JP2016126547A - Server device, information processing method, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a mechanism for enhancing security and improving usability.SOLUTION: A server device 1 includes an authentication information storage section 111, an authenticated object information receiving section 122, an authentication section 132, and a processing section 133. The authentication information storage section 111 stores the first to n-th authentication information. The authenticated object information receiving section 122 receives the first to n-th authenticated object information, which are information on the first to n-th objects to be authenticated, from a terminal device, when an access does not satisfies a predetermined condition, including the first access by a user from the terminal device, or receives the (n-1)th and subsequent authenticated object information from the terminal device when the access satisfies the predetermined condition. The authentication section 132 performs authentication by use of the first to n-th authenticated object information received by the authenticated object information receiving section 122, or the (n-1)th and subsequent authenticated object information. The processing section 133 performs processing, according to an authentication result of the authentication section 132.SELECTED DRAWING: Figure 3

Description

  The present invention relates to a server device that performs authentication processing.

  Conventionally, there has been an authentication technique using a user ID and a password. There has also been a one-time authentication system using a USB key or an OTP token (see, for example, Non-Patent Document 1).

"LOCK STAR Web one-time authentication system", [online], [searched on November 25, 2014], Internet [URL: http://www.logicaltech.co.jp/server/lockstar_woc/index.html?utm_source = yahoolisting & utm_medium = cpc & utm_term =% E3% 82% A2% E3% 82% AF% E3% 82% BB% E3% 82% B9% E8% AA% 8D% E8% A8% BC & utm_campaign = WOC]

  However, in the prior art, it has been difficult to achieve both security strictness and usability improvement.

  The server device according to the first aspect of the invention includes an authentication information storage unit capable of storing first to n-th authentication information, which is information for authentication from the first to n-th (n is a natural number of 2 or more), and In the case of access that does not satisfy a predetermined condition, including the first access from one terminal device by a user, the first to nth authentication target information that is the first to nth authentication target information In the case of access that receives information from one terminal device and satisfies a predetermined condition, an authenticated information receiving unit that receives (n-1) -th or lower authentication information from the one terminal device; An authentication unit that performs authentication using the first to nth authenticated information received by the information receiving unit or the (n−1) th or lower authenticated information, and a process that performs processing according to the authentication result in the authentication unit Is a server device.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  The server device according to the second aspect of the present invention provides a determination information storage unit capable of storing one or more pieces of determination information having information identifiers for identifying information transmitted from the terminal device, An information identifier receiving unit that receives the identifier; and a determination unit that determines whether or not the information identifier received by the information identifier receiving unit satisfies a predetermined condition. The authentication unit is predetermined by the determination unit. If it is determined that the specified condition is satisfied, authentication is performed on the (n−1) th or lower authentication information using the first to (n−1) th authentication information, and the determination unit performs in advance When it is determined that the determined condition is not satisfied, the server apparatus authenticates the first to nth authentication information using the first to nth authentication information.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  Further, in the server device of the third invention, in contrast to the second invention, the determination information includes a user identifier and an information identifier for identifying the user, and the information identifier receiving unit includes the user identifier and the information identifier. The combination of the user identifier and the information identifier received by the information identifier receiving unit matches the determination information of any of the determination information stored in the determination information storage unit. This is a server device.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  The server device according to the fourth aspect of the invention is the (n-1) th or lower authentication information when the determination unit determines that a predetermined condition is satisfied with respect to the second or third aspect of the invention. The server device further includes an input screen transmission unit that transmits an input screen of authentication information to be received to the terminal device.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  The server device according to the fifth aspect of the present invention inputs a first screen for inputting first to nth authentication information and (n-1) th authentication information for the first invention. A screen storage unit that can store a second screen to be received, a screen request reception unit that receives a screen request including a request for the first screen or the second screen from one terminal device, and a first screen or a second screen corresponding to the screen request The server device further includes an input screen transmission unit that transmits two screens to one terminal device.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  In addition, the server device of the sixth aspect of the invention relates to the fifth aspect of the invention, a determination information storage unit capable of storing one or more pieces of determination information having an information identifier for identifying information transmitted from the terminal device, and information Information received by the information identifier receiving unit when the result of authentication performed by the authentication unit using the first to (n-1) th or lower authentication information is authentication permission. A determination unit that determines whether or not the identifier satisfies a predetermined condition, and when the determination unit determines that the determination unit does not satisfy the predetermined condition, the first screen is When the determination unit determines that the predetermined condition is satisfied, the processing unit is a server device that performs processing according to the authentication result in the authentication unit.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  The server device according to the seventh aspect of the invention is transmitted from the terminal device and an authentication information storage unit that can store authentication information of 1 or more and (n-1) or less (n is a natural number of 2 or more). A determination information storage unit capable of storing one or more pieces of determination information having an information identifier for identifying information and a user identifier for identifying a user, a first screen for inputting first to n-th authentication information, and first Screen storage unit capable of storing a second screen for inputting (n-1) -th and subsequent authentication information, and a screen request for receiving a screen request including a request for the first screen or the second screen from one terminal device The receiving unit, the input screen transmitting unit that transmits the first screen or the second screen corresponding to the screen request to the one terminal device, and the access that does not satisfy the predetermined condition were accepted by the terminal device 1st to (n-1) th recognition based on information In the case of access that receives information and satisfies a predetermined condition, an authenticated information receiving unit that receives 0 or (n−2) th or lower authenticated information based on information received by the terminal device or 0, and information An information identifier receiving unit that receives an identifier and a user identifier, and first to (n-1) th authenticated information received by the authenticated information receiving unit, or (n-2) th or lower authenticated information are used. The authentication unit that performs authentication and the authenticated information receiving unit do not receive the authenticated information, or the authenticated information receiving unit receives the (n-2) th or lower authenticated information, and the authenticating unit If the result of authentication using the first to (n−2) th authentication information is authentication permission, the information identifier receiving unit refers to one or more determination information stored in the determination information storage unit The information identifier and user identifier received by the A server device comprising: a determination unit that determines whether or not the condition is satisfied; and a processing unit that performs processing according to the authentication result in the authentication unit, or processing according to the authentication result in the authentication unit and the determination result in the determination unit is there.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability. be able to.

  Further, the server device of the eighth aspect of the invention is based on the information received by the terminal device in the case of access that does not satisfy a predetermined condition. In the case of an access that satisfies a predetermined condition, the processing unit does not receive the authenticated information, and the processing unit receives one authenticated information by the authenticated information receiving unit. When the authentication result performed by the authentication unit using the authentication information is authentication permission, the determination information having the information identifier and the user identifier received by the information identifier reception unit is stored in the determination information storage unit, and the authentication permission is granted. The authentication information receiving unit receives one authentication target information, and the authentication result performed by the authentication unit using one authentication target information is authentication non-permission. Authentication result is sent, and the authenticated information receiver If the information is not received and the determination unit determines that a predetermined condition is satisfied, an authentication result indicating authentication permission is transmitted, the authentication information receiving unit does not receive the authentication information, and the determination unit determines in advance. When it is determined that the specified condition is not satisfied, the server device transmits an authentication result indicating that authentication is not permitted.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability. be able to. In addition, in the server device of the ninth invention, in contrast to any one of the first to eighth inventions, one authenticated information received by the authenticated information receiving unit is a user identifier and a password for identifying a user. A server device.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  The server device according to the tenth aspect of the present invention is the server device according to any one of the first to ninth aspects, wherein one authenticated information received by the authenticated information receiving unit is one or more in the terminal device. This is a server device that is object movement information acquired by moving an object.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  The server device according to the eleventh aspect of the invention is a server device whose information identifier is a cookie ID, as opposed to any one of the second to tenth aspects of the invention.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  The server device according to the twelfth aspect of the invention is a server device in which the information identifier is an application identifier for identifying an application, as opposed to any one of the second to tenth aspects of the invention.

  With this configuration, it is possible to provide a mechanism that can tighten security and improve usability.

  According to the server device of the present invention, it is possible to provide a mechanism that can tighten security and improve usability.

Conceptual diagram of authentication system in embodiment 1 Block diagram of the authentication system Block diagram of the server device 1 A flowchart for explaining the operation of the server device 1 Flow chart explaining details of the authentication process Flow chart for explaining the operation of the terminal device 2 Figure showing the same user management table Figure showing the same capture information management table Figure showing the judgment information management table Figure showing the same first screen Figure showing the second screen Figure showing the same input screen Figure showing the same input screen Block diagram of server apparatus 3 in the second embodiment A flowchart for explaining the operation of the server device 3 Conceptual diagram of authentication system in embodiment 3 Block diagram of the authentication system Block diagram of the server device 4 A flowchart for explaining the operation of the server device 4 A flowchart for explaining the operation of the service server 5 Flow chart for explaining the operation of the terminal device 6 Overview of the computer system in the above embodiment Block diagram of the computer system

  Hereinafter, embodiments of a server device and the like will be described with reference to the drawings. In addition, since the component which attached | subjected the same code | symbol in embodiment performs the same operation | movement, description may be abbreviate | omitted again.

(Embodiment 1)
In the present embodiment, when a predetermined condition is satisfied in a server device that requests input for first to n-th authentication at the time of login, only (n-1) input for authentication is requested. An authentication system including a server device that performs the above will be described. The predetermined condition is, for example, that a set of an information identifier and a user identifier transmitted from the terminal device is registered. The information identifier is, for example, a cookie ID, an application ID, or the like.

  In the present embodiment, an authentication system including a server device that transmits a Web page that requests only an input for authentication (n-1) or less to a terminal device when a predetermined condition is satisfied will be described. To do.

  In the present embodiment, for example, n is 2, the input for the first authentication is a user ID and a password, and the input for the second authentication is an appropriate movement of the object.

  FIG. 1 is a conceptual diagram of an authentication system A in the present embodiment. The authentication system A includes a server device 1 and one or more terminal devices 2. The server device 1 may be a so-called cloud server or the like and is widely understood. The kind of terminal device 2 is not ask | required. The terminal device 2 is, for example, a so-called personal computer, tablet terminal, smartphone, mobile phone, or the like.

  FIG. 2 is a block diagram of the authentication system in the present embodiment. FIG. 3 is a block diagram of the server device 1.

  The server device 1 constituting the authentication system includes a server storage unit 11, a server reception unit 12, a server processing unit 13, and a server transmission unit 14.

  The server storage unit 11 includes an authentication information storage unit 111 and a determination information storage unit 112.

  The server receiving unit 12 includes an information identifier receiving unit 121, an authenticated information receiving unit 122, and a screen request receiving unit 123.

  The server processing unit 13 includes a determination unit 131, an authentication unit 132, and a processing unit 133.

  The server transmission unit 14 includes an input screen transmission unit 141 and an authentication result transmission unit 142.

  The terminal device 2 includes a terminal storage unit 21, a terminal reception unit 22, a terminal processing unit 23, a terminal transmission unit 24, a terminal reception unit 25, and a terminal output unit 26.

  The server storage part 11 which comprises the server apparatus 1 can store various information. The various types of information are, for example, authentication information and determination information described later.

  The authentication information storage unit 111 can store first to nth (n is a natural number of 2 or more) authentication information. The authentication information is information for authentication. Each of the first to n-th authentication information is information corresponding to the first to n-th authentication processing. The authentication information may be different information for each user, or may be the same information for two or more users. The authentication information may be one-time authentication information. Further, the first to nth authentication information is one or more types, and n or less types of authentication information.

  The first authentication information is, for example, a set of a user identifier and a password. In such a case, the first authentication information is different information for each user.

  The second authentication information is, for example, object movement information acquired when the user moves one or more objects in the terminal device. The second authentication information is information used for capture authentication, for example. The object movement information is, for example, coordinate information indicating a position where the object is to be moved. The object is usually an image. The image is usually a still image, but may be a moving image. The second authentication information may be the same information for two or more users, or may be different information for each user.

  The determination information storage unit 112 can store one or more pieces of determination information. The determination information is, for example, a set of a user identifier and an information identifier. The determination information may be only an information identifier, for example. The user identifier is information for identifying the user. The user identifier is, for example, a user ID, a mail address, a telephone number, or the like. The user ID is an alphanumeric character string, a mail address, or the like. The user identifier may be anything as long as it is information for identifying the user. The information identifier is information for identifying information transmitted from the terminal device 2. The information identifier is, for example, a cookie ID. The information identifier is an application identifier that identifies an application running on the terminal device 2. The application is usually an application used for inputting authentication information. The application is, for example, an Internet browser. The information identifier may be anything as long as it is information for identifying information transmitted from the terminal device 2.

  The server receiving unit 12 receives various information and instructions. The server reception unit 12 normally receives various information, instructions, and the like from the terminal device 2. The various information and instructions are, for example, an information identifier, a combination of an information identifier and a user identifier, one or more authentication information, a screen request, and the like. A screen request is a request for transmission of an input screen.

  The information identifier receiving unit 121 receives an information identifier from the terminal device 2. The information identifier receiving unit 121 may receive a set of a user identifier and an information identifier from the terminal device 2. The information identifier receiving unit 121 may receive only the information identifier from the terminal device 2.

  The authentication information receiving unit 122 receives one or more authentication information that is information to be authenticated. The authenticated information receiving unit 122 may receive one or more types of authenticated information that is information to be authenticated. The types of the plurality of pieces of authenticated information received by the authenticated information receiving unit 122 are preferably different, but may be the same. For example, the authenticated information receiving unit 122 may receive two or more sets of user IDs and passwords. Further, the authenticated information receiving unit 122 may receive, for example, a set of user ID and password, and object movement information acquired when the user moves one or more objects. The type of information to be authenticated does not matter. The authenticated information receiving unit 122 normally receives one or more authenticated information from the terminal device 2.

