JP4716704B2 - Authentication system and authentication method - Google Patents

Authentication system and authentication method Download PDF

Info

Publication number
JP4716704B2
JP4716704B2 JP2004295822A JP2004295822A JP4716704B2 JP 4716704 B2 JP4716704 B2 JP 4716704B2 JP 2004295822 A JP2004295822 A JP 2004295822A JP 2004295822 A JP2004295822 A JP 2004295822A JP 4716704 B2 JP4716704 B2 JP 4716704B2
Authority
JP
Japan
Prior art keywords
card id
id
service
authentication
terminal device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2004295822A
Other languages
Japanese (ja)
Other versions
JP2006107316A (en
Inventor
邦彦 加地
Original Assignee
Omo株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Omo株式会社 filed Critical Omo株式会社
Priority to JP2004295822A priority Critical patent/JP4716704B2/en
Publication of JP2006107316A publication Critical patent/JP2006107316A/en
Application granted granted Critical
Publication of JP4716704B2 publication Critical patent/JP4716704B2/en
Application status is Expired - Fee Related legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Description

  The present invention relates to an authentication system and an authentication method for authenticating an accessor in a communication network.

  In recent years, various services such as ticket reservation and sales on the Web and various electronic commerce (online trading) such as stock trading have been developed through communication networks such as the Internet. In addition, it is possible to access the communication network by a portable information terminal such as a mobile phone or a PDA (Personal Digital Assistant) and receive the service.

  Thus, in order to receive a service provided from a communication network by a portable information terminal, it is necessary to authenticate a user. As a technique for performing this authentication, for example, there is one disclosed in Patent Document 1.

  In the technology disclosed in Patent Document 1, the user registration is completed in advance by applying to the service provider for registration of personal information that can be received by the user with his / her mobile phone. After that, for example, the user accesses the content server via the Internet by Internet browsing using a mobile phone. By this access, for example, the user can browse the contents for the securities trading service on the display, and can acquire stock price information or trade securities on the display screen.

When providing such a service, the service provider requests the user to input a “user ID” and a “password” for specifying the user. On the other hand, the user inputs his / her “user ID” or the like with a mobile phone, and this input information is transmitted as “user input information” from the mobile phone to the content server via the Internet. The user is authenticated by the sent “User ID”.
JP 2002-77446 A

  However, the technique disclosed in Patent Document 1 described above has a problem that each time a service is provided, the user must perform an operation of inputting and transmitting a user ID, which is complicated.

  In order to improve security, it is preferable to set different IDs and passwords for each service. In this case, however, the user must memorize the ID and password for each service, and the burden on the user is high. May increase.

  Therefore, the present invention has been made in view of the above points, and in the authentication process for receiving a service provided by a portable information terminal such as a mobile phone or a PDA through a communication network such as the Internet, a complicated operation or the like is required. It is an object of the present invention to provide an authentication system and an authentication method that can effectively improve security while reducing the burden on the system.

In order to solve the above problems, the present invention provides an IC tag having an IC chip, a memory and a communication interface, a mobile terminal device having a data communication function and a memory for transmitting and receiving data to and from a communication network, and communication. A plurality of service providing servers arranged on the network and providing services through the communication network, and using a mobile terminal device , an authentication server arranged on the communication network authenticates an accessor to the service providing server. .

Specifically, the card ID for specifying the IC tag is stored in the memory of the IC tag, the terminal ID for specifying the mobile terminal device is stored in the memory of the mobile terminal device, and the user database of the authentication server is stored . A user ID that identifies the accessor is registered in association with a unique card ID and terminal ID for each service, and a rewrite password that is an identifier independent of the card ID is assigned to each user ID by user operation. The card ID read out from the IC tag and read out when executing authentication against the communication network by the reader function that reads the data from the IC tag memory in the mobile terminal device in association and registration And the terminal ID of its own device are sent to the authentication server through the data communication function and authenticated using the card ID and the terminal ID. . At this time, the card ID registered in the user database is updated each time the service is used, and stored in the memory of the IC tag through the writer function provided in the portable terminal device that writes data to the IC tag. Rewrite the updated card ID with the updated new card ID. In the authentication server, authentication is performed using the card ID associated with the service related to the access request, and when the authentication is normally performed, access to the service providing server that provides the permitted service is performed. While permitting, the card ID associated with the service is updated for each service. In addition, when a card ID is not acquired at the time of an access request, a rewrite password is acquired from the user, the acquired rewrite password is replaced with the card ID, authentication is performed, and the card ID is not yet stored. Write the newly issued card ID in the tag memory. In the present invention, the communication interface provided in the IC tag includes an interface for non-contact communication by wireless or the like, and contact (wired) communication by a cable, an adapter means or the like.

