JP5108082B2 - Authentication processing system, authentication processing method, and authentication processing program - Google Patents

Description

  The present invention relates to a transmission source terminal that is a transmission source of a file, a transmission destination terminal that browses a file transmitted from the transmission source terminal, a communication device that is used by a user of the transmission destination terminal, and a uniqueness of the communication device The present invention relates to an authentication processing system including an authentication device that uses a unique ID as information for authentication of the user, an authentication processing method executed in the authentication device, and an authentication processing program executed by a computer as the authentication device.

  Conventionally, for example, a user authentication technique for authenticating whether or not the user is a legitimate user who can use various services via a network has been developed (see, for example, Patent Document 1).

  The password method, which is one of the user authentication techniques, is relatively simple, for example, by sharing a password consisting of a multi-digit character string or numeric string between both the authenticating side and the authenticating side. Authentication can be performed. In addition, by sharing the password between both parties that exchange data, it is also possible to exchange encrypted data that is simply encrypted with the password.

Japanese Patent No. 3497799

  However, the above password method has a problem that password management is required. That is, when performing user authentication with a password, there is a problem that password management is required because it is necessary to own a large number of passwords at the place where authentication is permitted.

  In addition, when exchanging data encrypted with a password, there is a problem that the encryption strength is extremely low because the password used for encryption is easily analyzed from personal data such as birthdays. .

  Accordingly, the present invention has been made to solve the above-described problems of the prior art, and an authentication processing system and an authentication processing method capable of easily authenticating a user without requiring the trouble of password management. And an authentication processing program.

  In order to solve the above-described problems and achieve the object, the present invention provides a transmission source terminal that is a transmission source of a file, a transmission destination terminal that browses a file transmitted from the transmission source terminal, and the transmission destination terminal. An authentication processing system comprising a communication device used by a user and an authentication device that uses a unique ID, which is unique information of the communication device, for authentication of the user, wherein the authentication device is connected to the communication device from the transmission source terminal. Communication device unique ID receiving means for receiving the communication device unique ID, which is the unique information of the communication device, and access related to browsing of the file transmitted from the transmission source terminal is received from the transmission destination terminal. A transmission unique ID acquisition means for returning a certain authentication device unique ID, requesting a call using the communication device, and acquiring a transmission unique ID transmitted by the call from the communication device; On the condition that the transmission unique ID acquired by the transmission unique ID acquisition means matches the communication device unique ID received by the communication device unique ID reception means, the file of the file is sent to the user of the destination terminal. Browsing permission determination means for determining whether or not browsing is permitted.

  Further, the present invention is the above invention, wherein the transmission source terminal includes encrypted data encrypted using an encryption key generated by the authentication device, and encryption key specifying information for specifying the encryption key. The encrypted file included is transmitted to the destination terminal, and when the destination terminal receives an instruction to browse the encrypted file from the user, the authentication key identification information included in the encrypted file is authenticated. The authentication device generates an encryption key for encrypting a file in association with the communication device unique ID received by the communication device unique ID receiving means. Means, the communication device unique ID received from the transmission source terminal by the communication device unique ID reception means, the encryption key generated by the encryption key generation means, and the encryption key Key information registration means for registering the encryption key specifying information to be assigned in association with each other, and an encryption key for transmitting the encryption key registered by the key information registration means and the encryption key specifying information to the transmission source terminal Specific information transmission means, and when the transmission unique ID acquisition means receives the encryption key specification information from the destination terminal, the transmission unique ID acquisition means is unique to the communication device corresponding to the received encryption key specification information ID is searched from among the communication device unique IDs stored in the key information registration means, and the WEB page requesting a call using the communication device of the searched communication device unique ID is authenticated as its own unique information It is transmitted to the destination terminal together with a device unique ID, and a transmission unique ID transmitted by a call from the communication device is obtained.

  Further, the present invention is the above invention, wherein the transmission source terminal transmits a file to the authentication device, receives browsing information for allowing the transmission destination terminal to browse the file, from the authentication device, and The information is transmitted to the transmission destination terminal, and the authentication device associates with the communication device unique ID received by the communication device unique ID receiving means when receiving a file from the transmission source terminal. The browsing information generating means for generating browsing information for allowing the transmission destination terminal to browse the file, the browsing information generated by the browsing information generating means, and the communication device unique ID receiving means Browsing information registration means for registering the communication apparatus unique ID in association with each other, and the transmission unique ID acquisition means is configured to access the browsing information. When received from the transmission destination terminal, the communication device unique ID corresponding to the browsing information for which the access has been received is searched from the communication device unique ID stored in the browsing information registration unit, and the retrieved A WEB page for requesting a call using a communication device having a communication device unique ID is transmitted to the destination terminal together with the authentication device unique ID which is its own unique information, and the transmission unique ID transmitted by the call from the communication device It is characterized by acquiring.

  Further, the present invention is an authentication apparatus that authenticates a user of a transmission destination terminal browsing a file transmitted from a transmission source terminal using a unique ID that is unique information of a communication device used by the user of the transmission destination terminal. A communication device unique ID receiving means for receiving a communication device unique ID that is unique information of the communication device from the transmission source terminal, and access related to browsing of a file transmitted from the transmission source terminal from the transmission destination terminal. If accepted, a transmission unique ID that returns a unique ID of authentication device, requests a call using the communication device, and acquires a transmission unique ID transmitted by the call from the communication device The acquisition unit, the transmission unique ID acquired by the transmission unique ID acquisition unit, and the communication device unique ID received by the communication device unique ID reception unit match. Preparative to the condition, characterized by comprising a browsing permission determination unit determines whether to permit viewing of files to a user of the destination terminal.

  Further, the present invention authenticates a process of authenticating a user of a transmission destination terminal browsing a file transmitted from a transmission source terminal using a unique ID that is unique information of a communication device used by the user of the transmission destination terminal. An authentication processing method executed in the apparatus, wherein a communication device unique ID receiving step of receiving a communication device unique ID that is unique information of the communication device from the transmission source terminal, and browsing of a file transmitted from the transmission source terminal If access from the destination terminal is received, the authentication device unique ID, which is its own unique information, is returned to request a call using the communication device, and the transmission transmitted by the call from the communication device A transmission unique ID acquisition step for acquiring a unique ID, the transmission unique ID acquired by the transmission unique ID acquisition step, and the communication device unique ID reception step. And on the condition that the communication device unique ID matches, characterized in that it contains, and the permission determination step of determining whether to permit viewing of files to a user of the destination terminal.

  Further, the present invention is the above invention, wherein the transmission source terminal includes encrypted data generated using an encryption key generated by the authentication device, and encryption key specifying information for specifying the encryption key. The encrypted file included is transmitted to the destination terminal, and when the destination terminal receives an instruction to browse the encrypted file from the user, the authentication key identification information included in the encrypted file is authenticated. The authentication device generates an encryption key for encrypting a file in association with the communication device unique ID received in the communication device unique ID reception step. Identifying the communication device unique ID received from the transmission source terminal in the communication device unique ID receiving step, the encryption key generated in the encryption key generation step, and the encryption key A key information registration step of registering in the predetermined storage unit in association with the encryption key specification information to be provided for the purpose, and the transmission source of the encryption key specification information registered in the predetermined storage unit by the key information registration step An encryption key specifying information transmitting step for transmitting to the terminal, and when the transmission unique ID obtaining step receives the encryption key specifying information from the destination terminal, the received encryption key specifying information The communication device unique ID corresponding to is searched from the communication device unique ID stored in the predetermined storage unit by the key information registration step, and a call using the communication device of the searched communication device unique ID is requested. The WEB page to be transmitted is transmitted to the destination terminal together with the authentication device unique ID which is its own unique information, and the transmission unique ID transmitted by the call from the communication device is obtained.

