JP2016136664A - One-time authentication system, one-time authentication method, authentication server, portable terminal and one-time authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To establish authentication processing even under a condition that a user terminal and an authentication server cannot directly communicate with each other.SOLUTION: First and second one-time codes are generated from a next-generation random number and a previous-generation random number at a user terminal 1 side. In an authentication server 2, first and second one-time codes for authentication are generated and stored by performing calculation using a hash function Hs on the first and second one-time codes. In the user terminal 1, according to the communication state, the calculation based on the hash function Hc is repeated at a frequency which is smaller than a predetermined frequency for selected random numbers by only a reduced frequency with respect to the next-generation random number and the previous-generation random number used for previously generated one-time codes, thereby generating a present second one-time code. In the authentication server 2, the calculation based on the hash function Hc is executed on the second one-time code by the reduced frequency, and a first or second one-time code for authentication is selected according to the communication state to perform authentication processing.SELECTED DRAWING: Figure 1

Description

  The present invention relates to a one-time authentication system, a one-time authentication method, an authentication server, a portable terminal, and a one-time authentication program for authenticating a user using a one-time password that is valid only once.

  2. Description of the Related Art Conventionally, in account management on the Internet, such as login processing to a Web service, an authentication system that authenticates a user's access right using an ID, a password, or the like is used. In this user authentication system, a system that uses a one-time password for performing authentication processing by changing a password for each session is known as a method for improving security compared to a fixed password that is used in a fixed manner (for example, Patent Documents). 1).

  In Patent Document 1, an online service server authenticates an authentication request from an information terminal in a configuration in which an online service server, an information terminal, a portable information terminal, and a portable information terminal company mail server are connected via the Internet. Generate a one-time password that can be used only once for a certain period of time in response to the request, create an email with the generated one-time password, and send the email to the user via the mobile information terminal company email server By sending the one-time password written in the email received by the user to the mobile information terminal and entering the information terminal instead of the conventional fixed password, the information terminal sends the one-time password to the online service server. A technique for performing authentication is disclosed.

JP 2005-209083 A

  However, in the technology for performing authentication by performing communication processing with a server device on a communication network as disclosed in Patent Document 1, the user terminal is located outside the communicable area, or a communication failure occurs. When the server device cannot communicate with the server device, the server device cannot transmit a one-time password to be used this time to the user terminal, so that the authentication process cannot be performed.

  Therefore, the present invention solves the above-described problems, and a one-time authentication system and one-time authentication system that can establish an authentication process even in a situation where a user terminal and an authentication server cannot communicate directly An object is to provide an authentication method, an authentication server, a portable terminal, and a one-time authentication program.

In order to solve the above-described problem, the present invention provides a one-time effective only once between an authentication server arranged on a communication network and a user terminal used by a user and connectable to the authentication server through the communication network. A one-time authentication system that authenticates the user using a password,
On the user terminal side, a first one-time code generating unit that generates a first one-time code by generating a next-generation random number and repeating a calculation on the next-generation random number by a user-side unidirectional function a predetermined number of times. When,
On the user terminal side, a second one that generates a second one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times for a previous generation random number generated before generating a next generation random number A time code generator,
In the authentication server, the first one-time code and the second one-time code are obtained, and the first one-time code for authentication is obtained by calculation using the server-side one-way function using the first one-time code. And generating a second one-time code for authentication by a calculation using a server-side one-way function using the second one-time code, and these first and second one-time codes for authentication And an authentication code storage unit that stores the user-specific information associated with the user,
At the time of authentication, a selection unit that selects the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network;
For the selected next generation random number or the previous generation random number, a one-time code generated by repeating the calculation by the user side one-way function by a number of times less than the predetermined number of times for the selected random number, An authentication management unit that obtains a one-time password from a user terminal through an authentication communication path;
An authentication code selection unit that selects either the first one-time code for authentication or the second one-time code for authentication and acquires it from the authentication code storage unit according to the communication state;
For the one-time password acquired by the authentication management unit, a reduction number complementing unit that performs calculation by the user-side unidirectional function for the number of reductions, and
An authentication unit that performs an authentication process based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit and the one-time password that is calculated by the reduction number complementing unit With.

Another invention uses a one-time password that is valid only once between an authentication server arranged on a communication network and a user terminal that is used by a user and can be connected to the authentication server through the communication network. A one-time authentication method for authenticating the user,
(1) On the user terminal side, the one-time code generation unit generates a next-generation random number, and repeats the calculation based on the user-side unidirectional function for the next-generation random number a predetermined number of times to generate the first one-time code. A one-time code generation step for generating a second one-time code by generating a predetermined one-time operation on the previous-generation random number generated before generating the next-generation random number and a predetermined number of times. ,
(2) The authentication server obtains the first one-time code and the second one-time code, and the authentication code storage unit uses the server-side one-way function using the first one-time code. A first one-time code for authentication is generated by calculation, and a second one-time code for authentication is generated by calculation using a server-side one-way function using the second one-time code. An authentication code storage step for storing the first and second authentication one-time codes in the authentication code storage unit in association with user-specific information specific to the user;
(3) Selection that the selection unit of the user terminal selects the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network at the time of authentication Steps,
(4) The authentication management unit repeats the calculation by the user-side unidirectional function for the selected next generation random number or the previous generation random number by a number of times less than the predetermined number of times for the selected random number. An authentication management step of acquiring the generated one-time code as a one-time password from a user terminal through an authentication communication path;
(5) The authentication code selection unit selects either the first one-time code for authentication or the second one-time code for authentication and acquires it from the authentication code storage unit depending on the communication state A code selection step;
(6) A reduction number complementing step in which a reduction number complementing unit performs a calculation by a user-side unidirectional function corresponding to the number of reductions for the second one-time code acquired by the authentication management unit;
(7) The authentication process is performed based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit and the one-time password executed by the reduction number complementing unit. Performing an authentication step.

  Here, the “one-time code” is authentication information that is issued only once for access to the authentication server and is expressed by text data such as numbers, letters, symbols, etc. Dimensional barcodes, other coded figures, etc. are included. The “first one-time code” in the present invention is authentication information used at the time of the next authentication, and the “second one-time code” is authentication information used at the time of the current authentication. The “communication network” refers to a public line such as a telephone line, an ISDN line, an ADSL line, or an optical line, a dedicated line, a 3G line, or a wireless communication line such as WiFi (registered trademark) or Bluetooth (registered trademark). A communication network constructed by connecting various communication lines to each other, and includes an IP network using a communication protocol TCP / IP such as the Internet. This IP network is based on 10BASE-T, 100BASE-TX, etc. LANs such as intranets (in-house networks) and home networks are also included. The “authentication communication path” is a communication path for stably transmitting / receiving authentication information to / from the authentication server, and may be a path or protocol different from the communication network, and a part or all of the communication network may be included in the communication network. A communication path may be included. As the communication path for authentication, for example, a POS terminal installed in a store can be a path interposed between the user terminal and the authentication server. The user terminal and the POS terminal include a reader / writer device, It may be connected by non-contact communication such as a barcode reader device.

  Furthermore, “user-specific user-specific information” may be a single terminal-unique identifier that is unique to a single user terminal given at the time of manufacture of the user terminal, such as a serial number, MAC address, etc., and is assigned to each user. A user identifier unique to a user, an ID unique to an application, an ID unique to a service, or a unique value determined by combining these may be used as a plurality of identifiers assigned to one terminal. The user specifying information may be input by being operated by the user, or may be input or transmitted automatically.

  According to the present invention as described above, the user terminal performs authentication using the second one-time code, generates the first one-time code based on the next-generation random number, and transmits it to the authentication server side. Therefore, in normal times, a one-time code is always generated with a new generation of random numbers every time authentication processing is performed, and security can be improved. At this time, the user terminal side encrypts (hashes) using the user-side one-way function, and the server-side one-time code is encrypted (hashed) using the server-side one-way function. Therefore, even if the authentication information is intercepted or leaked on the way of the communication path or on the server side, the authentication information cannot be used for authentication on behalf of the user.

  More specifically, in the present invention, a one-time code (first one-time code or second one-time code) that is a source of a one-time password used at the time of this authentication is determined according to the communication state between the authentication server and the user terminal. Code) is selected. For example, if the authentication server can communicate with the user terminal, the random number used for the first one-time code transmitted last time is confirmed, and the one-time password generated during the current authentication is generated next time. Generate based on generation random numbers. That is, under a communicable state, a new next generation random number is always generated, and the hash count is reset to the initial value. On the other hand, if the communication between the authentication server and the user terminal is interrupted, the one-time generated at the time of this authentication based on the number of hashes reduced from the number of previous hashes based on the same number of random numbers as the previous generation. Generate a password.

  As a result, according to the present invention, the authentication server applies one-way processing to the acquired one-time code with a hash function, so that the communication content can be concealed. As described above, according to the present invention, even if the authentication code stored in the communication path and the authentication server is wiretapped / stolen, a code for actual authentication cannot be generated, so that unauthorized use can be prevented. Furthermore, according to the present invention, the one-time code generated at the user terminal is randomly generated by a random number, and the one-time code itself is not stored in the user terminal, so the data on the user terminal, the data on the communication path The data on the authentication server is linked only by the one-time code generated by the legitimate user terminal, and security can be improved.

  In the above invention, the user terminal has a display unit that displays the encoded first one-time code or the encoded second one-time code as a one-time password, and the authentication communication path includes the display unit Preferably, the authentication management unit acquires the one-time password from the user terminal via the reading device.

  In this case, the authentication communication path is connected to a reading device that reads the one-time password displayed on the display unit of the user terminal, and the authentication management unit acquires the one-time password from the user terminal via the reading device. Therefore, even when the user terminal is located outside the communicable area and cannot directly communicate with the authentication server, the one-time password can be acquired and authenticated.

  In the above invention, a communication path for connecting the authentication server and the user terminal is constructed on the communication network, and the authentication code storage unit is generated for the first time on the user terminal through the communication path for cooperation. 1 one-time code is obtained, and using this first one-time code, a first one-time code for authentication is generated by calculation using a server-side one-way function, and the first one-time code for authentication is obtained. It is preferable to store the code in association with user-specific information unique to the user terminal.

  Here, the “communication communication path” is a communication path different from the authentication communication path described above, and is constructed on the communication network, and in particular, a wireless communication line such as a 3G line, WiFi, Bluetooth (registered trademark), or the like. In other words, the user terminal and the authentication server are directly connected to each other to ensure a certain level of security. According to the present invention, by transmitting the second one-time code generated at the user terminal for the first time to the authentication server, the one-time authentication process using two different random numbers is executed in the subsequent authentication. can do.

  In the above invention, the authentication communication path is connected to the user terminal via a store terminal installed in the store, and the store terminal acquires information related to the user's consumption behavior related to the authentication process as purchase information, and authenticates. The management unit acquires purchase information together with the first one-time code or the second one-time code, and associates the purchase information with the first or second authentication one-time code and the result of the authentication process. It is preferable to store in the purchase history information storage unit.

  Here, “information related to consumption behavior” includes so-called POS data, such as purchased product name, product code, purchase date and time, store name, quantity, etc., and includes information on use of electronic coupons and points. In this case, since information related to the user's consumption behavior is stored as purchase information together with the first or second authentication one-time code and the result of the authentication process, the consumption behavior of each user is analyzed, Can be used for marketing. At this time, purchase information and one-time codes (including random numbers and hash values) used for authentication are managed in association with each other, so analysis can be performed without specifying the user, and personal information can be protected. It can handle information necessary for marketing.

  In the above invention, the authentication server includes a value information management server that manages value information given to a user, and a payment server that executes a payment process related to a product or service provided to the user, and the value information management The server and the payment server can share the information stored in the authentication code storage unit, and the payment server acquires the determination information on the validity of the value information based on the result of the authentication process, and based on the determination information, It is preferable to execute a payment process reflecting the validity of the value information.

  Here, the “value information” is information that guarantees the provision of services in the store, and includes points, electronic coupons, discount services, and the like. In this case, the value information management server and the payment server can share the information stored in the authentication code storage unit, and the payment server acquires determination information regarding the validity of the value information based on the result of the authentication process, Based on the determination information, the payment process reflecting the validity of the value information is executed. Therefore, the determination of the value information validity and the payment process are performed at the same time as the authentication process by a plurality of server devices and by extension, a plurality of service providers. Can be done in collaboration. In addition, this makes it possible for the user side to simplify operations for authentication processing, operations for using electronic coupons and points, and operations for settlement.

Furthermore, another invention is an authentication server that can be used in the one-time authentication system and the one-time authentication method. Specifically, the authentication server according to the present invention is an authentication server that is arranged on a communication network and authenticates the user with a user terminal used by the user using a one-time password that is valid only once. Because
Next-generation random numbers are generated on the user terminal side, and the first one-time code generated by repeating the calculation by the user-side unidirectional function a predetermined number of times for the next-generation random numbers, A linkage management unit that obtains, in the authentication server, a second one-time code generated by repeatedly calculating a user-side one-way function for the previous generation random number generated before generating the generation random number;
Using the first one-time code, a first one-time code for authentication is generated by an operation using the server-side one-way function, and the server-side one-way function is generated using the second one-time code. An authentication code storage unit that generates a second one-time code for authentication by calculation using the first and second one-time codes for authentication and stores them in association with user-specific information unique to the user terminal; ,
At the time of authentication, the user-side one-way function is used for the next generation random number or the previous generation random number used for the first one-time code or the second one-time code selected according to the communication state of the communication network. An authentication management unit that obtains a one-time code generated in the user terminal by repeating the number of times less than the predetermined number of times for the selected random number as a one-time password through the authentication communication path;
An authentication code selection unit that selects either the first one-time code for authentication or the second one-time code for authentication and acquires it from the authentication code storage unit according to the communication state;
For the one-time password acquired by the authentication management unit, a reduction number complementing unit that performs calculation by the user-side unidirectional function for the number of reductions, and
An authentication unit that performs an authentication process based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit and the one-time password that is calculated by the reduction number complementing unit With.

  Note that the one-time authentication system and authentication server according to the invention can be configured by a plurality of server devices, and not only hardware such as devices and devices but also software having the function, or these It can be configured by a combination of the above. In addition to a single database device, the database can also be composed of a plurality of database groups linked by the relationship function.

Another invention is a portable terminal that can be used in the one-time authentication system and the one-time authentication method. Specifically, the portable terminal according to the present invention has a function of authenticating the user using a one-time password that is valid only once with the authentication server used by the user and placed on the communication network. A mobile terminal having
A first one-time code generating unit for generating a next-generation random number and generating a first one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times for the next-generation random number;
A second one-time code generating unit that generates a second one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times with respect to the previous generation random number generated before generating the next-generation random number; ,
A transmitting unit for transmitting the first one-time code and the second one-time code to the authentication server;
At the time of authentication, a selection unit that selects the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network;
For the selected next generation random number or the previous generation random number, the calculation by the user-side unidirectional function is repeated a number of times less than the predetermined number of times for the selected random number to generate a one-time code, An authentication processing unit that sends the one-time code to the authentication server as a one-time password through an authentication communication path;
An authentication result acquisition unit that acquires an authentication process result based on the generated one-time password that is selected according to the communication state of the communication network.

  In the above invention, the user terminal has a display unit that displays the encoded first one-time code or the encoded second one-time code as a one-time password, and the authentication communication path includes the display unit Preferably, the authentication management unit acquires the one-time password from the user terminal via the reading device.

