JP5197681B2 - Login seal management system and management server - Google Patents

Description

  The present invention relates to a login seal management system and a management server.

  In recent years, with the spread of the Internet and the like, users can easily access convenient services by accessing the Internet or the like from a terminal. When using the service, the user can input the user information and use the service after user authentication is performed by the service providing side. The user information input in this way is likely to be stolen by a so-called phishing act of collecting user information by disguising a Web page.

  Therefore, various defense measures against phishing have been developed. For example, on a screen that accepts input of the user information (user ID, password, etc.), a login sticker composed of a message or an image set by the user is displayed, and the user who has visually recognized the login sticker receives user information (user ID A defensive measure is known in which a display of a regular screen that accepts input of a password, etc., and a display of a screen impersonating this can be distinguished.

  More specifically, the web browser provided in the user's terminal transmits a message, an image, or the like constituting the login seal to the web server in response to receiving an instruction from the user, and the web server that has received these However, a message, an image, and the like constituting the login seal are stored in association with the cookie information that is information for identifying the Web browser of the user terminal. Next, in response to receiving a transmission request for a screen that accepts input of user information together with the cookie information from the Web browser included in the user's terminal, the Web server logs in based on the received cookie information. A message, an image, or the like constituting the seal is read out and transmitted to the web browser, and the web browser displays the login seal.

  In the invention disclosed in Patent Document 1, the user data management apparatus creates a first data registration screen that is different for each user ID when the user data is registered for the first time. Then, the user data management device displays a second data registration screen based on the created first data registration screen on the terminal-type data processing device at the time of user data registration, and from the phishing act, the user data Defend registration.

JP 2007-94523 A

  However, as described above, when the login sticker is set, the countermeasure by displaying the conventional login sticker is information that the user terminal and the web server identify the web browser of the user terminal together with the login sticker. This is possible by storing cookie information as well. Therefore, in a terminal including a portable information terminal such as a so-called smart phone, an application that cannot transmit and receive cookie information and cannot store a measure using a conventional login seal cannot be used. Further, the invention disclosed in Patent Document 1 does not intuitively indicate to the user that the screen is a regular screen by the second data registration screen displayed on the terminal-type data processing device.

  Therefore, even if the application cannot send and receive cookie information on the terminal, it can intuitively indicate that the screen for accepting user authentication information is a legitimate screen, and the user authentication information is phishing. There is a need for a system that can prevent this.

  The present invention can intuitively indicate that a screen for accepting user authentication information is a legitimate screen even when the application cannot transmit / receive cookie information in the terminal, and the user authentication information is phishing. It is an object of the present invention to provide a login seal management system and a management server that can surely prevent the occurrence of such a situation.

  The present invention provides the following solutions.

(1) A login seal management system comprising a management server and a terminal connected via a communication network, wherein the terminal receives a terminal unique ID in response to receiving a login seal from a user of the terminal. A login seal registration requesting unit that reads out from a predetermined storage unit and transmits the login seal to the management server together with the read terminal unique ID; and the management server transmits the login seal transmitted by the login seal registration requesting unit. In response to receiving the seal together with the terminal unique ID, the apparatus includes login seal registration means for storing the received login sticker in a login seal database in association with the terminal unique ID, and the terminal receives a message from the user of the terminal. In response to accepting the login request, the management server When the login screen information including an instruction to display the login sticker obtained by accessing the server is obtained, the terminal unique ID is read from a predetermined storage unit, and the login sticker transmission request is sent together with the read terminal unique ID. Further comprising a login seal reference request means for transmitting to the management server, the management server received the login seal transmission request transmitted by the login seal reference request means in response to receiving the login seal reference request together with the terminal unique ID A login seal management system further comprising login seal transmission means for extracting the login seal associated with the terminal unique ID from the login seal database and transmitting the extracted login seal to the terminal.

  According to the configuration of (1), the login sticker management system includes a management server and a terminal connected via a communication network. In response to receiving the login sticker from the user of the terminal, the terminal reads the terminal unique ID from a predetermined storage unit and transmits the login sticker together with the read terminal unique ID to the management server. In response to receiving the transmitted login sticker together with the terminal unique ID, the management server stores the received login sticker in the login sticker database in association with the terminal unique ID. Then, in response to receiving the login request from the user of the terminal, the terminal reads the terminal unique ID from the predetermined storage unit, transmits the login seal transmission request together with the read terminal unique ID to the management server, and manages In response to receiving the transmitted login seal transmission request together with the terminal unique ID, the server extracts the login seal associated with the received terminal unique ID from the login seal database, and transmits the extracted login seal to the terminal. To do.

  That is, in the login seal management system according to the present invention, the terminal makes a login seal transmission request to the management server in response to receiving a login request from the user, and manages the login seal stored in association with the terminal unique ID. Receive from server. Therefore, the terminal can display the terminal-specific login sticker in response to the login request. Therefore, even if the login seal management system according to the present invention is an application that cannot transmit and store cookie information in the terminal, when the management server can be identified on the communication network and the above-described communication can be performed, A terminal-specific login sticker is displayed to the logged-in user, which can intuitively indicate that the screen for accepting user authentication information is a legitimate screen, and reliably prevents phishing of user authentication information. can do.