  Further, the present invention is the above invention, wherein the transmission source terminal transmits a file to the authentication device, receives browsing information for allowing the transmission destination terminal to browse the file, from the authentication device, and The information is transmitted to the transmission destination terminal, and the authentication device associates with the communication device unique ID received in the communication device unique ID reception step when receiving the file from the transmission source terminal. The browsing information generation step for generating browsing information for allowing the transmission destination terminal to browse the file, the browsing information generated by the browsing information generation step, and the communication device unique ID receiving step A browsing information registration step of associating the communication device unique ID with a predetermined storage unit and registering it in a predetermined storage unit. When the access to be received is received from the destination terminal, the communication device unique ID corresponding to the browsing information for which the access has been received is included in the communication device unique ID stored in the predetermined storage unit by the browsing information registration step. And a web page for requesting a call using the communication device with the searched communication device unique ID is transmitted to the transmission destination terminal together with the authentication device unique ID which is its own unique information, from the communication device. A unique transmission ID transmitted by a call is acquired.

  Further, the present invention authenticates a process of authenticating a user of a transmission destination terminal browsing a file transmitted from a transmission source terminal using a unique ID that is unique information of a communication device used by the user of the transmission destination terminal. An authentication processing program to be executed by a computer as a device, wherein the computer as the authentication device receives a communication device unique ID reception procedure for receiving a communication device unique ID as unique information of the communication device from the transmission source terminal; If access from the transmission destination terminal is received regarding the browsing of the file transmitted from the transmission source terminal, request a call using the communication device by returning an authentication device unique ID that is its own unique information, A transmission unique ID acquisition procedure for acquiring a transmission unique ID transmitted by a call from the communication device, and the transmission unique ID acquired by the transmission unique ID acquisition procedure. Viewing permission for determining whether or not to allow the user of the destination terminal to view a file on condition that the unique ID and the communication device unique ID received by the communication device unique ID reception procedure match. And a determination procedure.

  Further, the present invention is the above invention, wherein the transmission source terminal includes encrypted data generated using an encryption key generated by the authentication device, and encryption key specifying information for specifying the encryption key. The encrypted file included is transmitted to the destination terminal, and when the destination terminal receives an instruction to browse the encrypted file from the user, the authentication key identification information included in the encrypted file is authenticated. An encryption key for encrypting a file is transmitted to the apparatus and associated with the communication apparatus unique ID received by the communication apparatus unique ID reception procedure in the computer as the authentication apparatus. An encryption key generation procedure, the communication device unique ID received from the transmission source terminal by the communication device unique ID reception procedure, the encryption key generated by the encryption key generation procedure, A key information registration procedure for registering in a predetermined storage unit in association with encryption key specifying information to be assigned to specify the encryption key, and the encryption key registered in the predetermined storage unit by the key information registration procedure And an encryption key specification information transmission procedure for transmitting the encryption key specification information to the destination terminal, and the transmission unique ID acquisition procedure is performed when the encryption key specification information is received from the destination terminal. The communication device unique ID corresponding to the received encryption key specifying information is searched from the communication device unique ID stored in a predetermined storage unit by the key information registration procedure, and the searched communication device A WEB page requesting a call using a communication device with a unique ID is transmitted to the destination terminal together with the authentication device unique ID, which is its own unique information, and sent by the call from the communication device. And obtaining a unique ID.

  Further, the present invention is the above invention, wherein the transmission source terminal transmits a file to the authentication device, receives browsing information for allowing the transmission destination terminal to browse the file, from the authentication device, and The communication device unique ID received by the communication device unique ID reception procedure when information is transmitted to the transmission destination terminal and the computer as the authentication device receives a file from the transmission source terminal. The browsing information generation procedure for generating browsing information for allowing the transmission destination terminal to browse the file, the browsing information generated by the browsing information generation procedure, and the communication device unique ID reception A browsing information registration procedure for registering in a predetermined storage unit in association with the communication device unique ID received by the procedure, and obtaining the transmission unique ID In order, when access to the browsing information is received from the destination terminal, a communication device unique ID corresponding to the browsing information that has received the access is stored in a predetermined storage unit by the browsing information registration procedure. Search from the communication device unique ID, and send a WEB page requesting a call using the communication device with the searched communication device unique ID to the destination terminal together with the authentication device unique ID as its own unique information. The transmission unique ID transmitted by a call from the communication device is acquired.

  The present invention also provides a transmission source terminal that is a transmission source of a file, a transmission destination terminal that browses a file transmitted from the transmission source terminal, a communication device used by a user of the transmission destination terminal, and the communication device. In the authentication processing system comprising the unique ID that is the unique information of the user and the authentication device used for the authentication of the user, the transmission source terminal is encrypted data encrypted using the encryption key generated by the authentication device, When an encrypted file including encryption key specifying information for specifying the encryption key is transmitted to the transmission destination terminal, and the transmission destination terminal receives an instruction to browse the encrypted file from a user, The encryption key identification information included in the encrypted file is transmitted to the authentication device, and the authentication device transmits the communication device unique I which is unique information of the communication device from the transmission source terminal. A communication device unique ID reception means for receiving the communication device, an encryption key generation means for generating an encryption key for encrypting the file in association with the communication device unique ID received by the communication device unique ID reception means, The communication device unique ID received from the transmission source terminal by the communication device unique ID reception means, the encryption key generated by the encryption key generation means, and encryption key specification information to be given to specify the encryption key A key information registration unit that registers the encryption key registered by the key information registration unit and the encryption key identification information to the transmission source terminal, and the transmission When the encryption key specifying information is received from the destination terminal, a communication device unique ID corresponding to the received encryption key specifying information is stored in the key information registration unit Retrieved from the ID, and received a call means for calling the communication device with the searched communication device unique ID and an incoming call response indicating that the call made by the call device was received by the communication device In this case, the apparatus includes a user determination unit that determines that the user of the transmission destination terminal is an authorized user who can view the file.

  The present invention also provides a transmission source terminal that is a transmission source of a file, a transmission destination terminal that browses a file transmitted from the transmission source terminal, a communication device used by a user of the transmission destination terminal, and the communication device. In the authentication processing system comprising an authentication device that uses a unique ID that is unique information of the user for authentication of the user, the transmission source terminal transmits a file to the authentication device and causes the transmission destination terminal to view the file Is received by the communication device unique ID receiving means when a file is received from the transmission source terminal. In association with the communication device unique ID, browsing information generation means for generating browsing information for allowing the transmission destination terminal to browse the file, and browsing information generation The browsing information registration means for registering the browsing information generated by the stage and the communication apparatus unique ID reception means in association with each other, and access to the browsing information from the destination terminal When accepted, the communication device unique ID corresponding to the browse information for which the access has been accepted is searched from the communication device unique ID stored in the browse information registration means, and the retrieved communication device unique ID When receiving a call means for calling a communication device and an incoming call response indicating that a call made by the call means has been received by the communication device, the user of the destination terminal can view the file And a user determination unit that determines that the user is a legitimate user.