  In the above invention, a communication path for connecting the authentication server and the user terminal is constructed on the communication network, and the authentication code storage unit is generated for the first time on the user terminal through the communication path for cooperation. 1 one-time code is obtained, and using this first one-time code, a first one-time code for authentication is generated by calculation using a server-side one-way function, and the first one-time code for authentication is obtained. It is preferable to store the code in association with user-specific information unique to the user terminal.

  In the above invention, the authentication communication path is connected to the user terminal via a store terminal installed in the store, and the store terminal acquires information related to the user's consumption behavior related to the authentication process as purchase information, and authenticates. The management unit acquires purchase information together with the first one-time code or the second one-time code, and stores the purchase information in the purchase history information storage unit in association with the user identification information and the result of the authentication process. Is preferred.

  In the above invention, the authentication server includes a value information management server that manages value information given to a user, and a payment server that executes a payment process related to a product or service provided to the user, and the value information management The server and the payment server can share the information stored in the authentication code storage unit, and the payment server acquires the determination information on the validity of the value information based on the result of the authentication process, and based on the determination information, It is preferable to execute a payment process reflecting the validity of the value information.

    The authentication server and the portable terminal according to the present invention described above can be realized by executing a program described in a predetermined language on a computer.

That is, the present invention uses a one-time password that is valid only once between an authentication server arranged on a communication network and a user terminal that is used by a user and can be connected to the authentication server through the communication network. A one-time authentication program that authenticates users,
(1) On the user terminal side, a first one-time code generated by generating a next-generation random number and repeating a calculation by a user-side one-way function for the next-generation random number a predetermined number of times, and the user terminal side A second one-time code generated by repeating a calculation by a user-side unidirectional function a predetermined number of times with respect to the previous generation random number generated before generating the next generation random number; ,
(2) The authentication code storage unit uses the first one-time code to generate the first one-time code for authentication by the calculation using the server-side one-way function, and the second one-time code Are used to generate a second one-time code for authentication by calculation using a server-side one-way function, and the first and second one-time codes for authentication and user-specific information specific to the user terminal An authentication code storage step for associating and storing in the authentication code storage unit;
(3) At the time of authentication, the user side is unidirectional with respect to the next generation random number or the previous generation random number used for the first one-time code or the second one-time code selected according to the communication state of the communication network. The authentication management unit acquires the one-time code generated in the user terminal by repeating the calculation by the sex function by the number of times less than the predetermined number of times for the selected random number as the one-time password through the authentication communication path. Authentication management steps to
(4) The authentication code selection unit selects either the first one-time code for authentication or the second one-time code for authentication and acquires it from the authentication code storage unit according to the communication state. A code selection step;
(5) A reduction number complementing step in which a reduction number complementing unit performs a calculation by a user-side unidirectional function for the number of reductions for the second one-time code acquired by the authentication management unit;
(6) Based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit, and the one-time password executed by the reduction number complementing unit, the authentication unit And a process including an authentication step for performing the authentication process.

Another invention uses a one-time password that is valid only once between an authentication server arranged on a communication network and a user terminal that is used by a user and can be connected to the authentication server through the communication network. A one-time authentication program that authenticates the user,
(1) A first one-time code generating step for generating a next-generation random number and generating a first one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times for the next-generation random number;
(2) A second one-time code that generates a second one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times for a previous-generation random number generated before generating a next-generation random number Creation steps,
(3) a transmission step of transmitting the first one-time code and the second one-time code to the authentication server;
(4) a selection step of selecting a next generation random number or a previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network at the time of authentication;
(5) A one-time code is generated by repeating the calculation by the user-side unidirectional function for the selected next generation random number or the previous generation random number by a number of times less than the predetermined number of times for the selected random number. Then, an authentication processing step of sending to the authentication server as a one-time password through the authentication communication path;
(6) An authentication result acquisition step for acquiring an authentication process result based on the generated one-time password selected according to the communication state of the communication network is executed.

  By installing such a program on a computer or IC chip such as a user terminal or a Web server and executing it on the CPU, it is possible to easily construct a system, method, server, and apparatus having the above-described functions. it can. This program can be distributed through, for example, a communication line, and can be transferred as a package application that operates on a stand-alone computer by being recorded on a recording medium readable by a general-purpose computer. Specifically, the recording medium can be recorded on various recording media such as a RAM card in addition to a magnetic recording medium such as a flexible disk or a cassette tape, or an optical disk such as a CD-ROM or DVD-ROM. According to the computer-readable recording medium on which the program is recorded, the above-described system, method, server, and apparatus can be easily implemented using a general-purpose computer or a dedicated computer. Can be easily stored, transported and installed.

  As described above, according to the present invention, the authentication process can be established even in a situation where the user terminal and the authentication server cannot communicate directly.

It is a conceptual diagram which shows the whole structure of the system which concerns on 1st Embodiment. It is a block diagram which shows the internal structure of the user terminal which concerns on 1st Embodiment. It is a block diagram which shows the internal structure of the shop side terminal and POS server which concern on 1st Embodiment. It is a block diagram which shows the internal structure of the management server, coupon server, and point server which concern on 1st Embodiment. (A)-(c) is a table | surface which shows the hash value produced | generated by the combination of the random number and hash count which concern on 1st Embodiment. It is a sequence diagram explaining the algorithm outline | summary of the authentication process which concerns on 1st Embodiment. It is a sequence diagram which shows the initialization process of the authentication function which concerns on 1st Embodiment. It is a sequence diagram which shows the authentication process when the communication which concerns on 1st Embodiment is possible. It is a sequence diagram which shows the authentication process at the time of communication failure which concerns on 1st Embodiment. It is a sequence diagram which shows the authentication process at the time of the error generation which concerns on 1st Embodiment. It is a flowchart figure which shows the whole operation | movement of the method which concerns on 1st Embodiment. It is a block diagram which shows the internal structure of the user terminal which concerns on 2nd Embodiment. It is a table | surface which shows the transition of the hash value produced | generated based on 2nd Embodiment. It is a block diagram which shows the internal structure of the user terminal which concerns on 3rd Embodiment. It is a block diagram which shows the internal structure of the shop side terminal which concerns on embodiment which concerns on 3rd Embodiment. It is explanatory drawing which shows the dynamic code information displayed on the display part of the user terminal which concerns on 3rd Embodiment. It is a time chart figure which shows the determination process of the effectiveness determination which concerns on 3rd Embodiment. It is a flowchart figure which shows the dynamic authentication method which concerns on 3rd Embodiment.

[First Embodiment]
(System overview)
Exemplary embodiments of a system according to the present invention will be described below in detail with reference to the accompanying drawings. FIG. 1 is a conceptual diagram showing an overall configuration of a system according to the first embodiment.

  As shown in FIG. 1, the system according to this embodiment includes an authentication server 2 arranged on a communication network 5 and a user terminal 1 that is used by a user and can be connected to the authentication server 2 through the communication network 5. The one-time authentication system authenticates the user using a one-time password that is valid only once. Specifically, in the present system, in the user terminal 1, electronic coupon information and point information are acquired from the coupon server 3 and the point server 4 constituting the value information management server group that manages the value information given to the user, A one-time password including authentication information (“one-time code) and settlement information is generated in these information, and the one-time password is encoded and displayed on the screen.

  And by making the shop side terminal 7a read the said one-time password, while performing the authentication according to a one-time password, various services by an electronic coupon or a point are provided. “One-time code” is authentication information that is valid for one-time use and is issued for access to the authentication server. It is expressed by text data such as numbers, letters, and symbols, as well as barcodes and two-dimensional codes. Includes barcodes and other coded graphics. “Value information” is information that guarantees the provision of a service in a store, and includes points, electronic coupons, discount services, and the like.

  In this system, the settlement server 6, the authentication server 2, the point server 4, the coupon server 3, the POS server 7, the wireless communication network 5 constructed by connecting communication lines to each other. A base station 8 and a user terminal 1 capable of wireless communication through the wireless base station 8 are provided.

  The communication network 5 includes various communication lines such as telephone lines, ISDN lines, ADSL lines, optical lines and other public lines, dedicated lines, 3G lines, and wireless communication lines such as WiFi (registered trademark) and Bluetooth (registered trademark). And includes an IP network using a communication protocol TCP / IP such as the Internet. This IP network includes an intranet (such as an intranet of 10BASE-T or 100BASE-TX). Network) and a home network or the like.

  In the present embodiment, the communication path of the communication network 5 that connects the user terminal 1 and the authentication server 2 includes different paths, that is, a cooperation communication path and an authentication communication path. Here, the “authentication communication path” is a communication path for stably transmitting / receiving authentication information to / from the authentication server, and may be a path or protocol different from that of the communication network. Alternatively, all communication paths may be included. As the communication path for authentication, for example, a POS terminal installed in a store can be a path interposed between the user terminal and the authentication server. The user terminal and the POS terminal include a reader / writer device, It may be connected by non-contact communication such as a barcode reader device. On the other hand, the “communication communication path” is a communication path different from the authentication communication path described above, and is constructed on the communication network. In particular, a wireless communication line such as 3G line, WiFi, Bluetooth (registered trademark) or the like is used. In addition, a communication path in which a user terminal and an authentication server are directly connected and certain security is ensured. The wireless base station 8 is a device that is connected to the communication network 5 through a gateway device (not shown), establishes a wireless communication connection with the user terminal 1, and provides a telephone call and data communication by the user terminal 1.

  The authentication server 2 is a server device that is arranged on the communication network 5 and authenticates the user with the user terminal 1 used by the user using a one-time password that is valid only once. Then, through the communication network 5, each authentication information stored and held from the user terminal 1 side is acquired and collated, and a function as an authentication unit that performs an authentication process based on the match or mismatch, the point server 4 and the coupon server 3 is used to inquire about the availability of coupon information and point information, execute update processing, and instruct the settlement server 6 to execute settlement of availability of settlement. And a function as a management unit.

  The store-side terminal 7a is a device that acquires various types of coded information. The store-side terminal 7a is connected to reading means for optically reading the code information displayed on the user terminal 1 display unit 13a. The communication path for authentication is connected to reading means. Here, the “code information” is information obtained by coding each data, and may be a combination of texts such as numbers and letters. Like a two-dimensional code such as a barcode or QR code (registered trademark), Information such as a character string is encoded, and information indicated by graphic information corresponding to the code is included. In the present embodiment, the code information includes purchase information such as electronic coupon information, point information, and payment information in addition to the one-time code that is authentication information, and is displayed as a QR code (registered trademark). To do. The store side terminal 7a optically reads the code information displayed on the display screen of the user terminal 1, displays the service content based on the read code information on the screen, and stores the read code information on the POS server. Sending.

  In addition, as this shop side terminal 7a, it is a register apparatus which manages cash, for example, and may be provided with the function which calculates a user's usage fee or manages money. Further, the store side terminal 7a may be only a reading device that can be connected to the register device. In this case, a portable mobile computer or a PDA (Personal Digital Assistance) having an arithmetic processing function and a wireless communication function may be used. A smartphone, a tablet PC, or the like can be used.

  The POS server 7 is a server device installed on the headquarter side that manages each store in an integrated manner. The POS server 7 is connected to the authentication server 2 through the communication network 5, and the authentication information read by the store-side terminal 7 a is stored in the authentication server 2. Send to. The POS server 7 stores a function for transmitting / receiving predetermined data between the store-side terminal 7a and the POS server 7, sales information sent from the store-side terminal 7a, and the like in a database, and performs a totaling analysis process. Provide functions. In addition, a store is a facility that provides a sales service in a face-to-face manner, such as a convenience store or a restaurant, and a store clerk is in charge of settlement processing such as a register.

  The settlement server 6 is a server device that performs settlement processing related to goods or services provided to users, and is operated by a financial institution that performs settlement of charges associated with billing processing such as a bank or a credit company. Yes. A payment database is connected to the payment server 6, and detailed information (name, address, telephone number, e-mail address, age, work place, product information) about each registered user is stored in the payment database. The delivery address (if different from the address) and payment information (credit card number, withdrawal account number, etc.) are registered, and the merchant credits the purchased product according to the payment information registered in the information in this payment database. Carry out settlement operations such as collection of sales prices using cards.

  The point server 4 is a server device that grants predetermined points that can be converted into money and manages the points, stores customer-specific possession points in DRAM, hard disk, etc., and responds to customer access. The point information is distributed to the user terminal 1 and the customer-specific possession points are updated in accordance with the customer's service consideration or payment of the product purchase price.

  The coupon server 3 is a server device operated by a service provider that issues an electronic coupon that provides a user with a privilege when purchasing a product and manages the electronic coupon (collecting usage status, updating data, etc.). Various coupon information is stored in the hard disk or the hard disk, and the electronic coupon information is distributed to the user terminal 1 according to the customer's access, and the stored electronic coupon information is updated according to the use of the distributed electronic coupon. (Erase etc.) is executed.

  Various servers can be composed of a plurality of server groups such as a web server and a database server in addition to a single server device. It can also be configured by software having a function or a combination thereof. In addition to a single database device, the database can also be composed of a plurality of database groups linked by the relationship function. In the present embodiment, it is assumed that each server device and the user terminal 1 are sending and receiving various data via a communication interface (not shown).

  The user terminal 1 is a mobile terminal that has a function of authenticating the user using a one-time password that is valid only once with the authentication server 2 that is used by the user and placed on the communication network 5. Specifically, an arithmetic processing unit including a CPU is a portable mobile computer having a wireless communication function, a PDA (Personal Digital Assistance), a mobile phone, a smartphone, a tablet PC, or the like. This user terminal 1 communicates wirelessly with a relay point such as a base station, and can receive a communication service such as a call or data communication while moving. Examples of the communication method of the user terminal 1 include an FDMA method, a TDMA method, a CDMA method, a W-CDMA, a PHS (Personal Handyphone System) method, and the like. The user terminal 1 is equipped with functions such as a digital camera function, an application software execution function, or a GPS function.

  The user terminal 1 stores a one-time authentication program (SDK). The application execution unit 14 activates the one-time authentication program to generate a one-time code as authentication information, and the coupon server 3 A one-time password including electronic coupon information and point information acquired from the point server 4, payment information, authentication information, and the like is generated and displayed on the screen. The one-time authentication program can be installed in the user terminal 1 by downloading from the Internet side such as the authentication server 2 or installing through another medium.

(Internal structure of each device)
Next, the internal structure of each device constituting the system described above will be described. FIG. 2 is a block diagram illustrating an internal configuration of the user terminal 1 according to the first embodiment, and FIG. 3 is a block diagram illustrating an internal configuration of the store side terminal and the POS server according to the present embodiment. FIG. 4 is a block diagram showing the internal configuration of the authentication server 2, the coupon server 3, and the point server 4 according to the first embodiment, and FIGS. 5A to 5C are random numbers according to the present embodiment. It is a table | surface which shows the hash value produced | generated according to the number of times of a hash. The “module” used in the description refers to a functional unit that is configured by hardware such as an apparatus or a device, software having the function, or a combination thereof, and achieves a predetermined operation. .

(1) User terminal 1
First, the internal configuration of the user terminal 1 will be described. As shown in FIG. 2, the user terminal 1 includes a wireless interface 11, a memory 15, an application execution unit 14, an output interface 13, and an input interface 12. The wireless interface 11 has a function of executing wireless communication using a mobile communication protocol for making a call and wireless communication using a data communication protocol such as a wireless LAN. The wireless interface 11 is a transmission / reception device compliant with IEEE 802.11b for performing wireless LAN connection, and can be realized by a wireless LAN adapter or the like in a mobile computer or PDA. In this embodiment, the wireless interface 11 is connected to the communication path for cooperation, acquires electronic coupon information and point information from the coupon server 3 and the point server 4, and transmits / receives each data related to the authentication server 2 and authentication processing. It is supposed to be.

