JP4122035B2 - Authentication system using location information, authentication server, and authentication method using location information - Google Patents

Description

  The present invention relates to an authentication system for authenticating a person when information is communicated via a credit card, a bank cash card or a network, and in particular, a mobile phone possessed by an authorized user of a credit card or a cash card. When position information is acquired at a predetermined time interval from a mobile terminal device such as a telephone and different position information is obtained at the time of authentication request, there is a path that can move between the different positions within the predetermined time interval. The present invention relates to an authentication system using position information in which identity verification is performed when there is a movable route by checking whether or not it exists.

  When contracts, transactions, and the like are performed using electronic means, it is necessary to authenticate whether or not the person using the electronic means is an authorized contractor. Conventionally, this authentication method has been performed using a personal identification number, a password, or the like. For example, in the case of Internet communication using a personal computer, a user who is a member transmits application information to a desired server using a personal computer and a telephone line, and this is received by a computer system installed on the business side. , Have made a contract between them. At this time, in order to authenticate whether or not the member is following the regular contract procedure, the basic means conventionally used is as follows.

  First, a usage contract is concluded between a personal computer user and a personal computer carrier in advance. At that time, the business operator determines and notifies the member ID number and password to the regular member user. When an operator requests access via a personal computer, the operator requests a member ID and password registered in advance for the accessor, and when the accessor inputs this, it is recorded on the operator side. The accessor is certified as a regular member user when the information matches with the regular member information. Then, the order information transmitted during the communication connection is determined to be transmitted by the regular member user and accepted.

  Furthermore, in order to make the confirmation of whether or not the regular contract procedure by the regular contractor is followed more strictly, the time that the user can input when the member ID number and password are requested from the business side is limited. Also known is a system that takes steps to eliminate unauthorized access by means such as disconnecting the line by judging that it is an unauthorized accessor if incorrect input is made more than a certain number of times Yes.

  However, the above-described method for eliminating unauthorized access is possible, for example, when a hacker (unauthorized intruder) enters a transmission gate or modem of a regular member user's personal computer, and the member ID number transmitted by the regular member user here. If a password is obtained, a third party can impersonate a member and lose its effectiveness. If the third party also knows the member ID number and password set in advance by some means, it loses its effectiveness as personal authentication.

  On the other hand, in order to prevent unauthorized acquisition of a member ID number and password by a hacker, information transmission may be performed between a regular member user and a business operator with encryption processing to ensure communication security. However, no matter how sophisticated or complicated the means for preventing unauthorized acquisition of passwords, etc., it may be broken by hackers who develop more advanced unauthorized acquisition means, which is not an essential solution.

  This kind of incident has also occurred for bank cards and credit cards. In particular, passwords set by regular members often use the last four digits of their own or relative's birthday or phone number for fear of forgetting them. Passwords can be easily detected and are often damaged. Effective authentication when a lost or stolen credit card or cash card is used, or when card information is stolen by a method such as skimming and a forged credit card or cash card is used A method has not yet been established.

  As one of authentication methods at the time of payment using a credit card, an authentication method using position information has been proposed. For example, the following Patent Document 1 (Japanese Patent Laid-Open No. 10-198636) discloses an invention of a personal authentication system using position information.

  The personal authentication system disclosed in Patent Document 1 is a member data reading means for reading member data (for example, a member's address or residence) relating to a member user, and a PHS operator that stores the presence area data of a PHS terminal device owned by the member user. The presence area data acquisition means acquired from the calculation means, the calculation means for determining the match between the member data and the presence area data, and if the result of the determination by the calculation means is the same, it is possible to continue to enjoy the benefits from the service provider In the case of mismatching, there is provided an output means for outputting an output result that cannot obtain a profit from the service provider.

  Hereinafter, the personal authentication system will be described in detail with reference to FIG. This personal authentication system shows a case where it is adopted in a transaction by a credit card 117 of a credit company CC. “Membership data” is the connection area data D1, that is, the location of the store C1 that has a card usage contract that can be used by the credit card 117. FIG. 9 illustrates the case of reading by the card reader 118 that inquires the expiration date of the credit card 117 when purchasing a product with the credit card 117.

  If the magnetic information of the credit card 117 is read by the card reader 118, the information is sent to the credit company CC via the telephone 114 (or a dedicated line). On the other hand, the credit company CC reads the card contract data, obtains the existence area data D2 of the PHS terminal device 210 of the authorized owner of the credit card 117 from the PHS operator (PP), and connects the connection area data D1 and the existence area data. A match with D2 is determined. If it is determined that the credit card 117 matches, the credit card 117 can be used, and if it does not match, the credit card 117 cannot be used, and an output result is output to the card reader 118. Yes.

  In general, when a user requests payment using a credit card, a required item is input using the input screen shown in FIG. That is, on this input screen, input fields such as a credit card number 401, a personal identification code 402, a card expiry date 403, a card type 404, a card issuing bank nationality 405, and an issuing bank name 406 are displayed. When the settlement request button 400 is operated, a settlement request is transmitted to the settlement server. If the data matches the data registered in the settlement server, authentication is performed and settlement is performed. Since these input data are all items written on the credit card, the third party can use it if the actual data is obtained. The same applies when data is stolen by skimming.

  Also, in the following Patent Document 2 (Japanese Patent Laid-Open No. 2000-40064) and Patent Document 3 (Japanese Patent Laid-Open No. 2002-64861), the movement from the position history of the mobile terminal to the point (position) where authentication is requested. An invention of a system for determining whether or not a speed (distance or time difference) is a logical value and performing authentication is disclosed.

  The authentication system disclosed in Patent Document 2 is configured such that an authentication server includes a communication processing unit and an originating ID processing unit. In this system, when the mobile terminal remotely accesses the network, the communication processing unit receives the calling ID transmitted from the mobile terminal and passes it to the calling ID processing unit. The calling ID processing unit makes a request for acquiring the past access history of the mobile terminal to the authentication information storage unit using the calling ID, and when the past access history is given, the calling ID processing unit The moving speed of the mobile terminal is obtained from the current position information of the mobile terminal given from the mobile terminal and the access time.