  In the case of access that does not satisfy a predetermined condition, including the first access from one terminal device 2 by one user, the to-be-authenticated information receiving unit 122 is usually the first to nth authentication target In the case of access that satisfies the predetermined conditions, the first to n-th authenticated information that is the first information is received from one terminal device 2, and the (n-1) -th or lower authenticated information is received from one terminal. Receive from device 2. Access that satisfies a predetermined condition is access from the reliable terminal device 2. Further, it is an access that does not satisfy a predetermined condition, or an access from the unreliable terminal device 2. That is, the authenticated information receiving unit 122 normally receives (n-1) th or lower authentication information from the reliable terminal device 2 and starts from the first terminal device 2 that has not reached a reliable state. The nth authentication information is received.

  The screen request receiving unit 123 receives a screen request from the terminal device 2. The screen request is usually a request for the first screen or a request for the second screen. The screen request usually has information for identifying the screen. The information for identifying the screen may be a screen identifier for identifying the screen, an information identifier, or the like.

  The server processing unit 13 performs various processes. The various processes include, for example, a determination process described later, an authentication process, a process for login after authentication is permitted, a notification process after authentication is not permitted, and the like.

  The determination unit 131 performs determination processing. Specifically, the determination unit 131 determines whether the information identifier received by the information identifier reception unit 121 satisfies a predetermined condition. Note that the predetermined condition is, for example, that the information identifier received by the information identifier receiving unit 121 is included or coincides with any of the determination information stored in the determination information storage unit 112. It is to be. In addition, the predetermined condition is, for example, any one of the pieces of determination information stored in the determination information storage unit 112 in which the combination of the user identifier and the information identifier received by the information identifier reception unit 121 is stored in the determination information storage unit 112. Is included in or matches. The predetermined condition is, for example, a combination of the user identifier included in the authenticated information received by the authenticated information receiving unit 122 and the information identifier received by the information identifier receiving unit 121 in the determination information storage unit 112. It matches with any of the stored judgment information.

  For example, the determination unit 131 determines whether or not the combination of the user identifier and the information identifier received by the information identifier reception unit 121 matches any of the determination information stored in the determination information storage unit 112. Determine whether.

  The determination unit 131 determines, for example, that the combination of the user identifier included in the authentication information received by the authentication information reception unit 122 and the information identifier received by the information identifier reception unit 121 is stored in the determination information storage unit 112. It is determined whether or not the determination information matches any of the information.

  If the determination unit 131 determines that a predetermined condition is satisfied, the authentication unit 132 performs each of the first to (n−1) th to (n−1) th authentication information for each (n−1) th or less authentication information. When authentication is performed using the authentication information and the determination unit 131 determines that the predetermined condition is not satisfied, the first to n-th authentication information for each of the first to n-th authentication information Authenticate using That is, according to the determination result of the determination unit 131, the number of pieces of authentication information that the user has to input for authentication increases or decreases. The type of authentication performed by the authentication unit 132 does not matter. The type of authentication performed by the authentication unit 132 is, for example, authentication using a pair of user identifier and password (password authentication), authentication using object movement information (a kind of capture authentication), and information other than object movement information. Capture authentication, fingerprint authentication, iris authentication, vein authentication, etc.

  The processing unit 133 performs processing according to the authentication result in the authentication unit 132. For example, when the authentication result in the authentication unit 132 is “authentication permitted”, the processing unit 133 performs processing for login after authentication permission. For example, when the authentication result in the authentication unit 132 is “authentication not permitted”, the processing unit 133 notifies the terminal device 2 that the authentication is not permitted. Needless to say, the content of the processing performed by the processing unit 133 is not limited. For example, when the authentication result is “authentication permitted”, the processing unit 133 may perform a process of opening the door.

  The server transmission unit 14 transmits various types of information to the terminal device 2. The various information includes, for example, an authentication result, an input screen for information to be authenticated, and the like.

  The input screen transmission unit 141 transmits an authentication information input screen. The authentication information input screen is information on a screen for inputting authentication information in the terminal device 2.

  When the determination unit 131 determines that the predetermined condition is satisfied, the input screen transmission unit 141 transmits to the terminal device 2 an authentication information input screen that accepts (n−1) th or lower authentication information. . The input screen for authenticated information that receives the (n-1) th or lower authenticated information is referred to as a second screen.

  When the determination unit 131 determines that the predetermined condition is not satisfied, the input screen transmission unit 141 transmits an authentication information input screen for accepting first to nth authentication information to the terminal device 2. The input screen for authenticated information for receiving the first to nth authenticated information is referred to as a first screen.

  The first screen and the second screen are normally stored in the server storage unit 11. The first screen and the second screen may be stored in a screen storage unit (not shown) of the server storage unit 11. The first screen and the second screen transmitted by the input screen transmission unit 141 may be rephrased as information constituting the first screen and information constituting the second screen. The information constituting the first screen and the information constituting the second screen may be described in, for example, HTML or XML, or may be a program such as a Java (registered trademark) script.

  The authentication result transmission unit 142 transmits the authentication result in the authentication unit 132 to the terminal device 2. The content, data type, data structure, etc. are not questioned in the authentication result.

  The terminal storage unit 21 constituting the terminal device 2 can store various types of information. Various types of information are, for example, a user identifier, an information identifier, a set of a user identifier and an information identifier, and the like.

  The terminal reception unit 22 receives various types of information. The various types of information are, for example, one or more types of authenticated information. Here, reception means reception of information input from an input device such as a keyboard, mouse, touch panel, reception of information transmitted via a wired or wireless communication line, recording on an optical disk, magnetic disk, semiconductor memory, or the like. It is a concept including reception of information read from a medium.

  The various information input means may be anything such as a keyboard, mouse, or menu screen.

  The terminal processing unit 23 performs various processes. The various types of processes are processes that constitute information to be transmitted from information received by the terminal receiving unit 22, for example.

  The terminal transmission unit 24 transmits various types of information to the server device 1. The various types of information include, for example, information configured by the terminal processing unit 23, information received by the terminal receiving unit 22, and instructions. The instruction is, for example, a screen request that is a request for screen transmission. The screen request is, for example, a request for transmission of the first screen or the second screen. The first screen is a screen for inputting first to n-th authentication information. The second screen is a screen for inputting (n-1) th or less authentication information.

  The terminal receiving unit 25 receives various types of information from the server device 1. The various information includes, for example, an input screen for authentication information, an authentication result, and the like. The authentication information input screen is, for example, a first screen or a second screen.

  The terminal output unit 26 outputs various information. The various types of information are, for example, information received by the terminal receiving unit 25, information received by the terminal receiving unit 22, and the like.

  Here, output refers to display on a display, projection using a projector, printing with a printer, sound output, transmission to an external device, storage in a recording medium, and output to other processing devices or other programs. It is a concept that includes delivery of processing results.

  The server storage unit 11, the authentication information storage unit 111, the determination information storage unit 112, and the terminal storage unit 21 are preferably non-volatile recording media, but can also be realized by volatile recording media.

  The process in which information is stored in the server storage unit 11 or the like is not limited. For example, information may be stored in the server storage unit 11 or the like via a recording medium, or information transmitted via a communication line or the like may be stored in the server storage unit 11 or the like. Alternatively, information input via the input device may be stored in the server storage unit 11 or the like.

  The server receiving unit 12, the information identifier receiving unit 121, the authenticated information receiving unit 122, the screen request receiving unit 123, and the terminal receiving unit 25 are usually realized by wireless or wired communication means, but are means for receiving broadcasts. It may be realized with.

  The server processing unit 13, the determination unit 131, the authentication unit 132, the processing unit 133, and the terminal processing unit 23 can be usually realized by an MPU, a memory, or the like. The processing procedure of the server processing unit 13 or the like is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  The server transmission unit 14, the input screen transmission unit 141, the authentication result transmission unit 142, and the terminal transmission unit 24 are usually realized by wireless or wired communication means, but may be realized by broadcasting means.

  The terminal reception unit 22 can be realized by a device driver of an input unit such as a keyboard, control software for a menu screen, or the like.

  The terminal output unit 26 may be considered as including or not including an output device such as a display or a speaker. The terminal output unit 26 may be implemented by output device driver software, or output device driver software and an output device.

  Next, the operation of the authentication system will be described. First, operation | movement of the server apparatus 1 is demonstrated using the flowchart of FIG.

  (Step S401) The information identifier receiving unit 121 determines whether an information identifier or the like has been received. If an information identifier or the like is received, the process goes to step S402, and if no information identifier or the like is received, the process goes to step S408. The information identifier or the like is, for example, only the information identifier. The information identifier or the like is, for example, an information identifier and a user identifier.

  (Step S402) The determination unit 131 substitutes 1 for a counter i.

  (Step S403) The determination unit 131 determines whether or not the i-th determination information exists in the determination information storage unit 112. When the i-th determination information exists, the process goes to step S404, and when it does not exist, the process goes to step S407.

  (Step S404) The determination unit 131 determines whether the information identifier received in step S401 is included in the i-th determination information. When it is included in the i-th determination information, the process goes to step S405, and when it is not included in the i-th determination information, the process goes to step S406. Note that the determination as to whether or not it is included in the i-th determination information may be a determination as to whether or not it matches the i-th determination information. The fact that the information identifier received in step S401 is included in the i-th determination information is an example that the information identifier received in step S401 satisfies a predetermined condition.

  (Step S405) The input screen transmission unit 141 transmits the second screen. The process returns to step S401. The second screen is an input screen for authenticated information for receiving (n−1) th or lower authenticated information.

  (Step S406) The determination unit 131 increments the counter i by 1. The process returns to step S403.

  (Step S407) The input screen transmission unit 141 transmits the first screen. The process returns to step S401. The first screen is an input screen for authenticated information for receiving first to nth authenticated information.

  (Step S408) The authenticated information receiving unit 122 determines whether one or more authenticated information has been received. If one or more pieces of authenticated information are received, the process goes to step S409. If one or more pieces of authenticated information are not received, the process goes to step S416. Here, the authenticated information receiving unit 122 may receive the information identifier. Further, the authenticated information receiving unit 122 may receive an information identifier and a user identifier.

  (Step S409) The authentication unit 132 performs an authentication process using the one or more pieces of authenticated information received in step S408. Details of the authentication processing will be described with reference to the flowchart of FIG.

  (Step S410) It is determined whether or not the authentication result in step S409 is authentication permission. If the authentication is permitted, the process proceeds to step S411. If the authentication is not permitted, the process proceeds to step S415.

  (Step S411) The processing unit 133 performs processing corresponding to authentication permission.

  (Step S412) The server processing unit 13 determines whether or not the reception of one or more pieces of information to be authenticated in step S408 is reception from the first screen. If it is reception from the first screen, go to step S413, and if it is not reception from the first screen, return to step S401.

  (Step S413) An information identifier storage unit (not shown) constituting the server processing unit 13 acquires an information identifier and the like. The information identifier or the like is information that has already been received.

  (Step S414) Then, the information identifier storage unit configures determination information from the acquired information identifier or the like, and stores the determination information in the determination information storage unit 112. The process returns to step S401.

  (Step S415) The processing unit 133 performs a process corresponding to the authentication non-permission. The process returns to step S401. Note that the processing corresponding to the authentication non-permission may be, for example, transmission of the first screen. Further, the process corresponding to the authentication non-permission may be, for example, transmission of the second screen again.

  (Step S416) The server reception unit 12 determines whether or not other instructions have been received. If other instructions are received, the process goes to step S417. If no other instructions are received, the process returns to step S401.

  (Step S417) The server processing unit 13 performs processing according to other instructions and the like. The process returns to step S401.

  In the flowchart of FIG. 4, the process ends when the power is turned off or the process ends.

  Next, details of the authentication processing in step S409 will be described using the flowchart of FIG.

  (Step S501) The authentication unit 132 obtains the number N of pieces of received authentication information. The authenticating unit 132 may acquire N from the number of pieces of received authentication information, or may acquire the number N of pieces of authentication information corresponding to the transmitted input screen. In such a case, it is assumed that the number N of authenticated information is managed in association with the input screen. In addition, the acquisition method of the number N of authenticated information is not ask | required.

  (Step S502) The authentication unit 132 assigns 1 to the counter i.

  (Step S503) The authentication unit 132 determines whether or not “i <= N” is satisfied. If satisfied, the process goes to step S504, and if not, the process goes to step S509.

  (Step S504) The authenticating unit 132 acquires the i-th authenticated information among the N authenticated information received.

  (Step S505) The authentication unit 132 performs authentication processing on the i-th authentication target information using corresponding authentication information in the authentication information storage unit 111. Since the authentication process is a known technique, detailed description thereof is omitted. In this specification, it goes without saying that an authentication process not known at the time of filing may be used.

  (Step S506) The authentication unit 132 determines whether or not the result of the authentication process in step S505 is authentication permission. If the authentication is permitted, the process goes to step S507. If the authentication is not permitted, the process goes to step S508.

  (Step S507) The authentication unit 132 increments the counter i by one. The process returns to step S503.

  (Step S508) The authentication unit 132 assigns “authentication not permitted” to the variable “authentication result”. Return to upper process.

  (Step S509) The authentication unit 132 substitutes “authentication permitted” for the variable “authentication result”. Return to upper process.

  Next, operation | movement of the terminal device 2 is demonstrated using the flowchart of FIG.