  According to the present invention, authentication is performed using two types of IDs, a card ID and a terminal ID, so that security can be ensured, and the two types of IDs can be separated into independent IC tags (such as RFID tags). Since it is stored in the mobile terminal device, even if either the IC tag or the mobile terminal device is lost or stolen, the ID can be prevented from being stolen by a third party. In the present invention, the memory is a storage device having a function of holding information, and may be, for example, a built-in CPU or a separate one from the CPU.

  Further, since the card ID is automatically read and transmitted by the reader function of the portable terminal device during the authentication process, it is not necessary for the user to separately input an authentication identifier such as a password.

Also, in the present invention, every time a service is provided, or by a user's arbitrary operation or periodically, the card ID stored in the user database and the IC tag is updated. Even if the card ID is stolen, access by a malicious third party can be prohibited, and damage caused by ID theft can be minimized.

Further, in the present invention, by setting a card ID for each service, security management for each service becomes possible, and diversity of ID management can be achieved.

In addition, in the present invention, when a card or a terminal is lost, it is easy to use a reissued card that has not been given a card ID or a terminal that has been newly purchased and has not yet been given a terminal ID. In addition, the authentication service by the authentication server can be continuously used. In this case, the detection that the card ID or the terminal ID is not acquired may be executed on the server side or may be executed on the terminal side.

  In the above invention, in the portable terminal device, information acquired in the service accessed most recently is stored in a cache unit, and a communication establishment detecting unit determines whether or not communication between the portable terminal device and the authentication server is established When the communication is not established and the communication is not established, the information stored in the cache unit may be output.

  In this case, for example, even in a communication environment where radio waves do not reach, the latest information (for example, a service providing page displayed in HTML or other data format) can be browsed, and communication is established. At this point, the authentication process is forcibly executed, so that security can be ensured.

  As described above, according to the present invention, a burden on a user such as a complicated operation in an authentication process for receiving a service provided by a portable information terminal such as a mobile phone, a PDA, or a personal computer through a communication network such as the Internet. It is possible to effectively improve security while mitigating the problem.

[First Embodiment]
A first embodiment of the present invention will be described with reference to the drawings.

(System configuration)
FIG. 1 is an explanatory diagram showing a schematic configuration of an authentication system according to the present embodiment. As shown in the figure, the authentication system according to the present embodiment includes an IC card 1, a portable terminal device 2 that can be connected to an IP network 3 such as the Internet, and an authentication server 4 arranged on the IP network. ing. Further, on the IP network 3, a service providing server group 5 (5a to 5c) that provides a service through the IP network 3 is arranged.

  The IP network 3 is a distributed type constructed by mutually connecting various communication lines (public lines such as telephone lines, ISDN lines, ADSL lines, private lines, wireless communication networks) using the communication protocol TCP / IP. It is a communication network, and this IP network includes LANs such as 10BASE-T and 100BASE-TX intranets (enterprise networks) and home networks.

  The IC card 1 is a card that incorporates an IC tag including an IC chip, a memory, and a non-contact communication interface, and a card ID that identifies the IC tag is stored in the memory of the IC tag. The non-contact communication interface according to the present embodiment is a so-called RF tag based on RFID technology that transmits a card ID as a radio wave signal, includes a metal antenna for transmitting and receiving radio waves, and has a built-in power source such as a battery. An electromagnetic wave induction system that actively transmits an information signal from an RF tag, and an electromagnetic wave induction system that outputs an electromagnetic wave from an antenna on the other side to be communicated and transmits an information signal by a current induced according to the output of the electromagnetic wave There is.

  In the present embodiment, a card type is adopted as a form of the IC tag, but the present invention is not limited to this, and an IC tag that stores a card ID and can transmit and receive the card ID by non-contact communication is used. As long as it is built-in, various forms can be adopted. In this embodiment, non-contact communication by wireless or the like is adopted as a communication interface provided in the IC tag. However, an interface for contact (wired) communication by a cable, an adapter unit, or the like may be used.

  The mobile terminal device 2 is a device having a data communication function and memory for transmitting / receiving data to / from a communication network, and can take the form of, for example, a mobile phone 2a, a PDA (Personal Digital Assistant) 2b, or the like.

  Specifically, as shown in FIG. 2, the portable terminal device 2 includes a communication unit 21 as a data communication function, a display unit 22 such as a liquid crystal display, an operation unit 23 such as a button key and a jog dial, a memory 24, a service determination unit 63 that determines a service related to access or card ID update, an ID management unit 26 that manages a card ID in the IC card 1, a non-contact type reader / writer 27 that is a reader / writer function, And a control unit 28 such as a CPU for controlling the operations of these units.