  (2) A registration support server further connected via a communication network, wherein the login seal registration request means further accepts a user ID from the user of the terminal and reads the login seal and the terminal unique ID together The received user ID is transmitted to the registration support server, and the registration support server generates a one-time ID in response to receiving the login seal and the user ID together with the terminal unique ID from the terminal. Time ID generation means, one-time ID transmission means for transmitting the terminal unique ID and the login seal together with the generated one-time ID to the management server, and a mail address from a predetermined user database based on the received user ID Extract the email address A confirmation mail transmitting means for generating a personal confirmation email including means for transmitting the generated one-time ID to the management server, and sending the generated one-time ID together with the personal confirmation mail The login sticker registration means receives the login sticker and the one-time ID received from the registration support server together with the one-time ID together with the one-time ID. In response to receiving the one-time ID, a temporary registration means for storing the login seal associated with the terminal-specific ID associated with the received one-time ID in response to receiving the one-time ID. Stored in the login seal database as valid The login seal management system according to (1), further comprising an effective registration unit.

  According to the configuration of (2), the login seal management system of (1) further includes a registration support server connected via a communication network. Then, the terminal further receives the user ID from the user of the terminal, transmits the login seal and the received user ID together with the read terminal unique ID to the registration support server, and the registration support server logs in together with the terminal unique ID from the terminal. A one-time ID is generated in response to receiving the seal and the user ID. Next, the registration support server transmits the terminal unique ID and the login sticker together with the generated one-time ID to the management server, extracts a mail address from a predetermined user database based on the received user ID, and extracts the mail address Is sent to the management server, and the generated one-time ID is transmitted together with the generated one-time ID. In response to receiving the terminal unique ID and login sticker together with the one-time ID from the registration support server, the management server associates the received login sticker and one-time ID with the terminal unique ID and stores them as temporary registration in the login sticker database. Further, in response to receiving the one-time ID, the login sticker related to the terminal unique ID associated with the received one-time ID is stored as valid in the login sticker database.

  That is, in the login seal management system according to (2), the registration support server transmits an identity confirmation mail including the one-time ID to a predetermined mail address based on the user ID and transmits the one-time ID to the management server. . In response to receiving the one-time ID generated by the registration support server, the management server registers the login seal temporarily registered in association with the terminal unique ID as valid. In response to the login request, the terminal receives and displays the terminal-specific login sticker registered as valid. Therefore, in addition to the operations and effects of the login seal management system according to (1), the login seal management system suppresses impersonation at the time of login seal registration by performing user identity verification at the time of login seal registration. The action and effect that can be expected. Therefore, for example, a malicious user who has stolen another person's terminal cannot receive the identity confirmation mail and cannot register the login seal. Here, it goes without saying that the terminal that receives the identity confirmation mail may be different from the terminal that registers and refers to the login seal.

  (3) The login seal registration request means further receives a user ID from the user of the terminal, and transmits the login seal and the received user ID together with the read terminal unique ID to the management server, and the login The seal registration means is based on the registered one-time ID generating means for generating a one-time ID in response to receiving the login sticker and the user ID together with the terminal unique ID from the terminal, and the received user ID. Extracting an e-mail address from a predetermined user database, generating an identity confirmation e-mail including means for transmitting the generated one-time ID to the management server with the extracted e-mail address as a destination, and generating the generated one-time Send a registration confirmation email to send the ID with the identity confirmation email A temporary registration means for associating the received login sticker and the one-time ID with the terminal-specific ID and storing them in the login sticker database as temporary registration; and receiving the one-time ID in response to receiving the one-time ID. The login seal management system according to (1), further including valid registration means for storing the login seal related to the terminal unique ID associated with the one-time ID in the login seal database as valid.

  According to the configuration of (3), the login seal management system of (1) further receives a user ID from the terminal user, and transmits the login seal and the received user ID together with the read terminal unique ID to the management server. The management server generates a one-time ID in response to receiving the login sticker and the user ID together with the terminal unique ID from the terminal, extracts a mail address from a predetermined user database based on the received user ID, Using the extracted mail address as a destination, a personal identification mail including means for transmitting the generated one-time ID to the management server is generated, and the generated one-time ID is transmitted together with the personal verification mail. Then, the management server associates the received login sticker and the one-time ID with the terminal unique ID and stores them as temporary registration in the login sticker database, and further associates the received one-time ID with the received one-time ID in response to receiving the one-time ID. The login seal related to the terminal unique ID is stored as valid in the login seal database.

  That is, in the login seal management system according to (3), the management server also exhibits the function of the registration support server according to (2) together with one device. Therefore, the login seal management system can be expected to have the same operation and effect as the login seal management system according to (2) without separately providing a registration support server.

(4) A management server connected to a terminal via a communication network, wherein the login seal transmitted together with the terminal unique ID is received from the terminal that transmits the login seal together with the terminal unique ID. Login screen registration means for associating the received login sticker with the terminal unique ID and storing it in a login sticker database, and information on a login screen including an instruction to display the login sticker obtained by accessing the management server. Upon acquisition, the terminal sends a login sticker transmission request together with the terminal unique ID, and is associated with the received terminal unique ID in response to receiving the transmitted login sticker transmission request together with the terminal unique ID. If the login seal is the login seal database And a login seal transmission means for transmitting the extracted login seal to the terminal.