  According to the present invention, a transmission source terminal that is a transmission source of a file, a transmission destination terminal that browses a file transmitted from the transmission source terminal, a communication device used by a user of the transmission destination terminal, and the communication device In the authentication processing system including the authentication device that uses the unique ID that is the unique information of the user to authenticate the user, the authentication device transmits the communication device unique ID that is the unique information of the communication device used by the user of the destination terminal. When receiving from the terminal and accepting access related to file browsing from the destination terminal, the authentication device unique ID, which is its own unique information, is returned to request a call using the communication device, and the communication device The transmission unique ID transmitted by the call from the device is acquired, and the transmission destination ID is matched with the received communication device unique ID on the condition that the received transmission unique ID matches the received communication device unique ID. Since it is determined whether or not browsing is permitted, users who can view files can be managed by simply performing a simple process using a unique ID and without having to manage passwords as in the password method. Simple authentication is possible.

  Further, according to the present invention, the transmission source terminal receives an encrypted file including encrypted data generated using the encryption key generated by the authentication device and encryption key specifying information for specifying the encryption key. When the transmission destination terminal receives an instruction to browse the encrypted file from the user, the transmission destination terminal transmits the encryption key specifying information included in the encrypted file to the authentication device. , Generating an encryption key for encrypting the file in association with the communication device unique ID received from the transmission source terminal, the communication device unique ID received from the transmission source terminal, the generated encryption key, and the encryption key If the encryption key identification information to be assigned is specified and registered, the encryption key and the encryption key identification information are transmitted to the transmission source terminal, and the encryption key identification information is received from the transmission destination terminal, the encryption key Supports key identification information The communication device unique ID is retrieved, and a WEB page requesting a call using the communication device with the retrieved communication device unique ID is transmitted to the transmission source terminal together with the authentication device unique ID which is its own unique information. For example, when transmitting confidential data encrypted with an encryption key to a certain destination, the unique ID of the user communication device that is the destination of the confidential data is uploaded. It is possible to simply authenticate the user who is the destination of the confidential data. In addition, since the encryption key for decrypting the encrypted confidential data can be quickly transferred to a regular destination, the confidential data can be exchanged quickly and safely.

  According to the invention, the transmission source terminal transmits a file to the authentication device, receives browsing information for allowing the transmission destination terminal to browse the file from the authentication device, and transmits the browsing information to the transmission destination terminal. When the authentication device receives a file from the transmission source terminal, the authentication device generates browsing information for allowing the transmission destination terminal to browse the file in association with the communication device unique ID received from the transmission source terminal. When the generated browsing information and the received communication device unique ID are registered in association with each other and access to the browsing information is received from the transmission destination terminal, the communication device corresponding to the browsing information that has received the access The unique ID is searched, and a WEB page requesting a call using the communication device with the searched communication device unique ID is transmitted to the destination terminal together with the authentication device unique ID which is the own unique information. Since acquires transmission unique ID sent by the call from the communication device, it is possible to authenticate users that can view files in a simple manner.

FIG. 1 is a diagram for explaining the outline and features of the authentication processing system according to the first embodiment. FIG. 2 is a block diagram illustrating the configuration of the authentication processing system according to the first embodiment. FIG. 3 is a diagram illustrating a configuration example of information stored in the key specifying information storage unit according to the first embodiment. FIG. 4 is a diagram illustrating a configuration example of information stored in the local-station telephone number storage unit according to the first embodiment. FIG. 5 is a sequence diagram illustrating the processing flow of the authentication processing system according to the first embodiment. FIG. 6 is a sequence diagram illustrating the processing flow of the authentication processing system according to the first embodiment. FIG. 7 is a block diagram illustrating the configuration of the authentication processing system according to the second embodiment. FIG. 8 is a sequence diagram illustrating the processing flow of the authentication processing system according to the second embodiment. FIG. 9 is a sequence diagram illustrating the processing flow of the authentication processing system according to the second embodiment. FIG. 10 is a diagram illustrating a computer that executes an authentication processing program.

  Exemplary embodiments of an authentication processing system, an authentication device, an authentication processing method, and an authentication processing program according to the present invention will be described below in detail with reference to the accompanying drawings. In the following, one embodiment of an authentication processing system according to the present invention will be described as a first embodiment, and then another embodiment included in the present invention will be described as another embodiment.

  In the following first embodiment, the outline and features of the authentication system according to the first embodiment, the configuration and processing of the authentication system will be described in order, and finally the effects of the first embodiment will be described.

[Outline and Features of Authentication Processing System (Example 1)]
First, the outline and characteristics of the authentication processing system according to the first embodiment will be described with reference to FIG. FIG. 1 is a diagram for explaining the outline and features of the authentication processing system according to the first embodiment.

  The authentication processing system according to the first embodiment includes a sender terminal that is a transmission source of a file, a receiver terminal that browses a file transmitted from the sender terminal, and a receiver communication used by a user of the receiver terminal. And an authentication device that uses a telephone number, which is unique information of the receiver communication device, for authentication of the user. And although the authentication processing system which concerns on Example 1 makes it the outline | summary to authenticate the user of the receiver terminal which browses the file transmitted from the sender terminal, it has the main characteristics in the point which authenticates a user easily. .

  This main feature will be specifically described. When the telephone number of the receiver communication device is received from the sender terminal via the Internet, the authentication device encrypts the received telephone number and the file at the sender terminal. The encryption key generated for use, the key number assigned for specifying the encryption key, and the encryption script ID for identifying the encryption script are registered in the storage unit in association with each other. Then, the authentication device transmits the encryption key, the key number, and the encryption script to the sender terminal.

  When the sender terminal receives the encryption key, the key number, and the encryption script from the authentication device, the sender terminal accepts an operation from the user and encrypts the file to be transmitted to the receiver terminal using the encryption key and the encryption script. The key number is included in this encrypted file and transmitted to the recipient terminal.

  When receiving the designation of the encrypted file received from the sender terminal from the user, the receiver terminal activates the browser to access the authentication device, and transmits the key number included in the encrypted file to the authentication device.

  When the authentication device receives the key number from the receiver terminal (see (1) in FIG. 1), the authentication device searches the telephone number of the receiver communication device registered in the storage unit using the key number as a key (see FIG. 1). (See (2) in FIG. 1). Then, the authentication device selects one of the telephone numbers allocated to itself, and selects the selected telephone number so as to request a call from the receiver communication device for the selected telephone number. The attached WEB page is transmitted to the recipient terminal (see (3) in FIG. 1).

  When the receiver terminal receives the WEB page from the authentication device, the receiver terminal outputs and displays it on the display unit so that the user can visually recognize it, and the receiver communication device accepts a call operation from the user and attaches to the WEB page. Make a call to your phone number.

  The authentication device waits for an incoming call from the receiver communication device for its own telephone number that requested the outgoing call, and when there is an incoming call from the receiver communication device via the public telephone network, obtains and browses the caller telephone number. A permission determination process is performed (see (4) in FIG. 1). Specifically, the authentication device authenticates the user of the receiver terminal as a legitimate user if the acquired caller telephone number matches the telephone number of the searched receiver communication device. To do. Then, the encryption script corresponding to the searched encryption key and encryption script ID is transmitted to the recipient terminal (see (5) in FIG. 1).

  When the receiver terminal receives the encryption key and the encryption script from the authentication device, the receiver terminal accepts an operation from the user and decrypts the encrypted file received from the sender terminal.

  For this reason, the authentication processing system according to the first embodiment can easily authenticate the user without requiring the trouble of password management that is necessary in the password method.