  Then, if the moving speed does not exceed the moving speed upper limit value in the calling ID processing unit, the access is permitted in the remote access processing unit as a legitimate access. If the moving speed exceeds the moving speed upper limit value, it is determined that the current access is an unauthorized access, and the access is prohibited in the remote access processing unit.

  In addition, the authentication system disclosed in Patent Document 3 stores predetermined registration data about a user in the storage device in association with the past use position and date of the mobile terminal device, and User input data and data of the current position of the mobile terminal device are received, and it is determined whether or not the first authentication condition that the user input data to the mobile terminal device matches predetermined registration data is satisfied and stored in the storage device Second authentication that the distance from the past used position to the current position of the mobile terminal device is a distance that can be moved within the time difference from the past use date and time to the current date and time stored in the storage device Whether or not the condition is satisfied is determined, and at least when the first authentication condition and the second authentication condition are satisfied, the personal authentication is completed.

JP-A-10-198636 (FIG. 5) Japanese Unexamined Patent Publication No. 2000-40064 (FIGS. 2 and 3) JP 2002-64861 A (FIGS. 2 and 4)

  However, the authentication system disclosed in Patent Document 1 uses the location of a terminal used by a user, and uses static position information of the terminal. That is, it is assumed that when a user requests authentication, a terminal such as a user's PHS exists at that point. Therefore, for example, when making a credit card payment at a restaurant in the basement, there is a problem that authentication fails because the current position of the terminal cannot be confirmed unless radio waves from the base station arrive.

  The authentication systems disclosed in Patent Document 2 and Patent Document 3 both calculate the moving speed from the history of the position of the mobile terminal and determine the authentication from its validity. That is, in the authentication system disclosed in Patent Document 2, 200 km / h is set as the upper limit value of the moving speed, and authentication is performed if it is within a range that can be reached at a speed of 200 km / h from the previous position. Yes. However, setting the upper limit speed is extremely difficult when considering the reliability of this authentication method.

  The upper limit of 200 km / h, which is the upper limit of the moving speed exemplified in the authentication system of Patent Document 2, can be inferred that it is probably the result of considering movement by Shinkansen. For example, it is in the basement where radio waves from the base station do not reach While eating and drinking at a restaurant for 1 hour, the area that can be authenticated becomes a circle with a radius of 200 km, and when a regular user is in Tokyo, authentication can be performed throughout the Kanto region. This does not help with security by authentication. On the other hand, if you use an airplane to move, you will not be able to authenticate your credit card during the landing unless you wait for the location information history update after landing (because you are moving faster than the upper limit). . Therefore, it is difficult to implement the service with this method.

  Similar problems also occur in the authentication system disclosed in Patent Document 3. The authentication system disclosed in Patent Document 3 calculates a time difference obtained from position information from a history of the position of a mobile terminal, and determines and authenticates a distance that can be moved within the time difference. Since the movable distance is determined by the moving speed of the mobile terminal, the same problem as in Patent Document 2 occurs here.

  As a result of various studies to solve the above problems, the inventor of the present application acquires position information at a predetermined time interval from a mobile terminal device such as a mobile phone possessed by an authorized credit card or cash card user. When different location information is obtained at the time of the authentication request, it is confirmed whether there is a route that can move between the different locations within the predetermined time interval, and there is a route that can be moved. The present invention has been completed by conceiving that the above-described problems can be solved by authenticating the user.

  That is, the present invention has been made to solve the above-mentioned problems, and it is possible to effectively prevent unauthorized use by using position information acquired from a mobile terminal device such as a mobile phone possessed by a legitimate user. An object is to provide an authentication system using position information, an authentication server, and an authentication method using position information.

In order to solve the above-mentioned problem, the invention according to claim 1 of the present application is
In an authentication system comprising: a service providing server that provides a service; a service request terminal device on a user side that requests the service providing server to provide a service; and an authentication server,
The authentication system further includes a portable terminal device that measures the position information of the user by carrying the user,
The authentication server is a route search that includes traffic network data using road network data used when traveling by foot or by car and timetable of actual transportation used when traveling by train or airplane. Network database, location history storage means for acquiring and storing location information including positioning time from the mobile terminal device, and receiving an authentication request including first location information and user information from the service request terminal device Authentication request storage means for storing the information, and portable terminal position extraction means for specifying the portable terminal apparatus based on the user information and extracting second position information acquired from the corresponding portable terminal apparatus from the position history storage means And the movement path between two points from the point and time of the first position information and the point and time of the second position information, A route search means for searching with reference to a network database for route search, and an authentication means,
The authentication means, the authentication success in the case where the route search means is able to search for a route to the mobile terminal device Ru can actually moved to the identified within the time between two points between said two points, said path If the search is not successful, the authentication result is transmitted to the service providing server as unsuccessful authentication.

  The invention according to claim 2 of the present application is characterized in that, in the authentication system using the position information according to claim 1, the first position information is position information registered in advance in the service request terminal device. To do.

  The invention according to claim 3 of the present application is characterized in that, in the authentication system using the position information according to claim 1, the first position information is current position information input to the service request terminal device. To do.

  The invention according to claim 4 of the present application is the authentication system using the position information according to claim 1, wherein the mobile terminal device is a mobile phone provided with GPS receiving means, and the user information is the user of the mobile phone. It is an identification ID.

The invention according to claim 5 of the present application, in the authentication system using the position information according to claim 1, wherein the authentication server, regardless of the route searching means searches the route search result, the second position when positioning time related information is earlier than a predetermined time than the current time, characterized in that you the authentication with the authentication processing unit unsuccessful.

  The invention according to claim 6 of the present application is the authentication system using the position information according to claim 1, wherein the service providing server is a settlement server that provides a credit card settlement service, or an automatic deposit and deposit service using a cash card It is a server of a financial institution that provides information, or an information providing server that provides a registered member with a data communication service via a network.

