JP2014139794A - Server device, server program and terminal program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To authenticate a user who uses a terminal device without using an identifier derived from hardware such as a MAC address.SOLUTION: A server device comprises: means to newly generate an insufficient or invalid ID, store a user ID and a session ID in a database in association with each other, return the user ID and the session ID to the browser application of a request source and cause the prescribed application to store the user ID and the session ID, when an authentication request in which both or one of the user ID and the session ID are lacking or in an invalid state is received from the browser application started by the prescribed application of a terminal device; and means to refer to the database, perform authentication by checking whether or not a set of the user ID and the session ID is stored and return an authentication result to the prescribed application of the request source, when the authentication request including the user ID and the session ID is received from the prescribed application.

Description

  The present invention relates to a technique for authenticating a user who uses a terminal device via a network.

  The server device authenticates the user of the terminal device that has accessed the server device via the network by the operation of the application for the purpose of permitting the use of an application (application program) such as a game executed on the terminal device such as a smartphone. To be done.

  Conventionally, for user authentication of a terminal device, in consideration of the fact that the terminal device is used by one user, the MAC (Media Access Control) address itself of the terminal device or a value based on the MAC address is used. It was used as a terminal identification key (terminal ID).

  Since the MAC address is assigned a unique value for each hardware of the communication interface, the terminal device can be specified uniquely and thus the user can be specified uniquely.

  Further, as an identifier derived from hardware other than the MAC address, for example, serial number information of a device built in the terminal device, an ID of a wireless tag or a short-range wireless chip, and the like can be used as a terminal identification key.

  The applicant has not been able to find published prior art documents related to the present invention by the time of filing. Therefore, prior art document information is not disclosed.

  As described above, hardware-based identifiers such as MAC addresses have been conventionally used to authenticate users who use terminal devices. However, due to the recent increase in protection of personal information, information that is likely to lead to personal identification is used. There is a tendency that it is prohibited to access freely from unspecified applications such as games.

  That is, identifiers derived from hardware such as MAC addresses are too strong to be linked to the terminal device because they are too strong, and are relatively easy to associate with personal information. This is because personal information may easily leak.

  Therefore, a method for authenticating a user who uses a terminal device without using an identifier derived from hardware such as a MAC address will be required in the future, but there is no effective method at present.

  The present invention has been proposed in view of the above points, and an object thereof is to authenticate a user who uses a terminal device without using an identifier derived from hardware such as a MAC address.

  In order to solve the above-described problem, in the present invention, when an authentication request is received from a browser application activated by a predetermined application of a terminal device, in which both or one of the user ID and session ID is missing or invalid In addition, a missing or invalid ID is newly generated, the user ID and the session ID are associated and stored in the database, the user ID and the session ID are responded to the requesting browser application, and the user ID and the session ID are The means for saving in the predetermined application, and whether or not the same set of user ID and session ID is stored with reference to the database when an authentication request with a user ID and a session ID is received from the predetermined application Authentication is performed by confirming the result, and the authentication result is sent to the predetermined source. So that and means responsive to the pre.

  In the present invention, a user who uses a terminal device can be authenticated without using an identifier derived from hardware such as a MAC address.

It is a figure which shows the structural example of the system concerning one Embodiment of this invention. It is a figure which shows the hardware structural example of a terminal device. It is a figure which shows the hardware structural example of an application download server and a game management server. It is a figure which shows the data structure example of a session management database. It is a sequence diagram which shows the process example of embodiment. It is FIG. (1) which shows the example of a screen on a terminal device. It is FIG. (2) which shows the example of a screen on a terminal device. It is FIG. (3) which shows the example of a screen on a terminal device.

  Hereinafter, preferred embodiments of the present invention will be described.

<Configuration>
FIG. 1 is a diagram showing a configuration example of a system according to an embodiment of the present invention.

  In FIG. 1, the system includes a terminal device 1 such as a smart phone or a mobile phone possessed by a user (player), an access point 2 such as a mobile radio base station or a Wi-Fi station, a network 3 such as the Internet, and an application download. A server 4 and a game management server 5 are provided.

  The terminal device 1 includes a game application 11 and a browser application 12.

  The game application 11 has a function of executing a predetermined game.

  The browser application 12 performs request / acquisition / display of page data described in a language such as HTML (Hyper Text Markup Language), transmission of form data, etc. in accordance with HTTP (Hyper Text Transfer Protocol) which is a standard protocol of the Internet. Has the function to perform.

  The application download server 4 stores a program corresponding to the game application 11 and has a function of causing the terminal device 1 to download and install it.

  The game management server 5 has a function of performing processing such as user authentication, management of owned points, provision of information to the game application 11, and the like for access from the game application 11 of the terminal device 1. The game management server 5 includes a session management database 51. The data structure of the session management database 51 will be described later.

  FIG. 2 is a diagram illustrating a hardware configuration example of the terminal device 1.