  According to the configuration of (4), the management server receives the received login seal in response to receiving the transmitted login seal together with the terminal unique ID from the terminal that transmits the login seal together with the terminal unique ID. It is stored in the login seal database in association with the terminal unique ID. Then, the management server associates the received login seal transmission request with the terminal unique ID in response to receiving the transmitted login seal transmission request together with the terminal unique ID from the terminal that transmits the login seal transmission request together with the terminal unique ID. The extracted login seal is extracted from the login seal database, and the extracted login seal is transmitted to the terminal.

  That is, the management server according to the present invention can be expected to have the same actions and effects as the management server according to (1).

  The present invention is a screen for accepting user authentication information when the application can identify the management server on the network and perform the above-described communication even if the application cannot transmit / receive cookie information in the terminal. It is possible to provide a management system and a management server that can intuitively indicate that the screen is a legitimate screen and can reliably prevent phishing of user authentication information.

It is a functional block diagram which shows the function structure of the login sticker management system which concerns on Embodiment 1 of this invention. It is a figure which shows the example of login seal DB of the login seal management system which concerns on Embodiment 1 of this invention. It is a flowchart which shows the login sticker registration process of the login sticker management system which concerns on Embodiment 1 of this invention. It is a flowchart which shows the login sticker reference process of the login sticker management system which concerns on Embodiment 1 of this invention. It is a functional block diagram which shows the function structure of the login sticker management system which concerns on Embodiment 2 of this invention. It is a figure which shows the example of login seal DB of the login seal management system which concerns on Embodiment 2 of this invention. It is a flowchart which shows the login seal temporary registration process of the login seal management system which concerns on Embodiment 2 of this invention. It is a flowchart which shows the login sticker effective registration process of the login sticker management system which concerns on Embodiment 2 of this invention. It is a functional block diagram which shows the function structure of the login sticker management system which concerns on Embodiment 3 of this invention. It is a figure which shows the example of a display of the registration request | requirement of the login sticker by the login sticker management system which concerns on one Embodiment of this invention. It is a figure which shows the example of a display of the login by the login seal | sticker management system which concerns on one Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  In the login seal management system 1 of this embodiment, the management server 50, the registration support server 60, and the terminal 10 are applied to a computer and its peripheral devices. Each unit in the present embodiment is configured by hardware included in a computer and its peripheral devices, and software that controls the hardware.

  The hardware includes a storage unit, a communication device, a display device, and an input device in addition to a CPU (Central Processing Unit) as a control unit. Examples of the storage unit include a memory (RAM: Random Access Memory, ROM: Read Only Memory, etc.), a hard disk drive (HDD: Hard Disk Drive), and an optical disk (CD: Compact Disc, DVD: Digital Versatile Drive, etc.). It is done. Examples of the communication device include various wired and wireless interface devices. Examples of the display device include various displays such as a liquid crystal display and a plasma display. Examples of the input device include a keyboard and a pointing device (mouse, tracking ball, etc.).

  The software includes a computer program and data for controlling the hardware. The computer program and data are stored in the storage unit, and are appropriately executed and referenced by the control unit. The computer program and data can be distributed via a communication line, or can be recorded on a computer-readable medium such as a CD-ROM and distributed.

[Embodiment 1]
FIG. 1 is a functional block diagram showing a functional configuration of a login seal management system 1 according to the first embodiment of the present invention. The login seal management system 1 includes a terminal 10 and a management server 50 connected via a communication network 70. The terminal 10 includes a login seal registration request unit 11 as a login seal registration request unit and a login seal reference request unit 12 as a login seal reference request unit. The management server 50 includes a login seal registration unit 51 as a login seal registration unit, a login seal transmission unit 52 as a login seal transmission unit, and a login seal DB 31 as a login seal database. The function of the login seal management system 1 will be described in detail for each part.

  The login seal registration request unit 11 of the terminal 10 reads the terminal unique ID from the predetermined storage unit in response to receiving the login seal from the user of the terminal 10, and sends the login seal to the management server together with the read terminal unique ID. Send. Here, the terminal unique ID is unique identification information stored in the terminal, and is, for example, a UDID (Unique Device Identifier) such as a portable information terminal or a mobile phone. The login sticker is digital data composed of a character string or an arbitrary image. For example, the login seal registration request unit 11 of the terminal 10 receives login seal data designated by the user, and transmits a login seal registration request to the management server 50 together with the UDID stored in the ROM of the terminal 10. The terminal 10 may present a login seal candidate list to the user and accept a selection operation from the user.

  The login seal registration unit 51 of the management server 50 associates the received login seal with the terminal unique ID in response to receiving the login seal transmitted by the login seal registration request unit 11 of the terminal 10 together with the terminal unique ID. Store in the login seal DB31. For example, the login seal registration unit 51 of the management server 50 stores the received login seal data in the login seal DB 31 in association with the received UDID, based on the login seal registration request received from the terminal 10.

  The login seal reference request unit 12 of the terminal 10 reads the terminal unique ID from the predetermined storage unit in response to receiving the login request from the user of the terminal 10, and sends the login seal transmission request together with the read terminal unique ID. It transmits to the management server 50. That is, the terminal 10 transmits a login seal transmission request together with the terminal unique ID to the management server 50 in order to display the login seal unique to the terminal 10 in the display for logging in the user. For example, the login seal reference request unit 12 of the terminal 10 stores in the ROM of the terminal 10 in order to display a login seal unique to the terminal 10 on the login screen requested by the activated application when the user activates the application. A login seal transmission request is transmitted to the management server 50 together with the UDID.