  The service determination unit 25 determines the service that the mobile terminal device 2 is currently accessing (or tries to access) and the service that the card ID update unit 6 is to be rewritten based on the URL or other identifier, This module notifies the ID management unit 26 of the determination result.

  The ID management unit 26 stores the address on the memory of each card ID stored in the IC card 1 in association with the type of service. When a service is specified by the service determination unit 25, the ID is specified. In order to access the card ID corresponding to the service, the reader / writer 27 is operated to read and rewrite the target card ID.

  In addition, the mobile terminal device 2 includes a means for displaying information such as a browser function, for example, and displays information on the IP network 3 (for example, a web page in HTML, data displayed in other data formats). It can be browsed by the unit 22 and various procedures can be performed by a user operation by the operation unit 23. That is, the function of displaying information on the IP network 3 is realized by executing application software for browsing a Web page such as browser software, and an HTML (HyperText Markup Language) file from the IP network 3. Download image files, image files, music files, etc., analyze and display / play layouts, send data to web servers using a submission form, C ++, JavaScript (registered trademark), Flash, and Java It is also possible to operate application software described in (registered trademark) or the like.

  The memory 24 of the mobile terminal device 2 stores a terminal ID that identifies the mobile terminal device 2. The terminal ID may be, for example, a telephone number assigned to a mobile phone or an IP address assigned to a wireless communication adapter.

  The reader / writer 27 is a device that reads / writes data from / to the memory of the IC card 1 by non-contact communication. Read the ID. The read card ID is sent to the authentication server 4 through the communication unit 21 together with its own terminal ID.

The authentication server 4 is a computer that verifies the legitimacy of an accessor (whether access right or the like) or software having the function. In this embodiment, the user ID, card ID, and terminal ID that identify the accessor Are registered in association with each other. The user database 41 stores table data as shown in Table 1, and obtains a combination of a card ID and a terminal ID according to a user's access, collates the user ID, and gives the access right to the accessor. It is confirmed whether or not the accessor is the person himself / herself. By confirming the accessor by such authentication processing, it is possible to identify the user and provide different services for each user.

  That is, in this embodiment, in the user database 41, a unique card ID is associated with each service provided by each of the service providing servers 5a to 5c, and the authentication server 4 uses the card ID associated with the service related to the access request. When authentication is performed normally, access to the service providing servers 5a to 5c that provide the permitted service is permitted.

  In addition, on the IP network 3, the card ID registered in the user database 41 is updated, and the card ID stored in the memory of the IC tag 1 through the reader / writer function of the portable terminal device 2 is updated with the updated new card. A card ID update unit 6 for rewriting the ID is arranged. Each time the user accesses a specific service, the card ID update unit 6 updates the card ID associated with the service.

  Specifically, as shown in FIG. 3, the card ID updating unit 6 includes a communication unit 61 that transmits and receives data to and from the IP network 3, an ID issuing unit 62 that issues a card ID for each service, and a card ID. The service determination unit 63 that acquires the service to be issued from the authentication server 4 and the card ID issued by the ID issuing unit 62 and the service determined by the service determination unit 63 are stored in the user database 41 in association with each other. The database management unit 64 rewrites the card ID record of the table data, and the control unit 65 that controls the operation of each unit.

(Authentication method)
By operating the authentication system having the above configuration, the authentication method of the present invention can be implemented. FIG. 4 is a sequence diagram showing the operation of the authentication system according to the present embodiment.

  First, a URL or the like is specified by a user operation on the mobile terminal device 2, a service to be provided is specified, and access is started by data communication (S101).

  At the time of access, the card reader provided in the portable terminal device 2 reads the card ID related to the service to be provided from the IC card 1 (S102) and calls the terminal ID of the own device (S103) to read The card ID and its own terminal ID are transmitted to the authentication server 4 through the data communication function (S104).

  Then, the authentication server 4 collates the user database 41 based on the card ID and the terminal ID, and authenticates the user ID of the accessor (S105). If it is determined in step S105 that the accessing person is not a legitimate user, the access is denied and a notification to that effect is given (S107).

  If it is determined in step S105 that the accessor is a legitimate user and has the right to receive a service related to the access request, the card ID update unit 6 is requested to update the card ID and authentication is performed. The access to the service providing server related to the service is permitted, and the service provision is started (S108 and S109).