[Configuration of Authentication Processing System (Example 1)]
Next, the configuration of the authentication processing system according to the first embodiment will be described with reference to FIGS. FIG. 2 is a block diagram illustrating the configuration of the authentication processing system according to the first embodiment. FIG. 3 is a diagram illustrating a configuration example of information stored in the key specifying information storage unit according to the first embodiment. FIG. 4 is a diagram illustrating a configuration example of information stored in the local-station telephone number storage unit according to the first embodiment.

  As illustrated in FIG. 2, the authentication system according to the first embodiment includes a sender terminal 10, a receiver terminal 20, a receiver communication device 30, and an authentication device 40. The sender terminal 10 and the receiver The terminal 20 and the authentication device 40 are connected in a communicable state via the Internet 1, and the receiver communication device 30 and the authentication device 40 are communicable via the public telephone network 2.

  The sender terminal 10 is an information processing apparatus such as a known personal computer. The sender terminal 10 transmits the telephone number of the receiver communication device 30 notified in advance by the user of the receiver communication device 30 to the authentication device 40 as the unique ID of the receiver communication device 30.

  Further, when the sender terminal 10 receives the encryption key, the key number, and the encryption script from the authentication device 40, the sender terminal 10 accepts an operation from the user, and transmits the file scheduled to be transmitted to the receiver terminal 20 to the encryption key and the encryption script. The encrypted file is transmitted to the recipient terminal with the key number included in the encrypted file.

  The receiver terminal 20 is an information processing apparatus such as a known personal computer, similar to the sender terminal 10. When receiving the designation of the encrypted file received from the sender terminal 10 from the user, the receiver terminal 20 starts up an application corresponding to the extension of the encrypted file. This application reads the macro code included in the encrypted file, activates the WEB browser, accesses the authentication device 40, and transmits the key number included in the encrypted file to the authentication device 40.

  Further, when receiving the encryption key and the encryption script from the authentication device 40, the receiver terminal 20 accepts an operation from the user and decrypts the encrypted file received from the sender terminal 10.

  The receiver communication device 30 is a communication device used by the user of the receiver terminal 20, and is a communication terminal having a communication function, such as a mobile phone. Recipient terminal 20 receives a call operation from the user and makes a call to the telephone number of authentication device 40 attached to the WEB page.

  The authentication device 40 is an information processing device such as a known personal computer or workstation, and includes a communication control I / F unit 41, a modem 42, a storage unit 43, and a control unit 44.

  The communication control I / F unit 41 controls communication related to various types of information exchanged with the sender terminal 10 and the receiver terminal 20. The modem 42 has a caller number reading function. When receiving an incoming call from the receiver communication device 30, the modem 42 reads the caller telephone number and sends it to the browsing permission determination unit 44d described later. The modem 42 corresponds to “transmission unique ID acquisition means” described in the claims.

  The storage unit 43 is a storage unit that stores data and programs necessary for various processes performed by the control unit 44. In particular, the storage unit 43 is closely related to the present invention. 43b.

  The key specifying information storage unit 43a is a storage unit that stores various types of information related to the encryption key generated for use in file encryption in the sender terminal 10, and specifically, as illustrated in FIG. The telephone number of the receiver communication device 30 (for example, “telephone number A”), the encryption key generated to be used for file encryption in the sender terminal 10, and the key assigned to specify the encryption key The number and the encryption script ID for identifying the encryption script are stored in association with each other.

  Specifically, as shown in FIG. 4, the local station telephone number storage unit 43 b is a storage unit that stores information on a telephone number (for example, “phone number B”) allocated to the authentication device 40. .

  The control unit 44 has a predetermined control program, a program that defines various processing procedures, and an internal memory for storing required data, and executes various processes using these, and is particularly suitable for the present invention. As closely related, a telephone number receiving unit 44a, an encryption key generating unit 44b, a key information registering unit 44c, a browsing permission determining unit 44d, and an encryption key transmitting unit e are provided.

  The telephone number receiver 44a corresponds to the “communication device unique ID receiver” described in the claims, and the encryption key generator 44b corresponds to the “encryption key generator” described in the claims. Correspondingly, the key information registration unit 44c also corresponds to the “key information registration unit” described in the claims, and the browsing permission determination unit 44d corresponds to the “browsing permission determination unit” described in the claims. Correspondingly, the encryption key transmitting unit 44e corresponds to “encryption key specifying information transmitting means” and “encryption key transmitting means” described in the claims.

  The telephone number receiving unit 44 a receives the telephone number (for example, “phone number A”) of the receiver communication device 30 from the sender terminal 10. Further, the telephone number receiving unit 44a sends the received telephone number of the recipient communication device 30 to the key information registration unit 44c.

  When the telephone number of the receiver communication device 30 is received by the telephone number receiver 44a, the encryption key generator 44b generates an encryption key to be used for file encryption in the sender terminal 10. The encryption key generation unit 44b sends the generated encryption key, the key number assigned to specify the encryption key, and the encryption script ID for identifying the encryption script to the key information registration unit 44c.

  The key information registration unit 44c receives the telephone number (for example, “telephone number A”) of the receiver communication device 30 received from the telephone number receiving unit 44a and the encryption key, key number, and encryption received from the encryption key generation unit 44b. The script ID is associated and stored in the key specifying information storage unit 43a. Further, when the registration in the key specifying information storage unit 43a is completed, the key information registration unit 44c sends an encryption key, a key number, and an encryption to the sender terminal 10 that is the transmission source of the telephone number of the receiver communication device 30. The encryption key transmission unit 44e is instructed to transmit the encryption script ID.

  The browsing permission determination unit 44d performs a browsing permission determination process for determining whether to permit the user of the receiver terminal 20 to browse the encrypted file transmitted from the sender terminal 10. More specifically, when receiving the key number included in the encrypted file from the recipient terminal 20, the browsing permission determination unit 44d stores the key number in the key specifying information storage unit 43a using the key number as a key. The telephone number of the receiver communication device 30 is searched in advance.

  Then, the browsing permission determination unit 44d selects one of the telephone numbers allocated to itself stored in the local station telephone number storage unit 43b, and the receiver communication device 30 corresponds to the selected telephone number. A WEB page attached with the selected telephone number is transmitted to the recipient terminal 20 so as to request a call from.

  The browsing permission determination unit 44d waits for an incoming call from the receiver communication device 30 with respect to its own telephone number that requested the call, and receives the caller telephone number notified from the modem 42 that received the incoming call from the receiver communication device 30. When accepted, if the accepted caller telephone number matches the searched telephone number of the receiver communication device 30, the user of the recipient terminal 20 is permitted to view as an authorized user. Judgment is made. On the other hand, if the received caller telephone number does not match the searched telephone number of the receiver communication device 30, it is assumed that the user of the receiver terminal 20 is not a legitimate user and that browsing is not permitted. Make a decision.

  When the browsing permission determination unit 44d determines that browsing is permitted, the browsing permission determination unit 44d transmits an encryption key and an encryption script to the recipient terminal 20 that is the transmission source of the key number included in the encrypted file. Is sent to the encryption key transmitter 44e. If the browsing permission determination unit 44d determines that browsing is not permitted, the browsing permission determination unit 44d may terminate the process or transmit a message indicating that browsing is not permitted to the recipient terminal 20. May be.

  In addition, the browsing permission determination unit 44d generates a random number of about 4 digits together with its own telephone number selected from the local telephone number storage unit 43b, attaches it to the WEB page, and inputs the random number after establishing the call. You may make it make it. In addition, the browsing permission determination unit 44d searches the key identification information storage unit 43a with the key number received from the receiver terminal 20 as the key for the own telephone number selected from the local station telephone number storage unit 43b. Only when there is an incoming call from the telephone number, the modem 42 is set to receive the incoming call, and with the incoming call notification from the modem 42, the user of the receiver terminal 20 is authenticated as an authorized user. Also good.