  The login seal transmission unit 52 of the management server 50 is associated with the received terminal unique ID in response to receiving the login seal transmission request transmitted by the login seal reference request unit 12 of the terminal 10 together with the terminal unique ID. The login seal is extracted from the login seal DB 31, and the extracted login seal is transmitted to the terminal 10. For example, the management server 50 searches the login seal DB 31 based on the received UDID, and extracts the login seal associated with the searched UDID. Then, the login seal transmission unit 52 transmits the extracted login seal data to the terminal 10, and the terminal 10 displays the login seal specific to the terminal 10 on the login screen of the application by the received login seal data, A guidance display for logging in the user is displayed (see FIG. 11 described later). On the other hand, an application that cannot identify the management server 50 on the communication network 70 and perform the above-described communication cannot display a login sticker.

  The login sticker registration request unit 11 and the login sticker reference request unit 12 are transmitted from an external server, introduced into the terminal 10, and configured as a program that executes processing using the hardware resources of the terminal 10, It may be used by being incorporated into a predetermined application or operating in cooperation. By doing in this way, among the applications of the terminal 10, it is possible to select or specify an application that can incorporate the program or operate in cooperation with the terminal 10, and to exhibit the above-described functions. The application described above can also exhibit the above functions later.

  FIG. 2 is a diagram illustrating an example of the login seal DB 31 of the login seal management system 1 according to the first embodiment of the present invention. The login seal DB 31 stores the terminal unique ID received from the terminal 10 and the login seal in association with each other. Here, the terminal unique ID of the login seal DB 31 stores a terminal unique ID, such as UDID. The login seal of the login seal DB 31 stores information indicating the storage location of the data of the login seal (URL (Uniform Resource Locator) configured by a file name, a server name for download, etc.).

  FIG. 3 is a flowchart showing login seal registration processing of the login seal management system 1 according to the first embodiment of the present invention.

  In step S101, the CPU (login seal registration request unit 11) of the terminal 10 receives a login seal designation operation from the user. More specifically, the CPU of the terminal 10 receives an input of a login sticker registration request instruction and a designation indicating a login sticker from a user by an input device (for example, a keyboard). Thereafter, the CPU of the terminal 10 moves the process to step S102.

  In step S <b> 102, the CPU (login seal registration request unit 11) of the terminal 10 transmits a login seal together with the terminal unique ID to the management server 50. More specifically, the CPU of the terminal 10 reads the UDID from the ROM, and transmits the login seal data specified in step S101 to the management server 50 together with the read UDID. Thereafter, the CPU of the terminal 10 moves the process to step S103 and waits for reception from the management server 50.

  Next, in step S201, the CPU (login seal registration unit 51) of the management server 50 receives the login seal together with the terminal unique ID. More specifically, the CPU of the management server 50 receives the UDID and login seal data transmitted in step S102. Thereafter, the CPU of the management server 50 moves the process to step S202.

  In step S <b> 202, the CPU (login seal registration unit 51) of the management server 50 stores the login seal in the login seal DB 31 in association with the terminal unique ID, and transmits registration completion to the terminal 10. More specifically, the CPU of the management server 50 stores the UDID received in step S201 and the login seal data in the login seal DB 31 in association with each other. Then, the CPU of the management server 50 transmits data indicating registration completion to the terminal 10. Thereafter, the CPU of the management server 50 ends the process.

  Next, in step S103, the CPU of the terminal 10 receives and stores the registration completion. More specifically, the CPU of the terminal 10 receives data indicating completion of login seal registration transmitted in step S202. Then, the CPU of the terminal 10 stores in the storage unit that the login seal is registered in the management server 50. Thereafter, the CPU of the terminal 10 ends the process. The terminal 10 can identify the user who has not registered the login seal by storing in the storage unit that the login seal is registered in the management server 50, and can prompt the user to register the login seal.

  FIG. 4 is a flowchart showing the login seal reference process of the login seal management system 1 according to the first embodiment of the present invention.

  In step S111, the CPU (login seal reference requesting unit 12) of the terminal 10 receives a login screen request from the user. More specifically, the CPU of the terminal 10 receives an input of a login screen request from the user by an input device (for example, a keyboard). Thereafter, the CPU of the terminal 10 moves the process to step S112.

  In step S112, the CPU (login seal reference request unit 12) of the terminal 10 transmits a login seal transmission request together with the terminal unique ID. More specifically, the CPU of the terminal 10 reads the UDID from the ROM, and transmits a login seal transmission request to the management server 50 together with the read UDID. Thereafter, the CPU of the terminal 10 moves the process to step S113 and waits for reception of a login seal.

  Next, in step S211, the CPU (login seal transmission unit 52) of the management server 50 receives the login seal transmission request together with the terminal unique ID. More specifically, the CPU of the management server 50 receives the login seal transmission request and the UDID transmitted in step S112. Thereafter, the CPU of the management server 50 moves the process to step S212.

  In step S212, the CPU (login seal transmission unit 52) of the management server 50 extracts and transmits the login seal associated with the received terminal unique ID. More specifically, the CPU of the management server 50 searches the login seal DB 31 based on the UDID received in step S211, extracts the login seal associated with the searched UDID, and stores the extracted login seal data in the terminal 10 to send. Thereafter, the CPU of the management server 50 ends the process.