  In step S108, the card ID update unit 6 updates the card ID registered in the user database 41, and the card ID stored in the memory of the IC card 1 through the reader / writer function of the mobile terminal device 2, The updated new card ID is rewritten (S110). In the card ID update, the card ID associated with the service is updated for each service.

(Action / Effect)
According to the authentication system and the authentication method according to the present embodiment described above, the authentication server 4 performs authentication using two types of IDs, that is, a card ID and a terminal ID, so that security can be ensured. In addition, since two types of IDs are stored in the IC card 1 and the portable terminal device 2 which are separately independent, if either the IC card 1 or the portable terminal device 2 is lost or stolen, the ID is further Even if the information is counterfeited, it is possible to prevent the ID from being stolen by a third party.

  Further, since the card ID is automatically read and transmitted from the reader / writer 27 of the portable terminal device during the authentication process, it is not necessary for the user to separately input an authentication identifier such as a password.

  As a result, according to the present embodiment, effective security can be achieved while reducing the burden on the user such as complicated operations during the authentication process for receiving services provided by the mobile phone 2a, the PDA 2b, etc. via the IP network 3. Can be improved.

  Furthermore, in this embodiment, every time the user uses the service, the card ID registered in the user database 41 is updated, and the card ID stored in the memory of the IC card 1 through the reader / writer 27 of the mobile terminal device 2 is updated. Is rewritten with a new updated card ID, so even if a malicious third party steals the card ID from the IC card 1, access to the malicious third party can be prohibited. The damage caused by can be kept to a minimum.

  Further, in this embodiment, by performing authentication for each service using the card ID associated with the service related to the access request, security management for each service can be performed, and diversity of ID management can be achieved. .

[Second Embodiment]
Next, a second embodiment of the present invention will be described with reference to the drawings. In the above-described first embodiment, the authentication server 4 integrally authenticates the accessor, and the access to the service providing servers 5a to 5c is permitted for the service that has been successfully authenticated. The embodiment is characterized in that each service providing server corresponds to access authentication unique to each service providing server.

  More specifically, in the first embodiment described above, access authentication is performed only in the authentication server 4, connection of a normally authenticated accessor to the service providing server is permitted, and authentication on the service providing server side is not performed. . However, in the case of making a partnership with a service providing server that already has a unique authentication system, a mechanism for connecting to the existing authentication system on the service providing server side is required.

  In this embodiment, in order to respond to such a request, the user database 41 side holds authentication information (user ID and password unique to the service providing server) and form data for connection to the existing authentication system of the service providing server. After the authentication using the card ID and the terminal ID in the first embodiment is performed by the authentication server 4, the authentication information for connection and the form data are used to omit the input operation by the user, and to the existing authentication system. Connect.

  Specifically, the table data associated by the relationship as shown in FIG. That is, among the table data shown in Table 1, the user ID (for the authentication server 4), the terminal ID and the card ID are stored as basic authentication information in the table T1, and the user ID (or record number) of this table T1 is the main data. The service authentication information table T2 and the access history table T3 are associated as keys.

  As shown in the figure, the service authentication information table T2 includes, for each service ID for identifying a service, address information such as a URL or an IP address that is an access destination of each service, a service-specific user ID and password. Associated. The user ID, password, etc. are registered by user operation. The table T2 is associated with form information D1 for linking to the authentication page of each service, and stores form data such as HTML for connecting to each service providing server. In the present embodiment, the data stored in the table T2 is registered by a user operation. However, for example, information already registered may be acquired in cooperation with each service providing server side.

  Then, after performing authentication using the card ID and terminal ID as described above, the authentication server 4 collates the authentication information table T2 with the user ID of the user who has been authenticated as the primary key, and tries to access it. The user ID and password unique to each service providing server are acquired from the service ID of the service being used, and these IDs and passwords are embedded in the form information D1 and transmitted to the service providing server, and automatically for the existing authentication system. An authentication process is executed to connect the user terminal 1 and the service providing server.

  The form information D1 is used when the transmission method for the service providing server is in the “POST” format. For example, when the transmission method for the service providing server is in the “GET” format, Embed password (including tag name setting) and execute access.

  According to the present embodiment, the user performs the authentication process using the card ID and the terminal ID described in the first embodiment and selects the service that the user desires to access. It is possible to perform access while omitting the operation for the authentication process unique to each service providing server while maintaining the service.

  In the first embodiment, the card ID is set for each service and the process of periodically rewriting the card ID is executed. However, in this embodiment, an ID and a password unique to each service providing server are used. Therefore, a single card ID may be used.