  2, the terminal device 1 includes a power supply system 101, a main system 102 including a processor 103, a memory controller 104, and a peripheral interface 105, a storage unit 106, an external port 107, a high-frequency circuit 108, an antenna 109, Audio circuit 110, speaker 111, microphone 112, proximity sensor 113, display controller 115, optical sensor controller 116, I / O subsystem 114 including input controller 117, touch-responsive display system 118, and optical sensor 119 and an input unit 120.

  FIG. 3 is a diagram illustrating a hardware configuration example of the application download server 4 and the game management server 5.

  In FIG. 3, an application download server 4 and a game management server 5 include a CPU (Central Processing Unit) 402, a ROM (Read Only Memory) 403, a RAM (Random Access Memory) 404, an NVRAM (Non- Volatile Random Access Memory (405), I / F (Interface) 406, and I / O (Input / Input) such as a keyboard, mouse, monitor, CD / DVD (Compact Disk / Digital Versatile Disk) drive connected to the I / F 406 Output Device (407), HDD (Hard Disk Drive) 408, NIC (Network Interface Card) 409, and the like. The session management database 51 is stored in the HDD 408.

  FIG. 4 is a diagram showing a data structure example of the session management database 51 in the game management server 5.

  In FIG. 4, the session management database 51 includes items (fields) such as “session ID”, “user ID”, “MAC address”, and “retention point”.

  “Session ID” is information assigned by the game management server 5 as a terminal identification key for access from the browser application 12 of the terminal device 1. The “session ID” is stored as cookie information in the browser application 12 of the terminal device 1 and is also stored internally in the game application 11.

  “User ID” is information assigned by the game management server 5 for user identification with respect to access from the browser application 12 of the terminal device 1. The “user ID” is also stored internally in the game application 11. Note that the “user ID” does not need to be information for identifying the individual user, and it is sufficient if it is possible to identify whether or not the same user is used in user management.

  “MAC address” is the MAC address of the terminal device 1. This information is managed in an auxiliary manner in order to be compatible with the existing mechanism used for authentication using the MAC address as a terminal identification key. An identifier derived from other hardware may be used instead of the MAC address.

  “Holding points” is information on the point balance on the game of the user specified by the session ID and the user ID.

<Operation>
FIG. 5 is a sequence diagram showing a processing example of the above embodiment.

  In FIG. 5, when the game application 11 of the terminal device 1 is activated by the user (step S101), the game application 11 determines whether or not a session ID and a user ID are stored in a predetermined internal storage area ( Step S102). Once the game application 11 makes an authentication request to the game management server 5, the session ID and user ID are stored in the game application 11. It is determined that the ID is stored.

  If it is determined that the session ID and the user ID are stored (Yes in step S102), the game application 11 accesses the game management server 5 based on address information such as a URL set in the game application 11 in advance. Then, an authentication request with a session ID and a user ID is transmitted (step S103).

  When the game management server 5 receives the session ID and the user ID from the game application 11 of the terminal device 1, the game management server 5 collates whether or not the combination of the received session ID and user ID is registered in the session management database 51 (step S104). Then, the authentication result is transmitted to the game application 11 of the terminal device 1 (step S105).

  When it is determined that the session ID and the user ID are not stored in the game application 11 after the game application 11 is activated (for a user with a mechanism using an existing MAC address as a terminal identification key, the user ID exists but the session ID This is the case because the ID does not exist (No in step S102), or if the authentication result is not normal (OK) (No in step S106), whether or not to perform authentication by the game management server 5 Is confirmed with the user (step S107). FIG. 6 shows an example of a confirmation screen to the user, which is provided with an indication that the server requires authentication, a “perform authentication” button, and a “not use” button.

  Returning to FIG. 5, when the user selects not to perform authentication (No in step S107), the game application 11 ends the process.

  If the user selects to authenticate (Yes in step S107), the process proceeds to an authentication process by the game management server 5. In this case, both or one of the user ID and the session ID are missing or invalid (inconsistent with the session management database 51).

  In the authentication process, first, the game application 11 sets a URL description of the authentication page URL of the game management server 5 set in advance, the user ID if it exists, and the MAC address if it exists. (The user ID and MAC address are included in the parameter portion, etc.) and handed over to the browser application 12 to start the browser application 12 (step S108).

  The browser application 12 accesses the game management server 5 indicated by the URL specified by the game application 11, and transmits an authentication request including a user ID if present and a MAC address if present (step S109). ). Here, it is assumed that the URL description delivered from the game application 11 is directly transmitted to the game management server 5 as a request.

  The game management server 5 transmits screen data indicating that processing is in progress to the browser application 12 (step S110), and the browser application 12 displays the screen (step S111). FIG. 7 is a diagram illustrating an example of a processing screen. Note that the processing may proceed without transmitting and displaying the processing screen.