The invention according to claim 7 of the present application is
A service providing server that provides a service; a service requesting terminal device on a user side that requests the service providing server to provide a service; a portable terminal device that measures the location information of the user by carrying the user; and authentication And an authentication server that constitutes an authentication system comprising:
The authentication server is a route search that includes traffic network data using road network data used when traveling by foot or by car and timetable of actual transportation used when traveling by train or airplane. Network database, location history storage means for acquiring and storing location information including positioning time from the mobile terminal device, and receiving an authentication request including first location information and user information from the service request terminal device Authentication request storage means for storing the information, and portable terminal position extraction means for specifying the portable terminal apparatus based on the user information and extracting second position information acquired from the corresponding portable terminal apparatus from the position history storage means And the movement path between two points from the point and time of the first position information and the point and time of the second position information, A route search means for searching with reference to a network database for route search, and an authentication means,
The authentication means, the authentication success in the case where the route search means is able to search for a route to the mobile terminal device Ru can actually moved to the identified within the time between two points between said two points, said path If the search is not successful, the authentication result is transmitted to the service providing server as unsuccessful authentication.

  The invention according to claim 8 of the present application is characterized in that, in the authentication server according to claim 7, position information registered in advance in the service request terminal device is received as the first position information.

  The invention according to claim 9 of the present application is characterized in that, in the authentication server according to claim 7, the current position information input to the service request terminal device is received as the first position information.

  The invention according to claim 10 of the present application is the authentication server according to claim 7, wherein the mobile terminal device is a mobile phone provided with GPS receiving means, and receives an identification ID of a user of the mobile phone as the user information. It is characterized by that.

The invention according to claim 11 of the present application is the authentication server according to claim 7, wherein the authentication server has a positioning time related to the second position information regardless of a route search result searched by the route search means. when than the current time is before a predetermined time or more, characterized in that you the authentication with the authentication processing unit unsuccessful.

The invention according to claim 12 of the present application is
A service providing server that provides a service; a service requesting terminal device on a user side that requests the service providing server to provide a service; a portable terminal device that measures the location information of the user by carrying the user; and authentication In an authentication method using location information in an authentication system comprising a server,
The authentication server is a route search that includes traffic network data using road network data used when traveling by foot or by car and timetable of actual transportation used when traveling by train or airplane. Network database, location history storage means for acquiring and storing location information including positioning time from the mobile terminal device, and receiving an authentication request including first location information and user information from the service request terminal device Authentication request storage means for storing the information, and portable terminal position extraction means for specifying the portable terminal apparatus based on the user information and extracting second position information acquired from the corresponding portable terminal apparatus from the position history storage means And the movement path between two points from the point and time of the first position information and the point and time of the second position information, A route search means for searching with reference to a network database for route search, and an authentication means,
If the authentication unit has to explore the path to the route search means Ru move said point-to-point the actually specified portable terminal device within the time between two points, and authentication success, the path failure to explore, characterized by having the authentication step of the authentication unsuccessful, and a transmission step of transmitting the authentication result to the service providing server.

  The invention according to claim 13 of the present application is the authentication method using the location information according to claim 12, wherein the authentication method further uses the location information registered in advance in the service request terminal device as the first location information. As a receiving step.

  The invention according to claim 14 of the present application is the authentication method using the location information according to claim 12, wherein the authentication method further uses the current location information input to the service request terminal device as the first location information. As a receiving step.

  The invention according to claim 15 of the present application is the authentication method using the location information according to claim 12, wherein the mobile terminal device is a mobile phone provided with a GPS receiving means, and the authentication method further includes: It has the step which receives a user's identification ID as said user information.

The invention according to claim 16 of the present application is the authentication method using the position information according to claim 12, wherein the authentication method further includes the second search regardless of a route search result searched by the route search means . when positioning time relating to the position information is before a predetermined time or more than the current time, characterized by having a step wherein you the authentication with the authentication processing unit unsuccessful.

In the invention according to claim 1, the authentication server uses road network data used when moving by foot or by car and timetable of actual transportation used when moving by using a train or an airplane . A route search network database including traffic network data, location history storage means for acquiring and storing location information including positioning time from the portable terminal device, first location information and user from the service request terminal device Authentication request storage means for receiving and storing an authentication request including information; and second position information obtained by identifying the portable terminal apparatus based on the user information and acquired from the corresponding portable terminal apparatus from the position history storage means Mobile terminal position extracting means for extracting the position, the point and time of the first position information, and the point and time of the second position information Route search means for searching for a movement route between two points with reference to the network database for route search, and authentication means, wherein the authentication means is configured such that the route search means makes two points between the two points. If the time the portable terminal device in which the identified within the was to explore the fact Ru move path to successful authentication between, as unsuccessful authentication if it can not search the route to the service providing server Send the authentication result.

According to such a configuration, the location and time of the second location information measured by the mobile terminal device carried by the user, and the location of the first location information when the user requests a service from the service request terminal device The route search means actually searches for the route based on the time and the time, and authenticates whether there is a route using the means of transportation that can move within the time from the second point to the first point. Therefore, the authenticity of authentication at a place (point) where the user should not exist can be improved, and the security lock for the service request by the user can be strengthened.

  For example, as a result of searching an actual route with reference to the route search network database, if a route that can move from the second point to the first point within the time difference is not obtained, the first point It is highly probable that a third party other than the user has made a service request (authentication request), and it can be inferred that a credit card or cash is being used illegally.

  According to a second aspect of the present invention, in the authentication system using the position information according to the first aspect, the first position information is position information registered in advance in the service requesting terminal device. According to a third aspect of the present invention, in the authentication system using the position information according to the first aspect, the first position information is current position information input to the service request terminal device.

  According to such a configuration, the authentication server provides a service from a service request terminal device such as a credit card payment terminal, a cash deposit terminal of a financial institution, or a user computer device on which a user is requesting a data communication service. The first position information when transmitting the request can be easily acquired. As a result, the authentication server searches for the route from the point of the first position information and the time when the user requests the service from the service requesting terminal device, and the route search means actually searches for the first point from the second point. Authentication can be performed based on whether or not there is a route that can move within the time difference.