  The input interface 12 is a device for inputting user operations such as operation buttons and a touch panel. The output interface 13 is a device that outputs video and sound, such as a display and a speaker. In particular, the output interface 13 includes a display unit 13a such as a liquid crystal display.

The memory 15 is a storage device that stores an OS (Operating System), programs for various applications (such as one-time password generation software), other data, and the like. The memory 15 includes user terminals such as device information. Terminal unique identifier unique to 1, authentication information used for one-time code generation, electronic coupon information, point information, and the like are serialized and stored in the generated file. Here, the data used for the one-time passcode generator, the user-side one-way function such as SHA1 (hereinafter, referred to as the hash function H _C.), A random number H ₀ of each generation applying a hash function H _C ~ The random number H _n and the number of times the hash function is applied are held, and by combining these, each hash value E can be generated as shown in FIG.

  Here, the terminal unique identifier is one of user-specific information unique to the user, and is a unique and single terminal identifier for one user terminal given at the time of manufacture of the user terminal such as a serial number, a MAC address or the like. It is. In addition, as the user identification information that replaces the terminal unique identifier, a user specific user identifier assigned to each user, an application specific ID, a service specific ID, or a unique value determined by combining these, A plurality of identifiers assigned to one terminal can also be used. The user specifying information may be input by being operated by the user, or may be input or transmitted automatically.

  The random number H is, for example, a character string combining alphanumeric characters (alphabetic characters are case-sensitive). In the present embodiment, the random number H is composed of, for example, a 40-digit character string. In addition, authentication information such as random numbers used to generate one-time codes is stored after being encrypted for safety. If this application is deleted, these data are also deleted. . It is assumed that the memory 15 stores a random number and the number of hashes associated with the first and second one-time codes used for the previous authentication.

  The application execution unit 14 is a module that executes an application such as a general OS or browser software, and is usually realized by a CPU or the like. By executing the one-time authentication program of the present invention in the application execution unit 14, the one-time password creation unit 14a, the cooperation processing unit 14b, the value information acquisition unit 14c, and the authentication result acquisition unit 14d are virtualized. Built.

  The cooperation processing unit 14b is a module that performs communication processing with the authentication server 2 through the communication path for cooperation, and performs member registration processing and one-time password initial setting processing through the communication path for cooperation. The member registration process is to register at least the user identification information and the password required for cooperation with the authentication server, and the initial setting process is to use the random number and the hash count used for the authentication process as the user terminal 1 and This is a process to be set between the authentication servers 2. Then, the cooperation processing unit 14b sends a hash value hashed with the one-time code generated by the one-time password creation unit 14a during the initial setting process.

  The value information acquisition unit 14 c is a module that acquires electronic coupon information and point information possessed by itself from the coupon server 3 and the point server 4. The communication with the coupon server 3 and the point server 4 is performed through a normal communication path such as a cooperation communication path without using the authentication communication path.

  The one-time password creation unit 14a is a module that generates a one-time valid password that is issued for access to the authentication server 2. The next-time authentication code creation unit 144, the current authentication code creation unit 143, An authentication environment confirmation unit 141 and a random number selection unit 142 are provided. Each of these modules is executed to generate first and second one-time codes, and purchase information (electronic coupon information and point information, payment information) is added to the first and second one-time codes. Etc.) is generated, and the code information is displayed on the screen as a one-time password.

Here, the “one-time code” is authentication information that is issued only once for access to the authentication server and is expressed by text data such as numbers, letters, symbols, etc. dimensional bar code, include such other coded graphics, in the present embodiment, a hash value is created using a hash function H _C. Specifically, as shown in FIG. 5A, a hash value is generated using random numbers H ₀ to H _{n of} each generation and the number of times the hash function is applied. Particularly in the present embodiment, the one-time password creation unit 14a executes the next authentication code creation unit 144 and the current authentication code creation unit 143 in one authentication process, and generates two different hash values. . Here, one of the two hash values is used as a hash value for the next authentication (hereinafter referred to as a first one-time code), and the other hash value is used as a hash value for the current authentication (hereinafter referred to as a first hash value). , Referred to as a second one-time code).

Next authentication code creating unit 144 generates a next-generation random number, generating a first one-time code is a next authentication hash value by repeating the calculation by a hash function H _C for this next generation random number by a predetermined number of times It is a module to do. Here, the “next generation random number” is a new random number that has not been used for the one-time code generation up to the previous time, and the next authentication code creation unit 144 always uses the new next generation random number to generate the first one-time code. Generate time code.

Meanwhile, the current authentication code creating unit 143, a hash value of the previously for generation random number, this authentication by repeating a calculation by a hash function H _C for a predetermined number of times is generated before generating the next generation random number first 2 is a module that generates a one-time code. Here, “the previous generation random number generated before generating the next generation random number” means the random number used when generating the second one-time code at the time of previous authentication, or at the time of the previous authentication. It is one of the random numbers used when generating the first one-time code.

  The one-time password creation unit 14 a includes an authentication environment confirmation unit 141. The authentication environment confirmation unit 141 is a module for confirming the authentication environment between the user terminal 1 and the authentication server 2. Here, the authentication environment is an environment for performing an authentication process. For example, a communication state through a communication path for cooperation between the user terminal 1 and the authentication server 2 or when an error occurs (for example, in a predetermined processing stage). In the case where a failure occurs, the authentication information held by the authentication server 2 and the authentication information held by the user terminal 1 do not match).

  Here, the communication state by the communication path for cooperation means that the user terminal is located in the communicable area, the state where both are connected through the communication path for cooperation, and the user terminal is located outside the communicable area. Or a state in which communication is not established through a communication path for cooperation, such as a communication failure.

  When both are connected through the communication path for cooperation, the user terminal 1 requests the authentication server 2 to confirm the authentication result, which is information for the next authentication, and the authentication result is received from the authentication server 2. I will reply. Here, the “authentication result” to be confirmed includes the generation of random numbers and the number of hashes of the second one-time code currently stored in the one-time code database 2a of the authentication server 2 in addition to the possibility of authentication. Can be included. Note that the second one-time code is returned as an authentication result because the hash value of the first one-time code is always a MAX value and it is unknown whether it has been authenticated, but is used at the time of previous authentication. This is because the hash value of the second one-time code has decreased, so that it can be confirmed whether or not the authentication has been reliably performed. At this time, the authentication environment confirmation unit 141 transmits user identification information such as a terminal unique identifier to the authentication server 2.

  On the other hand, if both are not connected via the cooperation communication path, the confirmation request from the user terminal is not received, and the authentication result is not returned. And the authentication environment confirmation part 141 transmits the confirmation result to the random number selection part 142 according to the confirmation result of each authentication environment, or transmits to the cooperation process part 14b.

  In each module of the one-time password creation unit 14a, the one-time password generation and authentication processing methods are changed according to the authentication environment between the user terminal 1 and the authentication server 2. Specifically, the random number selection unit 142 selects the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network 5 at the time of authentication. It is a module. Here, when the communication path for cooperation is communicable and the authentication result is acquired, the next generation random number used for the first one-time code created last time is selected. On the other hand, if the communication path for cooperation is disconnected and the authentication result cannot be acquired, the previous generation random number used for the second one-time code created last time is selected.

Then, this authentication code creating unit 143, to the next generation random or previous generation random number selected in the random number selector 142, a calculation using the hash function H _C, reduced number of times than the predetermined number of times for the selected random number The second one-time code is generated as a one-time stamp used for authentication this time by repeating a small number of times.

  Then, the one-time password creating unit 14a generates code information including purchase information, payment information, and user information in the second one-time code and the first one-time code, and the coded code information Is displayed on the display unit 13a as a one-time password. In this way, the one-time password creation unit 14a changes the one-time code generated according to the authentication environment, and the authentication server 2 generates a one-time password based on the changed one-time code and performs authentication processing. Is supposed to do. The generation of this one-time stamp and the specific authentication process using this one-time password will be described later. The authentication result acquisition unit 14d is a module that acquires the result of the authentication process based on the generated one-time password that is selected according to the communication state of the communication network 5.

(2) POS server and store side terminal Next, the internal configuration of the POS server and store side terminal will be described. FIG. 3 is a block diagram showing the internal configuration of the POS server and the store side terminal. The store side terminal 7 a includes a reading unit 76, a control unit 74, a memory 75, a communication interface 71, an input interface 72, and an output interface 73. The reading unit 76 is a reader device for reading code information displayed on the user terminal 1 and can read a QR code (registered trademark) displayed on the liquid crystal screen of the user terminal 1.

  The control unit 74 is an arithmetic operation constituted by a processor such as a CPU or DSP (Digital Signal Processor), memory, hardware such as other electronic circuits, software such as a program having the function, or a combination thereof. It is a module and performs various processes for operation control of each part and user operation. The control unit 74 displays coupon information and point information to be used on the display unit 73 a and transmits code information read by the reading unit 76 to the POS server 7. Further, when the store side terminal 7a is a register terminal, the control unit 74 has a cash settlement processing function.

  The communication interface 71 is a module that transmits and receives data as packets, and the input interface 72 is a device that inputs user operations such as a numeric keypad and an accounting execution key. The output interface 73 is a device that outputs video and sound, such as a display and a speaker. In particular, the output interface 73 includes a display unit 73 a such as a liquid crystal display, and displays point information and coupon information based on code information read by the reading means 76. The memory 75 is a storage device that stores an OS (Operating System), an accounting processing program, other data, and the like.

  On the other hand, the POS server 7 includes a communication interface 70a, a control unit 70b, and a POS information database 70c. The communication interface 70a is a module that transmits and receives data as packets. In the present embodiment, the code information is acquired from the store side terminal 7a via the communication interface 70a, and the acquired code information is transmitted to the authentication server 2. Further, the authentication result is received from the authentication server 2 and transmitted to the store side terminal 7a.

  The control unit 70b is a computation configured by a processor such as a CPU or DSP (Digital Signal Processor), memory, hardware such as other electronic circuits, software such as a program having the function, or a combination thereof. This module is a module that aggregates information about actual stores transmitted from actual stores and executes general product sales processing such as sales and product management. In addition, the control unit 70b transmits the one-time password read from the user terminal 1 to the authentication server 2 through the authentication path. Here, the one-time password acquired by the store-side terminal 7a is transmitted to the authentication server 2 via the POS server 7, but may be transmitted directly from the store-side terminal 7a to the authentication server 2, for example. The control unit 70b also has a function of acquiring information related to the user's consumption behavior related to the authentication process as purchase information, accumulates it in the POS information database 70c, and transmits it to the authentication server 2 together with the one-time password. Here, “information related to consumption behavior” includes so-called POS data, such as purchased product name, product code, purchase date and time, store name, quantity, etc., and includes information on use of electronic coupons and points.

  The POS information database 70c is a database group for accumulating various data used in the POS system. For example, information on the actual store such as the position of the actual store, sales, and inventory products is added to the actual store ID for identifying the actual store. The sales price of the product is stored in association with the product code that identifies and stores each product. In addition, the service content based on the information of the electronic coupon is also stored. Further, the database 70c includes an account ID for identifying a customer, purchase history information (purchased products, actual store information, purchase price, purchase date, etc.), point information, customer personal information (name, address, Phone number, email address, gender, age, etc.).

(3) Internal Configuration of Authentication Server 2 As shown in FIG. 4, a one-time code database 2a and a purchase history information storage unit 2b are connected to the authentication server 2. The one-time code database 2a is a database for accumulating information related to the authentication process. In this embodiment, the user identification information includes a password, an ID of an application including the one-time authentication program, information related to the authentication process, the coupon server 3 and An account ID for identifying the user in the point server 4 and a transaction ID used for the settlement processing are stored in association with each other.

  The user identification information stored in the authentication server 2 is given to each user in addition to a single device ID that is unique to one user terminal given at the time of manufacture of the user terminal, such as a serial number, MAC address, etc. A user ID unique to a user, an APPID unique to an application, an access ID unique to an access authority for a service, or a unique value determined by combining these is included.

Here, the information related to the authentication process includes a hash function H _S that is a server-side one-way function, a random number H _{n of} each generation to which the hash function H _S is applied (n is a first generation to an nth generation), number application of the hash function includes a hash function H _C is. Note that token information and the expiration date of the token information are stored in the information related to the authentication process. These pieces of information are stored in association with the user identification information. Further, purchase information is stored in association with the second one-time code used last time. Here, the purchase information is information related to user consumption behavior related to the authentication process, such as point information, electronic coupon information, and payment information. This information is stored without being associated with the user identification information stored in the database by the authentication code storage unit 26. As a result, there is no data for associating the one-time code for authentication with the user identification information, so that the purchase information cannot be associated with the user, and personal information can be protected.

  The one-time code database 2a includes transaction information related to payment processing. The transaction information includes a transaction ID for identifying a transaction, a one-time password used, a total payment amount, a use date, an account ID. Are stored in association with each other. Furthermore, the one-time code database 2a includes usage history information. The usage history information includes a receipt ID for identifying a receipt generated at the store at the time of payment, an account ID, a payment amount, receipt contents, and receipt. The date and time, usage points, and usage coupons are accumulated. It is assumed that such information stored in the one-time code database 2a can respond to inquiries from the outside as necessary.

  The purchase history information storage unit 2b is a database that associates the purchase information with the first or second authentication one-time code and the result of the authentication process, and the authentication management unit 20 acquires the purchase information included in the code information. The purchase information is stored in association with the first or second authentication one-time code and the result of the authentication process.

  On the other hand, the authentication server 2 includes an authentication management unit 20 and a cooperation unit 20a. The authentication management unit 20 is a module group that manages the entire authentication process, and receives a first one-time code, a second one-time code, and the like from the user terminal 1 via an authentication communication path (reading unit 76). The authentication process is executed by acquiring the one-time password including the initial setting process and the cooperation process through the communication path for cooperation. Specifically, the authentication management unit 20 includes a cooperation processing unit 21, an initialization processing unit 22, an authentication code selection unit 23, a reduction number complementing unit 24, an authentication unit 25, and an authentication code storage unit 26. And.

The cooperation processing unit 21 is a module that accepts a cooperation start process such as login from the user terminal 1 through the communication path for cooperation. In this embodiment, the user specifying information and password are input during the member registration process or the initial setting process. Accept and authenticate login. In addition, when there is an access from the user terminal 1 for the first time, the cooperation processing unit 21 performs member registration processing and acquires user specifying information and a password. Obtained user specific information and the password is stored in the one-time code database 2a with the hash function H _C.

The initialization processing unit 22 is a module that initializes a random number and a hash count used for the authentication process through the communication path for cooperation. When an initialization operation is performed from the user terminal 1, a random number H _n for each generation to be used (n is a first generation to an nth generation) and a predetermined number of hashes are newly determined. At this time, the initialization processing unit 22 acquires the first one-time code generated for the first time by the next authentication code creation unit 144 of the user terminal 1 together with the user identification information and accumulates it in the one-time code database 2a. .