  Returning to FIG. 5, when the user ID is specified, the game management server 5 newly generates a session ID paired with the user ID. When the user ID is not specified, the game management server 5 generates the user ID and the session ID. Are newly generated (step S112) and stored in association with the session management database 51 (step S113).

  Note that, for a user with a structure using an existing MAC address as a terminal identification key, a user ID and a MAC address are specified, and therefore a check is made as to whether or not the combination of the user ID and the MAC address is registered in the session management database 51. On the condition that both are registered in association with each other, a corresponding session ID is newly generated and stored in association with the session management database 51.

  Next, the game management server 5 transmits the user ID and the session ID to the browser application 12 of the terminal device 1 (step S114).

  The browser application 12 that has received this saves the session ID in a cookie (step S115).

  Next, the user is confirmed to return to the game application 11 (step S116). FIG. 8 shows an example of a user confirmation screen, which is provided with a display indicating that the authentication has been completed and a “return to application” button. In addition, you may make it return to the game application 11 automatically, without performing a user confirmation.

  Returning to FIG. 5, the browser application 12 redirects to the game application 11 by a mechanism such as a URL scheme and hands over the user ID and the session ID (step S <b> 117).

  The game application 11 stores the received user ID and session ID in the internal storage area (step S118).

  After that, or when the authentication result is normal (OK) (Yes in Step S106), the game application 11 executes a default process involving communication with the game management server 5 (Step S119).

  In this process, the game application 11 accesses the game management server 5 and transmits a process request with a session ID (step S120).

  The game management server 5 refers to the session management database 51 based on the received session ID, acquires the corresponding user ID (step S121), executes a process according to the process request (step S122), and sends the process result to the terminal. It transmits to the game application 11 of the device 1 (step S123). For example, if the processing request refers to the user's possession point, the possession point is referenced from the session management database 51 and transmitted to the game application 11 of the terminal device 1.

<Summary>
As described above, according to the present embodiment, a user who uses a terminal device can be authenticated without using a hardware-derived identifier such as a MAC address. Therefore, a user who uses a terminal device can be authenticated even in a situation where a hardware-derived identifier such as a MAC address cannot be accessed from the viewpoint of personal information protection.

  In addition, although the case where a game application was used was demonstrated, it is not limited to this, It can apply to arbitrary applications (predetermined application).

  The present invention has been described above by the preferred embodiments of the present invention. While the invention has been described with reference to specific embodiments, various modifications and changes may be made to the embodiments without departing from the broad spirit and scope of the invention as defined in the claims. Obviously you can. In other words, the present invention should not be construed as being limited by the details of the specific examples and the accompanying drawings.

DESCRIPTION OF SYMBOLS 1 Terminal device 11 Game application 12 Browser application 2 Access point 3 Network 4 Application download server 5 Game management server 51 Session management database

Claims (5)

When an authentication request in which either or both of the user ID and / or session ID is missing or invalid is received from a browser application activated by a predetermined application of the terminal device, a new missing or invalid ID is generated and the user Means for associating an ID and a session ID in a database, responding the user ID and the session ID to the browser application requesting, and storing the user ID and the session ID in the predetermined application;
When an authentication request with a user ID and a session ID is received from the predetermined application, authentication is performed by referring to the database and confirming whether the same user ID and session ID pair is stored. A server device comprising: means for responding a result to the predetermined application as a request source. The server device according to claim 1,
A server device that stores a user ID and a session ID in the predetermined application by redirection from the browser application to the predetermined application. In the server apparatus as described in any one of Claim 1 or 2,
When an authentication request with a user ID and a hardware-derived terminal ID is received from the browser application, authentication is performed by referring to the database and confirming whether or not the same set of user ID and terminal ID is stored. And newly generating a session ID corresponding to the case where the authentication can be normally performed, storing the user ID and the session ID in association with the database, and responding to the requesting browser application with the user ID and the session ID. A server device that stores a user ID and a session ID in the predetermined application. The computer that constitutes the server device
When an authentication request in which either or both of the user ID and / or session ID is missing or invalid is received from a browser application activated by a predetermined application of the terminal device, a new missing or invalid ID is generated and the user A means for associating an ID and a session ID in a database, storing the user ID and the session ID in the predetermined application in response to the requesting browser application;
When an authentication request with a user ID and a session ID is received from the predetermined application, authentication is performed by referring to the database and confirming whether the same user ID and session ID pair is stored. A server program for causing a result to function as a means for responding to the predetermined application as a request source. A computer constituting the terminal device,
Means for starting a browser application and transmitting an authentication request in a state where both or one of the user ID and the session ID is missing or invalid from the browser application to the server device;
A means for receiving a user ID and a session ID that are newly generated from the server device and stored in association with a database by generating a missing or invalid ID by redirect from the browser application, and internally storing the ID,
As a means for transmitting an authentication request with a user ID and a session ID to the server device, receiving authentication based on whether or not the same set of user ID and session ID is stored by referring to the database, and receiving an authentication result A terminal program to function.