  According to a fourth aspect of the present invention, in the authentication system using the position information according to the first aspect, the mobile terminal device is a mobile phone provided with GPS receiving means, and the user information is an identification ID of a user of the mobile phone. It is.

  In this way, if a mobile phone is used as a mobile terminal device carried by the user, the normal user always carries his / her mobile phone, and the authentication server uses the user ID of the mobile phone to identify the user's information from the user information. A mobile phone can be easily specified. Further, the authentication server can easily store a location history for each user (each mobile phone).

According to a fifth aspect of the present invention, in the authentication system using the position information according to the first aspect, the authentication server relates to the second position information regardless of a route search result searched by the route search means. If positioning time is earlier than a predetermined time than the current time, the authentication with the authentication unit you unsuccessful.

  According to such a configuration, the time difference between the time of the first position information and the time of the second position information, that is, the acquisition time of the position information (second position information) of the mobile terminal device is the current time. The authentication processing means can determine unauthenticated (authentication unsuccessful) unconditionally before a predetermined time or more. For example, if the location information of the mobile terminal device has not been updated for 24 hours or more, even if a route search is performed, it is possible to move almost all over Japan. (1) For example, when the user has left overseas. (2) Unable to use a mobile terminal (cell phone) due to emergency hospitalization. (3) The mobile terminal device (mobile phone) is lost and the battery is exhausted.・ Assuming the situation such as ・ ・, non-authentication. In this way, authentication is not performed illegally.

  According to a sixth aspect of the present invention, in the authentication system using the location information according to the first aspect, the service providing server provides a payment server that provides a credit card payment service or an automatic deposit and payment service using a cash card. A server of a financial institution or an information providing server that provides a registered member with a data communication service via a network.

  According to such a configuration, it is possible to provide an authentication system using position information to which the present invention is applied as an authentication system for providing a credit card settlement service, an automatic deposit and withdrawal service, and a data communication service. become.

  In the inventions according to claims 7 to 11 of the present application, it is possible to provide an authentication server constituting an authentication system using the position information according to claims 1 to 5, respectively. In the inventions according to the twelfth to sixteenth aspects, it is possible to provide an authentication method in the authentication system using the position information according to the first to fifth aspects.

  Hereinafter, specific examples of the present invention will be described in detail with reference to examples and drawings. However, the embodiment shown below exemplifies an authentication system using position information for embodying the technical idea of the present invention, and specifies the present invention as an authentication system using this position information. However, the present invention is equally applicable to an authentication system using position information of other embodiments included in the scope of claims.

  FIG. 1 is a system configuration diagram showing a configuration of an authentication system 10 using position information according to an embodiment of the present invention. The authentication system 10 includes a portable terminal device 20 that measures the location information of the user when the user carries it, a service providing server 40 that provides a payment service using a credit card, and a service request terminal device installed in a store or the like. 50 and a service request terminal device 60 such as a personal computer that requests a credit settlement via the Internet 12, and an authentication server 30 that performs authentication when a service request is issued from the service request terminal device 50.

  The mobile terminal device 20 is, for example, a mobile phone provided with GPS receiving means, and the user's position is measured by the user always carrying it, and the position information is transmitted to the authentication server 30 at a predetermined cycle. That is, the mobile terminal device 20 receives GPS satellite signals from the plurality of GPS satellites 81 to 83 at a predetermined cycle by the GPS receiving means, measures the current position, and together with the positioning time, the authentication server 30 via the base station 70. Send to. The authentication server stores the position information acquired at predetermined time intervals for each portable terminal device 20 in the position history storage unit.

  When the user makes a service request such as credit settlement from the service request terminal device 50 or 60 to the service providing server 40, the location information (the current location of the user) and the user with the location of the service request terminal device 50 as the first location information Is transmitted to the authentication server 30. The first position information includes information on the time when the position information is measured (the time when the user requested the service).

  The authentication server 30 identifies the location history of the mobile terminal device 20 of the corresponding user from the location information history stored in the location history storage unit based on the user information, and the location information of the mobile terminal device 20 most recently obtained and Extract time information. This position information is the second position information, and the time information indicates the time when the user was located before requesting the service.

  The authentication server 30 determines the second location information based on the first location information (the location where the user requested the service) and the time and the second location information (the location where the user was located immediately before requesting the service) and the time. A route is searched using the actual route search network data, with the point starting at the second time and arriving at the first point at the first time as the route search condition. The route search method is performed by the Dijkstra method adopted in a normal navigation system. Details of this will be described later.

  As a result of the route search, if a route satisfying the above-described route search conditions can be searched, the user moves from the point (second position) immediately before the user requested the service to the point requested by the user (first position). Therefore, it can be determined that the authentication has succeeded, that is, the user has requested the service.

  On the other hand, if a route satisfying the above-described route search condition cannot be searched as a result of the route search, a point (first position) requested by the user from the point (second position) immediately before the user requested the service is obtained. Therefore, it can be determined that the authentication is unsuccessful, that is, a third party who is not the user himself / herself has illegally requested the service.

  Various methods can be adopted to identify the mobile terminal device 20 of the user from the user information. When the mobile terminal device 20 is a mobile phone and the authentication server 30 is operated by a telephone company, the mobile phone of the corresponding user can be specified using the identification ID that the authentication server 30 has. In the case of another mobile terminal device 20, user information and unique identification information of the mobile terminal device can be registered in the authentication server 30, and a method of specifying the user and the mobile terminal device 20 can be adopted.

  FIG. 2 is a schematic diagram for explaining the concept of the above-described authentication (route search). In FIG. 2, a position B is a position where the user has requested a service (first position information), and a time TB is a time when the position information is acquired (time when the service is requested). The position A is the latest position (second position information) extracted from the position history transmitted by the user's mobile terminal device 20 to the authentication server 30, that is, the position located immediately before the position requested by the user. , TA is the time when the position information is acquired.

  The authentication server 30 searches for a route RT that can depart from the position A at the time TA and arrive at the position B at the time TB. As will be described later, the network data for route search used for route search includes road network data used when moving by foot or by car, and traffic network data used when moving by using a train or an aircraft. The actual route using various transportation means including walking, automobile, and public transportation is searched.