The authentication code storage unit 26 is a module that stores the one-time code transmitted from the user terminal 1 in the one-time code database 2a, and stores data acquired through the authentication communication path and the cooperation communication path. Here, when the first one-time code generated for the first time on the user terminal 1 is acquired through the communication path for cooperation, the authentication code storage unit 26 uses the first one-time code to generate a hash function. the calculation using the H _S generates a first one-time code for authentication, a first one-time code for authentication and stored in association with the user identifying information.

In addition, through the authentication communication path acquires the first one-time code and a second one-time code, authentication code storage unit 26, using the first one-time code, using the hash function H _S to generate a first one-time code for authentication by calculation, using a second one-time code, the operation using the hash function H _S to generate a second one-time code for authentication, the first and The second authentication one-time code is stored in the one-time code database 2a in association with the user specifying information.

  When authenticating the one-time password acquired from the user terminal 1 through the authentication communication path, the authentication code selection unit 23 performs the first one-time code for authentication or the second one-time for authentication depending on the communication state. This is a module that selects one of the codes and acquires it from the authentication code storage unit 26. Here, before the one-time password is transmitted, the authentication code selection unit 23 determines the communication state according to whether or not the confirmation of the authentication result is transmitted from the user terminal 1 through the cooperation authentication path. If the authentication result confirmation is acquired, it is determined that communication can be performed on the communication path for cooperation. If the authentication result confirmation is not acquired, communication on the communication path for cooperation is not performed. It is judged that.

  Then, in the case where communication through the cooperation communication path is possible, the authentication code selection unit 23 selects the first one-time code for authentication, and the communication through the communication path for cooperation is interrupted. Selects the last generation one-time code whose synchronization with the authentication server 2 has been confirmed, that is, the second one-time code for authentication.

Reducing the number of complementary section 24, to the second one-time code of the one-time password authentication management unit 20 obtains a module that executes calculation by a hash function H _C reduction number of times. Here, the reduction count is one hash count.

  The authentication unit 25 includes a first one-time code for authentication or a second one-time code for authentication selected by the authentication code selection unit 23, and a second one-time code executed by the reduction number complementing unit 24 This is a module that performs authentication processing based on the above. Note that the authentication management unit 20 has a function of transmitting an authentication result to the user terminal 1. Further, the authentication management unit 20 acquires the purchase information included in the code information, and stores this purchase information in the purchase history information storage unit 2b in association with the user identification information and the result of the authentication process. The purchase history information storage unit 2b is a database that associates purchase information with the first or second authentication one-time code and the result of the authentication process.

  The cooperation unit 20 a is a module that cooperates with the coupon server 3, the point server 4, and the payment server 6 through the communication network 5 and executes each process until payment is completed. Specifically, the coupon server 3 and the point server 4 can inquire the information stored in the authentication code storage unit 26 as necessary, and the cooperation unit 20a is connected to the coupon server 3 and the point server 4 with each other. Coordination is performed to determine whether or not the coupon and the point can be used, or the coupon and the point deletion process are executed after the authentication process. In addition, the cooperation unit 20a transmits various payment information such as a payment amount to the payment server 6 after the authentication process. The settlement server 6 can inquire the information stored in the authentication code storage unit 26 as necessary, and the settlement server 6 obtains determination information regarding the validity of the value information based on the result of the authentication process. Then, based on the determination information, a payment process reflecting the validity of the value information is executed.

(4) Internal configuration of coupon server 3 A coupon database 3a is connected to the coupon server 3. The coupon database 3a is a database that stores electronic coupon information. In this embodiment, the coupon identification information includes the contents of the electronic coupon, the conditions of the electronic coupon, the discount rate, the discount amount, the expiration date, and the product code. Account information and usage date / time information that are stored in association with each other and that are different from the user identification information for identifying the user are associated with each other.

  On the other hand, the coupon server 3 includes a coupon acquisition unit 31, a use availability confirmation unit 32, a usage status update unit 33, and a coupon addition unit 34. The coupon acquisition unit 31 is a module that transmits electronic coupon information possessed by the user from the coupon database 3a to the user terminal 1 when the electronic terminal information acquisition operation is performed from the user terminal 1, and the coupon database Account information is added to the coupon identification information in 3a.

  The availability check unit 32 is a module that refers to the electronic coupon information in the coupon database 3a according to the electronic coupon information transmitted from the authentication server 2, and determines whether the electronic coupon information is available. This discrimination processing includes, for example, whether or not electronic coupons to be used are accumulated in the database, whether or not the expiration date of electronic coupon information has been exceeded, and the like.

  The usage status update unit 33 is a module that updates the electronic coupon information in the coupon database 3a based on the used electronic coupon information. Specifically, the usage status update unit 33 performs a process of deleting the electronic coupon information in the database 3a based on the coupon identification information for identifying the used electronic coupon information. The coupon adding unit 34 is a module for adding electronic coupon information in the coupon database 3a in accordance with the operation of the administrator of the coupon server. For example, the coupon adding unit 34 adds a discount rate, an expiration date, etc. to identification information for identifying a product or service. Set.

(5) Internal Configuration of Point Server 4 To this point server 4, a point database 4a is connected. The point database 4a is a database that accumulates point information. In this embodiment, the number of points that can be used, expiration date information of each point, update date and time, and the like are stored in association with account information that identifies a user. .

  On the other hand, the point server 4 includes a point acquisition unit 41, a use availability confirmation unit 42, a usage status update unit 43, and a point addition unit 44. The point acquisition unit 41 is a module that, when there is an operation for acquiring point information from the user terminal 1, transmits the number of points possessed by the user from the point database 4a to the user terminal 1 as point information.

  The availability check unit 42 is a module that refers to the point information in the point database 4a according to the point information transmitted from the authentication server 2 and determines whether the point information is available. This determination processing includes, for example, whether or not the number of points to be used is less than the number of points stored in the database, whether or not the expiration date for the number of points has been exceeded, and the like.

  The usage status update unit 43 is a module that updates the point information in the point database 4a based on the used point information. Specifically, when the usage status update unit 43 acquires the used point information from the authentication server 2, the usage status update unit 43 subtracts the used number of points from the number of points recorded in the database 4a.

  The point addition unit 44 is a module that adds point information in the point database 4a according to the operation of the point manager. In the case of adding point information, for example, a numerical value obtained by multiplying the payment amount at the time of product purchase by a predetermined ratio may be returned as points, or points may be simply added according to the amount paid as point purchases. May be added. This point information is stored in association with the account information.

(Algorithm for authentication processing using one-time password)
Next, an outline of the one-time password authentication algorithm will be described in detail. FIG. 6 is a sequence diagram illustrating an algorithm for authentication processing according to the present embodiment. Here, it is assumed that selection processing according to the authentication environment is not performed.

The next-time authentication code creating unit 144 first creates a first first one-time code to be stored in the authentication server 2 as a premise for executing authentication. Specifically, as shown in FIG. 5 (a), to generate a first random number H ₀ (S101), the random number H ₀ hashed by the hash function H _C of the user terminal 1, the hash value as follows E ₀ is calculated (S102).
Next, the next authentication code creation unit 144 repeats the calculation using the hash function H _C a predetermined number of times (M) for the calculated hash value E ₀ as described below, and the first one-time code (hash value E ₀ ^M ) is calculated (S103).

Thereafter, the one-time password creation unit 14a transmits the first one-time code hashed M times and the user identification information to the authentication server 2 (S104).

When the initialization processing unit 22 of the authentication server 2 acquires the first one-time code (hash value EM0) (S105), the calculation using the hash function H _S is performed on the hash value E ₀ ^M as follows. Thus, the first one-time code for authentication (hash value E ′ ₀ ^M ) is calculated (S106).

Thereafter, the initialization processing unit 22 stores the first one-time code for authentication in the one-time code database 2a in association with the user specifying information (S107).

Next, on the user terminal 1 side, when the electronic coupon or the point is settled, a one-time password is generated. At this time, the one-time password creation unit 14a generates a one-time code for the next authentication. As shown in FIG. 5A, the next authentication code creation unit 144 extracts a new generation random number H ₁ different from the first random number H _0, and uses the next generation random number H ₁ as a hash function of the user terminal 1. hashed by H _C calculates a hash value E ₁ as follows.

Then, the next time authentication code creating unit 144 repeated for the hash value E ₁ obtained by calculating the operation by the hash function H _C by the predetermined number of times (M times), the first one-time code for the next authentication as follows (Hash value E ₁ ^M ) is calculated.

Next, the current authentication code creation unit 143 generates a second one-time code as a one-time stamp for current authentication. Here, a hash value is generated by repeating the number of times less than the predetermined number by the number of reductions (minus one time) with respect to the random number used for generating the first one-time code during the previous communication. Here, the hash value E ₀ is hashed M−1 times to calculate a second one-time code (hash value E ₀ ^M−1 ) (S109).

The second one-time code (hash value E ₀ ^M-1 ) and the first one-time code (hash value E ₁ ^M ) generated in this way become a one-time password. The one-time password creation unit 14a generates code information including user identification information and purchase information (coupon information, point information, and payment information) in the one-time password, and uses the reading means of the store-side terminal 7a. The code information is read and the one-time password is transmitted to the authentication server 2 (S110).

Here, since the second one-time code (hash value E ₀ ^M−1 ) is data that has never been sent to the server, it is data that cannot be known except by a correct user terminal. Further, due to the nature of the hash function, the second one-time code (hash value E ₀ ^M−1 ) is also derived from the first first one-time code (hash value E ₀ ^M ) transmitted in step S104. It cannot be obtained from the first one-time code for authentication (hash value E ′ ₀ ^M ) stored in the code database 2a. Further, since the first one-time code (hash value E ₁ ^M ) generated this time is generated from a new random number H _1, it cannot be predicted.

When the authentication management unit 20 of the authentication server 2 acquires information on the second one-time code (hash value E ₀ ^M-1 ) and the first one-time code (hash value E ₁ ^M ) (S111), As described below, the second one-time code (hash value E ₀ ^M−1 ) is calculated by the hash function H _{C corresponding} to the number of reductions to generate a hash value E ′ ₀ ^M−1 , and the server The hash value E ′ ₀ ^M is calculated by the calculation using the hash function H _S on the side (S112).

Only the authentication server 2 that knows the hash function H _S can generate the hash value E ′ ₀ ^M−1 . Then, the authentication unit 25 compares the calculated hash value with the first one-time code for authentication (hash value E ′ ₀ ^M ) stored in the one-time code database 2a to perform an authentication process ( S113). If the hash values are different (“N” in S114), an authentication result indicating that the authentication has failed is transmitted to the POS server (S119). On the other hand, if both hash values are the same hash value, user authentication is successful ("Y" in S114). Here, since both one-time codes have the hash value E ′ ₀ ^M , the authentication is successful.

If the authentication is successful, the authentication unit 25 performs an operation using the hash function H _S on the first one-time code (hash value E ₁ ^M ), and the first one-time code for the next authentication (hash value) E ′ ₁ ^M ) is calculated as follows (S115).

The calculated first one-time code for authentication (hash value E ′ ₁ ^M ) is overwritten and stored in association with the user specifying information (S116). Note that the second one-time code (hash value E ₀ ^M−1 ) used for authentication this time is also calculated using the hash function H _S , and the next second one-time code for authentication (hash value E _'0 ^M-1) is calculated and stored in the one-time code database 2a in association with the user identifying information (S117). The reason will be described later. Further, the authentication unit 25 stores the purchase information in association with the first one-time code for authentication (hash value E ′ ₀ ^M ) used for the current authentication (S118). As a result, there is no data in the one-time code database 2a for associating the first one-time code for authentication (hash value E ′ ₀ ^M ) with the user specifying information, so that the user cannot be specified.

Also, the new first one-time code for authentication (hash value E ′ ₁ ^M ) calculated in step S115 is different from the stored first one-time code for authentication (hash value E ′ ₀ ^M ). There is no relationship because random numbers are used. Further, the second one-time code (hash value E ₀ ^M−1 ) is stored in the one-time code database 2a, but the first one-time code for authentication (hash value E _{'0 ^M)} and the second one-time code (hash value E _{0 ^M-1),} both of which are difficult to determine the other from one of the hash values. Thereafter, the authentication management unit 20 transmits the authentication result to the user terminal 1 or the shop side terminal 7a (S119), and the authentication result is displayed on the screen of the POS server (S120).

(About each process of authentication function using one-time password)
Next, each process when the above-described one-time password algorithm is operated on this system will be described.

(1) One-time password initialization process First, the one-time password initialization process will be described. FIG. 7 is a sequence diagram showing the initialization process of the authentication function according to the present embodiment. The initialization process is to set a random number and a hash count to be used in the user terminal 1 and the authentication server 2, and this process is executed when the one-time authentication program is executed first or by a user operation. .

  Specifically, when the one-time authentication program is executed in the one-time password creation unit 14a, an input field for inputting a user ID and a password is displayed on the screen of the user terminal 1. The input in this input field includes user identification information such as a terminal ID and APPID in addition to the user ID, and these IDs are automatically input from the terminal side or manually input by the user. Includes cases where it is sent. When the user specifying information and the password are input by user operation or automatic input, these data are transmitted to the authentication server 2 (S201). Here, it is assumed that the member registration process is executed on the authentication server 2 side, and user identification information (user ID, device information, etc.) and a password are registered in advance in the one-time code database 2a.

  Then, the cooperation processing unit 21 of the authentication server 2 performs password authentication based on the user identification information (user ID, device information, etc.) and the password recorded in the one-time code database 2a (S202). Thereafter, if the password authentication is successful, the authentication server 2 issues a token which is unique data and transmits it to the user terminal 1 (S203).

The one-time password creation unit 14a of the user terminal 1 accesses the authentication server 2 based on the acquired token, and the authentication server 2 initializes the one-time password (S204). Here, a random number H _n (n is the first generation to the nth generation) for each generation to be used and a predetermined hash count are newly determined. Thereafter, the authentication server 2 transmits the authentication result to the user terminal 1 (S205).

  When the one-time authentication program is executed first, the one-time authentication program accesses the authentication server 2 in order to perform a new registration process. Then, user identification information (device information) and a password are set on the screen of the user terminal 1, and these data are registered in the one-time code database 2 a of the authentication server 2. At this time, in addition to the user's personal information (name, age, gender, etc.), payment information (credit card number, etc.) is also registered.

(2) Authentication process according to authentication environment Next, the authentication process of the user terminal 1 and the authentication server 2 according to the authentication environment will be described. FIG. 8 is a sequence diagram illustrating processing when communication is possible according to the present embodiment. FIG. 9 is a sequence diagram illustrating processing when communication is not performed according to the present embodiment. FIG. 10 is a sequence diagram illustrating processing when an error occurs according to the present embodiment.

Here, it is assumed that what hash value is generated will be described with reference to FIGS. 5B and 5C. In the following description, in the previous authentication process, the time stamp of the current authentication is used. The second one-time code (hash value E ₀ ^M−1 ) is transmitted, and the first one-time code (hash value E ₁ ^M ) is transmitted for the next authentication. Then, in the authentication code storage unit 26, with respect to the first one-time code and a second one-time code, it performs a calculation using the hash function H _S, the first one-time code for authentication (hash value E ' ₁ ^M ), a second one-time code for authentication (hash value E ′ ₀ ^M−1 ), and the first and second one-time codes for authentication (hash value E ′ ₀ ^M−1 ), Assume that user-specific information is stored in association with each other. Here, the second one-time code (hash value E ₀ ^M-1 ) is referred to as a second one-time code α, and the first one-time code (hash value E ₁ ^M ) is referred to as the first one-time code. This is referred to as code β. In addition, the second one-time code that is generated in the current authentication process and becomes the one-time code is referred to as α1, and the first one-time code is referred to as β1.