[Third Embodiment]
Next, a third embodiment of the present invention will be described with reference to the drawings. The present embodiment is characterized in that a cache function for temporarily storing information is added to the mobile terminal device 2 in the first embodiment described above. Specifically, as shown in FIG. 6, the area of the page cache unit 241 is secured in the memory 24, and the function of the communication establishment detection unit 281 is added to the control unit 28.

  The page cache unit 241 is an area for storing, for each service, the most recent page data (information data including HTML and other file types) acquired and browsed when authentication is properly established and service is provided. The page data stored in the page cache unit 241 is read in response to a request from the control unit 28 and displayed on the display unit 22.

  The communication establishment detection unit 281 is a module that detects whether or not communication is established when a user performs an access operation to receive provision of a service. When the communication is established according to the detection result of the communication establishment detection unit 281, the control unit 28 uses the card ID and the terminal ID in the same manner as in the first embodiment described above. If the communication is not established, the most recent page stored in the page cache unit 241 is the page of the service that is about to be provided without executing the authentication process or the like through the communication. Is displayed.

  According to this embodiment, for example, even in a communication environment where radio waves do not reach, the latest service provision page can be browsed, and when communication is established, authentication processing is forcibly performed. Because it executes, security can be ensured.

[Fourth Embodiment]
Next, a fourth embodiment of the present invention will be described with reference to the drawings. The present embodiment is characterized in that a rewrite password is introduced into the system in the first embodiment described above. Specifically, as shown in FIG. 7A, a field describing a rewrite password is added to the table T1 stored in the user database 41. The rewrite password is authentication information used when rewriting the terminal ID and card ID registered in the table T1, and is permanently registered in association with the user ID.

  Specifically, in the first embodiment described above, since the card ID is periodically rewritten by the card ID update unit 6, the user cannot know the current card ID. For this reason, for example, if the card 1 is lost, the service cannot be provided. In this embodiment, in such a case, the rewrite password is transmitted to the authentication server 4 by manual input by a user operation, and the rewrite password is replaced with the card ID to perform an authentication process.

  Furthermore, in this embodiment, as shown in FIG. 5B, the card detection unit 29 is provided in the mobile terminal device 2, and after losing the card (blank card) for which the card ID has not been stored yet is After being issued, you can continue to receive authentication services by this system.

  The card detection unit 29 is a module that detects that the recognized card is a blank card and notifies the control unit 28 when the blank card is recognized by the reader / writer 27.

  When the card detection unit 29 detects that the card is a blank card, the control unit 28 does not execute the authentication process using the card ID and the terminal ID described above, and inputs the rewrite password to the user. Request. When the rewrite password is input, the control unit 28 transmits the rewrite password and the terminal ID to the authentication server 4, thereby performing authentication processing.

  Upon receiving the rewrite password, the authentication server 4 returns a card ID already registered in the table T1 or a newly issued card ID to the terminal 2, and the terminal 2 receives the card received by the reader / writer 27. Write the ID on a blank card.

  According to this embodiment, when the card is lost, the authentication service by the authentication server 4 can be easily used continuously by using the reissued card.

  In the present embodiment, the blank card is detected on the mobile terminal device 2 side, but the present invention is not limited to this, and may be performed on the authentication server 4 side. Specifically, the following procedure is followed.

  When the user authenticates the authentication server 4 with a blank card, the authentication server 4 requests the mobile terminal device 2 to transmit a card ID. In this case, since the card is a blank card, the mobile terminal device 2 cannot transmit the card ID. When the authentication server 4 does not receive the card ID for a certain period of time, the authentication server 4 executes a process for requesting the input of the rewrite password, and the rewrite password is input. And write.

  In this case, it is possible to guide the user to input the rewrite password from the authentication server 4 side, and even if the user has no knowledge of the special operation of card reissue, the service continuation procedure is easily performed. be able to.

  In this embodiment, the case where the card is lost has been described as an example. However, the present invention can also be applied to the case where the terminal is lost. That is, there is either a terminal ID or a card ID, and by using this and the rewrite password, the service is continuously used while maintaining security.

[Example of change]
In each of the embodiments described above, a method of rewriting a card ID by non-contact communication is adopted. However, the present invention is not limited to this, and for example, a portable terminal device by a contact type method such as a USB memory or the like. The card ID may be read and written.

  In the above embodiment, the card ID is rewritten every access, but may be once every several times, for example. In this case, the service provider manages the number of accesses since the last card ID rewrite. Thereby, the load on the database can be reduced.

  Furthermore, in the above-described embodiment, the read / write function for reading and writing the card ID is provided in the mobile terminal device. However, only the read function may be provided so as to read only the card ID. In this case, it is preferable to add means for improving security such as encryption of the card ID.