  If such a route RT is obtained as a result of the route search, the user who requested the service can leave the position A at the time TA and arrive at the position B at the time TB. Authenticate as the person (authentication successful). If the route RT is not obtained, the user who requested the service cannot leave the position A at the time TA and arrive at the position B at the time TB, and the authentication server 30 determines that the user who requested the service is not the user and authenticates. Unsuccessful. The authentication server 30 transmits this authentication result to the service providing server 40. If the authentication result is successful, the service providing server continues the process in response to the service request from the service requesting terminal device 50 or 60, and rejects the process if the authentication is unsuccessful.

  According to such an authentication method, when a credit card or a cash card is handed over to a third party by a factor such as theft, loss, forgery, etc., and it is going to be used at a position far from the location history of the user, It becomes possible to determine that it is unauthorized use at the time of authentication.

  FIG. 3 is a block diagram illustrating a configuration of the authentication server 30. When the mobile terminal device 20 carried by the user is a mobile phone, the authentication server 30 conveniently holds information on the user and the mobile terminal device (mobile phone) 20 if operated by a communication carrier, but only performs authentication. The authentication server 30 operated in cooperation between the provider to be provided and the service provider may be used. In this case, information about the user and the mobile terminal device (mobile phone) 20 may be registered in the authentication server 30.

  The mobile terminal device 20 is, for example, a mobile phone with a GPS receiver, and a standby application or the like always performs GPS positioning at a predetermined time interval, and takes a history of position information. The GPS positioning cycle in this case does not need to be as frequent as that of the navigation system, and may be about 5 to 15 minutes, and current consumption is also suppressed. The positioning result is transmitted to the authentication server 30 together with the positioning time, and the authentication server is indexed with the identification ID of this cellular phone (for example, called a subscriber ID in a certain telephone company, which is an ID unique to this cellular phone contract). 30 position history storage means. If GPS positioning fails, at that time, it does not transmit or transmits an error. At this time, the authentication server 30 does not update the history of position information. As a result, the authentication server 30 can have a position history for each portable terminal device 20.

  The authentication server 30 includes a control unit 301, a communication unit 31, an authentication unit 32, a portable terminal position extraction unit 33, a position history storage unit 34, a user database 35, an authentication request storage unit 36, a route search unit 37, a map database 38, a route A search network database 39 is provided.

  In the authentication server 30, the control means 301 is a microprocessor having a RAM, a ROM, and a processor (not shown), and controls the operation of each unit by a control program stored in the ROM. The communication means 31 is a communication interface for transmitting / receiving communication data to / from the mobile terminal device 20 via the base station 70.

  The position history storage unit 34 receives position information including position information and positioning time measured by the user's mobile terminal device 20 at predetermined time intervals, and stores the position history for each mobile terminal device 20. The user database 35 is a database that stores user identification IDs, mobile phone numbers, and the like. The authentication request storage means 36 stores an authentication request transmitted from a service request terminal device 50, for example, a credit card payment terminal device of a store. In this authentication request, as described above, the location information of the service request terminal device 50 (the current location information of the user), the first location information and time (the time at which the service request was made), the user information, etc. It is included.

  Since the service providing server 40 is, for example, a credit company server, the service providing server 40 has information on the user who is a member. However, even the user's own mobile phone ID does not have information. Therefore, as the information of the user himself / herself to be transmitted to the authentication server 30, the user himself / herself can be specified by using a mobile email address for contact or a mobile phone number.

  Since the authentication server 30 is, for example, a server of a mobile phone company, it is possible to search for a mobile phone ID from a contact mobile mail address or a mobile phone number. As a result, the authentication server 30 can specify the service request, that is, the mobile terminal device 20 (mobile phone) carried by the user who requested the authentication.

  That is, when a service is requested from the service requesting terminal device 50 and an authentication request is generated, the service providing server 40 sends a mobile email address for contact or a mobile phone number and first location information (FIG. 2: The position B) and the request occurrence time (accurately derived from GPS or the clock of the base station and cannot be changed by the user) are transmitted to the authentication server 30. Then, the authentication server 30 obtains the mobile phone ID from the received contact mobile mail address or mobile phone number, and uses the latest location information of the mobile phone as the second location information from the location history storage means 34. Extract with positioning time.

  The route search means 37 includes first position information and time (position B and time TB in FIG. 2) included in the authentication request, second position information extracted by the mobile terminal position extraction means 33, and time (in FIG. 2). Based on the position A and the time TA), the route search is performed with a condition that the position A can be departed at the time TA and can arrive at the position B at the time TB. Based on the result of the route search, the authentication unit 32 determines that the authentication is successful because the user can move from the position A to the position B if a route satisfying the search condition is found. If the route is not searched, it is determined that authentication is unsuccessful because the user cannot move from position A to position B. Then, the authentication server 30 transmits this authentication result to the service providing server 40 and ends the process.

  Here, a route search method in the authentication server 30 will be described. The route search network database 39 includes road network data used when moving by foot or by car, and traffic network data used when moving using a train or an airplane.

  The road network data is structured as follows. For example, when the road is composed of roads A, B, and C as shown in FIG. 4, the end points, intersections, and bending points of the roads A, B, and C are used as nodes, and the roads connecting the nodes are directed links. Link cost data with node data (node latitude / longitude), link data (link number) and link cost of each link (link distance or time required to travel the link) as data Composed.

  That is, in FIG. 4, Nn (◯ mark) and Nm (◎ mark) indicate nodes, and Nm (◎ mark) indicates a road intersection. Directional links connecting the nodes are indicated by arrow lines (solid line, dotted line, two-dot chain line). As for the links, there are links facing in the upward and downward directions of the road, but in FIG. 4, only the links in the direction of the arrows are shown for the sake of simplicity.