  The encryption key transmission unit 44e receives an instruction from the key information registration unit 44c, and sends an encryption key, a key number, and an encryption script to the sender terminal 10 that is the transmission source of the telephone number of the receiver communication device 30. Send. In addition, when the encryption key transmission unit 44e receives an instruction from the browsing permission determination unit 44d, the encryption key transmission unit 44e obtains the encryption key and the encryption key script ID from the key identification information storage unit 43a based on the key number received from the receiver terminal 20. The encryption script corresponding to the encryption key and the encryption script ID is transmitted to the receiver terminal 20 that is the reading source of the key number.

[Processing of Authentication Processing System (Example 1)]
Subsequently, processing of the authentication processing system according to the first embodiment will be described with reference to FIGS. 5 and 6. 5 and 6 are sequence diagrams illustrating a processing flow of the authentication processing system according to the first embodiment.

  As shown in FIG. 5, the sender terminal 10 transmits the telephone number (for example, “phone number A”) of the receiver communication device 30 to the authentication device 40 (step S501). Upon receiving the telephone number of the receiver communication device 30 from the sender terminal 10 (step S502), the authentication device 40 generates an encryption key for use in file encryption at the sender terminal 10 (step S503). The key specifying information is stored in association with the telephone number received from the sender terminal 10, the generated encryption key, the key number assigned to specify the encryption key, and the encryption script ID for identifying the encryption script. Register in the unit 43a (step S504).

  And the authentication apparatus 40 transmits an encryption key, a key number, and an encryption script with respect to the sender terminal 10 which is a transmission origin of the telephone number of the receiver communication apparatus 30 (step S505). When the sender terminal 10 receives the encryption key, the key number, and the encryption script from the authentication device 40 (step S506), the sender terminal 10 accepts an operation from the user, and sends the file to be transmitted to the receiver terminal 20 to the encryption key and the encryption key. The encrypted script is used for encryption, and the key number is included in the encrypted file and transmitted to the recipient terminal 20 (step S507). The receiver terminal 20 receives the encrypted file from the transmitter terminal 10 (step S508).

  Subsequently, as shown in FIG. 6, when the recipient terminal 20 accepts the designation of the encrypted file received from the sender terminal 10 from the user, the recipient terminal 20 activates the browser to access the authentication device and is included in the encrypted file. The key number is transmitted to the authentication device 40 (step S601).

  Upon receiving the key number from the receiver terminal 20 (step S602), the authentication device 40 searches for the telephone number of the receiver communication device 30 registered in the key specifying information storage unit 43a using the key number as a key. (Step S603).

  Then, the authentication device 40 selects one of the telephone numbers allocated to itself stored in the local telephone number storage unit 43b, and receives the selected telephone number from the receiver communication device 30. Is transmitted to the recipient terminal 20 (step S604).

  When the receiver terminal 20 receives the WEB page from the authentication device 40 (step S605), the receiver terminal 20 outputs and displays the WEB page on the display unit so that the user can visually recognize the WEB page. A call is made to the telephone number of the authentication device 40 attached to the page (step S606).

  The authentication device 40 waits for an incoming call from the receiver communication device 30 corresponding to its own telephone number that has requested transmission, and when the incoming call from the receiver communication device 30 is accepted by the modem 42 (step S607), a notification is sent from the modem 42. A caller telephone number to be received is received and a browsing permission determination process is performed (step S608). That is, when the received caller telephone number matches the searched telephone number of the receiver communication device 30, the authentication device 40 views the user of the receiver terminal 20 as a legitimate user. Is determined (Yes in step S608), and the encryption script corresponding to the encryption key and the encryption script ID is transmitted to the recipient terminal 20 that is the transmission source of the key number (step S609). .

  On the other hand, if the received caller telephone number does not match the searched telephone number of the receiver communication device 30, the authentication device 40 views that the user of the receiver terminal 20 is not a legitimate user. Is determined not to be permitted (No at step S608), and the process ends.

  When the receiver terminal 20 receives the encryption key and the encryption script from the authentication device 40 (step S610), the receiver terminal 20 receives an operation from the user and decrypts the encrypted file received from the sender terminal 10 (step S611).

[Effects of Example 1]
According to the present invention, the sender terminal 10 that is the source of the file, the receiver terminal 20 that browses the file transmitted from the sender terminal 10, and the receiver communication device 30 that is used by the user of the receiver terminal 20. And an authentication apparatus 40 that uses the telephone number of the receiver communication device 30 to authenticate the user of the recipient terminal 20, the authentication device 40 uses the receiver communication device used by the user of the receiver terminal 20. When the telephone number of 30 is received from the recipient terminal 20 and access relating to file browsing is accepted, that is, when the key number is received from the recipient terminal 20, the recipient's communication is returned by returning his / her own telephone number. Requesting a call using the device 30, obtaining a caller telephone number transmitted by a call from the receiver communication device 30, and obtaining the caller telephone number and the sender terminal 10 Since it is determined whether or not the user of the sender terminal 10 is allowed to view the file on condition that the received telephone number of the receiver communication device 30 matches, a simple process using the telephone number is performed. It is possible to simply authenticate a user who can view a file without having to manage the password as in the password method.

  According to the present invention, the sender terminal 10 receives the encrypted file containing the encrypted data generated by using the encryption key generated by the authentication device 40 and the key number for specifying the encryption key as the recipient. When the receiver terminal 20 receives an instruction to browse the encrypted file from the user, the receiver terminal 20 transmits the key number included in the encrypted file to the authentication device 40. The authentication device 40 10, an encryption key is generated in association with the telephone number of the receiver communication device 30 received from 10, and the telephone number, encryption key, key number, and encryption script ID of the receiver communication device 30 are associated with each other. After registration, when the encryption key and the key number are transmitted to the sender terminal 10 and the key number is received from the receiver terminal 20, the telephone number corresponding to the key number is retrieved, and the retrieved telephone number Using the receiver communication device 30 WEB page for requesting the call is transmitted to the receiver terminal 20 together with its own telephone number, and the sender telephone number transmitted by the call from the receiver communication device 30 is acquired. When transmitting the confidential data to a certain destination, it is possible to simply authenticate the user who is the confidential data destination by simply uploading the telephone number of the user's communication device that is the confidential data destination. In addition, since the encryption key for decrypting the encrypted confidential data can be quickly transferred to a regular destination, the confidential data can be exchanged quickly and safely.

  In the first embodiment, the case where a telephone number is used as the unique ID of the receiver communication device 30 has been described. However, the present invention is not limited to this, for example, individual identification of the receiver communication device 30 A number may be used as a unique ID.

  In the first embodiment, when the authentication device 40 receives the key number from the recipient terminal 20, the authentication device 40 selects a telephone number corresponding to the key number from the telephone numbers stored in the key specifying information storage unit 43a. Search and send a WEB page requesting a call with its own telephone number attached to the receiver terminal 20, and the sender telephone number from the receiver communication device 30 and the searched sender telephone When the numbers match, it is determined that the user of the recipient terminal 20 is permitted to view as a legitimate user.

  However, the present invention is not limited to this, and the authentication device 40 is newly provided with a telephone call function (corresponding to the “call means” described in the claims), and received from the receiver terminal 20. By using the key number as a key and making a call to the telephone number retrieved from the key specifying information storage unit 43a and accepting an incoming call response indicating that the call has been received by the receiver communication device 30, the user of the receiver terminal 20 is authorized. It may be determined that browsing is permitted as a user (corresponding to “user determination means” described in claims).

