JP4819588B2 - Authentication system and authentication method - Google Patents

Description

  The present invention relates to an authentication system and an authentication method for authenticating a terminal device, and more particularly to an authentication system and an authentication method for authenticating a terminal device having a unique device ID.

  In recent years, network environments such as the Internet have been improved, and contents such as audio data, image data, and video data are often provided to user-owned terminal devices via a network such as Inch-Net. When providing content, it is common to authenticate a user by inputting a user ID, a password, or the like.

  When issuing a user ID or password, it is necessary to register personal information such as address, telephone number, card number, etc., but it is complicated to operate because the personal information must be registered every time the service provider is different. Become. Therefore, an authentication server having a user database for storing personal information about the user is provided on the network, and a universal ID issued by the authentication server is used instead of registration of personal information, so that purchase of goods and services via the network can be performed. Has been proposed (see, for example, Patent Literature 1).

However, in the prior art, by inputting the universal ID, there is no need to input personal information such as an address, a telephone number, and a card number each time. However, when the personal information is registered in the authentication server, the terminal is still used. Personal information such as an address, a telephone number, and a card number has to be input from the device, and there is a problem that the operation becomes complicated in a terminal device with few operation keys.
JP 2001-244927 A

  The present invention has been made in view of such problems, and the object of the present invention is to input a terminal device without inputting personal information such as an address, a telephone number, or a card number from a terminal device with few operation keys. It is in the point which provides the authentication system and authentication method which can authenticate.

In order to solve the above problems, the present invention has the following configuration.
An authentication system of the present invention is an authentication system that performs authentication of a terminal device connected via a network using a mobile phone different from the terminal device connected to the network, and requests a reception address. Upon receiving from the terminal device, a request response means for transmitting a response specifying the ID reception address as a redirect destination, including a device ID request for requesting transmission of the device ID, and the ID reception address When receiving a request including the device ID from the terminal device, a temporary registration information generating unit that generates a temporary temporary ID and generates temporary registration information including the generated temporary ID and the device ID; Authentication information recording means for recording the temporary registration information created by the registration information creating means, and the temporary registration An encoding processing unit that encodes the temporary ID and registration address generated by the report generation unit into encoded information and transmits the encoded information to the terminal device; and the registration address that is encoded and transmitted to the encoded information. On the other hand, when a request including user information pre-registered and the temporary ID is received from the mobile phone, the temporary registration information recorded in the authentication information recording unit is referred to based on the temporary ID. And an authentication server having device registration means for creating authentication information in which the user information and the device ID are associated with each other and recording the authentication information on the authentication information recording means. Including a request transmission means for transmitting a request to the authentication server and a device ID request for requesting transmission of a device ID. When a response designating an ID reception address is received from the authentication server as a destination, device ID transmission means for transmitting a request including the device ID to the ID reception address, and the encoded information from the authentication server When received, the mobile phone includes display means for displaying the received coded information, and the mobile phone captures the coded information displayed on the display means of the terminal device, and the imaging means The captured encoded information is decoded into the temporary ID and the registration address, and a request including the pre-registered user information and the temporary ID is transmitted to the registration address. And a user information transmission means.

  Further, in the authentication system method of the present invention, the authentication system method further includes a charging management server that manages charging to the mobile phone based on the user information, and the device registration means of the authentication server includes the user information, a usage fee, and the like. When the authorization information from the accounting management server responding to the accounting information is received, the authentication information associating the user information with the device ID is created and the authentication information is generated. It is recorded on an information recording means.

  Furthermore, in the authentication system method of the present invention, when the temporary registration information creating means of the authentication server receives a request including the device ID from the terminal device for the ID reception address, the device ID is It is determined whether or not it is registered in the authentication information recorded in the authentication information recording means, and when the device ID is registered in the authentication information, a delivery address for providing a service as a redirect destination is determined. A response to be specified is transmitted to the terminal device, and the temporary registration information is created when the device ID is not registered in the authentication information.

The authentication server of the present invention is an authentication server for authenticating a terminal device connected via a network, and when receiving a request for a reception address from the terminal device, a device ID that requests transmission of a device ID A request response means that includes a request and transmits a response that specifies an ID reception address as a redirect destination to the terminal device; and when the request including the device ID is received from the terminal device for the ID reception address, Temporary registration information generating means for generating a unique temporary ID, generating temporary registration information including the generated temporary ID and the device ID, and authentication information generated by the temporary registration information generating means and recording the temporary registration information Encoding the temporary ID and registration address generated by the recording means and the temporary registration information creating means And encoding means for encoding and transmitting to the terminal device in multicast, to the registration address transmitted encoded into coded information, a request containing said user information that is pre-registered temporary ID When receiving from a mobile phone different from the terminal device connected to the network, the user information and the device are referred to by referring to the temporary registration information recorded in the authentication information recording means based on the temporary ID It further comprises device registration means for creating authentication information associated with an ID and recording the authentication information in the authentication information recording means.