  When route search is performed using such road network data as a route search database, links linked from the starting node to the destination node are traced to accumulate the link cost, thereby minimizing the accumulated link cost. Search and guide the route. That is, in FIG. 4, when the route search is performed with the departure point as the node AX and the destination as the node CY, the road travels from the node AX along the road A, turns right at the second intersection, enters the road C, and reaches the node CY. The link cost is accumulated sequentially, and a route that minimizes the accumulated link cost is searched for and guided.

  Although other routes from the node AX to the node CY are not shown in FIG. 4, there are actually other such routes, so a plurality of routes that can be reached from the node AX to the node CY are displayed. A search is performed in the same manner, and a route with the lowest link cost is determined as the optimum route. This method is performed by, for example, a known method called the Dijkstra method.

  On the other hand, the traffic network data for route search of the transportation system is configured as follows. For example, as shown in FIG. 5, in the case of traffic routes A, B, and C, each station (each airport on an aircraft route) provided on each traffic route A, B, and C is a node, and the nodes are connected. A section is represented by a directional link, and node data (latitude / longitude) and link data (link number) are network data. In FIG. 5, Nn (○ mark) and Nm (◎ mark) indicate nodes, Nm (◎ mark) indicates a transit point (such as a transfer station) on a traffic route, and a directional link connecting each node. It is indicated by an arrow line (solid line, dotted line, two-dot chain line). As for the links, there are links facing in the upward and downward directions of the traffic route, but in FIG. 5, only the links in the direction of the arrows are shown for the sake of simplicity.

  However, the traffic network basically has a different link cost compared to the road network. In other words, in the road network, the link cost is fixed and static, but in the traffic network, as shown in FIG. 5, trains and airplanes (hereinafter referred to as individual trains and airplanes) that operate the traffic route. A plurality of means of transportation). The time of departure from one node and the time of arrival at the next node are determined for each means of transportation (specified by timetable data and operation data), and individual routes do not necessarily link to adjacent nodes. There is a case. This is the case, for example, with express trains and trains that stop at each station. In such a case, a plurality of different links exist on the same traffic route, and the required time between nodes may differ depending on the transportation means.

  In the transportation network illustrated in FIG. 5, a plurality of transportation means (routes) Aa to Ac... Exist on the same link of the transportation route A, and a plurality of transportation means (routes) Ca to Cc. Will do. Therefore, unlike a simple road network, the transportation network of a transportation facility has a data amount proportional to the total number of transportation means (routes such as individual airplanes and trains). For this reason, the data of the traffic network becomes a huge amount of data compared to the data amount of the road network. Accordingly, much time is required for route search accordingly.

  In order to search for a route from a certain departure point to a certain destination using such traffic network data, all the means of transportation that can be used (ride) when arriving from the departure point to the destination are searched. It is necessary to specify the means of transportation that matches the search conditions.

  For example, in FIG. 5, when performing a route search in which the departure point is a node AX of the traffic route A and a specific departure time is designated and the node CY of the traffic route C is the destination, the route operates on the traffic route A. Of the transportation means Aa to Ac..., All transportation means after the departure time are sequentially selected as the departure route. Based on the arrival time at the transit node on the transit route C, among all the transit means Ca to Cc... Operating on the transit route C, all combinations of transit means after the time that can be boarded at the transit node. Can be accumulated and the required time of each route, the number of transfers, etc. can be accumulated and guided.

  The route search means 37 refers to such a route search network database 39, and as described above, the route search means 37 searches for a condition that it can leave the position A at the time TA and arrive at the position B at the time TB. Route search as a condition. Therefore, the searched route is a route searched by contrasting all the movable routes using walking, automobiles, and public transportation. Therefore, if a movable route cannot be searched under this route search condition, it can be determined that the user cannot move from position A to position B.

This will be described with a more specific example as follows. For example,
Location where the authentication request is generated (first position) B: Akihabara Electric Town Store A
Time TB: 14:10
Latest history of location (2nd location) A: Haneda Airport Terminal 1 Lobby
Time TA: 13:40
Suppose that

If this is the condition for route search, the route search for the earliest arrival at Akihabara Electric Town Store A is performed at 13:40 leaving Haneda Airport Terminal 1 Lobby.
as a result,
13:44 Haneda Airport Terminal 1 Tokyo Monorail 14:00 Arrival Hamamatsucho 14:15 Hamamatsucho Keihin Tohoku Line 14:22 Akihabara 14:27 Store A
It is assumed that the following route is obtained.

  Here, since the authentication request is generated at the store A at 14:10, there is no route through which the user can reach the store, and the authentication is unsuccessful. Therefore, the use of a counterfeit credit card or the like can be prohibited. In the conventional methods (methods of Patent Document 2 and Patent Document 3), a range in which the vehicle can move at a moving speed of 200 km / h is recognized. Therefore, the store A easily enters the authentication range and cannot prevent fraud.

  The route search in this case is a route search that refers to the route search network database 39 using a timetable of actual transportation. In such a route search, for example, it is impossible to move by train from the last train to the first power generation vehicle (the same applies to aircraft). Therefore, transportation means other than walking are limited to cars such as taxis, but if the setting is made not to use cars in the settings for each user, night transportation means for route search can be limited, and more Effective authentication can be performed.

  In the example described above, the credit card settlement terminal installed in a store or the like is the service request terminal device 50. In this case, the service request terminal is a terminal such as a credit card reader installed in the store. In this case, the store position is set in advance, and it can be transmitted as position information. In some cases, a general personal computer (PC) is used as the service requesting terminal device 60 and a credit card settlement is requested from the browser. In such a service request terminal device 60, position information is not preset, and it is unspecified which PC is used, so that the user himself / herself inputs the position.

  FIG. 6 is a diagram showing an example of a service request screen displayed on such a service request terminal device 60. The screen shown in FIG. 6 is displayed after the credit card information is input on the input screen shown in FIG. As shown in FIG. 6, a message 501 that prompts the user to input the current position is displayed on the service request screen. The current position is input by inputting the address and postal code of the current location in the input field of the address 502 and the input field of the postal code 503. This input information is transmitted to the authentication server 30 by operating the transmission button 500. The authentication server 30 transmits map data including the point from the map database 38 to the service requesting terminal device 60 based on the transmitted address and postal code.