  By doing in this way, it becomes possible to reduce the process until the user of the receiver terminal 20 permits browsing as a legitimate user.

  In the first embodiment, the case where the user of the recipient terminal 20 is authenticated by associating the key number with the telephone number of the recipient communication device 30 has been described. However, the present invention is limited to this. Instead, the user of the recipient terminal 20 may be authenticated by associating information associated with the file to be browsed with the telephone number of the recipient communication device 30. Therefore, in the following second embodiment, after describing the configuration and processing of the authentication processing system according to the second embodiment, the effects of the second embodiment will be described.

[Configuration of Authentication Processing System (Example 2)]
First, the configuration of the authentication processing system according to the first embodiment will be described with reference to FIG. FIG. 7 is a block diagram illustrating the configuration of the authentication processing system according to the second embodiment.

  As shown in FIG. 7, the authentication system according to the second embodiment includes a sender terminal 10, a receiver terminal 20, a receiver communication device 30, and an authentication device 50, as in the first embodiment. The sender terminal 10 and the receiver terminal 20 are connected to the authentication device 50 in a state in which communication is possible via the Internet 1, and the receiver communication device 30 and the authentication device 50 can make a call via the public telephone network 2. Connected in state.

  The sender terminal 10 transmits the telephone number of the receiver communication device 30 notified in advance by the user of the receiver communication device 30 to the authentication device 50 as the unique ID of the receiver communication device 30. Then, the sender terminal 10 transmits a file to be transmitted to the receiver terminal 20 to the authentication device 50. Further, when the sender terminal 10 receives the download URL of the file transmitted to the authentication device 50 from the authentication device 50, the sender terminal 10 transmits the received download URL to the receiver terminal 20.

  When receiving the designation of the download URL received from the sender terminal 10 from the user, the receiver terminal 20 starts the WEB browser and accesses the authentication device 50. Further, when receiving the WEB page from the authentication device 50, the receiver terminal 20 outputs and displays it on the display unit so that the user can visually recognize it, and the receiver communication device 30 accepts the transmission operation from the user and displays it on the WEB page. A call is made to the telephone number of the attached authentication device 50. Further, the receiver terminal 20 downloads the file of the sender terminal 10 transmitted from the authentication device 50.

  As illustrated in FIG. 7, the authentication device 50 includes a communication control I / F unit 51, a modem 52, a storage unit 53, and a control unit 54, similar to the authentication device 40 according to the first embodiment. . The communication control I / F unit 51 and the modem 52 have the same processing functions as the communication control I / F unit 41 and the modem 42 of the authentication apparatus 40 according to the first embodiment, but the storage unit 53 and the control unit 54 Some are different. The URL generation unit 54c shown in the figure corresponds to the “browsing information generation unit” described in the claims, and the URL registration unit 54d corresponds to the “browsing information registration unit” described in the claims. Correspondingly, the modem 52 also corresponds to “transmission unique ID acquisition means” described in the claims.

  That is, the file storage unit 53 a of the storage unit 53 stores a file scheduled to be transmitted to the receiver terminal 20 received from the transmitter terminal 10. The URL storage unit 53b of the storage unit 53 receives the telephone number (for example, “phone number A”) of the receiver communication device 30 received from the sender terminal 10 and the file stored in the file storage unit 53a. The URL for download for downloading to the user terminal 20 is stored in association with each other.

  The file receiving unit 54b of the control unit 54 receives a file scheduled to be transmitted to the receiver terminal 20 from the sender terminal 10 and stores it in the file storage unit 53a.

  The URL generation unit 54c of the control unit 54 generates a download URL for causing the receiver terminal 20 to download a file stored in the file storage unit 53a, and sends it to a URL registration unit 54d described later.

  The URL registration unit 54d of the control unit 54 associates the telephone number of the receiver communication device 30 received from the telephone number reception unit 54a with the download URL received from the URL generation unit 54c, and stores it in the URL storage unit 53b. And register. Then, the URL registration unit 54d transmits the download URL to the sender terminal 10.

  Upon receiving access to the download URL from the receiver terminal 20, the browsing permission determination unit 54 e of the control unit 54 uses the URL of the recipient communication device 30 stored in the URL storage unit 53 b as a key. Keep searching.

  Then, the browsing permission determination unit 54e selects one of the telephone numbers allocated to itself stored in the local station telephone number storage unit 53c, and the receiver communication device 30 corresponds to the selected telephone number. A WEB page attached with the selected telephone number is transmitted to the recipient terminal 20 so as to request a call from.

  The browsing permission determination unit 54e waits for an incoming call from the receiver communication device 30 with respect to its own telephone number for which a call has been requested, and sets the caller telephone number notified from the modem 52 that has received the incoming call from the receiver communication device 30. When accepted, if the accepted caller telephone number matches the searched telephone number of the receiver communication device 30, the user of the recipient terminal 20 is permitted to view as an authorized user. Judgment is made. On the other hand, if the received caller telephone number does not match the searched telephone number of the receiver communication device 30, it is assumed that the user of the receiver terminal 20 is not a legitimate user and that browsing is not permitted. Make a decision.

  If the browsing permission determination unit 54e determines that browsing is permitted, the browsing permission determination unit 54e reads the file corresponding to the download URL from the file storage unit 53a and transmits the read file to the recipient terminal 20. The file transmission unit 54f is instructed. If the browsing permission determination unit 54e determines that browsing is not permitted, the browsing permission determination unit 54e may end the process or transmit a message indicating that browsing is not permitted to the recipient terminal 20. May be.

  In addition, the browsing permission determination unit 54e generates a random number of about 4 digits together with the own telephone number selected from the local telephone number storage unit 53c, attaches it to the WEB page, and inputs the random number after establishing the call. You may make it make it. In addition, the browsing permission determination unit 54e receives an incoming call from the telephone number corresponding to the download URL searched from the URL storage unit 53b for the own telephone number selected from the local telephone number storage unit 53c. The modem 42 may be set so as to receive an incoming call only when there is an incoming call, and the user of the receiver terminal 20 may be authenticated as a legitimate user by receiving an incoming call notification from the modem 52.

  Upon receiving an instruction from the browsing permission determination unit 54e, the file transmission unit 54f transmits the file corresponding to the download URL to the receiver terminal 20 for downloading.

[Processing of Authentication Processing System (Example 2)]
Subsequently, processing of the authentication processing system according to the second embodiment will be described with reference to FIGS. 8 and 9. 8 and 9 are sequence diagrams illustrating the flow of processing of the authentication processing system according to the second embodiment.

  As shown in FIG. 8, the sender terminal 10 transmits the telephone number (for example, “telephone number A”) of the receiver communication device 30 to the authentication device 50 (step S801).

  The authentication device 50 receives the telephone number of the receiver communication device 30 from the sender terminal 10 (step S802).

  Subsequently, the sender terminal 10 transmits a file to be transmitted to the receiver terminal 20 to the authentication device 50 (step S803).

  When receiving the file scheduled to be transmitted to the receiver terminal 20 from the transmitter terminal 10 (step S804), the authentication device 50 stores the file in the file storage unit 53a. The authentication device 50 generates a download URL for causing the recipient terminal 20 to download the file stored in the file storage unit 53a (step S805), and sends it to the URL registration unit 54d.