  In the above-described first to fourth embodiments, each function has been described for each embodiment. However, these functions are not limited to being provided alone, and a system is configured by appropriately combining each function. Can do.

  Further, in each of the above embodiments, the card ID is read from the card reader and the authentication process is performed using the terminal ID and the card ID. However, instead of the card reader, a fingerprint recognition function is provided in the portable terminal device, and the fingerprint is stored in the card. You may make it perform an authentication process as ID. In this case, since the fingerprint is unchanged and it is difficult to forge, a function corresponding to the rewriting of the card ID becomes unnecessary.

It is explanatory drawing which shows schematic structure of the authentication system which concerns on 1st Embodiment. It is a block diagram which shows the internal structure of the portable terminal device which concerns on 1st Embodiment. It is a block diagram which shows the internal structure of the card ID update part which concerns on 1st Embodiment. It is a sequence diagram which shows operation | movement of the authentication system which concerns on embodiment. It is explanatory drawing which shows the table data of the authentication system which concerns on 2nd Embodiment. It is a block diagram which shows the internal structure of the portable terminal device which concerns on 3rd Embodiment. (A) is explanatory drawing which shows the table data of the authentication system which concerns on 4th Embodiment, (b) is a block diagram which shows the internal structure of a portable terminal device.

Explanation of symbols

D1 Form information T1 to T3 Table data 1 IC card 2 Mobile terminal device 2a Mobile phone 2b PDA
DESCRIPTION OF SYMBOLS 3 ... IP network 4 ... Authentication server 5 ... Service provision server group 5a-5c ... Service provision server 6 ... Card ID update part 21 ... Communication part 22 ... Display part 23 ... Operation part 24 ... Memory 25 ... Service determination part 26 ... ID Management unit 27 ... Reader / writer 28 ... Control unit 29 ... Card detection unit 41 ... User database 61 ... Communication unit 62 ... ID issuing unit 63 ... Service determination unit 64 ... Database management unit 65 ... Control unit 241 ... Page cache unit 281 ... Communication Established detector

Claims (4)

  1. IC tag with IC chip, memory and communication interface;
    A portable terminal device having a data communication function and a memory for transmitting and receiving data to and from a communication network;
    A plurality of service providing servers arranged on the communication network and providing services through the communication network;
    An authentication system that uses the mobile terminal device to authenticate an accessor to the service providing server by an authentication server arranged on the communication network,
    The memory of the IC tag stores a card ID that identifies the IC tag,
    The memory of the mobile terminal device stores a terminal ID that identifies the mobile terminal device,
    The portable terminal device
    A reader function for reading data from the memory of the IC tag ;
    A writer function for writing data to the memory of the IC tag ;
    When executing authentication for the communication network, the reader function reads the card ID from the IC tag, and the read card ID and the terminal ID of the own device are transmitted through the data communication function. With a function to send to the authentication server ,
    The authentication server associates and registers a user ID for identifying the accessor, the card ID and the terminal ID unique to each service, and is an identifier independent of the card ID by a user operation. It has a user database that registers rewrite passwords associated with each user ID,
    In the communication network, the card ID registered in the user database is updated every time the service is used, and through the writer function of the mobile terminal device, the card ID stored in the memory of the IC tag, A card ID update unit that rewrites the updated new card ID is arranged,
    The authentication server is
    Authentication is performed using the card ID associated with the service related to the access request, and when the authentication is normally performed, access to the service providing server that provides the permitted service is permitted, and the card For each service, the ID update unit updates the card ID associated with the service,
    In the case of an access request, if the card ID is not acquired, the rewrite password is acquired from the user, the acquired rewrite password is replaced with the card ID, authentication is performed, and the card ID update unit An authentication system in which a newly issued card ID is written in the memory of an IC tag .
  2. The portable terminal device
    A cache unit that accumulates information acquired in the service accessed most recently;
    A communication establishment detection unit for detecting whether communication between the mobile terminal device and the authentication server is established, and for outputting information stored in the cache unit when communication is not established; The authentication system according to claim 1, further comprising:
  3. IC tag with IC chip, memory and communication interface;
    A portable terminal device having a data communication function and a memory for transmitting and receiving data to and from a communication network;
    A plurality of service providing servers arranged on the communication network and providing services through the communication network;
    An authentication method for authenticating an accessor to the service providing server by an authentication server arranged on the communication network using the mobile terminal device ,
    Storing a card ID for identifying the IC tag in the memory of the IC tag, and storing a terminal ID for identifying the portable terminal device in the memory of the portable terminal device;
    In the user database of the authentication server, a user ID that identifies the accessor is registered in association with the card ID and the terminal ID that are unique for each service, and the card ID is a rewrite that is an independent identifier. (2) registering the password for the user in association with each user ID by user operation;
    ( 3 ) reading the card ID from the IC tag when performing authentication for the communication network by a reader function for reading data from the memory of the IC tag in the portable terminal device; ,
    Sending the read card ID and its own terminal ID to the authentication server through the data communication function, and authenticating using the card ID and terminal ID ( 4 ) ;
    The card ID registered in the user database is updated each time the service is used, and the data is written into the IC tag through the writer function provided in the portable terminal device, and the IC tag memory Rewriting the stored card ID with the updated new card ID (5),
    In step (4), in the authentication server, authentication is performed using the card ID associated with the service related to the access request, and if authentication is performed normally, a service providing an authorized service is provided. In addition to permitting access to the server, in step (5), for each service, the card ID associated with the service is updated,
    In the step (4), if the card ID is not acquired at the time of the access request, the rewrite password is acquired from the user, the acquired rewrite password is replaced with the card ID, and authentication is performed. An authentication method characterized in that, in step (5), a newly issued card ID is written in a memory of an IC tag for which a card ID has not yet been stored .
  4. In the mobile terminal device, the information acquired in the service accessed most recently is stored in the cache unit,
    In the step (3), the communication establishment detection unit detects whether or not communication between the portable terminal device and the authentication server is established. If communication is not established, the communication is stored in the cache unit. The authentication method according to claim 3 , further comprising: outputting the processed information.
JP2004295822A 2004-10-08 2004-10-08 Authentication system and authentication method Expired - Fee Related JP4716704B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2004295822A JP4716704B2 (en) 2004-10-08 2004-10-08 Authentication system and authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2004295822A JP4716704B2 (en) 2004-10-08 2004-10-08 Authentication system and authentication method