  (Step S601) The terminal reception unit 22 determines whether an access instruction to the server device 1 has been received. If an access instruction is accepted, the process goes to step S602. If an access instruction is not accepted, the process goes to step S609. The access instruction is, for example, access by an Internet browser that specifies a URL. The access instruction is, for example, access by an Internet browser in which a user identifier is input and a URL is specified.

  (Step S602) The terminal processing unit 23 acquires an information identifier and the like. Then, the terminal transmission unit 24 transmits the information identifier or the like to the server device 1. The information identifier or the like may be only the information identifier, or may be an information identifier and a user identifier.

  (Step S603) The terminal reception unit 25 determines whether or not an input screen for authenticated information has been received in response to the access instruction. If the input screen is received, the process goes to step S604, and if the input screen is not received, the process returns to step S603.

  (Step S604) The terminal output unit 26 outputs the input screen for the authentication information received in Step S603.

  (Step S605) The terminal receiving unit 22 determines whether or not input of one or more pieces of authenticated information has been completed on the input screen for authenticated information. If the input is completed, the process goes to step S606, and if the input is not completed, the process returns to step S605. The completion of the input of the authentication information is, for example, pressing of a specific button (for example, a login button).

  (Step S606) The terminal transmission unit 24 transmits one or more pieces of authenticated information received in Step S605 to the server device 1.

  (Step S607) The terminal receiving unit 25 determines whether or not an authentication result or the like of one or more pieces of authenticated information has been received in response to the transmission of one or more pieces of authenticated information. If an authentication result or the like is received, the process proceeds to step S608, and if an authentication result or the like is not received, the process returns to step S607.

  (Step S608) The terminal output unit 26 outputs the authentication result or the like received in step S607. The process returns to step S601.

  (Step S609) The terminal receiving unit 22 determines whether other information or the like has been received. If other information is received, the process goes to step S610. If no other information is received, the process returns to step S601.

  (Step S610) The terminal processing unit 23 or the like performs processing according to other information. The process returns to step S601. In addition, the content of the process here is not ask | required.

  Note that in step S606 of the flowchart of FIG. 6, when two or more pieces of authentication information are transmitted, they may be transmitted simultaneously or separately.

  In the flowchart of FIG. 6, the process is ended by powering off or interruption for aborting the process.

  Hereinafter, a specific operation of the authentication system in the present embodiment will be described. FIG. 1 is a conceptual diagram of the authentication system.

  Now, the authentication information storage unit 111 holds the user management table shown in FIG. The user management table shown in FIG. 7 includes one or more records having attribute values such as “ID”, “user identifier”, “password”, and “name”. “User identifier” and “password” are first authentication information. “ID” is information for identifying a record.

  Further, the authentication information storage unit 111 holds a capture information management table shown in FIG. The capture information management table manages information for performing capture authentication. The capture information management table includes one or more records having attribute values such as “ID”, “background image”, “moving image”, and “coordinate information”. “ID” is information for identifying a record. The “background image” is a background image for capture authentication. The “moving image” is an image that is moved by the user when information to be authenticated is input. “Coordinate information” is information indicating coordinates for permitting authentication. “Coordinate information” is coordinates indicating a location where the “moving image” is moved. Here, the “coordinate information” is coordinates indicating the center point of the moving image when the “moving image” is correctly moved on the “background image”. The authentication unit 132 does not need to match the “coordinate information” with the position of the “moving image” after movement (here, the coordinates indicating the center point of the moving image) in order to determine that authentication is permitted. If the distance between the position of the “moving image” after the movement and the position indicated by the “coordinate information” is within the threshold (or smaller than the threshold), it may be determined that the authentication is permitted.

  Further, the judgment information storage unit 112 stores a judgment information management table having the structure shown in FIG. The judgment information management table has one or more records having attribute values of “ID” and “judgment information”. The “determination information” includes a “user identifier” and an “information identifier”. “ID” is information for identifying a record. Here, it is assumed that the “user identifier” is the mail address of the user. Here, it is assumed that the “information identifier” is a cookie ID corresponding to the terminal device 2 used by the user.

  Furthermore, it is assumed that the server storage unit 11 stores a first screen shown in FIG. 10 and a second screen shown in FIG. The first screen is an input screen for authenticated information for receiving two pieces of authenticated information. The first screen includes a field 1001 for inputting a user identifier, a field 1002 for inputting a password, a background image 1003 for capturing, and a moving image 1004 for capturing. The second screen is an input screen for authenticated information for receiving one authenticated information. The second screen has a field 1101 for inputting a user identifier and a field 1102 for inputting a password.

  In this state, it is assumed that the user “Ao Shimada” inputs an access instruction to access the server device 1 using the Internet browser installed in the new terminal device 2. It is assumed that the access instruction includes a user identifier “(not shown for violation of public order and morals)”.

  Next, the terminal reception unit 22 receives an access instruction to the server device 1. Next, the terminal processing unit 23 acquires a cookie ID (a kind of information identifier) “eeeffeff” and a user identifier “(not shown for public order and moral violation)”. Then, the terminal transmission unit 24 transmits the cookie ID “eeeffff” and the user identifier “(not shown for public order and morals violation)” to the server device 1.

  Next, the information identifier receiving unit 121 of the server apparatus 1 receives the cookie ID “eeeffeff” and the user identifier “(not shown due to violation of public order and morals)”.

  Next, the determination unit 131 determines that the determination information having the cookie ID “eeeffff” and the user identifier “(not shown for violation of public order and morals)” is not stored in the determination information management table of FIG. Here, the determination information is information for authenticating the terminal device 2. The determination information is information that is accumulated when one user accesses the server device 1 for the first time using the terminal device 2.

  Next, the input screen transmission unit 141 acquires the first screen from the server storage unit 11. Next, the input screen transmission unit 141 transmits the first screen to the terminal device 2.

  Next, the terminal receiving unit 25 of the terminal device 2 receives the first screen. And the terminal output part 26 outputs a 1st screen.

  Next, it is assumed that the user “Ao Shimada” has input the user identifier “(not shown regarding public order and morals violation)” and the password “XXXXYYYY” on the screen of FIG. Also, assume that the moving image 1004 on the screen of FIG. 10 is moved to an appropriate position on the background image 1003 to complete the puzzle. Then, it is assumed that the user “Ao Shimada” has pressed the “SIGN IN” button 1005 in FIG. 10 (see FIG. 12).

  Next, the terminal reception unit 22 determines that the input of one or more pieces of authenticated information has been completed on the authentication information input screen.

Next, the terminal transmission unit 24 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”, the password“ XXXXYYYY ”, and the second authenticated information“ ID “1”, (x ₂ , y ₂ ) ”. The ID “1” of the second authentication information indicates a capture ID. The ID “1” of the second authentication information is information added to the screen of FIG. 10 and transmitted from the server device 1 to the terminal device 2. Further, (x ₂ , y ₂ ) is information indicating the position of the moving image 1004.

Next, the terminal transmission unit 24 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”, the password“ XXXXYYYY ”, and the second authenticated information“ ID “1”, (x ₂ , y ₂ ) ”to the server apparatus 1.

  Next, the authenticated information receiving unit 122 receives the first authenticated information and the second authenticated information.

  Next, the authentication unit 132 performs authentication processing on the first authentication target information using the user management table of FIG. Since the user identifier “(not shown for public order and morals violation)” and the password “XXXXYYYY” are present in the user management table of FIG. 7, the authentication unit 132 obtains the determination of the authentication result “authentication permitted”.

Next, the authentication unit 132 performs authentication processing on the second authentication target information using the capture information management table shown in FIG. That is, the authentication unit 132 acquires coordinate information (x ₁ , y ₁ ) that is paired with the ID “1” from the capture information management table. Then, the authentication unit 132 determines that the distance between (x ₂ , y ₂ ) and the coordinate information (x ₁ , y ₁ ) included in the second authentication information is smaller than the threshold, and displays the authentication result “authentication permitted”. obtain.

  As described above, the authentication unit 132 obtains the final authentication result “authentication permitted” of the two pieces of information to be authenticated. Then, the server processing unit 13 performs a process for logging in the user “Ao Shimada”. Further, the server transmission unit 14 transmits the authentication result “authentication permission” to the terminal device 2.

  Next, the server processing unit 13 determines that the two pieces of authenticated information are received from the first screen.

  Next, an information identifier storage unit (not shown) constituting the server processing unit 13 stores the cookie ID “eeeffff” in the determination information management table in association with the user identifier “(not shown for public order and moral violation)”.

  Next, the terminal receiving unit 25 of the terminal device 2 receives the authentication result “authentication permitted”. Then, the terminal output unit 26 outputs an authentication result “authentication permitted”. After that, the user “Ao Shimada” can execute post-login processing on the server device 1. Then, it is assumed that the user “Ao Shimada” has logged out from the server device 1 after the processing is performed.

  Then, it is assumed that the user “Ao Shimada” later inputs an access instruction using the Internet browser of the terminal device 2 in order to log in to the server device 1 using the same terminal device 2.

  Next, the terminal reception unit 22 receives an access instruction to the server device 1. Next, the terminal processing unit 23 acquires a cookie ID (a kind of information identifier) “eeeffeff” and a user identifier “(not shown for public order and moral violation)”. Then, the terminal transmission unit 24 transmits the cookie ID “eeeffff” and the user identifier “(not shown for public order and morals violation)” to the server device 1.

  Next, the information identifier receiving unit 121 of the server apparatus 1 receives the cookie ID “eeeffeff” and the user identifier “(not shown due to violation of public order and morals)”.

  Next, the determination unit 131 determines that the determination information having the cookie ID “eeeffff” and the user identifier “(not shown for violation of public order and morals)” is stored in the determination information management table of FIG.

  Next, the input screen transmission unit 141 acquires the second screen from the server storage unit 11. Next, the input screen transmission unit 141 transmits the second screen to the terminal device 2.

  Next, the terminal receiving unit 25 of the terminal device 2 receives the second screen. And the terminal output part 26 outputs a 2nd screen.

  Next, it is assumed that the user “Ao Shimada” has input the user identifier “(not shown regarding public order and morals violation)” and the password “XXXXYYYY” on the screen of FIG. Then, it is assumed that the user “Ao Shimada” has pressed the “SIGN IN” button 1103 in FIG. 11 (see FIG. 13).

  Next, the terminal reception unit 22 determines that the input of one or more pieces of authenticated information has been completed on the authentication information input screen.

  Next, the terminal transmission unit 24 obtains the first authenticated information “user identifier“ (not shown for public order and morals violation) ”and password“ XXXXYYYY ”.

  Next, the terminal transmission unit 24 transmits the first authenticated information “user identifier“ (not shown for public order and morals violation) ”and password“ XXXXYYYY ”to the server device 1.

  Next, the authenticated information receiving unit 122 receives the first authenticated information.

  Next, the authentication unit 132 performs authentication processing on the first authentication target information using the user management table of FIG. Since the user identifier “(not shown for public order and morals violation)” and the password “XXXXYYYY” are present in the user management table of FIG. 7, the authentication unit 132 obtains the final authentication result “authentication permission” determination. .

  Then, the server processing unit 13 performs a process for logging in the user “Ao Shimada”. Further, the server transmission unit 14 transmits the authentication result “authentication permission” to the terminal device 2.

  Next, the server processing unit 13 determines that the two pieces of authenticated information are not received from the first screen.

  Next, the terminal receiving unit 25 of the terminal device 2 receives the authentication result “authentication permitted”. Then, the terminal output unit 26 outputs an authentication result “authentication permitted”. After that, the user “Ao Shimada” can execute post-login processing on the server device 1.

  As described above, according to the present embodiment, it is possible to realize both the strict security and the usability improvement for the authentication process.

  Note that the processing in the present embodiment may be realized by software. Then, this software may be distributed by software download or the like. Further, this software may be recorded and distributed on a recording medium such as a CD-ROM. This also applies to other embodiments in this specification. In addition, the software which implement | achieves the server apparatus 1 in this Embodiment is the following programs. In other words, this program is a computer-accessible recording medium, and the computer-accessible recording medium is information for authentication from the first to the n-th (n is a natural number of 2 or more). In the case of access that does not satisfy a predetermined condition, including the first access from one terminal device by one user, the authentication information storage unit capable of storing information is provided. The first to n-th authenticated information, which is the information to be authenticated, is received from the one terminal device, and in the case of access satisfying a predetermined condition, the (n-1) th or lower authentication target Using an authenticated information receiving unit that receives information from the one terminal device, and first to nth authenticated information received by the authenticated information receiving unit, or (n-1) th or lower authenticated information Authentication When a program for functioning as a processing unit that performs a process corresponding to the authentication result in the authentication unit.

  The computer-accessible recording medium further includes a determination information storage unit that can store one or more determination information having an information identifier for identifying information transmitted from the terminal device, and the computer receives an information identifier. The receiving unit and the information identifier received by the information identifier receiving unit further function as a determining unit that determines whether or not a predetermined condition is satisfied, and the authenticating unit sets a predetermined condition on the determining unit. If it is determined that the condition is satisfied, the first to (n-1) th authentication information is authenticated using the first to (n-1) th authentication information, and the determination unit is determined in advance. If the first to nth authentication information is authenticated using the first to nth authentication information, the computer is caused to function. It is preferred.

Further, in the above program, the determination information includes a user identifier for identifying a user and an information identifier, the information identifier receiving unit receives the user identifier and the information identifier, and the predetermined condition is as follows: The computer is caused to function as a combination of the user identifier and the information identifier received by the information identifier receiving unit matches any of the determination information stored in the determination information storage unit. That is preferred.