(A) Processing when Communication is Enabled First, processing when the user terminal 1 and the authentication server 2 can communicate will be described. As shown in FIG. 8, the user terminal 1 accesses the authentication server through the communication path for cooperation in order to confirm the authentication result. Here, communication is possible and user identification information (terminal unique identifier) is transmitted to the authentication server 2 (S301). The authentication management unit 20 of the authentication server 2 transmits authentication result information (S302). At this time, the authentication management unit 20 does not transmit the previously used one-time password (each hash value). Upon obtaining the authentication result information, the authentication environment confirmation unit 141 of the user terminal 1 determines that there is a communication environment, and transmits the result to the random number selection unit 142 and the current authentication code creation unit 143. As a result, the one-time password creation unit 14a obtains the authentication result information, and creates the second one-time code α1 and the next authentication hash value β1 according to the communication environment (S303).

Specifically, the random number selection unit 142 selects either the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state. Here, since communication is possible, the random number selection unit 142 selects the random number (here, the random number H ₁ ) used for the first one-time code transmitted last time. Then, in the current authentication code creating unit 143, to the random number H _1, the calculation by a hash function H _C, the number of times less a predetermined number of times for the selected random number reduced number of times than the (M times) (1 batch) The second one-time code α1 is generated repeatedly. Here, as shown in FIG. 5B, a hash value E ₁ ^{M−1 obtained} by reducing the number of hashes by one from the first one-time code β transmitted last time is generated as the second one-time code α1.

Next, the next authentication code creation unit 144 generates a first one-time code β1. The next authentication code creation unit 144 generates a next generation random number (in this case, the random number H ₂ ) different from the random number used for the second one-time code α1, and the above expression 4 is used for the next generation random number. and as in equation 5, by repeating the calculation by a hash function H _C predetermined number of times (M times) only generate the hash value E ₂ ^M. Then, the one-time password creation unit 14a generates the second one-time code α1 and the first one-time code β1 as a one-time password.

  The generated second one-time code α1 and first one-time code β1 include purchase information (point information, coupon information, etc.) and user identification information as a one-time password, and the one-time password Code information is created and displayed on the screen, and the code information is read by the reading means 76 of the store side terminal 7a. In the store side terminal 7a, the code information is read by the reading means (S304), and the code information is acquired (S305). In the store side terminal 7a, point information and electronic coupon information are displayed on the screen based on the code information. Thereafter, the store side terminal 7 a transmits the code information to the authentication server 2 through the communication network 5.

The authentication management unit 20 of the authentication server 2 receives the one-time password (second one-time code α1 and first one-time code β1) included in the code information (S306), and the authentication unit 25 receives these one-time passwords. Authentication processing is performed based on the one-time password. This authentication process is the same as steps S112 to S113 described above. Specifically, reducing the number of complementary portions 24, as in the above equation 6, executes the calculation by a hash function H _C reduced number of times the second one-time code α1 obtained (hash value E ^{_{1 M-1)}} At the same time, the hash value E ′ ^M1 is calculated. On the other hand, the authentication code selection unit 23 selects either the first one-time code β for authentication or the second one-time code α for authentication according to the communication state, and stores the authentication code storage unit 26. Get from. Here, since there is a communication environment, the first one-time code β for authentication is selected.

Then, the authentication unit 25 compares the calculated second one-time code α1 (hash value E ′ ₁ ^M ) with the first one-time code β for authentication stored in the one-time code database 2a. Authentication process. Here, as shown in FIG. 5B, the stored first one-time code β for authentication is obtained by using the hash value E ₁ ^M stored at the time of previous authentication as the hash on the server side as shown in Equation 3 above. It has a hash value E _'1 ^M in those hashing function H _S. In this way, the hash value for authentication this time and the stored hash value are the hash value E ′ ₁ ^M , so that the one-time password matches and the authentication succeeds.

Thereafter, if the authentication is successful, the processing from step S115 to step S118 is performed. Here, the first one-time code β1 acquired this time is hashed by the server-side hash function H _S as in the above equation 7, and the first one-time code β1 for authentication (hash value E ′ ₂ ^M ) as with previously stored in association with the user identifying information (user ID, etc.), for the second one-time code [alpha] 1, hashed on the server side of the hash function H _S as equation 7, the second authentication It is stored as a one-time code α1 (hash value E ′ ₁ ^M−1 ). The purchase information is stored in association with the hash value E ′ ₁ ^M used for authentication this time. Thereafter, the authentication management unit transmits the authentication result to the store side terminal 7a (S307), and the display unit 73a of the store side terminal 7a displays the authentication result.

(B) When communication is not established Next, processing when communication between the user terminal 1 and the authentication server 2 is not possible will be described. As shown in FIG. 9, the user terminal 1 transmits user identification information as confirmation of the authentication result (S401). Here, since the user terminal 1 stays outside the communication area or a communication failure has occurred, the confirmation of the authentication result does not reach the authentication server 2 and the authentication result cannot be obtained. At this time, when the authentication environment confirmation unit 141 obtains a reply result indicating that the communication service is not possible (S402), this information is transmitted to the random number selection unit 142 and the current authentication code creation unit 143. As a result, the second one-time code α1 and the first one-time code β1 corresponding to the case where the authentication result information cannot be obtained are created (S403).

Specifically, the random number selection unit 142 selects either the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state. Here, since there is no communication, the last generation random number for which server synchronization has been confirmed, that is, the random number used in the second one-time code transmitted last time (here, the random number H ₀ ) is selected. Then, in the current authentication code creating unit 143, to the random number H _0, the calculation by a hash function H _C, the number of times less a predetermined number of times for the selected random number reduced number of times than the (M times) (1 batch) The second one-time code α1 is generated repeatedly. Here, as shown in FIG. 5C, since the second one-time code α transmitted last time is the hash value E ₀ ^M−1 using the random number H ₀ , the second one-time code this time code α1 is a hash value _E ^{0 M-2} to the hash value _E ^{0 M} by hashing M-2 times using a random number _{H 0.}

Further, the next-time authentication code creating unit 144 generates the first one-time code β1 using a next-generation random number rather than the random number used until the previous time. Here, as shown in FIG. 5C, a random number H ₂ which is the next generation of the random number H ₁ used for the first one-time code β transmitted last time is used, and a hash function is applied to the random number H _2. An operation using H _c is performed to calculate a hash value E ₂ , the calculated hash value E ₂ is hashed a predetermined number of times (M times), and the first one-time code β 1 (hash value E ₂ ^M ) is gradually obtained. Generate.

The generated second one-time code α1 (hash value E ₀ ^M-2 ) and the first one-time code β1 (hash value E ₂ ^M ) include code information including purchase information and user identification information. Is generated and displayed on the screen, and the code information is read by the reading means of the store side terminal 7a. In the store side terminal 7a, the code information is read by the reading means (S404), and the code information is acquired (S405).

  In the shop side terminal 7a, point information and electronic coupon information are displayed based on this code information. Thereafter, the store side terminal 7 a transmits the code information to the authentication server 2 through the communication network 5. The authentication unit 25 of the authentication server 2 receives the one-time password (second one-time code α1 and first one-time code β1) included in the code information (S406), and the authentication unit 25 receives these one-time passwords. An authentication process is performed based on the time password.

Here, the one-time code database 2a, with respect to the first one-time code obtained in the previous authentication processing beta (hash value E _{1 ^M),} by calculation using the hash function H _S first authentication The one-time code (hash value E ′ ₁ ^M ) is accumulated, and the hash function H _S is used for the second one-time code α (hash value E ₀ ^M−1 ) used for the previous authentication. The second one-time code for authentication (hash value E ′ ₀ ^M−1 ) is accumulated by the calculated operation. Then, the authentication code selection unit 23 selects either the first one-time code β for authentication or the second one-time code α for authentication according to the communication state, and the authentication code storage unit 26. Get from. Here, since the code information is acquired in a state where the authentication confirmation request is not sent from the user terminal 1, it is determined that the communication failure process is performed, and the second one-time for authentication used for the previous authentication is determined. The code (hash value E ′ ₀ ^M−1 ) is selected for authentication.

Further, the reduction count complementing unit 24 hashes the acquired second one-time code α1 (hash value E ₀ ^M−2 ) with the client hash function H _c , and then hashes with the server-side hash function H _S A hash value E ′ ₀ ^M−1 is calculated. Then, the authentication unit 25 stores the calculated second one-time code α1 (hash value E ′ ₀ ^M−1 ) and the one-time code database 2a, and the second one-time code for authentication (hash value E ' ₀ ^M-1 ) and the authentication process is performed. Thus, since the mutual hash value is the hash value E ′ ₀ ^M−1 , the one-time passwords match and the authentication succeeds.

Thereafter, if the authentication is successful, the processing from step S115 to step S118 is performed. Here, the first one-time code obtained this .beta.1 (hash value E _{2 ^M)} likewise performs a calculation using the hash function H _S server side, hashed first one-time password for authentication (Hash value E ′ ₂ ^M ) is stored in association with the user specifying information. Further, the second one-time code α1 (hash value E ₀ ^M-2 ) also performs an operation using the hash function H _S, and the second one-time password for authentication (hash value E ′ ₀ ^M-2 ) is used by the user. It is stored in association with specific information. Then, the authentication management part 20 transmits an authentication result to the shop side terminal 7a (S407), and displays the authentication result on the display part 73a of the shop side terminal 7a.

(C) Processing when an error occurs Further, in this embodiment, even when an error occurs in a predetermined processing stage and the authentication result information returned from the authentication server 2 does not match the information on the user terminal 1, it is automatically It has a function to perform normalization processing.

  First, as shown in FIG. 10, the user terminal 1 transmits user identification information through a communication path for cooperation as confirmation of an authentication result (S501). The cooperation processing unit 21 of the authentication server 2 transmits the random number generation and the hash count related to the first one-time code based on the user specifying information (S502). Here, since an error has occurred in the predetermined processing stage, the random number generation and the hash count related to the returned first one-time code and the first one-time code stored in the user terminal 1 are related. The random number generation and hash count do not match.

  At this time, the application execution unit 14 performs login request processing (S503), inputs user identification information and a password, and transmits the user identification information and password to the authentication server 2 as login information (S504). When the login processing unit 21 of the authentication server 2 acquires this login information, it identifies the user based on the user identification information and the password, issues a token that is unique data, and transmits it to the user terminal 1 ( S505). Thereafter, similarly to the above-described initial setting process, the one-time password creating unit 14a of the user terminal 1 initializes the one-time password based on the acquired token. After the initialization of the one-time password, authentication processing is executed based on the initialized one-time password. Again, either of the processes (A) or (B) is executed according to the communication state.

(One-time authentication method)
By operating the system having the above configuration, the one-time authentication method of the present invention can be implemented. FIG. 11 is a flowchart showing the one-time authentication method according to this embodiment. Here, it is assumed that the one-time password initialization process has been completed in advance.

  First, as shown in FIG. 11, the user terminal 1 accesses the coupon server 3 and performs an operation of acquiring a desired electronic coupon from the coupon information displayed on the screen (S601). The coupon acquisition part 31 of the coupon server 3 transmits electronic coupon information to the user terminal 1 according to user operation (S602). The electronic coupon information is stored in the memory 15 of the user terminal 1. Further, the user terminal 1 accesses the point server 4 and performs an operation of acquiring point information owned by itself (S603). The point acquisition unit 41 of the point server 4 transmits point information in response to a user operation (S604). The point information is stored in the memory 15 of the user terminal 1.

  Thereafter, when the user goes to the store and uses a service using electronic coupons and points, first, the one-time password creation unit 14a checks the authentication environment with the authentication server 2 (S605). Then, the one-time password creating unit 14a creates a one-time password corresponding to the authentication environment and generates code information including purchase information (S606). One of the above-mentioned (A) to (C) is performed in the one-time password generation process based on this authentication environment.

  The code information generated in the application execution unit 14 is displayed on the display unit 13a. The reading means of the store side terminal 7a reads this code information (S607), displays the electronic coupon information and the point information on the screen, and the user confirms the contents. Thereafter, when the authentication process is executed by the operation of the store clerk, the code information is transmitted to the authentication server 2 (S608).

  The authentication management unit 20 of the authentication server 2 performs an authentication process based on the one-time password in the code information (S609). The authentication process (A) or (B) is performed according to each authentication environment. If the authentication is successful, the cooperation unit 20a transmits an inquiry about whether or not points can be used to the point server 4 based on the account information in the one-time code database 2a (S610). Based on the account information, the availability check unit 42 of the point server 4 refers to the number of points of the user and the expiration date information recorded in the point database 4a to determine whether or not the usage is possible, and determines the determination result as the linkage unit 20a. (S611).

  Further, the cooperation unit 20a transmits an inquiry as to whether or not the electronic coupon can be used to the coupon server 3 based on the account information (S612). Based on the account information, the availability check unit 32 of the coupon server 3 determines the availability by referring to the user's electronic coupon information and expiration date information recorded in the coupon database 3a, and determines the determination result as the linkage unit 20a. (S613). Further, the cooperation unit 20a performs a payment process according to each determination result, and transmits the payment information calculated by the payment process (such as points and purchase price information after using the electronic coupon) to the payment server 6 (S614). . The settlement server 6 performs a settlement process based on the settlement information, and transmits settlement result information to the linkage unit 20a (S615).

  Thereafter, in the cooperation unit 20a, when information on completion of payment is acquired, a coupon deletion request (including user identification information and coupon identification information for identifying an electronic coupon) is made to the coupon server 3 based on the account information. Transmit (S616). The usage status update unit 33 of the coupon server 3 erases the electronic coupon information in the coupon database 3a in response to the erase request, and transmits the erase result to the linkage unit 20a (S617).

  Further, the cooperation unit 20a transmits a point update request (including user identification information and used point number information) to the point server 4 based on the account information (S618). In response to the update request, the usage status update unit 43 of the point server 4 updates the point information in the point database 4a, and transmits the update result to the linkage unit 20a (S619). When there is an access by the result confirmation from the user terminal 1 (S620), the cooperation unit 20a transmits the consumption result and the update result to the user terminal 1 (S621).

(One-time certification program)
The one-time authentication system, the portable terminal, the authentication server, and the one-time authentication method according to the first embodiment described above can be realized by executing a program described in a predetermined language on a computer. That is, by installing this program on a computer such as a user terminal or a Web server or an IC chip and executing it on the CPU, a system having the above-described functions can be easily constructed. This program can be distributed through a communication line, for example, and can be transferred as a package application that operates on a stand-alone computer. Such a program can be recorded on a recording medium readable by a personal computer, and the above-described system, apparatus, server, and object control method can be implemented using a general-purpose computer or a dedicated computer. In addition, the program can be easily stored, transported and installed.

(Action / Effect)
According to the present embodiment, the user terminal 1 authenticates using the second one-time code, generates the first one-time code based on the next-generation random number, and transmits it to the authentication server side. Therefore, in normal times, a one-time code is always generated with a new generation of random numbers every time authentication processing is performed, and security can be improved. At this time, since the user terminal 1 is encrypted using a hash function H _C (hashed), the one-time code obtained on the server side, which is encrypted (hashed) by the hash function H _S, Even if the authentication information is intercepted or leaked in the middle of the communication path or on the server side, the authentication information cannot be used for authentication on behalf of the user.

