, it is possible to confirm whether the user operating the mobile terminal by applying the present invention is a valid user.

Furthermore, although the aspect which applied this invention to the user authentication in the online financial transaction website which provides an online financial transaction reception service was demonstrated above, it is not limited to this, The user authentication and user in arbitrary sites Applicable for confirmation. In the above, user authentication to which the present invention is applied is used in combination with user authentication using a user ID and password, but there is a request from a user who has registered simple user identification information such as an e-mail address in advance. For websites that provide information-based services that deliver certain information each time, highly accurate user confirmation (authentication) is unnecessary, so user authentication based on passwords is omitted and input by the user Only user confirmation (authentication) to which the present invention is applied may be performed based on user identification information such as an e-mail address.

  In the above description, the mode of performing user confirmation (authentication) using the access source IP address and user agent information has been described. However, the present invention is not limited to this. For example, an electronic certificate is installed for each user. In the case where only access from a certain terminal device is permitted for each user, such as a website that permits access only from a client terminal, only user agent information is used as user identification information. The information may be stored in association with each other, and user confirmation (authentication) may be performed based on whether or not the user agent information matches the registered user agent information.

10 Computer System 12 Web Server 12C HDD
16 Internet 18 Client terminal

Claims (3)

Extraction means for extracting user identification information and terminal information included in the packet from the packet received from the terminal device;
Information management means for storing terminal information extracted by the extraction means from a packet received from a terminal device operated by a user in a storage means in association with the user identification information of the user;
First determination means for determining whether or not the user identification information extracted by the extraction means is stored in the information management means;
Second determination means for determining whether or not the terminal information extracted by the extraction means matches the terminal information stored in the storage means in association with the user identification information of the user;
It is determined that the user identification information extracted by the first determination means is stored in the information management means, and the terminal information extracted by the extraction means by the second determination means and the storage means A third determination unit that performs re-authentication processing based on information different from the information used by the first determination unit when it is determined that the terminal information stored in association with the user identification information of the user does not match;
A user confirmation device.   The terminal information includes either or both of the operating system name and operating system version information of the terminal device installed in the terminal device, and the browser name and browser version information installed in the terminal device. The user confirmation apparatus according to claim 1, comprising one or more selected from patch information of either or both of the operating system and / or browser. Computer
Extraction means for extracting user identification information and terminal information included in the packet from the packet received from the terminal device;
Information management means for storing terminal information extracted by the extraction means from a packet received from a terminal device operated by a user in a storage means in association with the user identification information of the user;
First determination means for determining whether or not the user identification information extracted by the extraction means is stored in the information management means;
Second determination means for determining whether or not the terminal information extracted by the extraction means matches the terminal information stored in the storage means in association with the user identification information of the user;
It is determined that the user identification information extracted by the first determination means is stored in the information management means, and the terminal information extracted by the extraction means by the second determination means and the storage means A third determination unit that performs re-authentication processing based on information different from the information used by the first determination unit when it is determined that the terminal information stored in association with the user identification information of the user does not match;
A program for causing a user confirmation device to function.

Images