Publications (2)

Publication Number Publication Date
JP2006107316A JP2006107316A (en) 2006-04-20
JP4716704B2 true JP4716704B2 (en) 2011-07-06

Family

ID=36376958

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2004295822A Expired - Fee Related JP4716704B2 (en) 2004-10-08 2004-10-08 Authentication system and authentication method

Country Status (1)

Country Link
JP (1) JP4716704B2 (en)

Families Citing this family (22)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4506747B2 (en) * 2006-06-21 2010-07-21 株式会社エイチ・エム・アイ Computer authentication system
GB2446199A (en) 2006-12-01 2008-08-06 David Irvine Secure, decentralised and anonymous peer-to-peer network
JP4943143B2 (en) * 2006-12-29 2012-05-30 セコム株式会社 authentication system
JP2008244518A (en) 2007-03-23 2008-10-09 Ricoh Co Ltd Image forming apparatus management system, image forming apparatus, management device, terminal device, image forming apparatus managing method, and image forming program
JP5398997B2 (en) * 2008-04-14 2014-01-29 日本電信電話株式会社 Accounting information management system and accounting information management method
EP2134114A1 (en) * 2008-06-10 2009-12-16 Alcatel, Lucent Method for providing to an end device access to a service, to an end device and to a mobile terminal realizing such a method
JP2010198333A (en) * 2009-02-25 2010-09-09 Nec Corp Service provision system, information reading apparatus, method of providing service, method of transmitting user information, and program
JP5369930B2 (en) * 2009-06-25 2013-12-18 カシオ計算機株式会社 Mobile terminal management system, management apparatus and program
JP5534186B2 (en) * 2010-03-31 2014-06-25 大日本印刷株式会社 Information processing system, information processing server, information processing method, information processing program, etc.
JP5521764B2 (en) * 2010-05-19 2014-06-18 株式会社リコー Information processing apparatus, authentication system, authentication method, authentication program, and recording medium
JP5630101B2 (en) * 2010-06-29 2014-11-26 キヤノンマーケティングジャパン株式会社 Information processing system, image forming apparatus, authentication server, processing method thereof, and program
US9408066B2 (en) 2010-12-06 2016-08-02 Gemalto Inc. Method for transferring securely the subscription information and user data from a first terminal to a second terminal
EP2461613A1 (en) 2010-12-06 2012-06-06 Gemalto SA Methods and system for handling UICC data
JP5845802B2 (en) * 2011-10-20 2016-01-20 ソニー株式会社 Information processing apparatus, communication system, control method for information processing apparatus, and program
JP5440631B2 (en) * 2012-03-12 2014-03-12 株式会社リコー Information processing apparatus, authentication method, program, and authentication system
JP5869953B2 (en) * 2012-05-11 2016-02-24 株式会社日立製作所 Information terminal
JP2014032683A (en) * 2013-09-17 2014-02-20 Casio Comput Co Ltd Management device, portable terminal, and program
KR101675549B1 (en) * 2013-12-19 2016-11-11 주식회사 코스터 System for electronic certification using complex certification and Method of electronic certification the same
JP2015194836A (en) * 2014-03-31 2015-11-05 フェリカネットワークス株式会社 Information processing method, information processing device, authentication server device, and confirmation server device
JP6166212B2 (en) * 2014-03-31 2017-07-19 Kddi株式会社 Communication terminal, membership card and authentication system
JP6310562B2 (en) * 2014-08-19 2018-04-11 Jr東日本メカトロニクス株式会社 System, storage medium processing apparatus, electronic money account registration method, digital ticket account registration method, and program
JP6573854B2 (en) * 2016-08-22 2019-09-11 株式会社リコー System and method