  More specifically, in the present invention, a one-time code (first one-time code or second one-time code) that is a source of a one-time password used at the time of this authentication is determined according to the communication state between the authentication server and the user terminal. Code) is selected. For example, if the authentication server can communicate with the user terminal, the random number used for the first one-time code transmitted last time is confirmed, and the one-time password generated during the current authentication is generated next time. Generate based on generation random numbers. That is, under a communicable state, a new next generation random number is always generated, and the hash count is reset to the initial value. On the other hand, if the communication between the authentication server and the user terminal is interrupted, the one-time generated at the time of this authentication based on the number of hashes reduced from the number of previous hashes based on the same number of random numbers as the previous generation. Generate a password.

  As a result, according to the present embodiment, the authentication server 2 applies one-way processing to the acquired one-time code with a hash function, so that the communication content can be concealed. As described above, according to the present embodiment, even if the authentication code stored in the communication path and the authentication server is wiretapped / stolen, a code for actual authentication cannot be generated, so that unauthorized use can be prevented. Furthermore, according to the present embodiment, the one-time code generated by the user terminal is randomly generated by a random number, and the one-time code itself is not stored in the user terminal. Data and data on the authentication server are linked only by a one-time code generated by a legitimate user terminal, and security can be improved.

  In the present embodiment, the authentication communication path is connected to the reading unit 76 that reads the one-time password displayed on the display unit 13 a of the user terminal 1, and the authentication management unit 20 is connected to the one-time password via the reading unit 76. Since the time password is acquired from the user terminal 1, even when the user terminal 1 is located outside the communicable area, the one-time password can be acquired and authenticated.

  In addition, a cooperation communication path for connecting the authentication server 2 and the user terminal 1 is constructed on the communication network 5, and the authentication code storage unit 26 is generated for the first time on the user terminal 1 through the cooperation communication path. The first one-time code is obtained, and the first one-time code for authentication is generated by the calculation using the server-side one-way function using the first one-time code, and the first authentication Since the one-time code for use is stored in association with the user identification information, one-time authentication processing using two different random numbers can be executed in subsequent authentications.

  Further, in the present embodiment, the authentication server 2 includes a coupon server 3 and a point server 4 that manage an electronic coupon or points given to a user, and a settlement server 6, and the coupon server 3, the point server 4, and the settlement The server 6 can share information stored in the database 2a by the authentication code storage unit 26. Thereby, the coupon server 3, the point server 4, and the payment server can share the information stored in the authentication code storage unit 26, and the payment server 6 relates to the validity of the value information based on the result of the authentication process. Since the determination information is acquired and the payment process reflecting the validity of the value information is executed based on the determination information, the determination of the value information validity and the payment process simultaneously with the authentication process are performed by a plurality of server devices, As a result, it can be performed in cooperation with multiple service providers.

  In the present embodiment, the code information displayed on the screen includes all information such as point information, coupon information, and settlement information. Here, in the conventional coupon system or point system, since it is managed by a system different from the payment processing, the user pays after application after presenting the coupon or points in advance, especially at the storefront. That is, there is a problem that the procedure at the time of use is complicated. However, according to the present embodiment, the code information to be displayed on the screen includes all information such as point information, coupon information, and payment information, so the code information is read once by the store side terminal 7a. By making it possible to perform a series of processing from determination of whether or not a coupon or point can be used to completion of settlement, it is possible to simplify the procedure when using the point or coupon.

  Moreover, in this embodiment, since a point and a coupon are selected by user operation before the payment of a coupon or a point, the procedure at the time of payment can be simplified. In addition, since the use of coupons and points is performed by the authentication server 2, the person in charge on the store side can make a settlement in the same procedure as when no coupons or points are used. Furthermore, the payment server 6 acquires determination information regarding the validity of the value information based on the result of the authentication process, and executes a payment process that reflects the validity of the value information based on the determination information.

  As described above, in this embodiment, it is possible to perform determination of value information validity and settlement processing at the same time as authentication processing through a single communication connection, and for the user side, operations for authentication processing, electronic coupons and points It is possible to simplify the operation for using and the operation for settlement processing.

  Furthermore, in the shop side terminal 7a, the information regarding the user's consumption behavior related to the authentication process is acquired as purchase information, and the authentication management unit 20 purchase information (1) along with the first one-time code or the second one-time code. Coupon and point usage history and payment information), and the purchase information is stored in the purchase history information storage unit 2b in association with the user identification information and the result of the authentication process. It can be used for the marketing measures used. In this embodiment, since the server device of each system is connected to the authentication server 2 and coupons and points are provided via the authentication server 2, it is a different business that provides coupons and points. But it can be used seamlessly.

[Second Embodiment]
Next, a second embodiment of the present invention will be described. The gist of the present embodiment is that time information is added as a time stamp in the code information, and the code information is displayed only for a certain period based on the time stamp. FIG. 12 is a block diagram showing an internal configuration of a user terminal according to the second embodiment.

  In the second embodiment, the user terminal 1 includes a client timer unit 16 as shown in FIG. The client timekeeping unit 16 is a module that acquires the current time. As the time to acquire, the system time of the user terminal 1 may be acquired, or the absolute time provided by a time server or the like may be acquired. Good.

  Then, the one-time password creation unit 14a of the user terminal 1 confirms the authentication result with respect to the authentication server 2, and then the second one-time password creation unit 143 performs the authentication code creation unit 143 as in the first embodiment. Generate a time code, and generate a first one-time code at the next authentication code creation unit 144, and generate code information including the first and second one-time codes, purchase information, and terminal-specific terminals. To do. At this time, the one-time password creating unit 14a generates code information including the time information acquired from the client time measuring unit 16 as a time stamp, and displays the code information on the screen. That is, the code information includes a one-time password, purchase information (electronic coupon information and point information, payment information, etc.), user identification information, and a time stamp.

  Furthermore, after generating the code information including the time stamp, the one-time password creating unit 14a obtains the time information from the client timing unit 16 and determines whether or not a predetermined interval has elapsed. After the predetermined interval has elapsed, when the displayed code information is discarded and the code information is displayed again, new code information is generated. In addition, although this predetermined interval can set various time widths, it is preferably about 1 minute.

  Here, when generating new code information, the one-time password creating unit 14a changes the first and second one-time codes used at the time of the previous one-time password generation, and changes the first and second ones. Code information is generated based on the one-time code. Specifically, as the second one-time code, only the previous display is performed and the discarded second one-time code is reused, and the same hash value is used. On the other hand, the first one-time code is generated using a next-generation random number different from the random number of the first one-time code generated last time.

  On the other hand, the authentication unit 25 of the authentication server 2 extracts a time stamp from the acquired code information, compares the time information of the time stamp with the current time information, and if the difference is 1 minute or more, the code The information is disabled so that subsequent authentication processing is not executed. A specific example of authentication processing using a one-time password including such a time stamp will be described. FIG. 13 is a table showing transitions of generated hash values according to the second embodiment. In FIG. 13, it is assumed that the set initial hash count M is 5000 times.

As shown in FIG. 13, first, in the initial state as the first stage, the first one-time code (hash value E ₀ ) is generated using the first generation random number H ₀ as the hash value for the next authentication. To the authentication server 2. Authentication server 2, with respect to the first one-time code, to generate a first one-time code for authentication by calculation using the hash function H _S.

Then, the next process is performed. Here, it is assumed that the result of checking the authentication result is that communication with the authentication server 2 is possible and a network environment exists. Then, the current authentication code creation unit 143 uses the second one-time code (hash value E ₀ ^M−1) obtained by hashing the hash value generated from the first generation random number H ₀ M−1 times for the current authentication. ) Is generated. The next-time authentication code creating unit 144 also generates a second one-time code (hash value E ₁ ^M ) from the second generation random number H ₁ that is the next generation of the first generation for the next authentication. Further, the one-time password creation unit 14 a obtains the current time from the client timing unit 16. Then, the one-time password creation unit 14a generates and displays code information based on the one-time password, purchase information, user identification information, and time stamp.

  After generating code information including a time stamp, the one-time password creating unit 14a obtains time information from the client timing unit 16 at any time, and whether or not a predetermined interval (about 1 minute) has elapsed. Judging. Here, it is assumed that the displayed code information is read by the store side terminal 7a and authentication is performed.

Then, the next process is performed. Here, as a result of checking the authentication result, it is assumed that communication with the authentication server 2 is possible and a network environment exists. In this case, the current authentication code creation unit 143 generates a second one-time code by repeating the number of times less than the predetermined number of times for the selected random number for the current authentication, as in the first embodiment. To do. Here, a second one-time code (hash value E ₁ ^M-1 ) obtained by hashing the hash value generated from the second generation random number H ₁ M-1 times is generated. Further, the next authentication code creating unit 144 generates a next authentication hash value E ₂ ^M by repeating the calculation by the hash function H _C a predetermined number of times for the third generation random number H ₂ for the next authentication. .

  Also here, the one-time password creation unit 14a obtains the current time from the client timing unit 16, and generates and displays code information including a time stamp. Then, the one-time password creation unit 14a determines whether or not a predetermined interval (about 1 minute) has elapsed. Here, it is assumed that a predetermined interval elapses after the code information is displayed, the displayed code information is discarded, and the code information is deleted from the screen.

Thereafter, when an operation for re-authentication is performed on the user terminal 1, the one-time password creation unit 14a generates new code information. Specifically, the authentication result is confirmed again, and a one-time password corresponding to the confirmation result is generated. Here, as a result of confirming the authentication result, communication with the authentication server 2 is possible and the network environment exists. Therefore, the generation and hash number of the random number H _n stored and used on the server side are inquired and synchronized. By doing so, it is determined whether or not the one-time password up to the previous time has been read. Here, since the previous one-time password has not been read, the one-time password creation unit 14a uses the second one-time code used for authentication this time out of the previously generated one-time code. Specifically, a second one-time code (hash value E ₁ ^M-1 ) obtained by hashing the hash value generated from the second generation random number H ₁ M-1 times is generated. On the other hand, for next authentication, it is generated using a next generation random number different from the random number of the next authentication hash value generated and discarded last time. Specifically, since the random number of H ₂ third generation is utilized, 4th against generation of the random number H _3, next authentication hash repeat operation by the hash function H _C by the predetermined number of times which is the next generation Generate the value E ₃ ^M.

  Also here, the one-time password creation unit 14a obtains the current time from the client timekeeping unit 16, and generates and displays code information including a time stamp. Here, the second one-time code generated last time is reused. However, since the actual QR code (registered trademark) includes a time stamp, the QR code (registered trademark) has a different pattern. It has become. Then, the one-time password creation unit 14a determines whether or not a predetermined interval (about 1 minute) has elapsed. Here, it is assumed that the code information is read by the store side terminal 7a and authentication is performed.

Next, the following processing is performed in the user terminal 1. Here, as a result of checking the authentication result, it is assumed that the communication with the authentication server 2 is not possible and there is no network environment. In this case, as in the first embodiment, the current authentication code creating unit 143 reduces the number of hashes (one time) from the second one-time code (hash value E ₁ ^M−1 ) transmitted last time. A second one-time code (hash value E ₁ ^M-2 ) that has been hashed by repeating as few times as possible is generated. On the other hand, the next-time authentication code creating unit 144 uses the first one-time code (hash value E ₄ ^M) from the fifth generation random number H _4, which is the next generation of the first one-time code transmitted last time, for the next authentication. ) Is generated.

  Also here, the one-time password creation unit 14a obtains the current time from the client timekeeping unit 16, and generates and displays code information including a time stamp. Then, the one-time password creation unit 14a determines whether or not a predetermined interval (about 1 minute) has elapsed. Here, it is assumed that the code information is read by the store side terminal 7a and authentication is performed.

Next, the following processing is performed in the user terminal 1. Here, as a result of checking the authentication result, it is assumed that communication with the authentication server 2 is not possible and the network environment is not present. In this case, similar to the first embodiment, the current code generation unit 143 uses the number of hashes as compared to the previously transmitted second one-time code (hash value E ₁ ^M−2 ) transmitted as the previous one-time password. The second one-time code (hash value E ₁ ^M-3 ) that is hashed by repeating the number of times reduced by the number of times of reduction (one time) is generated. On the other hand, the next time authentication code creating unit 144 uses the first one-time code (hash value E ₅ ^M) from the sixth generation random number H _5, which is the next generation of the first one-time code transmitted last time, for the next authentication. ) Is generated.

  Also here, the one-time password creation unit 14a obtains the current time from the client timekeeping unit 16, and generates and displays code information including a time stamp. Then, the one-time password creation unit 14a determines whether or not a predetermined interval (about 1 minute) has elapsed. Here, it is assumed that a predetermined interval elapses after the code information is displayed, the displayed code information is discarded, and the code information is deleted from the screen.

Thereafter, when an operation for performing authentication again is performed on the user terminal 1, the current code generation unit for authentication 143 generates new code information. Here, as a result of checking the authentication result, it is assumed that communication with the authentication server 2 is not possible and the network environment is not present. In this case, since it is unknown whether or not the generated code information has been read on the authentication server side, the hash count used for display is never used. Therefore, as in the first embodiment, the current authentication code creation unit 143 reduces the number of hashes by the number of times of reduction compared to the second one-time code (hash value E ₁ ^M-3 ) transmitted as the previous one-time password. A second one-time code (hash value E ₁ ^M-4 ) that has been hashed by repeating a small number of times (one time) is generated.

In the present embodiment, when the generated code information is displayed, is not used, and is erased, the generated code information is reused according to the communication environment at the next authentication. Specifically, when the communication is possible, the hash number used last time is used, and when the communication is impossible, the hash value used last time is not used. However, the present invention is not limited to this. Regardless of the communication environment, the number of hashes once displayed may be reused without being reused regardless of whether it has been used. In addition, code information that is only displayed and not used may be reused after the number of times it has been used.

On the other hand, the next time authentication code creating unit 144, as the next authentication, repeated calculation by a hash function H _C by the predetermined number of times with respect to the seventh generation of random numbers H ₆ is a first one-time code next generation previously transmitted To generate a first one-time code (hash value E ₆ ^M ). Also here, the one-time password creation unit 14a obtains the current time from the client timekeeping unit 16, and generates and displays code information including a time stamp. Then, the one-time password creation unit 14a determines whether or not a predetermined interval (about 1 minute) has elapsed. Here, it is assumed that the code information is read by the store side terminal 7a and authentication is performed.

Thereafter, the next user operation is performed. Here, as a result of checking the authentication result, it is assumed that communication with the authentication server 2 is possible and a network environment exists. In this case, the authentication code creating unit 143 reduces the number of hashes for the random number H ₆ that is the same generation as the random number H ₆ used for the first one-time code (hash value E ₆ ^M ) transmitted last time. A second one-time code (hash value E ₆ ^M−1 ) that has been hashed by repeating a small number of times (one time) is generated. The next time authentication code creating unit 144, as the next authentication, repeated calculation by a hash function H _C by the predetermined number of times with respect to the eighth generation of random numbers H _7, the next generation for the next authentication hash value previously transmitted To generate a first one-time code (hash value E ₇ ^M ). Also here, the one-time password creation unit 14a obtains the current time from the client timekeeping unit 16, and generates and displays code information including a time stamp. Then, the one-time password creation unit 14a determines whether or not a predetermined interval (about 1 minute) has elapsed. Here, it is assumed that the code information is read by the store side terminal 7a and authentication is performed.