  A map image (MAP) is displayed in the map image display area based on the map data received from the authentication server 30. The user can enlarge and reduce the displayed map image by operating the enlargement button 505, and can designate the current position on the map. When an address is input, there is no need to input a zip code or display a map, and input can be skipped by operating the jump buttons 506 and 507. By executing such a procedure, the position and time at which the service is requested can be transmitted to the authentication server.

  In the input screen of FIG. 6, the map display area may display the entire map of Japan, or may not display a map at all, or may display a map of an unspecified place using a random number. After that, input the address and postal code to match the approximate position, and then operate the screen to display the current position at the center of the screen. When the position is determined, press the send button 500 to place where you are currently (first (Position: current position) may be transmitted.

  In addition, the time of the authentication request (the time at which the user is located) may be transmitted from the service request terminal device 60 together with the current position, or the service providing server 40 side that is the service request receiving side Alternatively, the authentication server 30 may store the reception time. In the embodiment, the service request terminal device 60 is configured to give the request time.

  Next, an operation procedure in the authentication system 10 according to the embodiment of the present invention will be described. FIG. 7 is a flowchart illustrating a procedure for acquiring position information from the mobile terminal device. The portable terminal device 20 determines whether or not it is the positioning timing in the process of step S101. If it is not the positioning timing, the determination process in step S101 is repeated.

  If it is determined that it is the positioning timing in the determination process of step S101, the GPS receiving means receives a GPS satellite signal in the process of step S102, and calculates the current position in the process of step S103. In the process of step S104, the calculated position information and positioning time are transmitted to the authentication server 30, and the process returns to step S101. When the authentication server 30 receives the position information transmitted from the mobile terminal device 20 of each user, the authentication server 30 stores the position history information in the position history storage unit 34.

  FIG. 8 is a flowchart showing a procedure of authentication processing in the authentication server 30. In the process of step S201, the authentication server 30 receives the location information, the time information, and the user information together with the authentication request from the service request terminal device 50 and stores them in the authentication request storage unit 36. In the process of step S201, the authentication request received by the authentication server 30 may be transmitted from the service request terminal device 50 via the service providing server 40.

  Next, in step S202, the authentication server 30 refers to the user database 35 based on the user information received together with the authentication request, and identifies the mobile terminal device 20 corresponding to the user. In the process of step S203, the mobile terminal position extraction unit 33 extracts the position history information corresponding to the mobile terminal device 20 specified in the process of step S202 from the position history information stored in the position history storage unit 34. To do. The position information extracted at this time is the position information and positioning time information that the mobile terminal device 20 has positioned at the latest time.

  Next, the authentication server 30 determines from the extracted position information and time information whether the position information has been measured more than a predetermined time ago. If it is not measured before the predetermined time or more, the route search means 37, as described above, the first position information, time (position B, time TB in FIG. 2) included in the authentication request, and the mobile terminal position Based on the second position information and time (position A, time TA in FIG. 2) extracted by the extraction means 33, a condition that the position A can be departed at time TA and can arrive at position B at time TB. A route search is performed using as a route search condition.

  If it is determined in the determination process of step S204 that the position information has been measured more than a predetermined time ago, the process proceeds to step S208, and the authentication unit 32 determines that the authentication is unsuccessful. On the other hand, based on the result of the route search in the process of step S205, the authentication unit 32 determines whether or not a route satisfying the above-described route search condition has been searched in the process of step S206, and the route exists (the route exists). If it is found, the authentication is successful. If the route does not exist (no route is searched), the process proceeds to step S208 and authentication is unsuccessful.

  Next, the authentication server 30 transmits the authentication result (whether the authentication is successful or unsuccessful) by the authentication means 32 to the service providing server 40 in the process of step S209 and ends the process. The service providing server 30 receives this authentication result, knows the success or failure of the authentication, and performs processing corresponding thereto. That is, if the authentication is successful, the process requested by the user is executed. If the authentication is unsuccessful, the process requested by the user is not executed, and the process is terminated after notifying the user that the authentication has failed. .

  In the determination process of step S204, the reason for determining whether or not the positioning time of the latest position information extracted for the mobile terminal device 20 is more than a predetermined time is as described above. That is, when the acquisition time of the location information (second location information) of the mobile terminal device is a predetermined time or more before the current time, for example, when the location information of the mobile terminal device has not been updated for 24 hours or more, a route search is performed. This is to lock the authentication in this case (so that it is not authenticated) because it can move almost all over Japan even if it is done.

  In the embodiment described above, an example in which an authentication request is transmitted from the service request terminal device 50 to the authentication server 30 is shown, but the present invention is not limited to this. For example, the authentication request from the service request terminal device 50 may be once transmitted to the service providing server 40, and the authentication request may be transmitted from the service providing server 40 to the authentication server 30.

  As described above, according to the authentication system 10 using the position information according to the present invention, the accuracy of the personal authentication is increased, and as a result, the service providing server 40 such as a credit card company approves or rejects the settlement. And will be able to carry out payment operations safely.

  Mobile phones used as mobile terminal devices that are always carried by users are becoming a trend that enables roaming all over the world in recent years, and if GPS receivers are generally installed and position acquisition is possible, Authentication using location information is also possible, including movement to. On the other hand, it becomes possible to prevent illegal use overseas.

1 is a system configuration diagram showing a configuration of an authentication system 10 according to an embodiment of the present invention. It is a schematic diagram for demonstrating the concept of the authentication using the positional information concerning this invention. It is a block diagram which shows the structure of the authentication server 30 concerning the Example of this invention. It is a schematic diagram for demonstrating the concept of the road network data for a route search. It is a schematic diagram for demonstrating the concept of the traffic network data for the route search using a transportation system. It is a figure which shows an example of the service request screen displayed on service request terminal devices, such as a personal computer. It is a flowchart which shows the procedure which acquires position information from a portable terminal device. It is a flowchart which shows the procedure of the authentication process using the positional information in an authentication server. It is a system block diagram which shows an example of a structure of the conventional authentication system which authenticates at the time of credit card payment. It is a figure which shows an example of the conventional payment request | requirement screen displayed when requesting | requiring credit card payment from a terminal device.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Authentication system 12 ... Internet 20 ... Mobile terminal device 30 ... Authentication server 40 ... Service providing server 50 ... ... Service request terminal device 60 ... Service request terminal device 70 ... Base stations 81-83 ... GPS satellite 301 ... Control means 31 ... Communication means 32... Authentication means 33... Mobile terminal position extraction means 34... Position history storage means 35. Authentication request storage means 37... Route search means 38... Map database 39.