  The authentication method of the present invention is an authentication method in which authentication of a terminal device connected via a network by an authentication server is performed using a mobile phone different from the terminal device connected to the network, The terminal device transmits a request for a reception address to the authentication server, and the authentication server includes a device ID request for requesting transmission of a device ID when receiving a request for the reception address from the terminal device, and redirects A response specifying an ID reception address as a destination is transmitted to the terminal device, and the terminal device includes a device ID request for requesting transmission of a device ID, and a response specifying the ID reception address as a redirect destination is an authentication server Including the device ID with respect to the ID receiving address. When a request including the device ID is received from the terminal device with respect to the ID reception address, the authentication server generates a unique temporary ID, and the generated temporary ID and the temporary ID The temporary registration information including the generation date and time and the device ID is created and recorded, and the generated temporary ID and registration address are encoded into encoded information and transmitted to the terminal device. The encoded information received from the authentication server is displayed on a display unit, and the mobile phone captures the encoded information displayed by imaging the encoded information displayed on the display unit of the terminal device. Decrypt the temporary ID and the registration address, and send a request including the pre-registered user information and the temporary ID to the registration address. And the authentication server receives a request including the pre-registered user information and the temporary ID for the registration address encoded and transmitted in the encoded information from the mobile phone, By referring to the temporary registration information recorded in the authentication information recording unit based on the temporary ID, authentication information in which the user information and the device ID are associated is created and recorded.

  Further, in the authentication method of the present invention, the authentication server transmits billing information including the user information and a usage fee to a billing management server that manages billing to the mobile phone based on the user information. When approval information from the charging management server responding to the charging information is received, authentication information associating the user information with the device ID is created and recorded.

  Furthermore, in the authentication method of the present invention, when the authentication server receives a request including the device ID from the terminal device for the ID reception address, the authentication server records the authentication information recorded in the device ID. When the device ID is registered in the authentication information, a response specifying a delivery address for providing a service as a redirect destination is transmitted to the terminal device, and the device ID is determined. Is registered in the authentication information, the temporary registration information is created.

  An authentication system and an authentication method of the present invention include a device ID request for transmitting a request for a reception address from a terminal device to an authentication server, and in response to the request for a reception address, the authentication server requests transmission of a device ID. In response to the response, the terminal device transmits a request including the device ID to the ID reception address, and responds to the request for the ID reception address. The authentication server generates a unique temporary ID, creates and records temporary registration information including the generated temporary ID and device ID, and encodes the generated temporary ID and registration address into encoded information. The encoded information received from the authentication server is displayed on the display means of the terminal device, and the mobile phone By capturing the coded information displayed on the display means of the terminal device, the captured coded information is decoded into the temporary ID and the registration address, and the pre-registered user information and temporary ID are included. The request is sent from the mobile phone to the registration address, and the authentication server refers to the temporary registration information based on the temporary ID in response to the request for the registration address. With the simple operation of imaging the coded information displayed by accessing the reception address of the authentication server from the terminal device by the mobile phone by creating and recording the authentication information associated with the Create authentication information associating user information pre-registered with the mobile phone contract with the device ID of the terminal device. Therefore, it is possible to authenticate the terminal device without inputting personal information such as address, telephone number, card number, etc. from the terminal device with few operation keys. There is an effect that it can be simplified.

  Furthermore, the authentication system and the authentication method of the present invention transmit charging information including user information and a usage fee from the authentication server to a charging management server that manages charging to the mobile phone based on the user information, and Upon receiving the approval information from the accounting management server that responds, the authentication information in which the user information and the device ID are associated is created and recorded, thereby providing a call service for collecting the usage fee to the mobile phone. It can be performed on the behalf of a communication company, and it is possible to reduce the trouble of collecting usage fees.

  Furthermore, in the authentication system and authentication method of the present invention, in response to the request for the ID reception address, the authentication server determines whether or not the device ID is registered in the authentication information, and the device ID is registered in the authentication information. If the device ID is registered, a response specifying a delivery address for providing a service as a redirect destination is transmitted to the terminal device, and the temporary registration information is created when the device ID is not registered in the authentication information. Thus, the same ID reception address can be used regardless of the registration status of the authentication information, and it is not necessary to inquire the registration status of the authentication information to the terminal device when receiving a request for the reception address. The access destination to the authentication server can be made the same regardless of the registration status of the authentication information. An effect that can be simplified.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a block diagram showing a configuration of an embodiment of an authentication system according to the present invention, and FIG. 2 is a diagram showing an example of temporary registration information and an example of authentication information recorded in an authentication information recording unit shown in FIG. FIG. 3 is a block diagram showing the configuration of the terminal device shown in FIG.

  Referring to FIG. 1, the authentication system according to the present embodiment includes a content server 20 that distributes content via a network 10 such as the Internet, an authentication server 30 that authenticates access to the content server 20, and a network 10. The terminal device 40 that receives the content via the mobile phone 50, the mobile phone 50, and the charge management server 60 that manages the charge to the mobile phone 50 are configured. In the present embodiment, the content server 20 and the authentication server 30 are functionally described separately. However, the content server 20 and the authentication server 30 are servers composed of one or more information processing devices that operate by program control. It can be realized as a system, and each server may be managed by different operators, or two or more of each server may be managed by the same operator.

  The content server 20 has a function as a Web server that responds to a request from the terminal device 40, and is a recording unit such as an HDD in which contents such as “audio data”, “image data”, and “video data” are recorded. When the content request is received from the terminal device 40, the recorded content is transmitted to the terminal device 40 via the network 10.

  The authentication server 30 has a function as a Web server that responds to various requests from the terminal device 40. Referring to FIG. 2, the authentication information recording unit 31, the request response unit 32, the temporary registration information creation unit 33, , An encoding processing unit 34, a device registration unit 35, and a transmission / reception unit 36. The request response unit 32, the provisional registration information creation unit 33, and the device registration unit 35 have different network addresses such as URLs, the request response unit 32 has a reception address for acceptance, and the provisional registration information creation unit 33 has a device. An ID reception address for receiving an ID and a registration address for receiving mobile phone user information are assigned to the device registration unit 35, and a request response from the terminal device 40 and the mobile phone 50 is received by the transmission / reception unit 36. Assigned to the unit 32, the provisional registration information creation unit 33, or the device registration unit 35.

  The authentication information recording unit 31 is a recording unit such as an HDD in which temporary registration information and authentication information are recorded. Referring to FIG. 2A, the temporary registration information is a temporary file created when authenticating the terminal device 40, and is generated by the device ID unique to the terminal device 40 and the temporary registration information creating unit 33. It consists of a temporary ID and the generation date and time of the temporary ID, and is deleted when the terminal device 40 is authenticated or after a predetermined time. Further, the authentication information is a file created at the time of authentication of the terminal device 40. Referring to FIG. 2 (b), mobile phone user information that is user information of the mobile phone 50, a device ID, and registration of authentication information. Consists of date and time.

  When receiving a GET request from the terminal device 40 for the reception address as an authentication request, the request response unit 32 includes a device ID request for requesting the terminal device 40 to transmit a device ID in the header and redirects A Redirect response (for example, 307 response) designating an ID receiving address indicating that it is compatible with an encryption protocol such as SSL (Secure Socket Layer) is sent to the terminal device via the network 10 using the transmission / reception unit 36. 40. The device ID request is a unique header negotiated with the terminal device 40, and is used as a necessary condition when the device ID is transmitted from the terminal device 40.

  The temporary registration information creation unit 33 corresponds to an encryption protocol such as SSL (Secure Socket Layer), and the ID reception address assigned to the temporary registration information creation unit 33 corresponds to an encryption protocol such as SSL. It is possible to determine that it is. When the encryption protocol is SSL, the URL that does not support SSL is “http: // ˜”, whereas the URL that supports SSL is “https: // ˜”. It is possible to determine whether or not it is compatible with SSL.

  Further, when the temporary registration information creation unit 33 receives a GET request from the terminal device 40 in which the device ID is included in the request header, the authentication information in which the included device ID is recorded in the authentication information recording unit 31 is received. In the case where the device ID is registered in the authentication information, a Redirect response designating a delivery address assigned to the content server 20 as a redirect destination is sent to the transmission / reception unit 36. If the device ID is not registered in the authentication information, a unique temporary ID is generated, the generated temporary ID, the temporary ID generation date and time, and the device ID Is recorded in the authentication information recording unit 31, and the generated temporary ID is output to the encoding processing unit 34.

  When the temporary ID generated by the temporary registration information creation unit 33 is input, the encoding processing unit 34 converts the registration address assigned to the device registration unit 35 and the input temporary ID into a QR code or the like. In addition to encoding into a two-dimensional code, a two-dimensional code in which a registration address and a temporary ID are encoded is transmitted to the terminal device 40 via the network 10 using the transmission / reception unit 36. In this embodiment, the registration address and the temporary ID are encoded into the two-dimensional code as encoded information for encoding, but the registration address and the temporary ID are encoded as a barcode or the like. You may make it encode into information.

  When the device registration unit 35 receives a GET request from the mobile phone 50 in which the mobile phone user information and the temporary ID are included in the request header as a registration request, the device registration unit 35 transmits and receives a registration confirmation screen that presents a usage fee for the distribution service. The data is transmitted to the mobile phone 50 via the network 10 using the unit 36. When the device registration unit 35 receives a registration execution request from the mobile phone 50 responding to the registration confirmation screen, the device registration unit 35 uses the transmission / reception unit 36 to transmit the billing information including the mobile phone user information and the usage fee via the network 10. It transmits to the charge management server 60. Furthermore, when receiving the approval information from the charging management server 60 that responds to the charging information, the device registration unit 35 refers to the temporary registration information recorded in the authentication information recording unit 31 based on the temporary ID, thereby The authentication information in which the telephone user information and the device ID are associated with each other is created, the created authentication information is recorded in the authentication information recording unit 31, and an authentication completion screen notifying that the authentication of the terminal device 40 is completed is displayed on the transmission / reception unit 36. Is transmitted to the mobile phone 50 via the network 10.

  The transmission / reception unit 36 has a function of connecting to the network 10 by wire or wireless, and performs information communication with the terminal device 40 via the network 10 based on a protocol such as HTTP (Hypertext Transfer Protocol) or FTP (File Transfer Protocol). Do.

  Referring to FIG. 3, the terminal device 40 is a portable information processing device that has a unique device ID and operates under program control of an audio player or the like that reproduces content (audio data, image data, video data). A transmission / reception unit 41, an information recording unit 42, a display unit 43 such as a liquid crystal display, an operation unit 44, a reproduction processing unit 45, and a data management unit 46.

  The transmission / reception unit 41 has a function of connecting to the network 10 by wire or wireless, and performs information communication with the content server 20 and the authentication server 30 based on a protocol such as HTTP or FTP.

  The information recording unit 42 is a recording unit such as an HDD or a silicon memory, and is received from the content server 20 and the network address recording unit 421 in which the reception address assigned to the request response unit 32 of the authentication server 30 is stored. A content recording unit 422 in which the recorded content is recorded.

  The display unit 43 is a display unit such as a liquid crystal display, and displays the two-dimensional code received from the authentication server 30 via the network 10 and is reproduced by the reproduction processing unit 45 based on the content recorded in the content recording unit 422. Displayed images and videos.

  The operation unit 44 is an operation unit such as an operation button, and accepts an authentication instruction input and content acquisition input for instructing access to the authentication server 30 and various inputs related to reproduction of received and recorded content.

  The reproduction processing unit 45 expands and reproduces the content recorded in the content recording unit 422 of the information recording unit 42, displays images and videos on the display unit 43, and outputs audio to the connected headphones 47. .

  When an authentication instruction input is input from the operation unit 44 before the device ID is registered in the authentication server 30, the data management unit 46 responds to the reception address recorded in the network address recording unit 421 of the information recording unit 42. The GET request is transmitted as an authentication request to the authentication server 30 via the network 10 using the transmission / reception unit 41. In addition, the data management unit 46 includes a device ID request for requesting transmission of a device ID in the header, and a Redirect response that specifies an ID reception address assigned to the temporary registration information creation unit 33 as a redirect destination Is received from the authentication server 30, a GET request including the device ID in the request header for the ID reception address is transmitted to the authentication server 30 via the network 10 using the transmission / reception unit 41. Furthermore, when the data management unit 46 receives the two-dimensional code in which the registration address and the temporary ID are encoded from the authentication server 30, the data management unit 46 displays the received two-dimensional code on the display unit 43.

  When the content acquisition input is input from the operation unit 44 after registering the device ID in the authentication server 30, the data management unit 46 performs the processing for the reception address recorded in the network address recording unit 421 of the information recording unit 42. A GET request is transmitted as a content request to the authentication server 30 via the network 10 using the transmission / reception unit 41, and a Redirect response designating a delivery address assigned to the content server 20 as a redirect destination is received from the authentication server 30. Then, a GET request for the distribution address is transmitted as a content request to the content server 20 via the network 10 using the transmission / reception unit 41.

  The mobile phone 50 has a function of connecting to the network 10 and a camera function of capturing an object. The captured two-dimensional image is obtained by capturing the two-dimensional code displayed on the display unit 43 of the terminal device 40. The code is decrypted into the registration address and the temporary ID, and a GET request for the registration address in which the mobile phone user information and the temporary ID are included in the request header is transmitted to the authentication server 30 as a registration request.

  The billing management server 60 is a server that is installed by a communication provider that provides a call service of the cellular phone 50 for a fee, and manages billing for the cellular phone 50 based on cellular phone user information such as a telephone number. When the accounting information from the authentication server 30 is normally received, approval information notifying that the accounting information has been normally received is transmitted to the authentication server 30 via the network 10.

Next, the operation of the present embodiment will be described in detail with reference to FIGS.
FIG. 4 is a flowchart for explaining the device ID registration operation in the embodiment of the authentication system according to the present invention, and FIG. 5 explains the two-dimensional code transmission operation from the authentication server shown in FIG. 1 to the terminal device. FIG. 6 is an explanatory view showing a display example on the mobile phone shown in FIG. 1, and FIG. 7 explains an operation of transmitting a registration request from the mobile phone shown in FIG. 1 to the authentication server. FIG. 8 is a flowchart for explaining the operation after device ID registration in the embodiment of the authentication system according to the present invention.

  The content server 20 and the authentication server 30 are managed by a distributor who provides a content distribution service for a fee. A user who owns the terminal device 40 and the mobile phone 50 uses the mobile phone 50 to configure the terminal device 40. By registering the device ID in the authentication server 30, the distribution service can be used, and the collection service usage fee provided by the distribution company is collected on behalf of the communication company providing the call service to the mobile phone 50. .

First, a device ID registration operation for registering the device ID of the terminal device 40 in the authentication server 30 will be described in detail with reference to FIGS.
When the user inputs an authentication instruction to instruct access to the authentication server 30 from the operation unit 44 of the terminal device 40 (step A1), the data management unit 46 records in the network address recording unit 421 of the information recording unit 42. A GET request for the received reception address is transmitted as an authentication request to the authentication server 30 via the network 10 using the transmission / reception unit 41 (step A2).

  The transmission / reception unit 36 of the authentication server 30 allocates an authentication request from the terminal device 40 to the request response unit 32, and the request response unit 32 requests the terminal device 40 to transmit a device ID in response to the authentication request. An ID request is included in the header, and a Redirect response designating the ID reception address assigned to the temporary registration information creation unit 33 as a redirect destination is sent to the terminal device 40 via the network 10 using the transmission / reception unit 36. The terminal device 40 is requested to transmit the device ID (step A3).

  The data management unit 46 of the terminal device 40 includes an ID reception address indicating that the device ID request for requesting transmission of the device ID is included in the header, and that the encryption destination protocol such as SSL is supported as a redirect destination. Is received from the authentication server 30, a GET request including the device ID in the request header for the ID receiving address is transmitted to the authentication server 30 via the network 10 using the transmission / reception unit 41 (step A 4). ). Note that when the data management unit 46 transmits the device ID, the response from the authentication server 30 includes the device ID request, and the ID reception address indicating that it corresponds to the encryption protocol such as SSL is redirected. It is done on condition that it is specified as the destination.

  The transmission / reception unit 36 of the authentication server 30 allocates a GET request from the terminal device 40 whose device ID is included in the request header to the temporary registration information generation unit 33, and the temporary registration information generation unit 33 includes the included device ID. Is registered in the authentication information recorded in the authentication information recording unit 31. If it is before the registration of the device ID, it is naturally determined that the device ID is not registered in the authentication information, and the temporary registration information creating unit 33 generates a unique temporary ID (step A5). Temporary registration information including the ID, temporary ID generation date and time, and device ID is recorded in the authentication information recording unit 31, and the generated temporary ID is output to the encoding processing unit 34.

  When the temporary ID generated by the temporary registration information creation unit 33 is input, the encoding processing unit 34 converts the registration address assigned to the device registration unit 35 and the input temporary ID into a QR code or the like. In addition to encoding into a two-dimensional code (step A 6), as shown in FIG. 5, the two-dimensional code in which the registration address and the temporary ID are encoded is transmitted via the network 10 using the transmission / reception unit 36. (Step A7).

  When the data management unit 46 of the terminal device 40 receives the two-dimensional code in which the registration address and the temporary ID are encoded from the authentication server 30, the received two-dimensional code is displayed on the display unit 43 as shown in FIG. As shown in FIG. 6A, the user images the two-dimensional code displayed on the display unit 43 of the terminal device 40 by the mobile phone 50 (step A9).

  The cellular phone 50 captures the two-dimensional code displayed on the display unit 43 of the terminal device 40, thereby decoding the captured two-dimensional code into a registration address and a temporary ID (step A10), and cellular phone user information. A GET request for the registration address including the temporary ID and the temporary ID is transmitted as a registration request to the authentication server 30 (step A11).

  The transmission / reception unit 36 of the authentication server 30 allocates a registration request from the mobile phone 50 to the device registration unit 35, and the device registration unit 35 transmits / receives a registration confirmation screen that presents a usage fee for the distribution service to the registration request The data is transmitted to the mobile phone 50 via the network 10 using the unit 36 (step A12).

  As shown in FIG. 6B, a registration confirmation screen from the authentication server 30 is displayed on the display unit of the mobile phone 50 (step A13), and the user confirms the usage fee and the like on the displayed registration confirmation screen. can do. After confirming the usage fee and the like, if the user inputs a distribution service, that is, performs a registration execution instruction input for instructing execution of device ID registration of the terminal device 40 (step A14), the mobile phone 50 displays a registration confirmation screen. The registration execution request which responds is transmitted to the authentication server 30 (step A15).