  Next, in step S113, the CPU of the terminal 10 receives and displays the login seal. More specifically, the CPU of the terminal 10 receives the login sticker data transmitted in step S212, and displays the login sticker together with the login screen on the display device of the terminal 10 (see FIG. 11 described later). Thereafter, the CPU of the terminal 10 ends the login seal reference process, and proceeds to a login input process (not shown).

[Embodiment 2]
FIG. 5 is a functional block diagram showing a functional configuration of the login seal management system 1 according to the second embodiment of the present invention. The login seal management system 1 further includes a registration support server 60 in addition to the first embodiment. The registration support server 60 includes a one-time ID generation unit 61 as a one-time ID generation unit, a one-time ID transmission unit 62 as a one-time ID transmission unit, a confirmation mail transmission unit 63 as a confirmation mail transmission unit, a user The login seal registration unit 51 of the management server 50 further includes a temporary registration unit 511 as a temporary registration unit and an effective registration unit 512 as an effective registration unit. The function of the login seal management system 1 will be described in detail for each part.

  The login seal registration request unit 11 of the terminal 10 further receives a user ID from the user of the terminal 10 and transmits the login seal and the received user ID together with the read terminal unique ID to the registration support server 60. Here, the user ID is information for identifying the user. For example, the login seal registration request unit 11 of the terminal 10 transmits the received user ID, login seal data designated by the user, and the login seal registration request together with the UDID stored in the ROM to the registration support server 60. .

  The one-time ID generation unit 61 of the registration support server 60 generates a one-time ID in response to receiving the login seal and the user ID together with the terminal unique ID from the terminal 10. Here, the one-time ID is identification information that can be used only once between a plurality of devices. As a condition for using the one-time ID, not only the number of times but also a time limit (for example, it can be used only within one hour after generating the one-time ID) may be provided. The one-time ID may be generated based on the received UDID (for example, identification information in which a reception time is added to the UDID or a random number is added). For example, the one-time ID generation unit 61 of the registration support server 60 can be used only once between the management server 50 and the terminal 10 in response to receiving the login seal data and the user ID together with the UDID from the terminal 10. A simple one-time ID is generated.

  The one-time ID transmission unit 62 of the registration support server 60 transmits the terminal unique ID and the login seal together with the one-time ID generated by the one-time ID generation unit 61 to the management server 50. For example, the one-time ID transmission unit 62 of the registration support server 60 transmits the UDID and login seal data received from the terminal 10 to the management server 50 together with the one-time ID.

  The confirmation mail transmission unit 63 of the registration support server 60 extracts a mail address from a predetermined user DB 32 based on the received user ID, and transmits the one-time ID to the management server 50 with the extracted mail address as a destination. A person confirmation mail including the means is generated, and the one-time ID generated by the one-time ID generation unit 61 is transmitted together with the person confirmation mail. Here, the predetermined user DB 32 stores user information including the user's mail address in association with the user ID. For example, the confirmation mail transmission unit 63 of the registration support server 60 searches the user DB 32 with the user ID received from the terminal 10 and extracts the mail address associated with the searched user ID. The means for transmitting the one-time ID to the management server 50 is a program for transmitting the one-time ID to the management server 50, for example. The terminal 10 can transmit the one-time ID to the management server 50 by accepting an operation from the user who has received the personal identification mail and starting the program. That is, the confirmation mail transmission unit 63 generates a personal confirmation mail including the one-time ID transmission program with the extracted mail address as a destination, and transmits the generated one-time ID together with the personal confirmation mail. Alternatively, the means for transmitting the one-time ID to the management server 50 includes, for example, the one-time ID via the hyperlink function in response to the user clicking on the URL in which the one-time ID is embedded. It may be realized by a mail transmitted to 50.

  When the login seal registration unit 51 of the management server 50 receives the terminal unique ID and the login seal together with the one-time ID from the registration support server 60, the temporary registration unit 511 receives the received login seal and the one-time ID from the terminal. In association with the unique ID, it is stored in the login seal DB 31 as temporary registration. For example, the temporary registration unit 511 stores the data indicating the temporary registration and the one-time ID in the login seal DB 31 together with the login seal data in association with the received UDID.

  In the login seal registration unit 51 of the management server 50, the valid registration unit 512 further relates to the terminal unique ID associated with the received one-time ID in response to receiving the one-time ID from the user terminal 10. The login seal is stored in the login seal DB 31 as valid. For example, the valid registration unit 512 searches the login seal DB 31 with the one-time ID in response to receiving the one-time ID from the user terminal 10. Then, the valid registration unit 512 updates the data indicating the temporary registration of the login sticker related to the UDID corresponding to the searched one-time ID to data indicating valid registration.

  Then, in response to receiving the login request from the user of the terminal 10, the terminal 10 transmits a login seal transmission request together with the terminal unique ID to the management server 50 and received from the management server 50. Is displayed and a guidance display for allowing the user to log in is displayed (see FIG. 11 described later).

  FIG. 6 is a diagram illustrating an example of the login seal DB 31 of the login seal management system 1 according to the second embodiment of the present invention. The login sticker DB 31 stores the login sticker, the one-time ID, and the registration state in association with the terminal unique ID received from the terminal 10. The one-time ID of the login seal DB 31 stores a one-time ID for valid registration after temporarily registering the login seal. In the registration state of the login seal DB 31, data indicating temporary registration or data indicating valid registration is stored.

  FIG. 7 is a flowchart showing the login seal temporary registration process of the login seal management system 1 according to the second embodiment of the present invention.