Claims (16)

In an authentication system comprising: a service providing server that provides a service; a service request terminal device on a user side that requests the service providing server to provide a service; and an authentication server,
The authentication system further includes a portable terminal device that measures the position information of the user by carrying the user,
The authentication server is a route search that includes traffic network data using road network data used when traveling by foot or by car and timetable of actual transportation used when traveling by train or airplane. Network database, location history storage means for acquiring and storing location information including positioning time from the mobile terminal device, and receiving an authentication request including first location information and user information from the service request terminal device Authentication request storage means for storing the information, and portable terminal position extraction means for specifying the portable terminal apparatus based on the user information and extracting second position information acquired from the corresponding portable terminal apparatus from the position history storage means And the movement path between two points from the point and time of the first position information and the point and time of the second position information, It comprises a route searching means for searching with reference to the route search network database, authentication means, and
The authentication means, the authentication success in the case where the route search means is able to search for a route to the mobile terminal device Ru can actually moved to the identified within the time between two points between said two points, said path An authentication system using location information, wherein the authentication result is transmitted to the service providing server as unsuccessful authentication when the search cannot be performed.   2. The authentication system using location information according to claim 1, wherein the first location information is location information registered in advance in the service request terminal device.   The authentication system using location information according to claim 1, wherein the first location information is current location information input to the service request terminal device.   The authentication system using location information according to claim 1, wherein the mobile terminal device is a mobile phone provided with a GPS receiving means, and the user information is an identification ID of a user of the mobile phone. The authentication server, the route search unit regardless of the route search result search, when positioning time for said second position information is earlier than a predetermined time than the current time, according to the authentication processing unit authentication system according to claim 1, characterized in that you authentication unsuccessful. The service providing server is a settlement server that provides a credit card settlement service, a server of a financial institution that provides an automatic deposit and withdrawal service using a cash card, or information that provides a registered member with a data communication service via a network. authentication system using location information according to claim 1, characterized in that the providing server. A service providing server that provides a service; a service requesting terminal device on a user side that requests the service providing server to provide a service; a portable terminal device that measures the location information of the user by carrying the user; and authentication And an authentication server that constitutes an authentication system comprising:
The authentication server is a route search that includes traffic network data using road network data used when traveling by foot or by car and timetable of actual transportation used when traveling by train or airplane. Network database, location history storage means for acquiring and storing location information including positioning time from the mobile terminal device, and receiving an authentication request including first location information and user information from the service request terminal device Authentication request storage means for storing the information, and portable terminal position extraction means for specifying the portable terminal apparatus based on the user information and extracting second position information acquired from the corresponding portable terminal apparatus from the position history storage means And the movement path between two points from the point and time of the first position information and the point and time of the second position information, A route search means for searching with reference to a network database for route search, and an authentication means,
The authentication means, the authentication success in the case where the route search means is able to search for a route to the mobile terminal device Ru can actually moved to the identified within the time between two points between said two points, said path An authentication server characterized by transmitting an authentication result to the service providing server as unsuccessful authentication if the search cannot be performed.   8. The authentication server according to claim 7, wherein location information registered in advance in the service request terminal device is received as the first location information.   The authentication server according to claim 7, wherein the current location information input to the service request terminal device is received as the first location information.   The authentication server according to claim 7, wherein the mobile terminal device is a mobile phone including a GPS receiving unit, and receives an identification ID of a user of the mobile phone as the user information. The authentication server, the route search unit regardless of the route search result search, when positioning time for said second position information is earlier than a predetermined time than the current time, according to the authentication processing unit authentication server according to claim 7, characterized in that you authentication unsuccessful. A service providing server that provides a service; a service requesting terminal device on a user side that requests the service providing server to provide a service; a portable terminal device that measures the location information of the user by carrying the user; and authentication In an authentication method using location information in an authentication system comprising a server,
The authentication server is a route search that includes traffic network data using road network data used when traveling by foot or by car and timetable of actual transportation used when traveling by train or airplane. Network database, location history storage means for acquiring and storing location information including positioning time from the mobile terminal device, and receiving an authentication request including first location information and user information from the service request terminal device Authentication request storage means for storing the information, and portable terminal position extraction means for specifying the portable terminal apparatus based on the user information and extracting second position information acquired from the corresponding portable terminal apparatus from the position history storage means And the movement path between two points from the point and time of the first position information and the point and time of the second position information, Comprises a route searching means for searching with reference to the route search network data database, authentication means, and
The authentication means, and authentication success when the route searching means is able to search for a route to the mobile terminal device Ru can actually moved to the identified within the time between two points between said two points, said path An authentication method using position information, comprising: an authentication step in which authentication is unsuccessful if search cannot be performed; and a transmission step in which an authentication result is transmitted to the service providing server.   13. The authentication method using location information according to claim 12, further comprising a step of receiving, as the first location information, location information registered in advance in the service requesting terminal device. .   13. The authentication method using location information according to claim 12, further comprising a step of receiving current location information input to the service requesting terminal device as the first location information. .   The mobile terminal device is a mobile phone provided with GPS receiving means, and the authentication method further includes a step of receiving an identification ID of a user of the mobile phone as the user information. Authentication method using location information. The authentication method further includes: when the positioning time related to the second position information is a predetermined time or more before the current time regardless of the route search result searched by the route search means; authentication method using the positional information according to claim 12, characterized in that it comprises a step you unsuccessful authentication by.

Images