  In the subsequent processing, the generation processing for the current authentication hash value and the next authentication hash value is changed in accordance with the communication environment and whether or not the previously generated one-time password is used. Then, the authentication process is performed based on the code information generated in this way.

(Action / Effect)
According to this embodiment as described above, it is possible to set a short-term expiration date in the one-time code and prevent unauthorized use at the time of eavesdropping / theft. In other words, in this embodiment, the display time on the user terminal is limited to a certain time (1 minute), and when the time limit is exceeded, the code information is hidden and the code information needs to be regenerated. Authentication is successful only with code information generated and displayed immediately before payment at a cash register.

  This prevents, for example, unauthorized use in which code information displayed on a user terminal by an unauthorized user is photographed with a camera or the like and is used before a legitimate user using the code information on the screen. can do. If the code information is generated but not used, the authentication ID is reused, but the actual code information is appended with a time stamp, so the pattern of the code information is different. The certified image can no longer be authenticated.

[Third embodiment]
Next, a third embodiment of the present invention will be described. In the present embodiment, a user terminal 1 that dynamically presents authentication information and a store-side terminal 7a that reads the presented authentication information are provided, and code information is repeatedly generated and discarded in a very short time. The gist is to perform dynamic authentication based on the code information changed to.

  FIG. 14 is a block diagram illustrating an internal configuration of the user terminal according to the present embodiment, and FIG. 15 is a block diagram illustrating an internal configuration of the store side terminal according to the present embodiment. Moreover, FIG. 16 is explanatory drawing which shows the dynamic code information displayed on the display part of a user terminal, and FIG. 17 is a time chart figure which shows the determination process of the effectiveness determination which concerns on this embodiment.

  In the third embodiment, the user terminal 1 includes a client timer unit 16 as shown in FIG. 12, as in the second embodiment. The client timing unit 16 is a module that acquires the current time, and acquires the system time of the user terminal 1 as the time to acquire. The application execution unit 14 of the user terminal 1 includes a display information generation unit 14e and a dynamic information presentation unit 14f as functional modules that dynamically present authentication information.

  The display information generation unit 14e is a module that generates at least two pieces of display information by combining predetermined authentication information with time information indicating the current time on the user terminal 1. Here, the predetermined dynamic information is the first one-time code and the second one-time code generated in the first embodiment described above. That is, the display information generation unit 14e presents the first one-time code and the second one-time code generated by the current authentication code generation unit 143 and the next authentication code generation unit 144 of the one-time password generation unit 14a. Code information is created by combining time information indicating time. The code information includes user identification information, payment information, and purchase information.

  The dynamic information presentation unit 14f is a module that dynamically presents authentication information by sequentially displaying display information at the same position with a certain time interval. That is, the dynamic information presenting unit 14f generates code information at a predetermined time and then acquires the time information Tc as needed from the client timing unit 16, and a predetermined interval (for example, less than 1 second) has elapsed. Whether the code information is regenerated after the predetermined interval has elapsed. Specifically, the currently displayed code information is discarded, the time information Tc of the current time is included as a time stamp, and the code information is regenerated and displayed on the screen. Thereafter, the one-time password creating unit 14a repeats this process at predetermined intervals.

  As described above, the display information generation unit 14e and the dynamic information presentation unit 14f repeatedly generate, display, discard, and regenerate code information at predetermined intervals. On the display unit 13a, as illustrated in FIG. Different code information (code information C_1 to C_4 in FIG. 16) is dynamically displayed on the screen while being changed as needed over time (time Tc_1 to Tc_4 in FIG. 16). At this time, the same one-time password is used for all the one-time passwords included in a plurality of code information displayed in a series, and only the time stamp is changed, so that the display form of the code information is changed. Is done. The one-time password generation method is the same as that in the first embodiment or the second embodiment described above.

  On the other hand, in the store side terminal 7a, at least two pieces of display information displayed on the display unit 13a by the dynamic information presentation unit 14f in the reading unit 76 are optically read sequentially and transmitted into the control unit 74. . In the present embodiment, the reading unit 76 reads two consecutive pieces of code information among the code information displayed as needed.

  The control unit 74 determines whether or not the display information can be used as an authentication process based on the read two pieces of display information. Specifically, as shown in FIG. 15, the control unit 74 includes a timing recording unit 741, an effectiveness determination unit 742, an information extraction unit 743, and a validity determination unit 744.

  The time recording unit 741 is a module that measures and records each reading time of each display information read by the reading means 76, and measures the reading time from the store side time measuring unit 77 provided in the store side terminal 7a. Record. Here, as the time acquired by the store-side timer 77, the system time of the store-side terminal 7a may be acquired, or the absolute time provided by a time server or the like may be acquired.

  And the time recording part 741 adds the time information Tp at the time of reading to the read code information, respectively. Here, as shown in FIG. 17, the code information read first is the first code information X1, and the code information read next is the second code information X2. Furthermore, time information added to the code information X1 is time information Tp_1, and time information added to the code information X2 is time information Tp_2.

  The validity determination unit 742 is a module that determines the validity of the display information based on the expiration date obtained from a certain time interval and the time difference between the reading times. Here, in this embodiment, as shown in FIG. 17, two consecutive pieces of code information X1 and X2 are displayed with a predetermined interval L. For example, the read two pieces of code information X1 and X2 are In the case of regular code information, the maximum time that the second code information X2 can be read after reading the first code information X1 is 2L.

  Therefore, the validity determination unit 742 verifies that the difference between the time information Tp_1 of the first code information X1 and the time information Tp_2 of the second code information X2 is greater than 0 and less than 2L. When the difference between the first code information X1 and the second code information X2 is greater than 0 and less than the time 2L, it is determined that the code information X1 and X2 are within the expiration date, and the POS The second code information X2 is transmitted to the authentication server 2 via the server 7. Thereafter, as in the first embodiment, an authentication process or the like is performed using the one-time password included in the second code information. On the other hand, when the difference between the first code information X1 and the second code information X2 is 0 or less, or when the time is 2L or more, an error is displayed as code information whose expiration date has passed.

  Further, the control unit 74 assumes that the expiration date is determined from the difference between the two code information X1 and X2, and the two code information X1 and X2 are code information generated based on the same one-time code. It has a function of determining whether or not there is, and only the code information generated based on the same one-time password is used to determine whether or not there is an expiration date. Specifically, the control unit 74 includes an information extraction unit 743 and a validity determination unit 744.

  The information extraction unit 743 is a module that excludes time information from each display information read by the reading unit 76 and extracts predetermined authentication information. The predetermined authentication information extracted here is the first one-time code and the second one-time code generated by the current authentication code creation unit 143 and the next authentication code creation unit 144. Then, the information extracting unit 743 transmits the first one-time code and the second one-time code to the validity determining unit 744.

  The validity determination unit 744 is a module that compares the identities of the pieces of authentication information extracted by the information extraction unit 743 and determines the validity of the display information based on the comparison result. Here, the authentication information to be compared may be either the first one-time code or the second one-time code, and both the first one-time code and the second one-time code are used. You may compare.

(Effectiveness judgment method)
Next, the effectiveness determination method in the third embodiment will be described. FIG. 18 is a flowchart showing the dynamic authentication method according to this embodiment.

  First, when the display information generation unit 14e acquires the one-time password created by the one-time password creation unit 14a, the display information generation unit 14e acquires the current time Tc_1 from the client timing unit 16, and uses the current time Tc_1 as a time stamp. In addition, the first code information X1 is generated (S701). The first code information X1 is displayed on the screen and read by the reading means 76 of the store side terminal 7a (S702). At this time, the time recording unit 741 measures the reading time Tp_1 of the display information read by the reading unit 76 and records it in the memory 15.

  On the other hand, the dynamic information presentation unit 14f of the user terminal 1 dynamically presents the authentication information by sequentially displaying the display information at the same position with a certain time interval. Specifically, time information is acquired from the client timing unit 16 as needed, and it is determined whether or not a predetermined interval L has elapsed from the first code information X1 (S703). If the predetermined interval L has not elapsed (“N” in S703), the process is repeated until the predetermined interval L elapses while acquiring time information.

  When the predetermined interval L has elapsed (“Y” in S703), the display information generation unit 14e and the one-time password creation unit 14a are instructed to reproduce the code information again. When the display information generation unit 14e acquires the one-time password recreated by the one-time password generation unit 14a, the display information generation unit 14e acquires the time information Tc_2 at that time from the client timing unit 16 and generates the second code information X2. (S704). Then, the display information generation unit 14e discards the first code information X1 and displays the second code information X2 on the screen. When the second code information X2 is displayed on the screen, the reading means 76 of the store side terminal 7a reads the second code information X2 (S705). At this time, the time recording unit 741 measures the reading time Tp_2 of the display information read by the reading unit 76 and records it in the memory 15 together with the second code information X2.

  Then, the validity determination unit 742 of the store side terminal 7a determines whether or not the validity period of the code information is valid based on the first code information X1 and the second code information X2 (S706). Specifically, the information extraction unit 743 extracts predetermined authentication information from each display information read by the reading unit 76 by excluding time information. Specifically, the first one-time code and the second one-time code related to the first code information X1 and the second code information X2 are extracted. Then, the validity judgment unit 744 compares the sameness of the respective authentication information extracted by the information extraction unit 743, and judges the validity of the display information based on the comparison result. If the one-time codes are not the same ("N" in S706), an error is displayed on the display unit 73a of the store side terminal 7a. This information may be transmitted to the user terminal 1 and displayed on the display unit 13a of the user terminal 1.

  On the other hand, if the one-time code is the same, then the difference between the time information Tp_1 added to the first code information X1 and the time information Tp_2 added to the first code information X1 is: Verify that it is greater than 0 and less than 2L of time. If the difference between the first code information X1 and the second code information X2 is 0 or less or is 2L or more ("N" in S706), an error is displayed as code information whose expiration date has passed. (S709).

  When the difference between the first code information X1 and the second code information X2 is greater than 0 and less than 2L (“Y” in S706), the code information X1 and X2 are within the expiration date. The second code information X2 is transmitted to the authentication server 2 via the POS server 7. Thereafter, as in the first embodiment, an authentication process or the like is performed using the one-time password included in the second code information.

(Action / Effect)
According to the third embodiment, by setting the expiration date of the code information to an extremely short time of less than 1 second, it is possible to prevent unauthorized use even in the case of theft or wiretapping. In the present embodiment, since two pieces of code information are used for authentication, for example, even if an unauthorized user photographs the code information displayed on the screen of the user terminal 1 with the camera, the photographing is performed. Since the authentication cannot be performed from the processed image, fraud can be further prevented.

  Since the code information is repeatedly regenerated in a very short time (less than 1 second), there may be a time error with respect to the authentication processing side. In other words, if the system time measured by the user terminal 1 and the time measured by the authentication server 2 do not match, authentication may not be possible even when used by a legitimate person.

  In this embodiment, the time information Tp_1 of the time stamp and the time information Tp_2 read on the store side terminal 7a side can be acquired from a plurality of code information, and the time lag between the user terminal and the store side terminal 7a can be corrected. Authentication processing can be normally performed without the terminal performing time correction with a time server or the like. That is, in the present embodiment, the time of the user terminal is estimated from the code information data having two different time stamps, and the expiration date of the code information is set based on the regeneration interval. The error is resolved.

[Example of change]
The description of each embodiment described above is an example of the present invention. For this reason, the present invention is not limited to the above-described embodiment, and various modifications can be made according to the design and the like as long as they do not depart from the technical idea of the present invention. Below, the modification of this invention is demonstrated.

  For example, in the above-described third embodiment, whether the expiration date of the code information is valid is determined based on two pieces of code information displayed in succession. For example, when two or more pieces of code information are read, The validity may be verified by reading arbitrary two pieces of non-consecutive code information Xi and code information Xj (j> i) from the series of code information. In this case, after reading the first code information Xi, whether to extract the code information regenerated at the nth time is stored in the store terminal 7a as known, and the predetermined interval 2L is changed to the predetermined interval nL. Alone, the effectiveness can be verified by the same processing as described above.

  In addition, for example, in the third embodiment described above, whether or not the expiration date of the code information exists is processed by the validity determination unit 742 of the store side terminal 7a, but may be executed in the cooperation unit 20a of the authentication server 2, for example. Good. In this case, the functional module of the validity determination unit 742 is provided in the cooperation unit 20a, and the store side terminal 7a transmits the read first code information X1 and second code information X2 to the authentication server 2 as they are. . At this time, whether or not the code information X1 and X2 are code information generated based on the same one-time password may be determined by the validity determination unit 742 or executed by the cooperation unit 20a. May be.

DESCRIPTION OF SYMBOLS 1 ... User terminal 2 ... Authentication server 2a ... One time code database 2b ... Purchase history information storage part 3 ... Coupon server 3a ... Coupon database 4 ... Point server 4a ... Point database 5 ... Communication network 6 ... Payment server 7 ... POS server 7a ... Store side terminal 8 ... Wireless base station 11 ... Wireless interface 13a ... Display unit 14 ... Application execution unit 14a ... One-time password creation unit 14b ... Cooperation processing unit 14c ... Value information acquisition unit 14d ... Authentication result acquisition unit 14e ... Display information Generating unit 14f ... Dynamic information presenting unit 15 ... Memory 16 ... Client timing unit 20 ... Authentication management unit 20a ... Cooperation unit 21 ... Cooperation processing unit 22 ... Initialization processing unit 23 ... Authentication code selection unit 24 ... Reduction number complementing unit 25 ... Authentication unit 26 ... Authentication code Storage unit 31 ... Coupon acquisition unit 32 ... Usage availability confirmation unit 33 ... Usage status update unit 34 ... Coupon addition unit 41 ... Point acquisition unit 42 ... Usage availability confirmation unit 43 ... Usage status update unit 44 ... Point addition unit 70a ... Communication Interface 70b ... Control unit 70c ... POS information database 74 ... Control unit 75 ... Memory 76 ... Reading means 77 ... Store side timing unit 141 ... Authentication environment confirmation unit 142 ... Random number selection unit 143 ... Current authentication code creation unit 144 ... Next authentication Code creation unit 741 ... Timekeeping recording unit 742 ... Effectiveness judgment unit 743 ... Information extraction unit 744 ... Validity judgment unit

In order to solve the above-described problem, the present invention provides a one-time effective only once between an authentication server arranged on a communication network and a user terminal used by a user and connectable to the authentication server through the communication network. A one-time authentication system that authenticates the user using a password,
On the user terminal side, a first one-time code generating unit that generates a first one-time code by generating a next-generation random number and repeating a calculation on the next-generation random number by a user-side unidirectional function a predetermined number of times. When,
On the user terminal side, a second one that generates a second one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times for a previous generation random number generated before generating a next generation random number A time code generator,
In the authentication server, the first one-time code and the second one-time code are obtained, and the first one-time code for authentication is obtained by calculation using the server-side one-way function using the first one-time code. And generating a second one-time code for authentication by a calculation using a server-side one-way function using the second one-time code, and these first and second one-time codes for authentication And an authentication code storage unit that stores the user-specific information associated with the user,
At the time of authentication, on the user terminal side, a selection unit that selects the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network;
One time generated by repeating the calculation by the user-side unidirectional function for the selected next generation random number or the previous generation random number by a number of times less than the predetermined number of times for the selected random number. An authentication management unit for acquiring a code as the one-time password from the user terminal in the authentication server through an authentication communication path;
In the authentication server, an authentication code that is selected from the first one-time code for authentication or the second one-time code for authentication and acquired from the authentication code storage unit according to the communication state A selection section;
In the authentication server, with respect to the one-time password acquired by the authentication management unit, a reduction number complementing unit that performs calculation by the user-side unidirectional function for the number of reductions;
In the authentication server, based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit, and the one-time password executed by the reduction number complementing unit And an authentication unit that performs authentication processing.