  In step S121, the CPU (login seal registration requesting unit 11) of the terminal 10 accepts a login sticker and further accepts a user ID. More specifically, the CPU of the terminal 10 receives an instruction for a login sticker registration request, a designation indicating a login sticker, and an input of a user ID from an input device (for example, a keyboard). Thereafter, the CPU of the terminal 10 moves the process to step S122.

  In step S <b> 122, the CPU (login seal registration request unit 11) of the terminal 10 transmits the login seal and the user ID together with the terminal unique ID to the registration support server 60. More specifically, the CPU of the terminal 10 reads the UDID from the ROM, and transmits the user ID received in step S121 and the designated login seal data to the registration support server 60 together with the read UDID. Thereafter, the CPU of the terminal 10 ends the process.

  Next, in step S321, the CPU (one-time ID generation unit 61) of the registration support server 60 generates a one-time ID. More specifically, the CPU of the registration support server 60 generates a one-time ID by adding the reception time to the UDID in response to receiving the UDID, user ID, and login seal data transmitted in step S122. To do. Thereafter, the CPU of the registration support server 60 moves the process to step S322.

  In step S322, the CPU (one-time ID transmission unit 62) of the registration support server 60 transmits the terminal unique ID and the login seal to the management server 50 together with the one-time ID. More specifically, the CPU of the registration support server 60 transmits the UDID and login seal data received in step S321 to the management server 50 together with the one-time ID generated in step S321. Thereafter, the CPU of the registration support server 60 moves the process to step S323.

  In step S323, the CPU (confirmation mail transmission unit 63) of the registration support server 60 generates a personal confirmation mail and transmits the generated one-time ID. More specifically, the CPU of the registration support server 60 searches the user DB 32 using the user ID received in step S321, and extracts the mail address associated with the searched user ID. Then, the CPU of the registration support server 60 generates an identity confirmation mail including the one-time ID transmission program with the extracted mail address as the destination, and transmits the generated one-time ID together with the identity confirmation mail. Thereafter, the CPU of the registration support server 60 ends the process.

  Next, in step S <b> 221, the CPU (login seal registration unit 51) of the management server 50 receives the terminal unique ID and the login seal from the registration support server 60 together with the one-time ID. More specifically, the CPU of the management server 50 receives the one-time ID, the terminal unique ID, and the login sticker data transmitted in step S322. Thereafter, the CPU of the management server 50 moves the process to step S222.

  In step S222, the CPU (login seal registration unit 51, temporary registration unit 511) of the management server 50 stores the login seal in the login seal DB 31 as temporary registration in association with the terminal unique ID. More specifically, the CPU of the management server 50 stores the login sticker, the one-time ID, and data indicating temporary registration in the login sticker DB 31 in association with the terminal unique ID received in step S221. Thereafter, the CPU of the management server 50 ends the process. Note that step S322 of the registration support server 60 may also transmit the user ID to the management server 50, and the management server 50 may perform processing corresponding to step S323 of the registration support server 60 after step S222.

  FIG. 8 is a flowchart showing the login seal valid registration process of the login seal management system 1 according to the second embodiment of the present invention.

  In step S131, the CPU of the terminal 10 receives an identity confirmation mail. Here, the terminal that receives the identity confirmation mail may be a user terminal different from the terminal 10. More specifically, the CPU of the terminal 10 receives the personal identification mail transmitted from the registration support server 60 in step S323. Thereafter, the CPU of the terminal 10 moves the process to step S132.

  In step S132, the CPU of the terminal 10 transmits a one-time ID. Here, the terminal that transmits the one-time ID may be a user terminal different from the terminal 10. More specifically, the CPU of the terminal 10 transmits the one-time ID transmitted by the personal identification mail received in step S131 to the management server 50. Thereafter, the CPU of the terminal 10 moves to step S133 and waits for reception from the management server 50.

  Next, in step S231, the CPU (login seal registration unit 51, effective registration unit 512) of the management server 50 receives the one-time ID. More specifically, the CPU of the management server 50 receives the one-time ID transmitted from the terminal 10 in step S132. Thereafter, the CPU of the management server 50 moves the process to step S232.

  In step S232, the CPU (login seal registration unit 51, valid registration unit 512) of the management server 50 stores the login seal related to the terminal unique ID associated with the one-time ID in the login seal DB 31 as valid, 10 sends the valid registration completion. More specifically, the CPU of the management server 50 searches the login sticker DB 31 with the one-time ID received in step S231, and is valid for the login sticker registration state related to the terminal unique ID corresponding to the searched one-time ID. Data indicating registration is stored. Then, the CPU of the management server 50 transmits to the terminal 10 data indicating that the login seal has been registered effectively. Thereafter, the CPU of the management server 50 ends the process.

  Next, in step S133, the CPU of the terminal 10 receives and stores the valid registration completion. More specifically, the CPU of the terminal 10 receives the data transmitted in step S232 indicating that the login seal has been registered effectively, and stores in the storage unit that the login seal has been registered effectively in the management server 50. Remember. Thereafter, the CPU of the terminal 10 ends the process.

[Embodiment 3]
FIG. 9 is a functional block diagram showing a functional configuration of the login seal management system 1 according to the third embodiment of the present invention. In the login seal management system 1, the management server 50 has the function of the registration support server 60 in the second embodiment. In other words, in addition to the second embodiment, the login seal registration unit 51 of the management server 50 includes a registration one-time ID generation unit 513 as a registration one-time ID generation unit and a registration confirmation mail transmission unit 514 as a registration confirmation mail transmission unit. And a user DB 32 as a user database. The function of the login seal management system 1 will be described in detail for each part.