  Next, the authentication device 50 associates the telephone number of the receiver transmitter 30 received from the sender terminal 10 with the generated download URL, and stores and registers the URL in the URL storage unit 53b (step S806). . Then, the authentication device 50 transmits the download URL to the sender terminal 10 (step S807).

  Upon receiving the file download URL transmitted to the authentication device 50 from the authentication device 50 (step S808), the sender terminal 10 transmits the received download URL to the receiver terminal 20 (step S809). The receiver terminal 20 receives the download URL from the transmitter terminal 10 (step S810).

  As shown in FIG. 9, when the receiver terminal 20 receives the designation of the download URL received from the sender terminal 10 from the user, the receiver terminal 20 starts the WEB browser and accesses the authentication device 50 (step S <b> 901).

  Upon receiving access to the download URL from the receiver terminal 20 (step S902), the authentication device 50 searches for the telephone number of the receiver communication device 30 stored in the URL storage unit 53b using this URL as a key. (Step S903).

  Then, the authentication device 50 selects one of the telephone numbers allocated to itself stored in the local telephone number storage unit 53c, and sets the selected telephone number (for example, “telephone number B”). On the other hand, a WEB page attached with the selected telephone number is transmitted to the recipient terminal 20 so as to request a call from the recipient communication device 30 (step S904).

  When the receiver terminal 20 receives the WEB page from the authentication device 50 (step S905), the receiver terminal 20 outputs and displays it on the display unit so that the user can visually recognize the WEB page. A call is made to the telephone number (for example, “telephone number B”) of the authentication device 50 attached to the page (step S906).

  The authentication device 50 waits for an incoming call from the receiver communication device 30 for its own telephone number that has requested transmission, and when the incoming call from the receiver communication device 30 is accepted by the modem 52 (step S907), a notification is sent from the modem 52. The caller telephone number to be received is received and a browsing permission determination process is performed (step S908). That is, when the received caller telephone number matches the searched telephone number of the receiver communication device 30, the authentication device 50 views that the user of the receiver terminal 20 is a legitimate user. Is permitted (Yes at step S908), and the file corresponding to the download URL is read from the file storage unit 53a and transmitted to the recipient terminal 20 (step S909). The receiver terminal 20 downloads the file transmitted from the transmitter terminal 10 (step S910).

  On the other hand, when the received caller telephone number does not match the searched telephone number of the receiver communication device 30, the authentication device 50 views that the user of the receiver terminal 20 is not a legitimate user. Is determined not to be permitted (No at Step S908), and the process is terminated.

[Effects of Example 2]
As described above, according to the second embodiment, the sender terminal 10 transmits a file to the authentication device 50, receives a download URL for causing the receiver terminal 20 to browse the file, from the authentication device 50, When the download URL is transmitted to the receiver terminal 20 and the authentication device 50 receives the file from the sender terminal 10, the authentication apparatus 50 associates the download URL with the telephone number of the receiver communication device 30 received from the sender terminal 10. Then, a download URL for causing the receiver terminal 20 to browse the file is generated, the generated download URL and the received telephone number of the receiver communication device 30 are registered in association with each other, and the download URL When access is received from the recipient terminal 20, the telephone number corresponding to the download URL that has received the access is searched, and the search is performed. Since the WEB page requesting the call using the communication device having the telephone number is transmitted to the receiver terminal 20 together with its own telephone number, and the telephone number transmitted by the call from the receiver communication device 30 is acquired, the file Can be authenticated by a simple method.

  In the second embodiment, the case where the download URL generated in the authentication device 50 is transmitted from the sender terminal 10 to the receiver terminal 20 has been described. However, the present invention is not limited to this, The user of the sender terminal 10 may be notified verbally to the user of the receiver terminal 20 using a telephone or the like.

  In the second embodiment, when access to the download URL is received from the recipient terminal 20, the telephone number corresponding to the download URL is searched from the telephone numbers stored in the URL storage unit 53b. A WEB page requesting a call with its own telephone number attached is transmitted to the receiver terminal 20, and the caller telephone number from the receiver communication device 30 matches the searched caller telephone number. In the case of doing so, it is determined that the user of the recipient terminal 20 is permitted to view as a legitimate user.

  However, the present invention is not limited to this, and the authentication device 40 is newly provided with a telephone call function (corresponding to the “call means” described in the claims), and access from the receiver terminal 20. The user of the recipient terminal 20 receives the incoming call response indicating that the incoming call is received by the recipient communication device 30 using the downloaded URL as a key to the telephone number retrieved from the URL storage unit 53b. It may be determined that the user is permitted to browse as an authorized user (corresponding to “user determination means” described in claims).

  By doing in this way, it becomes possible to reduce the process until the user of the receiver terminal 20 permits browsing as a legitimate user.

  Although the first and second embodiments of the present invention have been described so far, the present invention may be implemented in various different forms other than the above-described embodiments. Therefore, hereinafter, other embodiments included in the present invention will be described as other examples.

(1) Device Configuration, etc. Each component of the authentication device 40 shown in FIG. 2 or the authentication device 50 shown in FIG. 7 is functionally conceptual and is not necessarily physically configured as shown. I don't need it. That is, the specific form of distribution / integration of the authentication device 40 and the authentication device 50 is not limited to the illustrated one. For example, the Internet communication function and the telephone communication function realized by each control unit of the authentication device 40 and the authentication device 50 are provided. Separately, the Internet communication function is realized with a WEB server, and the telephone communication function is realized with an IVR device (Interactive Voice Response). All or part of it is used for various loads and usage conditions. Accordingly, it can be configured to be functionally or physically distributed and integrated in arbitrary units. Furthermore, each processing function performed by the authentication device 40 and the authentication device 50 (see, for example, FIGS. 5 and 6, FIG. 8 and FIG. 9) is analyzed by the CPU and the CPU. It can be realized by a program to be executed or as hardware by wired logic.

(2) Authentication processing program By the way, the various processes of the authentication device 40 or 50 described in the above embodiment (for example, see FIGS. It can be realized by being executed by a computer system such as a computer or a workstation. Therefore, in the following, an example of a computer that executes an authentication processing program having the same function as in the above embodiment will be described with reference to FIG. FIG. 10 is a diagram illustrating a computer that executes an authentication processing program.

  As shown in the figure, a computer 60 as an authentication apparatus is configured by connecting an input unit 61, an output unit 62, a communication control I / F unit 63, an HDD 64, a RAM 65, and a CPU 66 via a bus 70.

  Here, the input unit 61 receives input of various data from the user. The output unit 62 displays various information. The communication control I / F unit 63 performs communication related to various data exchanged with other devices (for example, the sender terminal 10, the receiver terminal 20, and FIG. 2 or FIG. 7) via the network. Control. The RAM 65 temporarily stores various information. The HDD 64 stores information necessary for executing various processes by the CPU 66. The CPU 66 executes various arithmetic processes.

  As shown in FIG. 10, the HDD 64 has an authentication processing program 64a that exhibits the same function as each processing unit of the authentication device shown in the above embodiment, and authentication data 64b used for the authentication processing. Pre-stored. Note that the authentication processing program 64a may be appropriately distributed and stored in a storage unit of another computer that is communicably connected via a network.

  Then, the CPU 66 reads out the authentication processing program 64a from the HDD 64 and develops it in the RAM 65, whereby the authentication processing program 64a functions as an authentication processing process 65a as shown in FIG. Then, the authentication processing process 65a reads the authentication data 64b and the like from the HDD 64, expands the data in the area allocated to itself in the RAM 65, and executes various processes based on the expanded data and the like. The authentication process 65a corresponds to the browsing permission determination unit 44d shown in FIG. 2 or the browsing permission determination unit 54e shown in FIG.