  Further, in the above program, the determination unit includes a combination of the user identifier and the information identifier received by the information identifier reception unit, as one of the determination information stored in the determination information storage unit, It is preferable to make a computer function as what determines whether it corresponds.

  In the above program, it is preferable to cause the computer to function as the first authenticated information received by the authenticated information receiving unit is a user identifier for identifying a user and a password.

  In the above program, it is preferable that the computer functions by assuming that n is 2.

  In the above program, the second authenticated information received by the authenticated information receiving unit is object movement information acquired when the user moves one or more objects in the terminal device. It is preferable to function.

  Further, in the above program, when the determination unit determines that a predetermined condition is satisfied, an input screen for transmitting an authentication information input screen for receiving (n-1) th or lower authentication information to the terminal device It is preferable to further cause the computer to function as the transmission unit.

  In the above program, it is preferable that the information identifier is a cookie ID to cause the computer to function.

  In the above program, it is preferable to cause the computer to function, assuming that the information identifier is an application identifier for identifying an application.

(Embodiment 2)
This embodiment is different from the first embodiment in the authentication procedure. However, the authentication system according to the present embodiment also has (n-1) or less authentications when a predetermined condition is satisfied in the server device that requests input for the first to nth authentications at the time of login. It is the authentication system which comprises the server apparatus which requests only the input for.

  The conceptual diagram of the authentication system B in the present embodiment is the same as that in FIG. 1 except for the server device code. The authentication system B includes a server device 3 and one or more terminal devices 2.

  FIG. 14 is a block diagram of the server device 3 constituting the authentication system B in the present embodiment.

  The server device 3 includes a server storage unit 11, a server reception unit 12, a server processing unit 33, and a server transmission unit 14.

  The server processing unit 33 includes a determination unit 331, an authentication unit 132, and a processing unit 333.

  The server processing unit 33 configuring the server device 3 performs various processes. The various processes include, for example, a determination process described later, an authentication process, a process for login after authentication is permitted, a notification process after authentication is not permitted, and the like.

  The determination unit 331 determines that the information identifier received by the information identifier reception unit 121 is obtained in advance when the authentication unit 132 performs authentication using the first to (n-1) th authentication information from the first to the authentication permission. It is determined whether or not a predetermined condition is satisfied.

  The server processing unit 33 and the determination unit 331 can usually be realized by an MPU, a memory, or the like. The processing procedure of the server processing unit 33 or the like is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  Next, operation | movement of the server apparatus 3 is demonstrated using the flowchart of FIG. In the flowchart of FIG. 15, the description of the same steps as those in the flowchart of FIG. 4 is omitted.

  (Step S1501) The screen request receiving unit 123 determines whether a screen request has been received. If a screen request is received, the process goes to step S1502, and if no screen request is received, the process goes to step S416.

  (Step S1502) The server processing unit 13 determines whether the screen request received in step S1501 is a transmission request for the first screen or a transmission request for the second screen. If it is a transmission request for the first screen, go to step S1503, and if it is a transmission request for the second screen, go to step S1504.

  (Step S1503) The input screen transmission unit 141 acquires the first screen of the server storage unit 11, and transmits the first screen to the terminal device 2.

  (Step S1504) The input screen transmission unit 141 acquires the second screen of the server storage unit 11, and transmits the second screen to the terminal device 2.

  (Step S1505) The determination unit 331 acquires the received user identifier and information identifier.

  (Step S1506) The determination unit 331 substitutes 1 for the counter i.

  (Step S1507) The determination unit 331 determines whether or not the i-th determination information exists in the determination information storage unit 112. When the i-th determination information exists, the process goes to step S1508, and when it does not exist, the process goes to step S1503.

  (Step S1508) The determination unit 331 determines whether or not the information identifier acquired in step S1505 is included in the i-th determination information. If it is included in the i-th determination information, the process goes to step S411. If it is not included in the i-th determination information, the process goes to step S1509.

  (Step S1509) The determination unit 331 increments the counter i by one. The process returns to step S1507.

  Note that the processing is ended by powering off or interruption for aborting the processing in the flowchart in FIG.

  Hereinafter, a specific operation of the authentication system B in the present embodiment will be described. A conceptual diagram of the authentication system B is shown in FIG.

  Now, the authentication information storage unit 111 holds the user management table shown in FIG. Further, the authentication information storage unit 111 holds a capture information management table shown in FIG. Further, the judgment information storage unit 112 stores a judgment information management table having the structure shown in FIG. Furthermore, it is assumed that the server storage unit 11 stores a first screen shown in FIG. 10 and a second screen shown in FIG.

  In this state, it is assumed that the user “Ao Shimada” has input an access instruction to access the server device 3 using the Internet browser installed in the new terminal device 2. The access instruction includes the URL of the server device 3.

  Here, it is assumed that the Internet browser currently does not hold a cookie ID (a kind of information identifier) and a user identifier. Further, the fact that the Internet browser holds information means that the terminal storage unit 21 stores information.

  Next, the terminal reception unit 22 receives an access instruction to the server device 3.

  Next, the terminal processing unit 23 tries to acquire a cookie ID and a user identifier, but cannot acquire them.

  Next, since the cookie ID and the user identifier could not be acquired, the terminal processing unit 23 configures a screen request for the first screen. Next, the terminal transmission unit 24 transmits a screen request for the first screen to the server device 3. Note that the screen essential of the first screen has a cookie ID “eeeffff”.

  Next, the screen request receiving unit 123 of the server device 3 receives the screen request for the first screen. Then, the input screen transmission unit 141 acquires the first screen of the server storage unit 11 and transmits the first screen to the terminal device 2.

  Next, the terminal device 2 receives the first screen. And the terminal output part 26 outputs the 1st screen shown in FIG.

  Next, it is assumed that the user “Ao Shimada” has input the user identifier “(not shown regarding public order and morals violation)” and the password “XXXXYYYY” on the screen of FIG. Also, assume that the moving image 1004 on the screen of FIG. 10 is moved to an appropriate position on the background image 1003 to complete the puzzle. Then, it is assumed that the user “Ao Shimada” has pressed the “SIGN IN” button 1005 in FIG. 10 (see FIG. 12).

  Next, the terminal reception unit 22 determines that the input of one or more pieces of authenticated information has been completed on the authentication information input screen.

Next, the terminal transmission unit 24 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”, the password“ XXXXYYYY ”, and the second authenticated information“ ID “1”, (x ₂ , y ₂ ) ”.

Next, the terminal transmission unit 24 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”, the password“ XXXXYYYY ”, and the second authenticated information“ ID “1”, (x ₂ , y ₂ ) ”to the server apparatus 3.

  Next, the authenticated information receiving unit 122 of the server apparatus 3 receives the first authenticated information and the second authenticated information.

  Next, the authentication unit 132 performs authentication processing on the first authentication target information using the user management table of FIG. Since the user identifier “(not shown for public order and morals violation)” and the password “XXXXYYYY” are present in the user management table of FIG. 7, the authentication unit 132 obtains the determination of the authentication result “authentication permitted”.

Next, the authentication unit 132 performs authentication processing on the second authentication target information using the capture information management table shown in FIG. That is, the authentication unit 132 acquires coordinate information (x ₁ , y ₁ ) that is paired with the ID “1” from the capture information management table. Then, the authentication unit 132 determines that the distance between (x ₂ , y ₂ ) and the coordinate information (x ₁ , y ₁ ) included in the second authentication information is smaller than the threshold, and displays the authentication result “authentication permitted”. obtain.

  As described above, the authentication unit 132 obtains the final authentication result “authentication permitted” of the two pieces of information to be authenticated. Then, the server processing unit 13 performs a process for logging in the user “Ao Shimada”. Further, the server transmission unit 14 transmits the authentication result “authentication permission” to the terminal device 2.

  Next, the server processing unit 13 determines that the reception of the two pieces of authenticated information is reception from the first screen.

  Next, an information identifier storage unit (not shown) constituting the server processing unit 13 stores the cookie ID “eeeffff” in the determination information management table in association with the user identifier “(not shown for public order and moral violation)”.

  Next, the terminal receiving unit 25 of the terminal device 2 receives the authentication result “authentication permitted”. Then, the terminal output unit 26 outputs an authentication result “authentication permitted”. After that, the user “Ao Shimada” can execute post-login processing on the server device 3. Then, it is assumed that the user “Ao Shimada” has logged out from the server device 1 after the processing is performed.

  Then, it is assumed that the user “Ao Shimada” later inputs an access instruction using the Internet browser of the terminal device 2 in order to log in to the server device 3 using the same terminal device 2.

  Next, the terminal reception unit 22 receives an access instruction to the server device 3.

  Next, the terminal processing unit 23 acquires a cookie ID “eeeffff” and a user identifier “(not shown for public order and morals violation)” held by the Internet browser.

  Next, since the cookie ID and the user identifier have been acquired, the terminal processing unit 23 configures a screen request for the second screen. Next, the terminal transmission unit 24 transmits a screen request for the second screen to the server device 3. The screen essential of the second screen has a cookie ID “eeeffff”.

  Next, the screen request receiving unit 123 of the server device 3 receives the screen request for the second screen. Then, the input screen transmission unit 141 acquires the second screen of the server storage unit 11 and transmits the second screen to the terminal device 2.

  Next, the terminal device 2 receives the second screen. And the terminal output part 26 outputs the 1st screen shown in FIG.

  Next, it is assumed that the user “Ao Shimada” has input the user identifier “(not shown regarding public order and morals violation)” and the password “aaaabbb” on the screen of FIG. Then, it is assumed that the user “Ao Shimada” has pressed the “SIGN IN” button 1103 in FIG.

  Next, the terminal reception unit 22 determines that the input of one or more pieces of authenticated information has been completed on the authentication information input screen.

  Next, the terminal transmission unit 24 acquires the first authenticated information “user identifier“ (not shown for public order and morals violation) ”and password“ aaaabbb ”.

  Next, the terminal transmission unit 24 transmits the first authenticated information “user identifier“ (not shown for public order and morals violation) ”and password“ aaaabbb ”to the server device 3.

  Next, the authenticated information receiving unit 122 receives the first authenticated information.

  Next, the authentication unit 132 performs authentication processing on the first authentication target information using the user management table of FIG. Then, the user identifier “(not listed for public order and morals violation)” and the password “aaaabbb” are not present in the user management table of FIG. 7, and the authentication unit 132 determines the final authentication result “authentication not permitted”. obtain.

  Next, the input screen transmission unit 141 acquires the first screen of the server storage unit 11 and transmits the first screen to the terminal device 2.

  Next, the terminal device 2 receives the first screen. And the terminal output part 26 outputs the 1st screen shown in FIG.

  Next, it is assumed that the user “Ao Shimada” has input the user identifier “(not shown regarding public order and morals violation)” and the password “XXXXYYYY” on the screen of FIG. Also, assume that the moving image 1004 on the screen in FIG. 10 is moved to an appropriate position on the background image 1003 to complete the puzzle. Then, it is assumed that the user “Ao Shimada” has pressed the “SIGN IN” button 1005 in FIG. 10 (see FIG. 12).

  Next, the terminal reception unit 22 determines that the input of one or more pieces of authenticated information has been completed on the authentication information input screen.

Next, the terminal transmission unit 24 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”, the password“ XXXXYYYY ”, and the second authenticated information“ ID “1”, (x ₂ , y ₂ ) ”.

Next, the terminal transmission unit 24 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”, the password“ XXXXYYYY ”, and the second authenticated information“ ID “1”, (x ₂ , y ₂ ) ”to the server apparatus 3.

  Next, the authenticated information receiving unit 122 of the server apparatus 3 receives the first authenticated information and the second authenticated information.

  Next, the authentication unit 132 performs authentication processing on the first authentication target information using the user management table of FIG. Since the user identifier “(not shown for public order and morals violation)” and the password “XXXXYYYY” are present in the user management table of FIG.

Next, the authentication unit 132 performs authentication processing on the second authentication target information using the capture information management table shown in FIG. That is, the authentication unit 132 acquires coordinate information (x ₁ , y ₁ ) that is paired with the ID “1” from the capture information management table. Then, the authentication unit 132 determines that the distance between (x ₂ , y ₂ ) and the coordinate information (x ₁ , y ₁ ) included in the second authentication information is smaller than the threshold, and displays the authentication result “authentication permitted”. obtain.

  As described above, the authentication unit 132 obtains the final authentication result “authentication permitted” of the two pieces of information to be authenticated. Then, the server processing unit 13 performs a process for logging in the user “Ao Shimada”. Further, the server transmission unit 14 transmits the authentication result “authentication permission” to the terminal device 2.

  Next, the server processing unit 13 determines that the two pieces of authenticated information are received from the first screen.

  Next, an information identifier storage unit (not shown) constituting the server processing unit 13 stores the cookie ID “eeeffff” in the determination information management table in association with the user identifier “(not shown for public order and moral violation)”.

  Next, the terminal receiving unit 25 of the terminal device 2 receives the authentication result “authentication permitted”. Then, the terminal output unit 26 outputs an authentication result “authentication permitted”. After that, the user “Ao Shimada” can execute post-login processing on the server device 3. Then, it is assumed that the user “Ao Shimada” has logged out from the server device 1 after the processing is performed.

  Furthermore, the user “Ao Shimada” entered an access instruction using the Internet browser of the terminal device 2 in order to log in to the server device 3 using the same terminal device 2 at a later date. To do.

  Next, the terminal reception unit 22 receives an access instruction to the server device 3.

  Next, the terminal processing unit 23 acquires a cookie ID “eeeffff” and a user identifier “(not shown for public order and morals violation)” held by the Internet browser.