  The registered one-time ID generation unit 513 of the management server 50 generates a one-time ID in response to receiving the login sticker and the user ID together with the terminal unique ID from the terminal 10.

  The registration confirmation mail transmission unit 514 of the management server 50 extracts a mail address from a predetermined user DB 32 based on the received user ID, and transmits the one-time ID to the management server 50 with the extracted mail address as a destination. A personal confirmation mail including means is generated, and the generated one-time ID is transmitted together with the personal confirmation mail.

  Then, the temporary registration unit 511 of the management server 50 associates the received login sticker and one-time ID with the terminal unique ID and stores them as temporary registration in the login sticker DB 31, and the valid registration part 512 further stores the one-time ID from the user terminal 10. In response to receiving the time ID, the login seal related to the terminal unique ID associated with the received one-time ID is stored in the login seal DB 31 as valid.

  The login sticker temporary registration process of the login sticker management system 1 in the third embodiment is the same as the flowchart shown in FIG. The registration one-time ID generation unit 513 and the registration confirmation mail transmission unit 514 perform the steps S321 and S323 in FIG. In the third embodiment, step S322 is not necessary. The login seal effective registration process of the login seal management system 1 in the third embodiment is the same as the flowchart shown in FIG.

  FIG. 10 is a diagram showing a display example of a login seal registration request by the login seal management system according to the embodiment of the present invention. In the example of FIG. 10, the terminal 10 in the login sticker management system 1 makes a login sticker registration request based on an image by operating the cursor 191 between the login sticker based on text (character string) or the login sticker based on an image. It is an example which shows having received. The terminal 10 displays a list of image files for login seal in the display field 192 and displays the image file indicated by the cursor 191 with the reference button 193. Then, in response to accepting the registration button 194, the terminal 10 reads the UDID from the ROM, and transmits the image file data indicated by the cursor 191 together with the read UDID to the management server 50. The management server 50 stores the received image file data in the login seal DB 31 in association with the received UDID.

  FIG. 11 is a diagram showing a display example of login by the login seal management system 1 according to the embodiment of the present invention. The example of FIG. 11 is an example showing that the terminal 10 in the login seal management system 1 displays the login seal 301 unique to the terminal 10 when performing the login process in response to a user request. In the example of FIG. 11, the terminal 10 reads the UDID from the ROM in response to receiving the login request from the user, and transmits a login seal transmission request to the management server 50 together with the read UDID. The terminal 10 receives the data of the login sticker 301 stored in the login sticker DB 31 in association with the UDID from the management server 50, and displays the login sticker 301 unique to the terminal 10 on the display for guiding the user to log in. To do.

  According to the first embodiment, the login seal management system 1 includes a management server 50 and a terminal 10 connected via a communication network 70. In response to receiving the login sticker from the user of the terminal 10, the terminal 10 reads the UDID from a predetermined storage unit and transmits the login sticker to the management server 50 together with the read UDID. In response to receiving the transmitted login sticker together with the UDID, the management server 50 stores the received login sticker in the login sticker DB 31 in association with the UDID. Then, in response to receiving the login request from the user of the terminal 10, the terminal 10 reads the UDID from a predetermined storage unit, transmits a login seal transmission request together with the read UDID to the management server 50, and manages the server 50. In response to receiving the transmitted login seal transmission request together with the UDID, the login seal associated with the received UDID is extracted from the login seal DB 31 and the extracted login seal is transmitted to the terminal 10. Therefore, the login sticker management system 1 can display a terminal-specific login sticker to the logged-in user and intuitively indicate that the screen for accepting user authentication information is a legitimate screen. Even if the application cannot transmit and receive cookie information, and if the management server 50 is identified on the communication network 70 and the above-described communication can be performed, the user authentication information is surely prevented from being phishing. Can do.

  According to the second embodiment, the login seal management system 1 further includes a registration support server 60 connected via the communication network 70. Then, the terminal 10 further receives the user ID from the user of the terminal 10, transmits the login seal and the received user ID together with the read UDID to the registration support server 60, and the registration support server 60 transmits the UDID from the terminal 10 together with the UDID. A one-time ID is generated in response to receiving the login seal and the user ID. Next, the registration support server 60 transmits the UDID and login seal together with the generated one-time ID to the management server 50, extracts a mail address from the predetermined user DB 32 based on the received user ID, and extracts the extracted mail address. Is sent to the management server, and an identity verification mail including means for transmitting the one-time ID to the management server is generated, and the generated one-time ID is transmitted together with the identity verification email. In response to receiving the UDID and the login sticker together with the one-time ID from the registration support server 60, the management server 50 associates the received login sticker and the one-time ID with the UDID and stores them in the login sticker DB 31 as temporary registration. In response to receiving the one-time ID from the user terminal 10, the login sticker related to the UDID associated with the received one-time ID is stored in the login sticker DB 31 as valid. In response to the login request, the terminal 10 receives the login seal unique to the terminal 10 registered as valid from the management server 50 and displays it. Needless to say, the terminal that receives the identity confirmation mail may be different from the terminal that registers and refers to the login sticker. Therefore, the login seal management system 1 according to the second embodiment can intuitively indicate that the screen for accepting user authentication information is a legitimate screen, and further reliably that the user authentication information is phishing. Can be deterred. In addition, since a user other than a legitimate user having a user ID (for example, a malicious user) cannot receive an identity confirmation mail, a login seal cannot be registered.