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09198351A (en) * 1996-01-17 1997-07-31 Matsushita Electric Ind Co Ltd User authentication device
JPH1125051A (en) * 1997-07-09 1999-01-29 Hitachi Ltd Information system
JP2000187644A (en) * 1997-09-17 2000-07-04 Nippon Shinpan Co Ltd System for preventing illegal communication
JP2002082917A (en) * 2000-07-04 2002-03-22 Sony Computer Entertainment Inc Contents distribution method, contents distribution server, and client terminal in contents distribution infrastructure

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH09198351A (en) * 1996-01-17 1997-07-31 Matsushita Electric Ind Co Ltd User authentication device
JPH1125051A (en) * 1997-07-09 1999-01-29 Hitachi Ltd Information system
JP2000187644A (en) * 1997-09-17 2000-07-04 Nippon Shinpan Co Ltd System for preventing illegal communication
JP2002082917A (en) * 2000-07-04 2002-03-22 Sony Computer Entertainment Inc Contents distribution method, contents distribution server, and client terminal in contents distribution infrastructure

Also Published As

Publication number Publication date
JP2006107316A (en) 2006-04-20

Similar Documents

Publication Publication Date Title
US8402518B2 (en) Secure management of authentication information
JP3569122B2 (en) Session management system, the service providing server, the session management server, a session management method, and a recording medium
US7103912B2 (en) User authorization management system using a meta-password and method for same
US7392226B1 (en) Electronic ticket, electronic wallet, and information terminal
US6792464B2 (en) System for automatic connection to a network
US20180205719A1 (en) Managing Authorized Execution Of Code
US7016875B1 (en) Single sign-on for access to a central data repository
EP1015985B1 (en) Method and apparatus for providing physical security for a user account and providing access to the user's environment and preferences
US20020194139A1 (en) Smart memory card wallet
US20070162385A1 (en) Relay server, relaying method and payment system
US7016877B1 (en) Consumer-controlled limited and constrained access to a centrally stored information account
JP4782986B2 (en) Single sign-on on the Internet using public key cryptography
US20040030934A1 (en) User selectable authentication interface and universal password oracle
JP5279379B2 (en) Authentication system and authentication method
JP2011510387A (en) How to read attributes from ID token
JP4413774B2 (en) User authentication method and system using e-mail address and hardware information
US20080301444A1 (en) Apparatus and Method for Providing Personal Information Sharing Service Using Signed Callback Url Message
EP1461718A1 (en) Distributed network identity
US20030191721A1 (en) System and method of associating communication devices to secure a commercial transaction over a network
EP1955252A1 (en) Human factors authentication
KR20050005786A (en) Device registration system, device registration server, device registration method, device registration program, storage medium, and terminal device
CN1458602A (en) Information processing system based on marking symbol
JPWO2007110951A1 (en) User confirmation apparatus, method and program
WO2005059728A1 (en) An internet protocol compatible access authentication system
US20010054111A1 (en) Wireless information service system using bar code and method therefor

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20071003

A711 Notification of change in applicant

Free format text: JAPANESE INTERMEDIATE CODE: A711

Effective date: 20100427

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A821

Effective date: 20100427

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20101104

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20101111

A601 Written request for extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A601

Effective date: 20110106

A602 Written permission of extension of time

Free format text: JAPANESE INTERMEDIATE CODE: A602

Effective date: 20110112

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20110210

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20110303

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20110329

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140408

Year of fee payment: 3

S531 Written request for registration of change of domicile

Free format text: JAPANESE INTERMEDIATE CODE: R313531

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140408

Year of fee payment: 3

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees