JP4908941B2 - Initial password issuance processing method and system - Google Patents

Description

  The present invention relates to an initial password issuance processing method and system, and more particularly to an initial password issuance processing method and system with enhanced protection when providing an initial password to a user.

  Generally, when introducing a new system or updating computer software in a company, an initial password is set so that only a specific administrator of the company can perform such work in consideration of ensuring security. Conventionally, the initial password is sent directly from the system development department to the manager in charge, or passed to the person in charge via maintenance personnel.

On the other hand, in order to deliver such an initial password to a legitimate user safely, a technique for dividing the password and obtaining it from different websites via the Internet has been proposed (
(For example, refer to Patent Document 1). In addition, a system has been proposed in which the password thus decomposed is stored separately in the portable terminal and the computer (see, for example, Patent Document 2).

JP 2006-65708 A JP 2001-344037 A

  However, for example, when a financial institution introduces a net banking system to a client company, the initial password used in the system is passed from the person in charge at the branch of the financial institution to the person in charge of the client company. Since there may be a situation where the person in charge of the person can know all the digits of the password alone, security measures against the risk of unauthorized use are necessary. In such a case, the conventional technology is used. There is a problem that can not be.

  In addition, the person in charge of one customer company often receives and manages multiple passwords used at the time of system introduction. However, when multiple passwords are divided and provided to the person in charge, There is a problem that there is no easy way to combine and assemble the original password.

  The present invention has been made in view of such a problem, and even if a divided password obtained by dividing a plurality of passwords is mixed and delivered to a customer, an initial password issuance that can be easily assembled into a plurality of original passwords. It is an object to provide a processing method and system.

  In order to achieve such an object, the invention described in claim 1 is an initial password issuing processing system, an initial password generating means for generating an initial password to be used when initializing computer software, and an initial password generated A plurality of divided passwords obtained by dividing a password and superimposing predetermined digits, wherein the digits to be superimposed are password division means for generating a divided password that is the beginning and end of adjacent divided passwords, and a plurality of divided passwords. A password processing device including a password transmission means for transmitting via a different communication path; an intermediary terminal that receives a part of the plurality of divided passwords from the password transmission means; and a remaining part of the plurality of divided passwords from the password transmission means A user terminal that directly receives a part including Computer apparatus for performing initial setting of computer software using an initial password reconstructed by a part of a plurality of split passwords received at an intermediary organization terminal and a part including the remainder of the plurality of split passwords received at a user terminal It is characterized by comprising.

  According to a second aspect of the present invention, in the initial password issuance processing system according to the first aspect, the password dividing means divides the generated initial password into two divided passwords.

  According to a third aspect of the present invention, in the initial password issuing processing system according to the first or second aspect, the number of predetermined digits is determined in advance.

  According to a fourth aspect of the present invention, in the initial password issuing processing system according to the third aspect, the predetermined number of digits is one digit.

  The invention according to claim 5 is the initial password issuance processing system according to claim 1 or 2, wherein the password transmitting means transmits a predetermined number of digits to the user terminal together with the plurality of divided passwords. To do.

  The invention according to claim 6 is an initial password issuance processing method, which is generated by an initial password generation step for generating an initial password to be used at the time of initial setting of computer software by the password processing device, and the password processing device. A password splitting step for splitting an initial password and generating a split password that is a plurality of split passwords in which predetermined digits are overlapped, and the overlapped digits are the beginning and end of adjacent split passwords, and a password processing device, A password transmission step for transmitting a plurality of divided passwords through different communication paths, a step of receiving a part of the plurality of divided passwords from the password transmission step by the mediation agency terminal, and a plurality of divisions from the password transmission step by the user terminal Pa Receiving a part including the remainder of the word directly via the network, a part of the plurality of divided passwords received at the broker terminal by the computer device, and the plurality of divided passwords received at the user terminal And initializing the computer software using an initial password reconstructed with the part including the rest.

  The invention according to claim 7 is characterized in that, in the password splitting step of the initial password issuing processing method according to claim 6, the generated initial password is split into two split passwords.

  The invention according to claim 8 is the initial password issuing processing method according to claim 6 or 7, wherein the number of predetermined digits is predetermined.

  The invention described in claim 9 is the initial password issuance processing method according to claim 8, wherein the predetermined number of digits is one digit.

  The invention described in claim 10 is characterized in that, in the initial password issuance processing method according to claim 6 or 7, in the password transmission step, a predetermined number of digits are transmitted to the user terminal together with the plurality of divided passwords. To do.

  The invention as set forth in claim 11 is an initial password issuing processor, an initial password generating means for generating an initial password used at the time of initial setting of computer software, and the generated initial password is divided, and a predetermined digit is set. Password splitting means for generating split passwords that are a plurality of split passwords that are overlapped, and the digits to be overlapped are the start and end of adjacent split passwords, and a password that transmits the split passwords to the user terminal via the network And a transmission means.

  According to a twelfth aspect of the present invention, in the initial password issuance processing device according to the eleventh aspect, the password dividing means divides the generated initial password into two divided passwords.

  According to a thirteenth aspect of the present invention, in the initial password issuance processing device according to the eleventh or twelfth aspect, the number of predetermined digits is predetermined.

  According to a fourteenth aspect of the present invention, in the initial password issuing processing apparatus according to the thirteenth aspect, the predetermined number of digits is one digit.

  According to a fifteenth aspect of the present invention, in the initial password issuance processing device according to the eleventh or twelfth aspect, the password transmitting means transmits the predetermined number of digits to the user terminal together with a plurality of divided passwords. Features.

  The invention as set forth in claim 16 is an initial password issuing processing method in an initial password issuing processing device for generating an initial password to be used at the time of initial setting of computer software and transmitting it to a user terminal, the initial password for generating an initial password A generation step and a password division step for dividing a generated initial password and generating a divided password in which a plurality of divided passwords are overlapped with predetermined digits, and the digits to be superimposed are the beginning and end of adjacent divided passwords And a password transmission step of transmitting a plurality of divided passwords to the user terminal via the network.

  According to a seventeenth aspect of the present invention, in the initial password issuance processing method according to the sixteenth aspect, the generated initial password is divided into two divided passwords in the password dividing step.

  According to an eighteenth aspect of the present invention, in the initial password issuance processing method according to the sixteenth or seventeenth aspect, the number of predetermined digits is predetermined.

  According to a nineteenth aspect of the present invention, in the initial password issuance processing method according to the eighteenth aspect, the predetermined number of digits is one digit.

  According to a twentieth aspect of the invention, in the initial password issuing processing method according to the sixteenth or seventeenth aspect, in the password transmission step, a predetermined number of digits are transmitted to the user terminal together with a plurality of divided passwords. And

  According to a twenty-first aspect of the present invention, there is provided a program for causing an initial password issuing processor to execute an initial password issuing processing method for generating an initial password used for initial setting of computer software and transmitting it to a user terminal. Generated initial password generation step and multiple divided passwords by dividing the generated initial password and overlaying a predetermined digit, and the divided digits are the divided passwords that are the beginning and end of the adjacent divided password And a password transmission step of transmitting a plurality of divided passwords to the user terminal via the network.

  According to a twenty-second aspect of the invention, in the program according to the twenty-first aspect, in the password dividing step, the generated initial password is divided into two divided passwords.

  According to a twenty-third aspect, in the program according to the twenty-first or twenty-second aspect, the number of predetermined digits is predetermined.

  According to a twenty-fourth aspect of the present invention, in the program according to the twenty-third aspect, the predetermined number of digits is one digit.

  According to a twenty-fifth aspect of the invention, in the program according to the twenty-first or twenty-second aspect, in the password transmission step, a predetermined number of digits are transmitted to the user terminal together with the plurality of divided passwords.

  As described above, according to the present invention, the initial password generating means for generating the initial password used at the time of initial setting of the computer software, and the plurality of divisions obtained by dividing the generated initial password and overlaying predetermined digits A password processing unit including a password dividing unit that generates a password, a password transmitting unit that transmits a plurality of divided passwords through different communication paths, and an intermediary agency terminal that receives a part of the plurality of divided passwords from the password transmitting unit; , A user terminal that directly receives a part including the remainder of a plurality of split passwords from a password transmission means via a network, a part of a plurality of split passwords received at an intermediary agency terminal, and a user terminal Reconstructed with the part containing the remainder of multiple split passwords A computer device that uses the initial password to perform initial settings of the computer software, so even if mixed passwords that are divided into multiple passwords are delivered to the customer, they are easily assembled into multiple original passwords. It becomes possible.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.
(First embodiment)
FIG. 1 is a block diagram showing the entire system of this embodiment. In the present embodiment, it is assumed that a financial institution introduces a net banking system to a client company. However, the present invention is not limited to this, and in general, it is assumed that computer software is installed or various systems are set up. be able to. In the present embodiment, in order to explain with such an assumption, the system of the present embodiment is a financial institution system 101 that provides net banking services and performs the entire initial password issuing process, and is a branch institution of the financial institution, and the password A branch terminal 102 that is an intermediary institution terminal, a customer terminal 103 that receives a password, a computer device 104 that installs target computer software and the like, and a network 105 that connects the above components. The financial institution system 101 is further provided with a password processing system 106 that is a characteristic part of the present embodiment.

  In this embodiment, software, a database, or the like to be installed in the computer device 104 is installed in advance, or a person in charge at a branch of a financial institution or a representative thereof visits a customer company and sets it. When performing such installation or initial setting, the system requires an initial password in order to confirm that it is a legitimate user such as a responsible person of a client company. Even if the initial password is handed over to the head of the client company by the person in charge of the branch of the financial institution or the agent, or if the head of the client company is notified in advance, all digits of the initial password can be known at the time of system setup A situation exists and there is a risk of unauthorized use.

  On the other hand, in the present embodiment, as will be described in detail later, the initial password generated by the password processing system 106 is divided into two divided passwords, and one of the divided passwords is sent to the branch terminal 102 via the network and the other. One is transmitted to the customer terminal 103. In other words, the divided passwords are transmitted by another route, finally assembled at the client company, restored as the initial password, and used when logging in to perform various processes such as initial setting of the computer device 104. It is done. Here, in this embodiment, the initial password is a character string of a fixed digit, but is not limited to this, and any authentication method known in this technical field can be used.

  By adopting such a configuration, in addition to the effects of the present invention described above, for example, when the mail address of the user of the customer company is shared and accessed by other staff, Since only the split password is transmitted, it is possible to log in to the system even if other staff members obtain information.

  The initial password used in this way is generally switched to a different password by the user of the customer company after the setup is completed or after a certain period of time from the actual operation.

  FIG. 2 is a block diagram showing functions mainly related to the present embodiment in the password processing system 106 of the present embodiment. The password processing system 106 includes a password generation unit 201 that generates an initial password, a division unit 202 that divides the generated initial password, and a divided password transmission unit 203 that transmits the divided passwords to different destinations.

(System-wide processing)
FIG. 3 is a flowchart showing processing of the password processing system according to the present embodiment. FIG. 4 is a diagram for explaining the overall processing of the present embodiment. The processing of this embodiment will be described with reference to FIGS.

  First, as processing on the financial system 101 side, the password generation unit 201 generates an (M + N) digit initial password, and divides it into an (M + 1) digit split password and an N digit split password (S301). Here, the first half portion is not M digits but (M + 1) digits, which will be described in detail later. This is because the customer can easily restore the original initial password after receiving the split password.

  Next, the first half part (the part from the front of the generated initial password to the (M + 1) th part) is stored in the database for later inquiry from the branch (S302). Thereafter, the latter half part (the Nth part after the generated initial password) is transmitted to the customer terminal 103 of the customer company (S303). The above processing corresponds to the processing (1) to (4) shown in FIG. That is, when information on a system to be set up in the future is transmitted from the branch terminal 102 to the financial system 101 (process (1)), the setup work is registered with the customer company by a processing system (not shown) and the split password is generated. (Processing (2) to (4)).

  In this way, after the split password is transmitted to each terminal or the person in charge of the branch refers to the financial system 101 from the branch terminal 102 and obtains one split password, the setup of the computer device 104 of the customer company To visit customer companies. On the other hand, the latter half of the initial password is directly sent by e-mail to the person in charge of the customer company via the network 105. If the branch clerk confirms that the customer's manager is a legitimate user, the manager can receive the initial password for the first half, so that the first half along with the second half sent to him The initial password issued in can be restored correctly. As a result, the person in charge of the customer's company can log in to the system as a legitimate user, and can perform initial settings, subsequent actual operation, and change a password.

(Initial password split and restoration process)
FIG. 5 is a diagram for explaining the division and restoration of the initial password according to the present embodiment. As described above, in the present embodiment, the generated password is divided, sent to the customer via another route, and the initial password is restored by combining them in the customer's company. Here, if there is only one initial password, it can be restored by simply connecting the split passwords in order. For example, when passing multiple initial passwords to the same customer, the first half of which split password is the second half. There is a risk that it cannot be restored because it is not known if it will lead to Of course, it is possible to send different initial passwords in different emails, or to add identifiers to each split password, but each requires various system changes. It would be useful if there was a way to restore the initial password by simply and correctly combining a plurality of split passwords passed in a mixed manner.

  Therefore, in this embodiment, a method is adopted in which division is performed by overlapping one digit when division is performed. That is, as shown in FIG. 5, for example, when a five-digit password “12345” is generated, the password is divided in the middle and divided into two divided passwords “123” and “345”. Similarly, when the other initial password “45678” is divided into “456” and “678”, even if two initial passwords (that is, four divided passwords) are received, attention is paid to “3” and “6”. By doing so, it is possible to easily find a split password. This method does not require new additional information or changes to the system, and since only a legitimate user who can see everything knows which split password is connected to which split password, safety is also achieved. Can be increased.

  In the present embodiment, the single-digit numbers or characters that are divided in such a division are controlled so as to be different from the numbers and characters at the beginning and end of the initial password before the division. That is, the initial password generated in the present embodiment is generated so that the beginning and the end are not the same number or character, and the one-digit number or character divided and overlapped is any other generated simultaneously. It is controlled so that both the numbers and characters at the beginning and end of the split password are different. By performing such control, when restoring the initial password, when combining the split password including the first digit of the initial password and the split password including the last digit, the first digit and the last digit are mistakenly combined. Can be prevented from being restored. Similar control is required when splitting a single initial password, but there is no need to consider other initial passwords, so a single initial password does not have the same number or letter at the beginning and end. It can be understood that it may be controlled so as to be generated.

  Here, a simple password example has been described to explain the principle of the present embodiment, but those skilled in the art can fully understand that the present invention can be applied to a complicated password having a larger number of digits. In this embodiment, the initial password is divided into two and the number of digits to be overlapped is one digit. However, the present invention is not limited to this, and the password is divided into more divided passwords or overlapped by two or more digits. Obviously you can.

(Second Embodiment)
This embodiment basically has the same configuration as that of the first embodiment and performs the same processing except that the number of overlapping digits is not fixed. That is, in the first embodiment, the number of digits to be superimposed can be any number, but it is necessary to set in advance in the system to be applied. Otherwise, the received customer does not know how many digits should be restored when the initial password is received, so it cannot be restored because it does not know which split password is connected to which split password. is there.

  In this embodiment, when transmitting a split password to be transmitted directly to a customer, the number of digits of superimposition is also sent together. As a result, the person in charge of the client company can know how many digits are overlapped, so that it can know which divided password is connected to which divided password, and can restore the initial password. In general, the method of transmitting the number of digits for superimposition should be included in an email or message notifying the split password, but any other method can be used if it can be notified to the customer's manager. Needless to say.

It is a block diagram which shows the whole system of this embodiment. It is a block diagram shown about the function mainly concerning this embodiment in the password processing system of this embodiment. It is a flowchart which shows the process of the password processing system of this embodiment. It is a figure for demonstrating the whole process of this embodiment. It is a figure for demonstrating the division | segmentation and restoration | restoration of the initial password of this embodiment.

Explanation of symbols

101 Financial Institution System 102 Branch Terminal 103 Customer Terminal 104 Computer Device 105 Network 106 Password Processing System 201 Password Generating Unit 202 Dividing Unit 203 Divided Password Transmitting Unit

Claims (25)

An initial password generating means for generating an initial password to be used at the time of initial setting of the computer software, and a plurality of divided passwords obtained by dividing the generated initial password and superimposing predetermined digits , wherein the superimposed digits are adjacent to each other; A password processing unit including a password splitting unit that generates a split password that is a head and a tail of a split password , and a password transmission unit that transmits the plurality of split passwords through different communication paths;
An agency terminal that receives a part of the plurality of divided passwords from the password sending means;
A user terminal that directly receives a part including the remainder of the plurality of divided passwords from the password transmission unit via a network;
Initial setting of computer software using the initial password reconstructed by a part of a plurality of split passwords received at the broker terminal and a part including the remainder of the plurality of split passwords received at the user terminal An initial password issuance processing system, comprising:   The initial password issuing processing system according to claim 1, wherein the generated initial password is divided into two divided passwords in the password dividing unit.   The initial password issuing processing system according to claim 1 or 2, wherein the predetermined number of digits is predetermined.   4. The initial password issuing processing system according to claim 3, wherein the predetermined number of digits is one digit.   3. The initial password issuing processing system according to claim 1, wherein the password transmitting unit transmits the predetermined number of digits together with the plurality of divided passwords to the user terminal. 4. An initial password generation step for generating an initial password for use in initial setting of the computer software by the password processing device;
The password processing device divides the generated initial password and generates a plurality of divided passwords obtained by superimposing predetermined digits, and the superposed digits are divided passwords that are the beginning and end of adjacent divided passwords. Password splitting step,
A password transmission step of transmitting the plurality of divided passwords through different communication paths by the password processing device;
Receiving a part of the plurality of divided passwords from the password sending step by an intermediary institution terminal;
Receiving, by a user terminal, a part including the remaining part of the plurality of split passwords directly from the password sending step via a network;
A computer using the initial password reconstructed by a computer device with a part of a plurality of split passwords received at the broker terminal and a part including the remainder of the plurality of split passwords received at the user terminal An initial password issuance processing method comprising: initial setting of software.   The initial password issuing processing method according to claim 6, wherein, in the password dividing step, the generated initial password is divided into two divided passwords.   8. The initial password issuing processing method according to claim 6, wherein the predetermined number of digits is predetermined.   9. The initial password issuing processing method according to claim 8, wherein the predetermined number of digits is one digit.   The initial password issuance processing method according to claim 6 or 7, wherein, in the password transmission step, the predetermined number of digits is transmitted to the user terminal together with the plurality of divided passwords. An initial password generating means for generating an initial password for use in initial setting of the computer software;
A plurality of split passwords obtained by dividing the generated initial password and superimposing predetermined digits , wherein the superposed digits are password splitting means for generating split passwords that are the beginning and end of adjacent split passwords ;
An initial password issuance processing device comprising: password transmission means for transmitting the plurality of divided passwords to a user terminal via a network.   12. The initial password issuance processing apparatus according to claim 11, wherein in the password dividing means, the generated initial password is divided into two divided passwords.   13. The initial password issuance processing apparatus according to claim 11 or 12, wherein the predetermined number of digits is predetermined.   The initial password issuing processing apparatus according to claim 13, wherein the predetermined number of digits is one digit.   The initial password issuance processing apparatus according to claim 11 or 12, wherein the password transmission unit transmits the number of predetermined digits together with the plurality of divided passwords to the user terminal. An initial password issuance processing method in an initial password issuance processing device for generating an initial password to be used for initial setting of computer software and transmitting it to a user terminal,
An initial password generating step for generating the initial password;
A password splitting step for splitting the generated initial password and generating a split password that is a plurality of split passwords by superimposing predetermined digits , wherein the superposed digits are the beginning and end of adjacent split passwords ;
A password transmission step of transmitting the plurality of divided passwords to a user terminal via a network.   The initial password issuance processing method according to claim 16, wherein, in the password splitting step, the generated initial password is split into two split passwords.   18. The initial password issuance processing method according to claim 16, wherein the predetermined number of digits is predetermined.   The initial password issuing processing method according to claim 18, wherein the predetermined number of digits is one digit.   18. The initial password issuing processing method according to claim 16 or 17, wherein, in the password transmitting step, the number of predetermined digits is transmitted to the user terminal together with the plurality of divided passwords. A program for causing an initial password issuance processing device to generate an initial password to be used at the time of initial setting of computer software and to send it to a user terminal to execute an initial password issuance processing method,
An initial password generating step for generating the initial password;
A password splitting step for splitting the generated initial password and generating a split password that is a plurality of split passwords by superimposing predetermined digits , wherein the superposed digits are the beginning and end of adjacent split passwords ;
A password transmission step of transmitting the plurality of divided passwords to a user terminal via a network.   The program according to claim 21, wherein in the password dividing step, the generated initial password is divided into two divided passwords.   The program according to claim 21 or 22, wherein the predetermined number of digits is predetermined.   The program according to claim 23, wherein the predetermined number of digits is one digit.   The program according to claim 21 or 22, wherein, in the password transmission step, the number of predetermined digits is transmitted to the user terminal together with the plurality of divided passwords.

Images