  According to the third embodiment, the management server 50 performs the function of the registration support server 60. Therefore, as in the second embodiment, the login seal management system 1 according to the third embodiment can intuitively indicate that the screen for accepting user authentication information is a legitimate screen, and the user authentication information is phishing. It is possible to more reliably suppress the occurrence. In addition, since a user other than a legitimate user having a user ID (for example, a malicious user) cannot receive an identity confirmation mail, a login seal cannot be registered.

  As mentioned above, although embodiment of this invention was described, this invention is not restricted to embodiment mentioned above. The effects described in the embodiments of the present invention are only the most preferable effects resulting from the present invention, and the effects of the present invention are limited to those described in the embodiments of the present invention. is not.

1 Login Sticker Management System 10 Terminal 11 Login Sticker Registration Request Unit 12 Login Sticker Reference Request Unit 31 Login Sticker DB
32 User DB
DESCRIPTION OF SYMBOLS 50 Management server 51 Login sticker registration part 511 Temporary registration part 512 Effective registration part 513 Registration one-time ID generation part 514 Registration confirmation mail transmission part 52 Login sticker transmission part 60 Registration support server 61 One-time ID generation part 62 One-time ID transmission part 63 Confirmation Mail Sending Unit 70 Communication Network

Claims (4)

A login seal management system comprising a management server and a terminal connected via a communication network,
In response to receiving a login sticker from the user of the terminal, the terminal reads a terminal unique ID from a predetermined storage unit, and transmits the login sticker together with the read terminal unique ID to the management server. With registration request means,
The management server stores the received login sticker in the login sticker database in association with the terminal unique ID in response to receiving the login sticker transmitted by the login sticker registration request unit together with the terminal unique ID. With a login seal registration means
In response to accepting a login request from the user of the terminal, the terminal obtains a login screen information including an instruction to display the login seal obtained by accessing the management server, and then acquires the terminal unique ID. A login seal reference request means for reading from the predetermined storage unit and transmitting a login seal transmission request to the management server together with the read terminal unique ID;
In response to receiving the login seal transmission request transmitted by the login seal reference request means together with the terminal unique ID, the management server logs in the login seal associated with the received terminal unique ID. A login seal management system further comprising login seal transmission means for extracting the login seal extracted from a seal database and transmitting the extracted login seal to the terminal. A registration support server connected via a communication network;
The login seal registration request means further receives a user ID from the user of the terminal, and transmits the login seal and the received user ID together with the read terminal unique ID to the registration support server,
The registration support server is configured to generate a one-time ID in response to receiving the login seal and the user ID together with the terminal unique ID from the terminal;
One-time ID transmission means for transmitting the terminal unique ID and the login seal together with the generated one-time ID to the management server;
An email address is extracted from a predetermined user database based on the received user ID, and an identity confirmation email including means for sending the generated one-time ID to the management server is generated with the extracted email address as the destination And a confirmation mail transmitting means for transmitting the generated one-time ID together with the identity confirmation mail,
The login seal registration means includes
In response to receiving the terminal unique ID and the login sticker together with the one-time ID from the registration support server, the received login sticker and the one-time ID are temporarily associated with the terminal unique ID in the login sticker database. Temporary registration means for storing as registration;
In addition, in response to receiving the one-time ID, it further includes valid registration means for storing the login seal relating to the terminal unique ID associated with the received one-time ID in the login seal database as valid. The login seal management system according to claim 1. The login seal registration request means further receives a user ID from the user of the terminal, transmits the login seal and the received user ID together with the read terminal unique ID to the management server,
The login seal registration means includes
A registered one-time ID generating means for generating a one-time ID in response to receiving the login seal and the user ID together with the terminal unique ID from the terminal;
An email address is extracted from a predetermined user database based on the received user ID, and an identity confirmation email including means for sending the generated one-time ID to the management server is generated with the extracted email address as the destination A registration confirmation mail transmitting means for transmitting the generated one-time ID together with the identity confirmation mail;
Temporary registration means for storing the received login seal and the one-time ID as a temporary registration in the login seal database in association with the terminal unique ID;
In addition, in response to receiving the one-time ID, it further includes valid registration means for storing the login seal relating to the terminal unique ID associated with the received one-time ID in the login seal database as valid. The login seal management system according to claim 1. A management server connected to a terminal via a communication network,
In response to receiving a login sticker from a user, the terminal unique ID is read from a predetermined storage unit, and the login sticker transmitted from the terminal that transmits the login sticker together with the read terminal unique ID is transferred to the terminal. Login seal registration means for storing the received login seal in the login seal database in association with the terminal unique ID in response to reception with the unique ID;
In response to accepting a login request from a user , when acquiring information on a login screen including an instruction to display the login seal obtained by accessing the management server, the terminal unique ID is read from a predetermined storage unit. In response to receiving the transmitted login seal transmission request together with the terminal unique ID from the terminal that transmits the login seal transmission request together with the read terminal unique ID to the management server. A management server comprising: a login seal transmission unit that extracts the login seal associated with an ID from the login seal database and transmits the extracted login seal to the terminal.

Images