Claims (26)

The user is authenticated using a one-time password that is valid only once between an authentication server arranged on the communication network and a user terminal that is used by the user and can be connected to the authentication server through the communication network. A one-time authentication system
On the user terminal side, a first one-time code is generated by generating a next-generation random number and generating a first one-time code by repeating a calculation by a user-side one-way function a predetermined number of times for the next-generation random number And
On the user terminal side, a second one-time code is generated by repeating a calculation by the user-side unidirectional function a predetermined number of times for the previous generation random number generated before generating the next generation random number. 2 one-time code generator,
In the authentication server, the first one-time code and the second one-time code are obtained, and the first one-time code for authentication is calculated by using the first one-time code and using a server-side one-way function. A one-time code is generated, and a second one-time code for authentication is generated by an operation using the server-side one-way function using the second one-time code. A one-time code for authentication, an authentication code storage unit that stores the one-time code associated with user-specific information unique to the user,
At the time of authentication, a selection unit that selects the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network;
One time generated by repeating the calculation by the user-side unidirectional function for the selected next generation random number or the previous generation random number by a number of times less than the predetermined number of times for the selected random number. An authentication management unit for acquiring a code from the user terminal as the one-time password through an authentication communication path;
An authentication code selection unit that selects one of the first one-time code for authentication or the second one-time code for authentication and acquires it from the code storage unit for authentication according to the communication state;
For the one-time password acquired by the authentication management unit, a reduction number complementing unit that performs calculation by the user-side unidirectional function for the number of reductions;
Authentication processing is performed based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit and the one-time password executed by the reduction number complementing unit. A one-time authentication system comprising: an authenticating unit for performing. The user terminal has a display unit that displays the encoded one-time code or the encoded second one-time code as the one-time password,
The authentication communication path is connected to a reading device that reads the one-time password displayed on the display unit,
The one-time authentication system according to claim 1, wherein the authentication management unit acquires the one-time password from the user terminal via the reading device. On the communication network, a communication path for cooperation connecting the authentication server and the user terminal is constructed,
The authentication code storage unit acquires the first one-time code generated for the first time on the user terminal through the cooperation communication path, and uses the first one-time code to generate the first one-time code. A first one-time code for authentication is generated by an operation using a one-way function, and the first one-time code for authentication is stored in association with user-specific information unique to the user. The one-time authentication system according to claim 1. The authentication communication path is connected to the user terminal via a store terminal installed in the store,
In the store terminal, information related to the user's consumption behavior related to the authentication process is acquired as purchase information,
The authentication management unit acquires the purchase information together with the first one-time code or the second one-time code, and uses the purchase information as the first or second one-time code for authentication and the authentication. The one-time authentication system according to claim 1, wherein the one-time authentication system is stored in a purchase history information storage unit in association with a processing result. The authentication server is
A value information management server for managing value information given to the user;
A payment server for executing payment processing related to goods or services provided to the user;
The value information management server and the settlement server can share information stored in the authentication code storage unit,
The payment server acquires determination information related to the validity of the value information based on a result of the authentication process, and executes the payment process reflecting the validity of the value information based on the determination information. The one-time authentication system according to claim 1. The user is authenticated using a one-time password that is valid only once between an authentication server arranged on the communication network and a user terminal that is used by the user and can be connected to the authentication server through the communication network. A one-time authentication method to perform,
On the user terminal side, a one-time code generator generates a next-generation random number, and generates a first one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times for the next-generation random number. And a one-time code generating step for generating a second one-time code by repeating a calculation by the user-side unidirectional function a predetermined number of times for the previous generation random number generated before generating the next generation random number; ,
The authentication server acquires the first one-time code and the second one-time code, and the authentication code storage unit uses the server-side one-way function using the first one-time code. A first one-time code for authentication is generated by calculation, and a second one-time code for authentication is generated by calculation using the server-side one-way function using the second one-time code. An authentication code storage step of storing the first and second authentication one-time codes in the authentication code storage unit in association with user-specific information unique to the user;
The selection unit of the user terminal selects a next generation random number or a previous generation random number used for the first one-time code or the second one-time code according to a communication state of the communication network at the time of authentication. A selection step;
For the selected next generation random number or the previous generation random number, the authentication management unit repeats the calculation by the user-side unidirectional function a number of times less than the predetermined number of times for the selected random number. An authentication management step of acquiring the generated one-time code as the one-time password from the user terminal through an authentication communication path;
The authentication code selection unit selects either the first one-time code for authentication or the second one-time code for authentication according to the communication state, and acquires from the authentication code storage unit A code selection step,
For the second one-time code acquired by the authentication management unit, a reduction number complementing unit executes a calculation based on the user-side unidirectional function for the number of reductions;
Authentication is performed based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit, and the one-time password executed by the reduction number complementing unit. A one-time authentication method comprising: an authentication step in which the unit performs an authentication process. In the authentication management step, the user terminal displays the encoded one-time code or the encoded second one-time code as the one-time password,
A reader that reads the one-time password displayed on the display unit is connected to the authentication communication path. In the authentication management step, the one-time password is acquired from the user terminal via the reader. The one-time authentication method according to claim 6. On the communication network, a communication path for cooperation connecting the authentication server and the user terminal is constructed,
In the authentication code storage step, an authentication code storage unit acquires the first one-time code generated for the first time on the user terminal through the communication path for cooperation, and the first one-time code To generate a first one-time code for authentication by calculation using the server-side one-way function, and associate the first one-time code for authentication with user-specific information unique to the user. The one-time authentication method according to claim 6, wherein the one-time authentication method is stored. The authentication communication path is connected to the user terminal via a store terminal installed in the store,
In the authentication management step, the store terminal acquires information regarding the user's consumption behavior related to the authentication process as purchase information, and acquires the first one-time code or the second one-time code. The one-time authentication according to claim 6, wherein the purchase information is stored in the purchase history information storage unit in association with the first or second one-time code for authentication and the result of the authentication process. Method. The authentication server is
A value information management server for managing value information given to the user;
A payment server for executing payment processing related to goods or services provided to the user;
The value information management server and the settlement server can share information stored in the authentication code storage unit,
The payment server acquires determination information related to the validity of the value information based on a result of the authentication process, and executes the payment process reflecting the validity of the value information based on the determination information. The one-time authentication method according to claim 6. An authentication server that is placed on a communication network and authenticates the user using a one-time password that is valid only once with a user terminal used by the user,
On the user terminal side, a first generation random number is generated, and a first one-time code generated by repeating a calculation by a user-side unidirectional function for the next generation random number a predetermined number of times, and on the user terminal side Coordination in which the authentication server obtains a second one-time code generated by repeatedly calculating the user-side one-way function for the previous generation random number generated before generating the next generation random number The management department,
Using the first one-time code, a first one-time code for authentication is generated by computation using a server-side one-way function, and the server-side one-time code is generated using the second one-time code. An authentication code generated by generating a second one-time code for authentication by calculation using a directionality function, and storing the first and second one-time codes for authentication in association with user-specific information unique to the user A storage unit;
At the time of authentication, the next generation random number or the previous generation random number used for the first one time code or the second one time code selected according to the communication state of the communication network, The one-time code generated in the user terminal by repeating the calculation by the user-side unidirectional function by a number of times less than the predetermined number of times for the selected random number is used as the one-time password through the authentication communication path. An authentication management unit to be acquired;
An authentication code selection unit that selects one of the first one-time code for authentication or the second one-time code for authentication and acquires it from the code storage unit for authentication according to the communication state;
For the one-time password acquired by the authentication management unit, a reduction number complementing unit that performs calculation by the user-side unidirectional function for the number of reductions;
Authentication processing is performed based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit and the one-time password executed by the reduction number complementing unit. An authentication server comprising: an authentication unit for performing. The user terminal has a display unit that displays the encoded one-time code or the encoded second one-time code as the one-time password,
The authentication communication path is connected to a reading device that reads the one-time password displayed on the display unit,
The authentication server according to claim 11, wherein the authentication management unit acquires the one-time password from the user terminal via the reading device. On the communication network, a communication path for cooperation connecting the authentication server and the user terminal is constructed,
The authentication code storage unit acquires the first one-time code generated for the first time on the user terminal through the cooperation communication path, and uses the first one-time code to generate the first one-time code. A first one-time code for authentication is generated by an operation using a one-way function, and the first one-time code for authentication is stored in association with user-specific information unique to the user. The authentication server according to claim 11. The authentication communication path is connected to the user terminal via a store terminal installed in the store,
In the store terminal, information related to the user's consumption behavior related to the authentication process is acquired as purchase information,
The authentication management unit acquires the purchase information together with the first one-time code or the second one-time code, and uses the purchase information as the first or second authentication one-time code and the authentication. The authentication server according to claim 11, wherein the authentication server is stored in the purchase history information storage unit in association with a processing result. The authentication server is
A value information management server for managing value information given to the user;
A payment server for executing payment processing related to goods or services provided to the user;
The value information management server and the settlement server can share information stored in the authentication code storage unit,
The payment server acquires determination information related to the validity of the value information based on a result of the authentication process, and executes the payment process reflecting the validity of the value information based on the determination information. The authentication server according to claim 11. A mobile terminal that has a function of authenticating the user using a one-time password that is valid only once with an authentication server that is used by a user and placed on a communication network,
A first one-time code generating unit for generating a next-generation random number and generating a first one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times for the next-generation random number;
Generation of a second one-time code for generating a second one-time code by repeating a calculation by the user-side unidirectional function a predetermined number of times for the previous generation random number generated before generating the next-generation random number And
A transmitter for transmitting the first one-time code and the second one-time code to the authentication server;
At the time of authentication, a selection unit that selects the next generation random number or the previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network;
A one-time code is generated by repeating the calculation by the user-side unidirectional function for the selected next generation random number or the previous generation random number by a number of times less than the predetermined number of times for the selected random number. And an authentication processing unit that sends the one-time code to the authentication server as the one-time password through an authentication communication path;
A portable terminal comprising: an authentication result acquisition unit configured to acquire a result of an authentication process based on the generated one-time password selected according to a communication state of the communication network. The mobile terminal according to claim 16, further comprising a display unit that displays the encoded one-time code or the encoded second one-time code as the one-time password. On the communication network, a communication path for cooperation connecting the authentication server and the user terminal is constructed,
The mobile terminal according to claim 16, wherein the transmission unit transmits the first one-time code generated for the first time through the communication path for cooperation. The user is authenticated using a one-time password that is valid only once between an authentication server arranged on the communication network and a user terminal that is used by the user and can be connected to the authentication server through the communication network. A one-time authentication program to be performed on the authentication server;
On the user terminal side, a first generation random number is generated, and a first one-time code generated by repeating a calculation by a user-side unidirectional function for the next generation random number a predetermined number of times, and on the user terminal side Cooperative management for acquiring a second one-time code generated by repeating the calculation by the user-side unidirectional function a predetermined number of times for the previous generation random number generated before generating the next generation random number Steps,
The authentication code storage unit uses the first one-time code to generate the first one-time code for authentication by calculation using a server-side one-way function, and the second one-time code And generating a second one-time code for authentication by an operation using the server-side one-way function, and the first and second one-time codes for authentication and user-specific information unique to the user; An authentication code storage step for associating and storing in the authentication code storage unit;
At the time of authentication, for the next generation random number or the previous generation random number used for the first one-time code or the second one-time code selected according to the communication state of the communication network, the user The one-time code generated in the user terminal by repeating the calculation by the side one-way function by a smaller number of times than the predetermined number of times for the selected random number, the authentication management unit transmits the one-time code through the authentication communication path. Authentication management step to obtain as a one-time password,
The authentication code selection unit selects either the first one-time code for authentication or the second one-time code for authentication according to the communication state, and acquires from the authentication code storage unit A code selection step,
For the second one-time code acquired by the authentication management unit, a reduction number complementing unit executes a calculation based on the user-side unidirectional function for the number of reductions;
Authentication is performed based on the first one-time code for authentication or the second one-time code for authentication selected by the authentication code selection unit, and the one-time password executed by the reduction number complementing unit. A one-time authentication program in which a section executes a process including an authentication step for performing an authentication process. In the authentication management step, the encoded first one-time code or the encoded second one-time code is displayed on the display unit of the user terminal as the one-time password,
A reader that reads the one-time password displayed on the display unit is connected to the authentication communication path. In the authentication management step, the one-time password is acquired from the user terminal via the reader. The one-time authentication program according to claim 19, wherein: On the communication network, a communication path for cooperation connecting the authentication server and the user terminal is constructed,
In the authentication code storage step, the authentication code storage unit obtains the first one-time code generated for the first time on the user terminal through the cooperation communication path, and the first one-time code. To generate a first one-time code for authentication by calculation using the server-side one-way function, and associate the first one-time code for authentication with user-specific information unique to the user. The one-time authentication program according to claim 19, wherein the one-time authentication program is stored. The authentication communication path is connected to the user terminal via a store terminal installed in the store,
In the authentication management step, the store terminal acquires information on the user's consumption behavior related to the authentication process as purchase information, and acquires the first one-time code or the second one-time code. The authentication management unit stores the purchase information in a purchase history information storage unit in association with the first or second authentication one-time code and the result of the authentication process. The listed one-time authentication program. The authentication server is
A value information management server for managing value information given to the user;
A payment server for executing payment processing related to goods or services provided to the user;
The value information management server and the settlement server can share information stored in the authentication code storage unit,
The payment server acquires determination information related to the validity of the value information based on a result of the authentication process, and executes the payment process reflecting the validity of the value information based on the determination information. The one-time authentication program according to claim 19. The user is authenticated using a one-time password that is valid only once between an authentication server arranged on the communication network and a user terminal that is used by the user and can be connected to the authentication server through the communication network. A one-time authentication program to be performed on the user terminal;
A first one-time code generating step of generating a next-generation random number and generating a first one-time code by repeating a calculation by a user-side unidirectional function a predetermined number of times for the next-generation random number;
Generation of a second one-time code for generating a second one-time code by repeating a calculation by the user-side unidirectional function a predetermined number of times for the previous generation random number generated before generating the next-generation random number Steps,
Transmitting the first one-time code and the second one-time code to the authentication server;
At the time of authentication, a selection step of selecting a next generation random number or a previous generation random number used for the first one-time code or the second one-time code according to the communication state of the communication network;
A one-time code is generated by repeating the calculation by the user-side unidirectional function for the selected next generation random number or the previous generation random number by a number of times less than the predetermined number of times for the selected random number. Then, an authentication processing step of sending to the authentication server as the one-time password through an authentication communication path;
A one-time authentication program for executing a process including an authentication result acquisition step of acquiring an authentication process result based on the generated one-time password selected according to the communication state of the communication network. The display device according to claim 24, further comprising a display step of displaying the encoded one-time code or the encoded second one-time code on the display unit as the one-time password. One-time certification program. On the communication network, a communication path for cooperation connecting the authentication server and the user terminal is constructed,
25. The one-time authentication program according to claim 24, wherein the transmission unit transmits the first one-time code generated for the first time through the cooperation communication path.