  Next, since the cookie ID and the user identifier have been acquired, the terminal processing unit 23 configures a screen request for the second screen. Next, the terminal transmission unit 24 transmits a screen request for the second screen to the server device 3. The screen essential of the second screen has a cookie ID “eeeffff”.

  Next, the screen request receiving unit 123 of the server device 3 receives the screen request for the second screen. Then, the input screen transmission unit 141 acquires the second screen of the server storage unit 11 and transmits the second screen to the terminal device 2.

  Next, the terminal device 2 receives the second screen. And the terminal output part 26 outputs the 1st screen shown in FIG.

  Next, it is assumed that the user “Ao Shimada” has input the user identifier “(not shown regarding public order and morals violation)” and the password “XXXXYYYY” on the screen of FIG. Then, it is assumed that the user “Ao Shimada” has pressed the “SIGN IN” button 1103 in FIG.

  Next, the terminal reception unit 22 determines that the input of one or more pieces of authenticated information has been completed on the authentication information input screen.

  Next, the terminal transmission unit 24 obtains the first authenticated information “user identifier“ (not shown for public order and morals violation) ”and password“ XXXXYYYY ”.

  Next, the terminal transmission unit 24 transmits the first authenticated information “user identifier“ (not shown for public order and morals violation) ”and password“ XXXXYYYY ”to the server device 1.

  Next, the authenticated information receiving unit 122 receives the first authenticated information.

  Next, the authentication unit 132 performs authentication processing on the first authentication target information using the user management table of FIG. Since the user identifier “(not shown for public order and morals violation)” and the password “XXXXYYYY” are present in the user management table of FIG. 7, the authentication unit 132 obtains the final authentication result “authentication permission” determination. .

  Next, the determination unit 331 obtains the received user identifier “(not shown for public order and morals violation)” and cookie ID “eeeffff”.

  Next, the determination unit 331 determines that the determination information having the user identifier “(not shown for public order and morals violation)” and the cookie ID “eeeffff” exists in the determination information management table.

  Then, the server processing unit 13 performs a process for logging in the user “Ao Shimada”. Further, the server transmission unit 14 transmits the authentication result “authentication permission” to the terminal device 2.

  Next, the server processing unit 13 determines that the reception of the two pieces of authenticated information is not reception from the first screen.

  As described above, according to the present embodiment, it is possible to realize both the strict security and the usability improvement for the authentication process.

  In addition, the software which implement | achieves the server apparatus 3 in this Embodiment is the following programs. That is, in this program, the computer-accessible recording medium stores authentication information that can store first to n-th authentication information that is information for authentication from the first to n-th (n is a natural number of 2 or more). In the case of access that does not satisfy a predetermined condition including the first access from one terminal device by one user, the first to nth authentication target information When the first to n-th authenticated information is received from the one terminal device and the access satisfies a predetermined condition, the (n−1) th or lower authenticated information is received from the one terminal device. A to-be-authenticated information receiving unit, an authentication unit that performs authentication using the first to n-th to-be-authenticated information received by the to-be-authenticated information receiving unit, or (n-1) th to-be-authenticated information According to the authentication result in the authentication unit Is a program for functioning as a processing unit that performs processing.

  In the above program, a computer-accessible recording medium can store a first screen for inputting first to n-th authenticated information and a second screen for inputting (n-1) -th or lower authenticated information. A screen storage unit further comprising: a screen request receiving unit configured to receive a screen request including the request for the first screen or the second screen from the one terminal device; and a first screen corresponding to the screen request. Or it is suitable that it is a program which functions further as an input screen transmission part which transmits a 2nd screen to said one terminal device.

  In the above program, the computer-accessible recording medium further includes a determination information storage unit capable of storing one or more determination information having an information identifier for identifying information transmitted from the terminal device, and the computer is provided with the information identifier. The information identifier receiving unit and the information identifier receiving unit received when the result of authentication performed by the authentication unit using the first to (n-1) -th or lower authentication information is authentication permission. The first screen is further operated as a determination unit that determines whether or not the information identifier satisfies a predetermined condition, and the screen transmission unit determines that the determination unit does not satisfy the predetermined condition. Is transmitted to the one terminal device, and the processing unit performs a process according to an authentication result in the authentication unit when the determination unit determines that a predetermined condition is satisfied. As things, it is preferably a program for causing a computer to function.

(Embodiment 3)
In the present embodiment, a case will be described in which user authentication processing is shared between a server device and a service server.

  FIG. 16 is a conceptual diagram of the authentication system C in the present embodiment. The authentication system C includes a server device 4, a service server 5, one or more terminal devices 6. The service server 5 is a device to be accessed by the terminal device 6, and is a device that provides a service to the terminal device 6 or a user. The server device 4 is a device that performs user authentication processing.

  FIG. 17 is a block diagram of authentication system C in the present embodiment. FIG. 18 is a block diagram of the server device 4.

  The server device 4 includes a server storage unit 41, a server reception unit 42, a server processing unit 43, and a server transmission unit 14.

  The server storage unit 41 includes an authentication information storage unit 111, a determination information storage unit 112, and a screen storage unit 413.

  The server reception unit 42 includes an access reception unit 421, a screen request reception unit 422, an information identifier reception unit 423, and an authenticated information reception unit 424.

  The server processing unit 43 includes a determination unit 431, an authentication unit 432, and a processing unit 433.

  The service server 5 includes a service reception unit 51, a service transmission unit 52, and a service processing unit 53.

  The service receiving unit 51 includes a terminal side receiving unit 511 and a server side receiving unit 512.

  The service transmission unit 52 includes a terminal side transmission unit 521 and a server side transmission unit 522.

  The service processing unit 53 includes a service authentication unit 531, a login processing unit 532, and a service providing unit 533.

  The terminal device 6 includes a terminal storage unit 61, a terminal reception unit 22, a terminal processing unit 63, a terminal transmission unit 64, a terminal reception unit 65, and a terminal output unit 26.

  The server storage part 41 which comprises the server apparatus 4 can store various information. Various types of information are, for example, authentication information, determination information, screen information, and the like. The screen information is information for configuring the screen, and is, for example, the first screen, the second screen, or the like described above. The screen information may be a script such as HTML, XML or Java script.

  The authentication information storage unit 111 is 1 or more, and can store (n−1) th or less (n is a natural number of 2 or more) authentication information. 1 or more and (n−1) th or less means one or more types and (n−1) th or less types.

  The determination information storage unit 112 can store one or more pieces of determination information having an information identifier and a user identifier. The information identifier is information for identifying information transmitted from the terminal device 6. The information identifier may be information for identifying the terminal device 6. The information identifier is, for example, a cookie ID, an application identifier, information identifying the type of browser or the environment of the terminal device 6, and the like. The user identifier is information for identifying the user.

  The screen storage unit 413 can store one or more pieces of screen information. The screen information is, for example, a first screen for inputting first to nth authentication information, a second screen for inputting first to (n-1) th authentication information, and the like.

  The server receiving unit 42 receives various information and instructions. Various information, instructions, and the like are, for example, access instructions and screen requests from the terminal device 6. The various information, instructions, and the like are, for example, an information identifier and user identifier from the service server 5, information to be authenticated, and the like.

  The access receiving unit 421 receives an access instruction from the terminal device 6. The access instruction is information or a command indicating the start of access. The access instruction is, for example, an intention display for the terminal device 6 to start the service server 5. The access instruction is, for example, an instruction to access the service server 5 or the server apparatus 4 from the terminal device 6.

  The screen request receiving unit 422 receives a screen request including a request for the first screen or the second screen from one terminal device 6.

  The information identifier receiving unit 423 receives an information identifier and a user identifier. The information identifier receiving unit 423 normally receives an information identifier and a user identifier from the terminal device 6 via the service server 5.

  If the access from the terminal device 6 is an access that does not satisfy a predetermined condition, the authenticated information receiving unit 424 performs the first to (n−1) th authentication based on the information received by the terminal device 6. In the case of access that receives information and satisfies a predetermined condition, 0 or (n−2) th or lower authentication information based on information received by the terminal device 6 is received.

  If the access from the terminal device 6 is an access that does not satisfy a predetermined condition, the authenticated information receiving unit 424 receives one authenticated information based on the information received by the terminal device 6 and is determined in advance. In the case of an access that satisfies the conditions, it is not necessary to receive the authenticated information.

  Access that satisfies a predetermined condition is access from a reliable terminal device 6. Note that satisfying the predetermined condition usually means that the terminal device 6 has previously accessed the server device 4. Further, the access does not satisfy a predetermined condition, and the access is from an unreliable terminal device 6. Note that the first access from one terminal device 6 by one user is access from the unreliable terminal device 6.

  The server processing unit 43 performs various processes. The various processes are processes performed by the determination unit 431, the authentication unit 432, the processing unit 433, and the like.

  The determination unit 431 refers to one or more pieces of determination information stored in the determination information storage unit 112 and determines whether the information identifier received by the information identifier reception unit 423 and the user identifier satisfy a predetermined condition. to decide.

The determination unit 431 normally refers to one or more pieces of determination information in any of the following (1) and (2), and the information identifier and the user identifier received by the information identifier reception unit 423 are predetermined conditions. Judge whether or not
(1) When the authenticated information receiving unit 424 does not receive the authenticated information (2) The authenticated information receiving unit 424 receives the (n-2) th or lower authenticated information, and the authenticating unit 432 is the first If the result of performing authentication using the (n-2) th and subsequent authentication information is authentication permission

  The authenticating unit 432 performs authentication using the first to (n-1) th authenticated information received by the authenticated information receiving unit 424, or the (n-2) th or lower authenticated information.

  The processing unit 433 performs processing according to the authentication result in the authentication unit 432, or processing according to the authentication result in the authentication unit 432 and the determination result in the determination unit 431.

  When the authenticated information receiving unit 424 receives one authenticated information, and the authentication result performed by the authenticating unit 432 is authentication permission, the processing unit 433 receives the information identifier receiving unit 423. The judgment information having the received information identifier and user identifier is stored in the judgment information storage unit 112, and an authentication result indicating authentication permission is transmitted.

  Further, the processing unit 433 receives the authentication not permitted when the authenticated information receiving unit 424 receives one authenticated information and the authentication result performed by the authenticating unit 432 using the one authenticated information is authentication non-permission. An authentication result indicating permission is transmitted.

  In addition, when the authenticated information receiving unit 424 does not receive the authenticated information and the determining unit 431 determines that a predetermined condition is satisfied, the processing unit 433 transmits an authentication result indicating authentication permission.

  Furthermore, the processing unit 433 transmits an authentication result indicating that authentication is not permitted when the authenticated information receiving unit 424 does not receive the authenticated information and the determining unit 431 determines that the predetermined condition is not satisfied. .

  Here, the transmission destination of the authentication result is the terminal server 6 or the service server 5 where the user enjoys the service.

  Further, it may be considered that the authentication result transmission unit 142 transmits the authentication result. In such a case, the processing unit 433 performs processing until obtaining an authentication result.

  The service receiving unit 51 configuring the service server 5 receives various information, instructions, and the like. Here, the various information, instructions, and the like are, for example, one or more information to be authenticated, an information identifier and a user identifier, an authentication result, and the like.

  The terminal-side receiving unit 511 receives from the terminal device 6 one or more authenticated information, or an information identifier and a user identifier, or one or more authenticated information, an information identifier, and a user identifier.

  The server side reception unit 512 receives the authentication result from the server device 4. The authentication result is usually information indicating whether authentication is permitted or not permitted.

  The service transmission unit 52 transmits various information and instructions. The various types of information, instructions, and the like are, for example, one or more information to be authenticated, an information identifier and a user identifier, an authentication result, and the like.

  The terminal side transmission unit 521 transmits an authentication result and the like to the terminal device 6. The terminal-side transmission unit 521 may transmit screen information for service provision to the terminal device 6.

  The server-side transmission unit 522 transmits one or more pieces of authenticated information, or an information identifier and a user identifier, or one or more pieces of authenticated information, an information identifier, and a user identifier to the server device 4. The information transmitted by the server side transmission unit 522 may be the same as the information received by the terminal side reception unit 511 or may be a part of the information received by the terminal side reception unit 511.

  The service processing unit 53 performs various processes. Here, the various processes are, for example, processes performed by the service authentication unit 531, the login processing unit 532, and the service providing unit 533.

  The service authentication unit 531 performs authentication processing using the received one or more pieces of authenticated information. Further, the final authentication result is acquired using the authentication result received from the server device 4.

  For example, the service authentication unit 531 performs an authentication process using the received one or more pieces of authenticated information, and obtains a first authentication result. Then, the authentication result (second authentication result) received from the server device 4 is acquired. Then, the service authentication unit 531 obtains the final authentication result “authentication permission” only when both the first authentication result and the second authentication result are authentication permission, for example. Then, for example, when one or both of the first authentication result and the second authentication result are not permitted, the service authenticating unit 531 obtains a final authentication result “authentication not permitted”. Note that authentication processing performed by using the one or more pieces of authenticated information received by the service authentication unit 531 is a known technique. This authentication process is, for example, a process for determining whether or not the information to be authenticated “user identifier and password” is registered.

  The login processing unit 532 performs processing for logging in to the service server 5 from the terminal device 6. Since the process for logging in is a known technique, a description thereof will be omitted.

  The service providing unit 533 performs processing for providing various services to the terminal device 6 or the user. The various services may be anything such as providing information and accessing a database.