  Note that the above-described authentication processing program 64a is not necessarily stored in the HDD 64 from the beginning. For example, a flexible disk (FD), a CD-ROM, a DVD disk, a magneto-optical disk, and an IC inserted into the computer 60 are not necessary. Each program is stored in a “portable physical medium” such as a card, or “another computer (or server)” connected to the computer 60 via a public line, the Internet, a LAN, a WAN, or the like. The computer 60 may read out and execute each program from these.

  As described above, the authentication processing system, the authentication device, the authentication processing method, and the authentication processing program according to the present invention are useful for user authentication processing and are particularly suitable for simply authenticating a user.

DESCRIPTION OF SYMBOLS 1 Internet 2 Public telephone network 10 Sender terminal 20 Receiver terminal 30 Receiver communication apparatus 40 Authentication apparatus 41 Communication control I / F part 42 Modem 43 Memory | storage part 43a Key specific information memory | storage part 43b Own-station telephone number memory | storage part 44 Control part 44a Telephone number reception unit 44b Encryption key generation unit 44c Key information registration unit 44d Browsing permission determination unit 44e Encryption key transmission unit 50 Authentication device 51 Communication control I / F unit 52 Modem 53 Storage unit 53a File storage unit 53b URL storage unit 53c Self Station telephone number storage unit 54 Control unit 54a Telephone number reception unit 54b File reception unit 54c URL generation unit 54d URL registration unit 54e Browsing permission determination unit 54f File transmission unit 60 Computer (authentication device)
61 Input Unit 62 Output Unit 63 Communication Control I / F Unit 64 HDD (Hard Disk Drive)
64a Authentication processing program 64b Authentication data 65 RAM (Random Access Memory)
65a Authentication processing process 66 CPU (Central Processing Unit)
70 bus

Claims (4)

The transmission source terminal that is the transmission source of the file, the transmission destination terminal that browses the file transmitted from the transmission source terminal, the communication device used by the user of the transmission destination terminal, and the unique information that is unique information of the communication device An authentication processing system comprising an authentication device that uses an ID for authentication of the user,
The transmission source terminal transmits a file to the authentication device, receives browsing information for allowing the transmission destination terminal to browse the file from the authentication device, and transmits the browsing information to the transmission destination terminal. Yes,
The authentication device
A communication device unique ID receiving means for receiving a communication device unique ID which is unique information of the communication device from the transmission source terminal;
When receiving a file from the transmission source terminal, browsing information for allowing the transmission destination terminal to browse the file in association with the communication device unique ID received by the communication device unique ID receiving means. Browsing information generating means for generating;
Browsing information registration means for registering the browsing information generated by the browsing information generating means and the communication device unique ID received by the communication device unique ID in association with each other;
When access to the browsing information is received from the destination terminal, the communication device unique ID corresponding to the browsing information for which the access has been received is searched from the communication device unique ID stored in the browsing information registration unit. Then, a WEB page requesting a call using the communication device with the searched communication device unique ID is transmitted to the destination terminal together with an authentication device unique ID and a random number as its own unique information, and the searched communication device A transmission unique ID acquisition means for receiving only an incoming call using a communication device having a unique ID and acquiring a transmission unique ID transmitted by a call from the communication device;
The transmission unique ID acquired by the transmission unique ID acquisition means matches the communication equipment unique ID received by the communication equipment unique ID reception means , and the transmission unique ID and the communication equipment unique ID Browsing to determine whether or not to allow the user of the destination terminal to view the file on condition that the random number received after the call established by matching with the random number transmitted together with the WEB page Permission determination means;
An authentication processing system characterized by comprising: The transmission unique ID acquisition unit selects one authentication device unique ID from a plurality of assigned authentication device unique IDs when receiving access to the browsing information from the transmission destination terminal, and selects the selected authentication device unique The authentication processing system according to claim 1, wherein an ID is transmitted to the destination terminal. An authentication process for executing, in the authentication device, a process of authenticating a user of a transmission destination terminal browsing a file transmitted from a transmission source terminal using a unique ID that is unique information of a communication device used by the user of the transmission destination terminal A method,
The transmission source terminal transmits a file to the authentication device, receives browsing information for allowing the transmission destination terminal to browse the file from the authentication device, and transmits the browsing information to the transmission destination terminal. Yes,
A communication device unique ID receiving step of receiving a communication device unique ID that is unique information of the communication device from the transmission source terminal;
When a file is received from the transmission source terminal, browsing information for causing the transmission destination terminal to browse the file is associated with the communication device unique ID received in the communication device unique ID reception step. A browsing information generation process to generate;
A browsing information registration step for registering the browsing information generated by the browsing information generation step and the communication device unique ID received by the communication device unique ID in a predetermined storage unit in association with each other;
When access to the browsing information is received from the destination terminal, a communication device unique ID corresponding to the browsing information for which the access has been received is searched from the communication device unique ID stored in the predetermined storage unit Then, a WEB page requesting a call using the communication device with the searched communication device unique ID is transmitted to the destination terminal together with an authentication device unique ID and a random number as its own unique information, and the searched communication device A transmission unique ID acquisition step of receiving only an incoming call using a communication device with a unique ID and acquiring a transmission unique ID transmitted by a call from the communication device;
The transmission unique ID acquired by the transmission unique ID acquisition step matches the communication device unique ID received by the communication device unique ID reception step , and the transmission unique ID and the communication device unique ID Browsing to determine whether or not to allow the user of the destination terminal to view the file on condition that the random number received after the call established by matching with the random number transmitted together with the WEB page A permission determination step;
The authentication processing method characterized by including. Executes processing for authenticating a user of a transmission destination terminal viewing a file transmitted from a transmission source terminal using a unique ID that is unique information of a communication device used by the user of the transmission destination terminal on a computer that is an authentication device An authentication processing program for
The transmission source terminal transmits a file to the authentication device, receives browsing information for allowing the transmission destination terminal to browse the file from the authentication device, and transmits the browsing information to the transmission destination terminal. Yes,
In the computer that is the authentication device,
A communication device unique ID reception procedure for receiving a communication device unique ID which is unique information of the communication device from the transmission source terminal;
When a file is received from the transmission source terminal, browsing information for allowing the transmission destination terminal to browse the file is associated with the communication device unique ID received by the communication device unique ID reception procedure. Browsing information generation procedure to generate,
A browsing information registration procedure for registering the browsing information generated by the browsing information generation procedure in association with the communication device unique ID received by the communication device unique ID reception procedure in a predetermined storage unit;
When access to the browsing information is received from the destination terminal, a communication device unique ID corresponding to the browsing information for which the access has been received is searched from the communication device unique ID stored in the predetermined storage unit Then, a WEB page requesting a call using the communication device with the searched communication device unique ID is transmitted to the destination terminal together with an authentication device unique ID and a random number as its own unique information, and the searched communication device A transmission unique ID acquisition procedure for receiving only an incoming call using a communication device with a unique ID and acquiring a transmission unique ID transmitted by a call from the communication device;
The transmission unique ID acquired by the transmission unique ID acquisition procedure matches the communication device unique ID received by the communication device unique ID reception procedure , and the transmission unique ID and the communication device unique ID. Browsing to determine whether or not to allow the user of the destination terminal to view the file on condition that the random number received after the call established by matching with the random number transmitted together with the WEB page Permission judgment procedure;
An authentication processing program characterized in that

Images