  When the device registration unit 35 receives a registration execution request from the mobile phone 50 responding to the registration confirmation screen, the device registration unit 35 manages the charging information including the mobile phone user information and the usage fee via the network 10 using the transmission / reception unit 36. It transmits to the server 60 (step A16).

  When the charging management server 60 normally receives the charging information from the authentication server 30 via the network 10, the charging management server 60 transmits approval information notifying that the charging information has been normally received to the authentication server 30 via the network 10 (step A17). Upon receiving the approval information from the charging management server 60 that responds to the charging information, the device registration unit 35 refers to the temporary registration information recorded in the authentication information recording unit 31 based on the temporary ID, thereby By creating authentication information in which user information and device ID are associated, and recording the created authentication information in the authentication information recording unit 31 (step A18), authentication of the terminal device 40, that is, registration of the device ID is completed, An authentication completion screen informing that the authentication of the terminal device 40 is completed is carried via the network 10 using the transmission / reception unit 36. And it transmits to the telephone 50 (step A19). An authentication completion screen from the authentication server 30 is displayed on the display unit of the mobile phone 50 (step A20), and the user recognizes that the authentication of the terminal device 40, that is, the registration of the device ID has been completed by the displayed authentication completion screen. can do.

Next, a content distribution operation after authentication of the terminal device 40, that is, after registration of the device ID is completed will be described in detail with reference to FIG.
When the user performs content acquisition input for instructing access to the authentication server 30 from the operation unit 44 of the terminal device 40 (step B1), the data management unit 46 receives an authentication instruction input from the operation unit 44. Then, a GET request for the reception address recorded in the network address recording unit 421 of the information recording unit 42 is transmitted as a content request to the authentication server 30 via the network 10 using the transmission / reception unit 41 (step B2). The authentication instruction input can be performed with the same operation key as the authentication instruction input for instructing the authentication of the terminal device 40, and the content request is substantially the same as the authentication request for requesting the authentication of the terminal device 40. Are the same GET requests.

  The transmission / reception unit 36 of the authentication server 30 allocates the content request from the terminal device 40 to the request response unit 32, and the request response unit 32 requests the terminal device 40 to transmit a device ID in response to the content request. An ID request is included in the header, and a Redirect response designating the ID reception address assigned to the temporary registration information creation unit 33 as a redirect destination is sent to the terminal device 40 via the network 10 using the transmission / reception unit 36. The terminal device 40 is requested to transmit the device ID (step B3).

  The data management unit 46 of the terminal device 40 includes a device ID request for requesting transmission of a device ID in the header and designates an ID reception address assigned to the temporary registration information creation unit 33 as a redirect destination. When the Redirect response is received from the authentication server 30, a GET request including the device ID in the request header for the ID reception address is transmitted to the authentication server 30 via the network 10 using the transmission / reception unit 41 (step B4).

  The transmission / reception unit 36 of the authentication server 30 allocates a GET request from the terminal device 40 whose device ID is included in the request header to the temporary registration information generation unit 33, and the temporary registration information generation unit 33 includes the included device ID. Is registered in the authentication information recorded in the authentication information recording unit 31. If it is after the registration of the device ID, it is naturally determined that the device ID is registered in the authentication information, and the temporary registration information creating unit 33 uses the distribution address assigned to the content server 20 as the redirect destination. The designated Redirect response is transmitted to the terminal device 40 via the network 10 using the transmission / reception unit 36 (step B5).

  When the data management unit 46 of the terminal device 40 receives from the authentication server 30 a Redirect response that designates a distribution address assigned to the content server 20 as a redirect destination, the data management unit 46 uses the GET request for the distribution address as a content request, and transmits and receives 41 is transmitted to the content server 20 via the network 10 (step B6). Upon receiving the content request from the terminal device 40, the content server 20 transmits the recorded content to the terminal device 40 via the network 10. (Step B7). In the present embodiment, when the content server 20 receives the content request, the content server 20 is configured to transmit the content immediately. However, a content selection screen for selecting content may be responded to the content request. good.

  As described above, according to the present embodiment, a request for the reception address is transmitted from the terminal device 40 to the authentication server 30, and the request response unit 32 of the authentication server 30 responds to the request for the reception address. A request including a device ID request for requesting transmission of a device ID, a response specifying an ID reception address as a redirect destination, and a request in which the terminal device 40 includes a device ID with respect to the ID reception address in response to the response In response to the request for the ID reception address, the temporary registration information creation unit 33 of the authentication server 30 generates a unique temporary ID and creates temporary registration information including the generated temporary ID and device ID. Are recorded in the authentication information recording unit 31 and the generated temporary ID and registration address are recorded by the encoding processing unit 34. The two-dimensional code encoded into the dimensional code and transmitted to the terminal device 40 is displayed on the display unit 43 of the terminal device 40 and displayed on the display unit 43 of the terminal device 40 by the mobile phone 50. By capturing a two-dimensional code, the captured two-dimensional code is decoded into a temporary ID and a registration address, and a request including pre-registered user information and a temporary ID is sent to the registration address. In response to a request for a registration address transmitted from the mobile phone 50, the device registration unit 35 of the authentication server 30 refers to the temporary registration information based on the temporary ID, thereby authenticating the user information and the device ID. By creating the information and recording it in the authentication information recording unit 31, the terminal device 40 accesses the reception address of the authentication server 30. The authentication information that associates the user information pre-registered at the time of the contract of the mobile phone 50 and the device ID of the terminal device 40 with a simple operation of imaging the two-dimensional code displayed by the mobile phone 50 is created. Therefore, the terminal device 40 can be authenticated without inputting personal information such as an address, a telephone number, and a card number from the terminal device 40 with few operation keys, and is necessary for the authentication of the terminal device 40. This has the effect of greatly simplifying the operation.

  Further, according to the present embodiment, the device registration unit 35 of the authentication server 30 sends the billing information including the user information and the usage fee to the billing management server 60 that manages billing to the mobile phone 50 based on the user information. Upon receiving approval information from the billing management server 60 that transmits and responds to billing information, authentication information in which user information and device ID are associated with each other is created and recorded, thereby collecting usage charges. A communication service provider that provides a telephone service to the telephone 50 can perform the service on behalf of the telephone 50, and it is possible to reduce the trouble of collecting the usage fee.

  Furthermore, according to the present embodiment, in response to the request for the ID reception address, the temporary registration information creation unit 33 of the authentication server 30 determines whether or not the device ID is registered in the authentication information, and the device When the ID is registered in the authentication information, a response specifying the delivery address of the content server 20 providing the service as a redirect destination is transmitted to the terminal device 40, and the device ID is not registered in the authentication information By configuring to create temporary registration information, the same ID receiving address can be used regardless of the registration status of the authentication information, and the registration status of the authentication information can be changed when a request for the reception address is received. Since it is not necessary to make an inquiry to the terminal device 40, the access destination from the terminal device 40 to the authentication server 30 is registered as authentication information. It can be the same regardless of the situation, an effect that the operation of the terminal device 40 can be simplified.

  Note that the present invention is not limited to the above-described embodiments, and it is obvious that the embodiments can be appropriately changed within the scope of the technical idea of the present invention. In addition, the number, position, shape, and the like of the constituent members are not limited to the above-described embodiment, and can be set to a suitable number, position, shape, and the like in practicing the present invention. In each figure, the same numerals are given to the same component.

It is a block diagram which shows the structure of embodiment of the authentication system which concerns on this invention. It is a figure which shows the example of temporary registration information recorded in the authentication information recording part shown in FIG. 1, and an example of authentication information. It is a block diagram which shows the structure of the terminal device shown in FIG. It is a flowchart for demonstrating device ID registration operation | movement in embodiment of the authentication system which concerns on this invention. It is explanatory drawing for demonstrating the two-dimensional code transmission operation | movement from the authentication server shown in FIG. 1 to a terminal device. It is explanatory drawing which shows the example of a display in the mobile telephone shown in FIG. It is explanatory drawing for demonstrating the registration request transmission operation | movement from a mobile telephone shown in FIG. 1 to an authentication server. It is a flowchart for demonstrating the operation | movement after device ID registration in embodiment of the authentication system which concerns on this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 Network 20 Content server 30 Authentication server 31 Authentication information recording part 32 Request response part 33 Temporary registration information creation part 34 Encoding process part 35 Device registration part 36 Transmission / reception part 40 Terminal device 41 Transmission / reception part 42 Information recording part 43 Display part 44 Operation Unit 45 reproduction processing unit 46 data management unit 50 mobile phone 60 billing management server 421 network address recording unit 422 content recording unit

Claims (7)

An authentication system for performing authentication of a terminal device connected via a network using a mobile phone different from the terminal device connected to the network,
When receiving a request for the reception address from the terminal device, a request response means including a device ID request for requesting transmission of a device ID and transmitting a response specifying the ID reception address as a redirect destination to the terminal device;
When a request including the device ID is received from the terminal device with respect to the ID reception address, a temporary registration is generated, and a temporary registration information including the generated temporary ID and the device ID is generated. Information creation means;
Authentication information recording means for recording the temporary registration information created by the temporary registration information creating means;
Encoding processing means for encoding the temporary ID and registration address generated by the temporary registration information creating means into encoded information and transmitting the encoded information to the terminal device;
When a request including user information registered in advance and the temporary ID is received from the mobile phone with respect to the registration address encoded and transmitted in the encoded information, the authentication information is based on the temporary ID. An authentication server having device registration means for creating authentication information in which the user information and the device ID are associated with each other by referring to the temporary registration information recorded in the recording means and recording the authentication information in the authentication information recording means Comprising
The terminal device, a request transmission means for transmitting a request for the reception address to the authentication server;
A device that includes a device ID request for requesting transmission of a device ID, and that transmits a request including the device ID to the ID reception address when a response specifying an ID reception address as a redirect destination is received from an authentication server An ID transmission means;
When the encoded information is received from the authentication server, the display unit displays the received encoded information.
The mobile phone includes an imaging unit that images the coded information displayed on the display unit of the terminal device;
The encoded information imaged by the imaging unit is decoded into the temporary ID and the registration address, and a request including the pre-registered user information and the temporary ID is set as the registration address. An authentication system comprising: user information transmission means for transmitting to the user. A billing management server for managing billing to the mobile phone based on the user information;
The device registration means of the authentication server transmits billing information including the user information and a usage fee to the billing management server, and receives the approval information from the billing management server responding to the billing information. 2. The authentication system according to claim 1, wherein authentication information in which information is associated with the device ID is created and recorded in the authentication information recording means.   When the temporary registration information creating unit of the authentication server receives a request including the device ID from the terminal device with respect to the ID reception address, the device ID is recorded in the authentication information recording unit. It is determined whether or not it is registered in authentication information, and when the device ID is registered in the authentication information, a response designating a delivery address for providing a service as a redirect destination is transmitted to the terminal device, The authentication system according to claim 1, wherein the temporary registration information is created when the device ID is not registered in the authentication information. An authentication server that authenticates terminal devices connected via a network,
When receiving a request for the reception address from the terminal device, a request response means including a device ID request for requesting transmission of a device ID and transmitting a response specifying the ID reception address as a redirect destination to the terminal device;
When a request including the device ID is received from the terminal device with respect to the ID reception address, a temporary registration is generated, and a temporary registration information including the generated temporary ID and the device ID is generated. Information creation means;
Authentication information recording means for recording the temporary registration information created by the temporary registration information creating means;
Encoding processing means for encoding the temporary ID and registration address generated by the temporary registration information creating means into encoded information and transmitting the encoded information to the terminal device;
When a request including pre-registered user information and the temporary ID is received from a mobile phone different from the terminal device connected to the network, with respect to the registration address encoded and transmitted in encoded information , By referring to the temporary registration information recorded in the authentication information recording means based on the temporary ID, creating authentication information in which the user information and the device ID are associated with each other in the authentication information recording means. An authentication server comprising device registration means for recording. An authentication method for performing authentication of a terminal device connected via a network by an authentication server using a mobile phone different from the terminal device connected to the network,
The terminal device transmits a request for a reception address to the authentication server,
When the authentication server receives a request for the reception address from the terminal device, the authentication server includes a device ID request for requesting transmission of a device ID, and transmits a response specifying the ID reception address as a redirect destination to the terminal device. ,
The terminal device includes a device ID request for requesting transmission of a device ID. When a response specifying an ID receiving address as a redirect destination is received from an authentication server, the terminal device includes the device ID with respect to the ID receiving address. Send a request,
When the authentication server receives a request including the device ID from the terminal device with respect to the ID reception address, the authentication server generates a unique temporary ID, the generated temporary ID, the temporary ID generation date and time, and the device Create and record temporary registration information consisting of an ID, encode the generated temporary ID and registration address into encoded information, and send it to the terminal device,
The terminal device displays the encoded information received from the authentication server on a display means;
The mobile phone decodes the captured encoded information into the temporary ID and the registration address by capturing the encoded information displayed on the display unit of the terminal device, and is pre-registered. A request including the user information and the temporary ID is sent to the registration address;
When the authentication server receives a request including the pre-registered user information and the temporary ID for the registration address encoded and transmitted in the encoded information from the mobile phone, An authentication method comprising: creating and recording authentication information in which the user information and the device ID are associated with each other by referring to the temporary registration information recorded in the authentication information recording unit.   The authentication server transmits billing information including the user information and a usage fee to a billing management server that manages billing to the mobile phone based on the user information, and responds to the billing information 6. The authentication method according to claim 5, further comprising: creating and recording authentication information in which the user information and the device ID are associated with each other when the approval information from the device is received.   When the authentication server receives a request including the device ID from the terminal device for the ID reception address, the authentication server determines whether the device ID is registered in the authentication information recorded; When the device ID is registered in the authentication information, a response specifying a delivery address for providing a service as a redirect destination is transmitted to the terminal device, and the device ID is not registered in the authentication information 7. The authentication method according to claim 5 or 6, wherein the temporary registration information is created.

Images