  The terminal storage unit 61 constituting the terminal device 6 can store various types of information. The various types of information are, for example, access record information that is record information related to access to the service server 5. The access record information is, for example, Cookie. The access record information includes, for example, an information identifier. The access record information includes, for example, an information identifier and a user identifier. The access record information may include information such as browser type and terminal properties, for example.

  The terminal processing unit 63 performs various processes. The terminal processing unit 63 configures an access instruction to be transmitted to the server device 4 according to a user instruction, for example. For example, the terminal processing unit 63 executes a received script (for example, a Java script) in response to an access instruction. This script is, for example, a script that performs processing to determine whether or not the access record information exists in the terminal storage unit 61, configure a screen request according to the determination result, and transmit the screen request to the server device 4. is there. If the terminal processing unit 63 determines that the access record information exists in the terminal storage unit 61, the terminal processing unit 63 configures a screen request for requesting a second screen for inputting the first to (n-1) th authentication information. Further, when the terminal processing unit 63 determines that the access record information does not exist in the terminal storage unit 61, the terminal processing unit 63 configures a screen request for requesting a first screen for inputting first to n-th authentication information. For example, the terminal processing unit 63 encrypts the user identifier received by the terminal receiving unit 22. The encryption is, for example, hashing.

  The terminal transmission unit 64 transmits the access instruction configured by the terminal processing unit 63 to the server device 4. Further, the terminal transmission unit 64 transmits the screen request configured by the terminal processing unit 63 to the server device 4. Further, the terminal transmission unit 64 transmits one or more pieces of authenticated information received by the terminal reception unit 22 to the service server 5. Further, the terminal transmission unit 64 transmits the information identifier and user identifier included in the access record information to the service server 5. The user identifier may be information received by the terminal receiving unit 22, information stored in the terminal storage unit 61, or information acquired by the terminal processing unit 63. The information acquired by the terminal processing unit 63 is, for example, information obtained by hashing the user identifier received by the terminal receiving unit 22.

  Note that the terminal transmission unit 64 may transmit one or more pieces of information to be authenticated received by the terminal reception unit 22, the information identifier included in the access record information, and the user identifier together to the service server 5.

  The terminal receiving unit 65 receives various types of information. The various types of information are, for example, scripts and screen information.

  The server storage unit 41, the authentication information storage unit 111, the determination information storage unit 112, the screen storage unit 413, and the terminal storage unit 61 are preferably non-volatile recording media, but can also be realized by volatile recording media. .

  The process of storing information in the server storage unit 41 or the like is not limited. For example, information may be stored in the server storage unit 41 or the like via a recording medium, or information transmitted via a communication line or the like may be stored in the server storage unit 41 or the like. Alternatively, information input via the input device may be stored in the server storage unit 41 or the like.

    Server receiving unit 42, access receiving unit 421, screen request receiving unit 422, information identifier receiving unit 423, authenticated information receiving unit 424, service receiving unit 51, terminal side receiving unit 511, server side receiving unit 512, and terminal receiving unit 65 is normally realized by a wireless or wired communication means, but may be realized by a means for receiving a broadcast.

  The server processing unit 43, the determination unit 431, the authentication unit 432, the processing unit 433, the service processing unit 53, the service authentication unit 531, the login processing unit 532, the service providing unit 533, and the terminal processing unit 63 are usually MPU, memory, etc. Can be realized from. The processing procedure of the server processing unit 43 or the like is usually realized by software, and the software is recorded on a recording medium such as a ROM. However, it may be realized by hardware (dedicated circuit).

  Next, the operation of the authentication system C will be described. First, operation | movement of the server apparatus 4 is demonstrated using the flowchart of FIG.

  (Step S1901) The access receiving unit 421 determines whether an access instruction has been received from the terminal device 6. If an access instruction is received, the process proceeds to step S1902. If an access instruction is not received, the process proceeds to step S1906.

  (Step S1902) The server transmission unit 14 transmits a script stored in the server storage unit 41.

  (Step S1903) The screen request receiving unit 422 determines whether a screen request has been received in response to the transmission of the script in step S1902. If a screen request is received, the process proceeds to step S1904. If no screen request is received, the process returns to step S1903. The screen request includes information for determining whether the acquired screen information is the first screen or the second screen.

  (Step S1904) The server processing unit 43 acquires screen information corresponding to the screen request received in step S1903 from the screen storage unit 413. The screen information is the first screen or the second screen.

  (Step S 1905) The server transmission unit 14 transmits the screen information acquired in step S 1904 to the terminal device 6. The process returns to step S1901.

  (Step S1906) The information identifier receiving unit 423 determines whether or not an information identifier and a user identifier, or an information identifier and a user identifier, and one or more pieces of authenticated information have been received. If an information identifier or the like is received, the process proceeds to step S1907, and if an information identifier or the like is not received, the process returns to step S1901.

  (Step S1907) The server processing unit 43 determines whether or not the terminal device 6 is a reliable terminal device from the information received in step S1906. If it is a reliable terminal device, it goes to step S1908, and if it is not a reliable terminal device, it goes to step S1915. Note that the server processing unit 43 may determine whether the terminal device 6 is a reliable terminal device from the structure of the information received in step S1906. For example, when the information received in step S1906 is only the information identifier and the user identifier, the server processing unit 43 determines that the terminal device 6 is a reliable terminal device. Then, the server processing unit 43 determines that the terminal device 6 is an untrusted terminal device when the information received in step S1906 includes the authenticated information in addition to the information identifier and the user identifier. Further, for example, the server processing unit 43 may check a flag in the information received in step S1906 to determine whether or not the terminal device 6 is a reliable terminal device.

  (Step S1908) The determination unit 431 acquires an information identifier and a user identifier from the information received in Step S1906.

  (Step S1909) The determination unit 431 applies the information identifier and user identifier acquired in step S1908 to one or more pieces of determination information in the determination information storage unit 112, and sets a condition in which the information identifier and user identifier are determined in advance. Judge whether to meet or not. If the predetermined condition is satisfied, the process goes to step S1910. If the predetermined condition is not satisfied, the process goes to step S1914.

  (Step S1910) The authentication unit 432 determines whether or not the information to be authenticated is included in the information received in step S1906. If the authentication information is included, the process goes to step S1911. If the authentication information is not included, the process goes to step S1913.

  (Step S1911) The authentication unit 432 refers to one or more types of authentication information in the authentication information storage unit 111 for one or more types of authentication processing for one or more pieces of information to be authenticated in the information received in step S1906. Then, the authentication process is performed. Then, the authentication unit 432 obtains a final authentication result from one or more authentication results. The authentication unit 432 obtains the final authentication result “authentication permission” when all of the one or more authentication results are authentication permission. The authentication unit 432 obtains the final authentication result “authentication not permitted” when one or more authentication results are authentication disapproved.

  (Step S1912) The authentication result transmission unit 142 transmits the final authentication result to the service server 5. The process returns to step S1901.

  (Step S1913) The authentication unit 432 obtains a final authentication result “authentication permitted”. Go to step S1912.

  (Step S 1914) The authentication unit 432 obtains a final authentication result “authentication not permitted”. Go to step S1912.

  (Step S1915) The authentication unit 432 refers to one or more types of authentication processing in the authentication information storage unit 111 for one or more types of authentication processing for one or more pieces of information to be authenticated in the information received in step S1906. Then, the authentication process is performed. Then, the authentication unit 432 obtains a final authentication result from one or more authentication results. The authentication unit 432 obtains the final authentication result “authentication permission” when all of the one or more authentication results are authentication permission. The authentication unit 432 obtains the final authentication result “authentication not permitted” when one or more authentication results are authentication disapproved.

  (Step S1916) The authentication result transmission unit 142 transmits the final authentication result to the service server 5.

  (Step S1917) The processing unit 433 accumulates the determination information having the information identifier and the user identifier received in step S1906 in the determination information storage unit 112. The process returns to step S1901.

  In the flowchart of FIG. 19, the process ends when the power is turned off or the process ends. Next, the operation of the service server 5 will be described using the flowchart of FIG.

  (Step S2001) The terminal-side receiving unit 511 determines whether or not an information identifier and a user identifier, or an information identifier and a user identifier and one or more pieces of authentication information have been received. If an information identifier or the like is received, the process goes to step S2002, and if no information identifier or the like is received, the process goes to step S2011.

  (Step S2002) The server-side transmission unit 522 transmits the information received in step S2001 to the server device 4. The information transmitted by the server side transmission unit 522 may be all the information received in step S2001 or a part of the information. Note that the information transmitted by the server-side transmission unit 522 includes an information identifier and a user identifier. Moreover, it is preferable that the information transmitted by the server side transmission unit 522 includes an information identifier, a user identifier, and one or more pieces of authenticated information.

  (Step S2003) The server-side receiving unit 512 determines whether or not an authentication result has been received from the server device 4 in response to the transmission of information in step S2002. When the authentication result is received, the process goes to step S2004, and when the authentication result is not received, the process returns to step S2003.

  (Step S2004) The service authentication unit 531 determines whether the authentication result received in Step S2003 is “authentication permitted” or “authentication not permitted”. If “authentication permitted”, go to step S2005, and if “authentication not permitted” go to step S2010.

  (Step S2005) The service authenticating unit 531 determines whether the information received in step S2001 includes the authentication target information and the authentication processing in the service server 5 is necessary. If it is determined that the authentication process in the service server 5 is necessary, the process goes to step S2006, and if not, the process goes to step S2009.

  (Step S2006) The service authentication unit 531 acquires one or more pieces of information to be authenticated used for authentication processing in the service server 5 from the information received in step S2001.

  (Step S2007) The service authentication unit 531 performs an authentication process on the one or more pieces of information to be authenticated acquired in step S2006, and acquires an authentication result.

  (Step S2008) The service processing unit 53 performs processing according to the authentication result. For example, when the authentication result is “authentication permitted”, the login processing unit 532 of the service processing unit 53 performs processing for login. For example, when the authentication result is “authentication not permitted”, the service providing unit 533 of the service processing unit 53 transmits information indicating that an error has occurred during login to the terminal device 6.

  (Step S2009) The service authentication unit 531 acquires the authentication result “authentication permitted”. Go to step S2008.

  (Step S2010) The service authentication unit 531 acquires the authentication result “authentication not permitted”. Go to step S2008.

  (Step S2011) The service receiving unit 51 determines whether an instruction, information, or the like has been received. If an instruction or information is received, the process goes to step S2012. If an instruction or information is not received, the process returns to step S2001.

  (Step S2012) The service processing unit 53 or the like performs processing according to the instruction, information, etc. received in step S2011. The process returns to step S2001.

  In the flowchart of FIG. 20, the process is terminated by powering off or a process termination interrupt.

  Next, operation | movement of the terminal device 6 is demonstrated using the flowchart of FIG.

  (Step S2101) The terminal receiving unit 22 determines whether an access instruction has been received. If an access instruction is accepted, the process goes to step S2102. If an access instruction is not accepted, the process goes to step S2115.

  (Step S2102) The terminal transmission unit 64 transmits an access instruction to the server device 4.

  (Step S2103) The terminal reception unit 65 determines whether a script is received from the server device 4 in response to the transmission of the access instruction. If a script is received, the process goes to step S2104. If no script is received, the process returns to step S2103.

  (Step S2104) The terminal processing unit 63 executes the script received in step S2103, and determines whether or not the access record information exists in the terminal storage unit 61. If the access record information exists, the process goes to step S2105. If the access record information does not exist, the process goes to step S2106. The terminal processing unit 63 first generates access record information in the terminal storage unit 61 when the access to the server device 4 or the service server 5 is successful. Note that the access record information is, for example, Cookie. Further, the user accesses the server device 4 or the service server 5 using, for example, a so-called Internet browser (browser).

  (Step S2105) The terminal processing unit 63 constitutes a screen request for requesting a second screen for inputting the first to (n-1) -th and subsequent authentication information.

  (Step S2106) The terminal processing unit 63 configures a screen request for requesting a first screen for inputting first to n-th authentication information.

  (Step S2107) The terminal transmission unit 64 transmits the configured screen request to the server device 4.

  (Step S2108) The terminal receiver 65 determines whether or not screen information has been received from the server device 4 in response to the transmission of the screen request in step S2107. If the screen information is received, the process goes to step S2109; otherwise, the process goes to step S2108.

  (Step S2109) The terminal output unit 26 outputs the first screen or the second screen using the screen information received in step S2108.

  (Step S2110) The terminal reception unit 22 determines whether or not one or more types of authentication information corresponding to the screen output in Step S2109 has been received. If one or more types of authenticated information are received, the process proceeds to step S2111. If one or more types of authenticated information is not received, the process returns to step S2110.

  (Step S2111) The terminal processing unit 63 acquires an information identifier and a user identifier stored in the terminal storage unit 61. The terminal processing unit 63 may acquire the user identifier stored in the terminal storage unit 61, may acquire the user identifier accepted in step S2110, or may be the unique identifier accepted in step S2110. The user identifier may be acquired by encrypting such information.

  (Step S2112) The terminal transmission unit 64 transmits the one or more types of authentication information received in Step S2110, the information identifier acquired in Step S2111, and the user identifier to the service server 5.

  (Step S2113) The terminal receiver 65 receives an authentication result or the like from the service server 5 in response to the transmission of information in step S2112.

  (Step S2114) The terminal output unit 26 outputs the authentication result received in step S2113. The process returns to step S2101. In the flowchart of FIG. 21, the process ends when the power is turned off or the process ends. Hereinafter, a specific operation of the authentication system C in the present embodiment will be described. FIG. 16 is a conceptual diagram of the authentication system C.

  Now, the service server 5 holds the user management table shown in FIG. The user management table shown in FIG. 7 includes one or more records having attribute values such as “ID”, “user identifier”, “password”, and “name”. “User identifier” and “password” are first authentication information. “ID” is information for identifying a record.

  Further, the authentication information storage unit 111 of the server device 4 holds a capture information management table shown in FIG. That is, the server device 4 performs only one type of authentication process.

  The determination information storage unit 112 of the server device 4 stores a determination information management table having the structure shown in FIG.

  Furthermore, it is assumed that the screen storage unit 413 of the server storage unit 41 of the server device 4 stores the first screen shown in FIG. 10 and the second screen shown in FIG.

  In this state, it is assumed that the user “Ao Shimada” inputs an access instruction to access the server device 4 or the service server 5 using an Internet browser installed in the new terminal device 6. The access instruction includes a user identifier “koki@capy.me”. Note that the access instruction here is an instruction for enjoying the service provided by the service server 5 although transmitted to the server device 4.

  Next, the terminal reception unit 22 of the terminal device 6 receives an access instruction. Next, the terminal processing unit 63 transmits an access instruction to the server device 4.

  Next, the access receiving unit 421 of the server device 4 receives an access instruction from the terminal device 6. Then, the server transmission unit 14 transmits the script stored in the server storage unit 41.

  Next, the terminal receiving unit 65 of the terminal device 6 receives the script from the server device 4 in response to the transmission of the access instruction.

  Next, the terminal processing unit 63 executes the received script and determines whether access record information exists in the terminal storage unit 61. Here, since this access is the first access to the server device 4 or the service server 5 from the new terminal device 6 of “Ao Shimada”, the terminal processing unit 63 does not have access record information. Judge.

  Next, the terminal processing unit 63 configures a screen request for requesting the first screen. Then, the terminal transmission unit 64 transmits a screen request for requesting the first screen to the server device 4.

  Next, the screen request receiving unit 422 of the server device 4 receives a screen request for requesting the first screen in response to the transmission of the script.

  Next, the server processing unit 43 acquires screen information, which is a script for acquiring the screen of FIG. 10 corresponding to the screen request, from the screen storage unit 413. Then, the server transmission unit 14 transmits the screen information to the terminal device 6.

  Next, the terminal receiving unit 65 of the terminal device 6 receives screen information from the server device 4 in response to the transmission of the screen request. And the terminal output part 26 outputs the 1st screen of FIG. 10 using the received screen information.

  Next, it is assumed that the user “Ao Shimada” has input the user identifier “(not shown regarding public order and morals violation)” and the password “XXXXYYYY” on the screen of FIG. Also, assume that the moving image 1004 on the screen of FIG. 10 is moved to an appropriate position on the background image 1003 to complete the puzzle. Then, it is assumed that the user “Ao Shimada” has pressed the “SIGN IN” button 1005 in FIG. 10 (see FIG. 12).

  Next, the terminal reception unit 22 determines that the input of two types of authenticated information has been completed on the authentication information input screen (FIG. 10).

Next, the terminal processing unit 63 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”, the password“ XXXXYYYY ”, and the second authenticated information“ ID “1”, (x ₂ , y ₂ ) ”. The ID “1” of the second authentication information indicates a capture ID. It is assumed that the ID “1” of the second authentication information is information held by the screen information constituting the screen of FIG. Further, (x ₂ , y ₂ ) is information indicating the position of the moving image 1004.

  Next, the terminal processing unit 63 obtains the information identifier (here, Cookie ID “eeeffff”) stored in the terminal storage unit 61 and the accepted user identifier “(not shown for violation of public order and morals)”. get.

Next, the terminal transmitting unit 64 receives the first authenticated information “user identifier“ (not shown for public order and morals violation) ”, the password“ XXXXYYYY ”, and the second authenticated information“ ID “1”. , (X ₂ , y ₂ ) ”, the acquired information identifier“ eeeffff ”and the user identifier“ (not shown for violation of public order and morals) ”are transmitted to the service server 5.

  Next, the terminal side receiving unit 511 of the service server 5 receives the information identifier, the user identifier, and two pieces of authenticated information.

Next, among the received information, the server-side transmission unit 522 includes the second authenticated information “ID“ 1 ”, (x ₂ , y ₂ )”, the information identifier “eeeffff”, and the user identifier “(public order and moral violation). To the server device 4.

  Next, the information identifier receiving unit 423 of the server device 4 receives the information identifier, the user identifier, and one type of authentication information.

  Next, the server processing unit 43 determines that the terminal device 6 is an unreliable terminal device because the received information includes the authenticated information from the structure of the received information.

Next, the authentication unit 432 performs an authentication process on the second authenticated information “ID“ 1 ”, (x ₂ , y ₂ )” with reference to the capture information management table of FIG. As a result, “authentication permission” is obtained.

  Next, the authentication result transmission unit 142 transmits the final authentication result “authentication permission” to the service server 5.

  Next, the processing unit 433 accumulates the determination information having the received information identifier “eeeffff” and the user identifier “(not shown regarding public order and morals violation)” in the determination information management table (FIG. 9).

  Next, the server-side receiving unit 512 of the service server 5 receives the authentication result “authentication permitted” from the server device 4 in response to the transmission of information. Next, the service authenticating unit 531 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”and password“ XXXXYYYY ”to refer to the user management table of FIG. Authentication result “authentication permission” is obtained.

  Next, the terminal-side transmitting unit 521 transmits the authentication result “authentication permitted” to the terminal device 6. And the login process part 532 performs the process for login.

  Next, the terminal receiving unit 65 of the terminal device 6 receives the authentication result “authentication permitted”. Then, the terminal output unit 26 outputs an authentication result “authentication permitted”. Then, after that, the user inputs to the terminal device 6 to enjoy various services provided by the service server 5 and enjoys various services.

  Then, it is assumed that the user “Ao Shimada” has logged out of the service server 5 after the processing is performed.

  Then, it is assumed that the user “Ao Shimada” inputs an access instruction using the Internet browser of the terminal device 6 in order to log in to the service server 5 using the same terminal device 6 at a later date.

  Next, the terminal reception unit 22 of the terminal device 6 receives an access instruction. Next, the terminal processing unit 63 transmits an access instruction to the server device 4.

  Next, the access receiving unit 421 of the server device 4 receives an access instruction from the terminal device 6. Then, the server transmission unit 14 transmits the script stored in the server storage unit 41.

  Next, the terminal receiving unit 65 of the terminal device 6 receives the script from the server device 4 in response to the transmission of the access instruction.

  Next, the terminal processing unit 63 executes the received script and determines that the access record information exists in the terminal storage unit 61.

  Next, the terminal processing unit 63 configures a screen request for requesting the second screen. Then, the terminal transmission unit 64 transmits a screen request for requesting the second screen to the server device 4.

  Next, the screen request receiving unit 422 of the server device 4 receives a screen request for requesting the second screen in response to the transmission of the script.

  Next, the server processing unit 43 acquires screen information that is a script for acquiring the screen of FIG. 11 corresponding to the screen request from the screen storage unit 413. Then, the server transmission unit 14 transmits the screen information to the terminal device 6.

  Next, the terminal receiving unit 65 of the terminal device 6 receives screen information from the server device 4 in response to the transmission of the screen request. And the terminal output part 26 outputs the 2nd screen of FIG. 11 using the received screen information.

  Next, it is assumed that the user “Ao Shimada” has input the user identifier “(not shown regarding public order and morals violation)” and the password “XXXXYYYY” on the screen of FIG. Then, it is assumed that the user “Ao Shimada” has pressed the “SIGN IN” button 1103 in FIG. 11 (see FIG. 13).

  Next, the terminal reception unit 22 determines that the input of one piece of authenticated information has been completed on the input screen for authenticated information.

  Next, the terminal processing unit 63 acquires the information identifier “eeeffff” stored in the terminal storage unit 61 and the received user identifier “(not shown for violation of public order and morals)”.

  Next, the terminal transmission unit 64 receives the received authenticated information “user identifier“ (not shown for public order and morals violation) ”, password“ XXXXYYYY ”, the acquired information identifier“ eeeffff ”and the user identifier“ (public order and morals ”. “Not posted for violation”) is transmitted to the service server 5.

  Next, the terminal side receiving unit 511 of the service server 5 receives the information identifier, the user identifier, and one type of authentication information.

  Next, the server-side transmission unit 522 transmits the information identifier “eeeffff” and the user identifier “(not shown for violation of public order and morals)” to the server device 4 among the received information.

  Next, the information identifier receiving unit 423 of the server device 4 receives the information identifier “eeeffff” and the user identifier “(not shown for public order and morals violation)”.

  Next, the server processing unit 43 determines that the terminal device 6 is a reliable terminal device because the received information does not include authentication information from the structure of the received information.

  Next, the determination unit 431 acquires an information identifier “eeeffff” and a user identifier “(not shown for public order and morals violation)” from the received information.

  Next, since the acquired information identifier and user identifier exist in the determination information management table (FIG. 9), the determination unit 431 determines that the information identifier and user identifier satisfy a predetermined condition. .

  Next, the authentication unit 432 obtains the final authentication result “authentication permitted”.

  Next, the authentication result transmission unit 142 transmits the final authentication result “authentication permission” to the service server 5.

  Next, the server-side receiving unit 512 of the service server 5 receives the authentication result “authentication permitted” from the server device 4 in response to the transmission of information.

  Next, the service authenticating unit 531 uses the first authenticated information “user identifier“ (not shown for public order and morals violation) ”and password“ XXXXYYYY ”to refer to the user management table of FIG. Authentication result “authentication permission” is obtained.

  Next, the terminal-side transmitting unit 521 transmits the authentication result “authentication permitted” to the terminal device 6. And the login process part 532 performs the process for login.

  Next, the terminal receiving unit 65 of the terminal device 6 receives the authentication result “authentication permitted”. Then, the terminal output unit 26 outputs an authentication result “authentication permitted”. Then, after that, the user inputs to the terminal device 6 to enjoy various services provided by the service server 5 and enjoys various services.

  As described above, according to the present embodiment, it is possible to realize both the strict security and the usability improvement for the authentication process.

  Note that the software that implements the information processing apparatus according to the present embodiment is the following program. That is, this program is transmitted from a terminal device and an authentication information storage unit that can store authentication information of 1 or more and (n-1) th (n is a natural number of 2 or more) computer-accessible recording media. A determination information storage unit capable of storing one or more pieces of determination information having an information identifier for identifying information to be performed and a user identifier for identifying a user, a first screen for inputting first to n-th authentication information, and A screen storage unit capable of storing a second screen for inputting first to (n-1) th to (n-1) th authentication information, and requesting the computer to include a request for the first screen or the second screen. A screen request receiving unit that receives the screen request from the one terminal device, an input screen transmitting unit that transmits the first screen or the second screen corresponding to the screen request to the one terminal device, and a predetermined condition. Access not satisfied In the case of (1), the first (n-1) th authentication information based on the information received by the terminal device is received, and in the case of access satisfying a predetermined condition, 0 or the terminal device An authenticated information receiving unit that receives the (n-2) th or lower authentication information based on the received information, an information identifier receiving unit that receives an information identifier and a user identifier, and the authenticated information receiving unit An authentication unit that performs authentication using first to (n-1) th authenticated information, or (n-2) th or lower authenticated information, and the authenticated information receiving unit does not receive the authenticated information Or the authenticated information receiving unit receives (n-2) th or lower authentication information, and the authentication unit performs authentication using the first to (n-2) th or lower authentication information. If the result is authentication permission, the judgment information storage unit stores A determination unit that refers to one or more determination information that is received, determines whether or not the information identifier and the user identifier received by the information identifier reception unit satisfy a predetermined condition, and an authentication result in the authentication unit Or a program for functioning as a processing unit that performs processing according to an authentication result in the authentication unit and a determination result in the determination unit.

  In the above program, the authenticated information receiving unit receives one authenticated information based on information received by the terminal device in the case of access that does not satisfy a predetermined condition, and is determined in advance. In the case of access that satisfies the conditions, the authentication unit does not receive authentication information, and the processing unit receives the authentication target information by the authentication target information reception unit, and uses the one authentication target information. When the authentication result is authentication permission, the determination information having the information identifier and the user identifier received by the information identifier reception unit is stored in the determination information storage unit, and the authentication result indicating the authentication permission is transmitted. If the authentication information receiving unit receives one authentication information and the authentication result performed by the authentication unit using the one authentication information is authentication non-permission, the authentication result indicating authentication non-permission Before sending If the authenticated information receiving unit does not receive the authenticated information and the determining unit determines that a predetermined condition is satisfied, an authentication result indicating authentication permission is transmitted, and the authenticated information receiving unit receives the authenticated information. When the determination unit determines that the predetermined condition is not satisfied without receiving the request, it is preferable that the program causes the computer to function as transmitting an authentication result indicating that authentication is not permitted.

  FIG. 22 shows the external appearance of a computer that executes the programs described in this specification and realizes the server devices and the like of the various embodiments described above. The above-described embodiments can be realized by computer hardware and a computer program executed thereon. FIG. 22 is an overview diagram of the computer system 300, and FIG. 23 is a block diagram of the system 300.

  In FIG. 22, a computer system 300 includes a computer 301 including a CD-ROM drive, a keyboard 302, a mouse 303, and a monitor 304.

  23, in addition to the CD-ROM drive 3012, the computer 301 includes an MPU 3013, a bus 3014 connected to the MPU 3013 and the CD-ROM drive 3012, a ROM 3015 for storing a program such as a bootup program, and an MPU 3013. And a RAM 3016 for temporarily storing instructions of the application program and providing a temporary storage space, and a hard disk 3017 for storing the application program, the system program, and data. Although not shown here, the computer 301 may further include a network card that provides connection to a LAN.

  A program that causes the computer system 300 to execute the functions of the server device or the like of the above-described embodiment may be stored in the CD-ROM 3101, inserted into the CD-ROM drive 3012, and further transferred to the hard disk 3017. Alternatively, the program may be transmitted to the computer 301 via a network (not shown) and stored in the hard disk 3017. The program is loaded into the RAM 3016 at the time of execution. The program may be loaded directly from the CD-ROM 3101 or the network.

  The program does not necessarily include an operating system (OS), a third party program, or the like that causes the computer 301 to execute the functions of the server device or the like of the above-described embodiment. The program only needs to include an instruction portion that calls an appropriate function (module) in a controlled manner and obtains a desired result. How the computer system 300 operates is well known and will not be described in detail.

  In the above program, in the step of transmitting information, the step of receiving information, etc., processing performed by hardware, for example, processing performed by a modem or an interface card in the transmission step (only performed by hardware) Processing) is not included.

  Further, the computer that executes the program may be singular or plural. That is, centralized processing may be performed, or distributed processing may be performed.

  Further, in each of the above embodiments, it goes without saying that two or more communication units existing in one apparatus may be physically realized by one medium.

  In each of the above embodiments, each process may be realized by centralized processing by a single device, or may be realized by distributed processing by a plurality of devices.

  The present invention is not limited to the above-described embodiments, and various modifications are possible, and it goes without saying that these are also included in the scope of the present invention.

  As described above, the server device according to the present invention has an effect that security can be tightened and a mechanism for improving usability can be provided, and is useful as a server device or the like.

1, 3, 4 Server device 2, 6 Terminal device 5 Service server 11, 41 Server storage unit 12, 42 Server reception unit 13, 33, 43 Server processing unit 14 Server transmission unit 21, 61 Terminal storage unit 22 Terminal reception unit 23 , 63 Terminal processing unit 24, 64 Terminal transmission unit 25, 65 Terminal reception unit 26 Terminal output unit 51 Service reception unit 52 Service transmission unit 53 Service processing unit 111 Authentication information storage unit 112 Judgment information storage unit 121, 423 Information identifier reception unit 122, 424 Authentication information receiving unit 123, 422 Screen request receiving unit 131, 331, 431 Judgment unit 132, 432 Authentication unit 133, 333, 433 Processing unit 141 Input screen transmission unit 142 Authentication result transmission unit 413 Screen storage unit 421 Access Reception unit 511 Terminal side reception unit 512 Server side reception unit 521 end End side transmission unit 522 Server side transmission unit 531 Service authentication unit 532 Login processing unit 533 Service provision unit

Claims (16)

An authentication information storage unit capable of storing first to n-th authentication information, which is information for authentication from the first to n-th (n is a natural number of 2 or more);
In the case of access that does not satisfy a predetermined condition, first to n-th authenticated information, which is information to be authenticated from the first to n-th, is received from the one terminal device, and predetermined In the case of access that satisfies the conditions, an authenticated information receiver that receives (n-1) th or lower authenticated information from the one terminal device;
An authenticating unit that performs authentication using the first to nth authenticated information received by the authenticated information receiving unit or the (n-1) th or lower authenticated information;
A server apparatus comprising: a processing unit that performs processing according to an authentication result in the authentication unit. A judgment information storage unit capable of storing one or more pieces of judgment information having an information identifier for identifying information transmitted from the terminal device;
An information identifier receiving unit for receiving the information identifier;
A determination unit that determines whether the information identifier received by the information identifier reception unit satisfies a predetermined condition;
The authentication unit
If the determination unit determines that a predetermined condition is satisfied, authentication is performed using the first to (n-1) th authentication information for the (n-1) th or less authentication information. And when the determination unit determines that the predetermined condition is not satisfied, the first to n-th authentication information is authenticated using the first to n-th authentication information. The server device according to claim 1. The determination information includes a user identifier for identifying a user and an information identifier,
The information identifier receiver
Receiving a user identifier and an information identifier;
The predetermined conditions are:
3. The server according to claim 2, wherein a set of the user identifier and the information identifier received by the information identifier receiving unit is identical to any one of the determination information stored in the determination information storage unit. apparatus. When the determination unit determines that a predetermined condition is satisfied, the input unit further includes an input screen transmission unit that transmits an authentication information input screen for receiving (n-1) th or less authentication information to the terminal device. The server device according to claim 2 or claim 3. A screen storage unit capable of storing a first screen for inputting first to n-th authentication information and a second screen for inputting (n-1) -th authentication information;
A screen request receiving unit for receiving a screen request including the request for the first screen or the second screen from the one terminal device;
The server apparatus according to claim 1, further comprising: an input screen transmission unit that transmits a first screen or a second screen corresponding to the screen request to the one terminal device. A judgment information storage unit capable of storing one or more pieces of judgment information having an information identifier for identifying information transmitted from the terminal device;
An information identifier receiving unit for receiving the information identifier;
If the authentication unit uses the first to (n-1) -th authentication information to authenticate, the information identifier received by the information identifier receiving unit is a predetermined condition. And a determination unit for determining whether or not
The screen transmission unit
When the determination unit determines that the predetermined condition is not satisfied, the first screen is transmitted to the one terminal device,
The processor is
The server device according to claim 5, wherein when the determination unit determines that a predetermined condition is satisfied, processing according to an authentication result in the authentication unit is performed. An authentication information storage unit that can store authentication information of 1 or more and (n−1) th or less (n is a natural number of 2 or more);
A determination information storage unit capable of storing one or more pieces of determination information having an information identifier for identifying information transmitted from the terminal device and a user identifier for identifying a user;
A screen storage unit capable of storing a first screen for inputting first to n-th authentication information and a second screen for inputting first to (n-1) -th authentication information;
A screen request receiving unit for receiving a screen request including the request for the first screen or the second screen from the one terminal device;
An input screen transmission unit for transmitting the first screen or the second screen corresponding to the screen request to the one terminal device;
In the case of access that does not satisfy a predetermined condition, the first to (n-1) th authentication information based on the information received by the terminal device is received, and the access satisfies the predetermined condition Is an authenticated information receiver that receives 0 or (n−2) th or lower authenticated information based on 0 or information received by the terminal device;
An information identifier receiving unit for receiving the information identifier and the user identifier;
An authentication unit that performs authentication using the first to (n-1) th authenticated information received by the authenticated information receiving unit, or the (n-2) th or lower authenticated information;
When the authenticated information receiving unit does not receive the authenticated information, or the authenticated information receiving unit receives the (n−2) th or lower authenticated information, and the authenticating unit performs the first to ( n-2) When the result of performing authentication using the following authentication information is authentication permission, the information identifier receiving unit receives one or more pieces of determination information stored in the determination information storage unit A determination unit that determines whether the information identifier and the user identifier satisfy a predetermined condition;
A server device comprising: a processing unit that performs processing according to an authentication result in the authentication unit, or processing according to an authentication result in the authentication unit and a determination result in the determination unit. The authentication information receiving unit
In the case of access that does not satisfy a predetermined condition, one authenticated information is received based on the information accepted by the terminal device, and in the case of access that satisfies a predetermined condition, the authenticated information is received. Without
The processor is
Information received by the information identifier receiving unit when the authenticated information receiving unit receives one authenticated information and the authentication result performed by the authenticating unit is authentication permission using the one authenticated information. Storing judgment information having an identifier and a user identifier in the judgment information storage unit, and transmitting an authentication result indicating authentication permission;
When the authentication information receiving unit receives one authentication information and the authentication result performed by the authentication unit using the one authentication information is authentication non-permission, an authentication result indicating authentication non-permission is obtained. Send
If the authenticated information receiving unit does not receive the authenticated information and the determining unit determines that a predetermined condition is satisfied, an authentication result indicating authentication permission is transmitted,
8. The server device according to claim 7, wherein when the authentication information receiving unit does not receive the authentication information and the determination unit determines that a predetermined condition is not satisfied, an authentication result indicating that authentication is not permitted is transmitted. One authenticated information received by the authenticated information receiving unit is:
The server device according to any one of claims 1 to 8, which is a user identifier and a password for identifying a user. One authenticated information received by the authenticated information receiving unit is:
The server device according to claim 9, wherein the server device is object movement information acquired when the user moves one or more objects in the terminal device. The server device according to any one of claims 2 to 10, wherein the information identifier is a cookie ID. The server device according to any one of claims 2 to 10, wherein the information identifier is an application identifier for identifying an application. The recording medium is
An authentication information storage unit capable of storing first to n-th authentication information, which is information for authentication from the first to n-th (n is a natural number of 2 or more),
An information processing method realized by an authenticated information receiving unit, an authentication unit, and a processing unit,
If the authenticated information receiving unit is an access that does not satisfy a predetermined condition, the first to n-th authenticated information, which is information to be authenticated from the first to the n-th, is sent to the one terminal device. In the case of access that satisfies the predetermined condition, the authentication target information receiving step of receiving (n-1) th or lower authentication target information from the one terminal device;
An authentication step in which the authentication unit performs authentication using the first to n-th authenticated information received in the authenticated information receiving step, or (n-1) -th or lower authenticated information;
An information processing method comprising: a processing step in which the processing unit performs processing according to an authentication result in the authentication step. The recording medium is
An authentication information storage unit that can store authentication information of 1 or more and (n−1) th or less (n is a natural number of 2 or more);
A determination information storage unit capable of storing one or more pieces of determination information having an information identifier for identifying information transmitted from the terminal device and a user identifier for identifying a user;
A screen storage unit that can store a first screen for inputting first to n-th authentication information and a second screen for inputting first to (n-1) -th authentication information;
An information processing method realized by a screen request reception unit, an input screen transmission unit, an authenticated information reception unit, an information identifier reception unit, an authentication unit, a determination unit, and a processing unit,
The screen request receiving unit receives a screen request including the request for the first screen or the second screen from the one terminal device; and
The input screen transmission unit transmits the first screen or the second screen corresponding to the screen request to the one terminal device; and
In the case of access that does not satisfy a predetermined condition, the authentication information receiving unit receives first to (n-1) th authentication information based on information received by the terminal device, and determines in advance. In the case of an access that satisfies the specified condition, an authenticated information receiving step of receiving 0 or (n-2) th or lower authenticated information based on 0 or information received by the terminal device;
An information identifier receiving step in which the information identifier receiving unit receives an information identifier and a user identifier;
An authentication step in which the authentication unit performs authentication using the first to (n-1) th authentication target information received in the authentication target information receiving step, or the (n-2) th authentication target information or less. ,
If the authentication information is not received in the authentication information reception step, or the (n-2) th or less authentication information is received in the authentication information reception step, the determination unit receives the authentication information in the authentication step. If the result of authentication using the first to (n-2) th or lower authentication information is authentication permission, refer to one or more determination information stored in the determination information storage unit, and A determination step of determining whether or not the information identifier and the user identifier received in the information identifier reception step satisfy a predetermined condition;
An information processing method comprising: a processing step in which the processing unit performs processing according to an authentication result in the authentication step, or processing according to an authentication result in the authentication step and a determination result in the determination step. Computer-accessible recording media
An authentication information storage unit capable of storing first to n-th authentication information, which is information for authentication from the first to n-th (n is a natural number of 2 or more),
Computer
In the case of access that does not satisfy a predetermined condition, first to n-th authenticated information, which is information to be authenticated from the first to n-th, is received from the one terminal device, and predetermined In the case of access that satisfies the conditions, an authenticated information receiver that receives (n-1) th or lower authenticated information from the one terminal device;
An authenticating unit that performs authentication using the first to nth authenticated information received by the authenticated information receiving unit or the (n-1) th or lower authenticated information;
A program for functioning as a processing unit that performs processing according to an authentication result in the authentication unit. Computer-accessible recording media
An authentication information storage unit that can store authentication information of 1 or more and (n−1) th or less (n is a natural number of 2 or more);
A determination information storage unit capable of storing one or more pieces of determination information having an information identifier for identifying information transmitted from the terminal device and a user identifier for identifying a user;
A screen storage unit that can store a first screen for inputting first to n-th authentication information and a second screen for inputting first to (n-1) -th authentication information;
Computer
A screen request receiving unit for receiving a screen request including the request for the first screen or the second screen from the one terminal device;
An input screen transmission unit for transmitting the first screen or the second screen corresponding to the screen request to the one terminal device;
In the case of access that does not satisfy a predetermined condition, the first to (n-1) th authentication information based on the information received by the terminal device is received, and the access satisfies the predetermined condition Is an authenticated information receiver that receives 0 or (n−2) th or lower authenticated information based on 0 or information received by the terminal device;
An information identifier receiving unit for receiving the information identifier and the user identifier;
An authentication unit that performs authentication using the first to (n-1) th authenticated information received by the authenticated information receiving unit, or the (n-2) th or lower authenticated information;
When the authenticated information receiving unit does not receive the authenticated information, or the authenticated information receiving unit receives the (n−2) th or lower authenticated information, and the authenticating unit performs the first to ( n-2) When the result of performing authentication using the following authentication information is authentication permission, the information identifier receiving unit receives one or more pieces of determination information stored in the determination information storage unit A determination unit that determines whether the information identifier and the user identifier satisfy a predetermined condition;
The program for functioning as a process part which performs the process according to the authentication result in the said authentication part, or the authentication result in the said authentication part, and the determination result in the said determination part.