JP5462021B2 - Authentication system, authentication method, and authentication program - Google Patents

Description

  The present invention relates to an authentication technique for authenticating a user's validity using a one-time password.

  In recent years, there has been a problem of identity theft such as user IDs and passwords on the Internet, represented by phishing scams. For this reason, there is a need for a technique that ensures higher security and authenticates the legitimacy of the user. For example, Patent Document 1 describes a password authentication system that performs user authentication using a one-time password.

JP 2004-240637 A

  In the password authentication system described in Patent Document 1, the mobile phone performs user authentication using a one-time password acquired from an authentication server. However, in Patent Document 1, the mobile phone specifies a user ID and requests a one-time password from the authentication server. Then, the authentication server transmits a one-time password for the user ID to the requesting mobile terminal. That is, if the user ID is leaked, it is synonymous with the one-time password leaking at the same time.

  Therefore, a malicious third party can acquire a one-time password by sending the user ID to the authentication server as long as the user ID can be acquired. Accordingly, there is a possibility that a malicious third party logs in, for example, an online account and performs an unauthorized operation using the user ID and the one-time password that are illegally acquired.

  Also, with the development of communication technology, various types and types of terminals have been developed, and it is required to notify one-time passwords to such various terminals more safely.

  The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a user authentication technique that reduces the risk of leakage of a one-time password to a third party and ensures higher security. .

  In order to solve the above problems, the present invention is an authentication system that issues a one-time password and authenticates the one-time password in response to a request from an external system, and includes terminal identification information for each first terminal. Alternatively, the authentication storage unit storing the mail address and the user ID, and the one-time password generation request including the terminal identification information or the user ID from the first terminal are received, and the one corresponding to the terminal identification information or the user ID is received. Generating a time password, transmitting the generated one-time password to the first terminal, storing the generated one-time password in the authentication storage unit, and a one-time password input from the second terminal; Authenticates whether the one-time password stored in the authentication storage means matches And when the first terminal is a terminal that transmits terminal identification information, the generating means transmits a screen in which the generated one-time password is set to the terminal, and the first terminal If the terminal is a terminal that does not transmit terminal identification information, an e-mail describing the generated one-time password is transmitted to the terminal.

  Further, the present invention is an authentication method performed by an authentication system that issues a one-time password and authenticates the one-time password by a request from an external system, and the authentication system is provided for each first terminal, It has an authentication storage unit in which terminal identification information or mail address and user ID are stored, receives a one-time password generation request including terminal identification information or user ID from the first terminal, and receives the terminal identification information or user A one-time password corresponding to the ID is generated, the generated one-time password is transmitted to the first terminal, and the generated one-time password is stored in the authentication storage unit, and input from the second terminal The one-time password that matches the one-time password stored in the authentication storage unit An authentication step for authenticating whether or not, and when the first terminal is a terminal that transmits terminal identification information, the generation step transmits a screen on which the generated one-time password is set to the terminal. When the first terminal is a terminal that does not transmit terminal identification information, an e-mail describing the generated one-time password is transmitted to the terminal.

  Further, the present invention is an authentication program executed by an authentication system that issues a one-time password and authenticates the one-time password in response to a request from an external system. The authentication system is provided for each first terminal. , Having an authentication storage unit in which terminal identification information or email address and user ID are stored, and receiving a one-time password generation request including terminal identification information or user ID from the first terminal in the authentication system; Generating a one-time password corresponding to the terminal identification information or user ID, transmitting the generated one-time password to the first terminal, and storing the generated one-time password in the authentication storage unit; The one-time password input from the terminal 2 and the password stored in the authentication storage unit. An authentication step for authenticating whether or not the time password matches, wherein the generating step is configured such that when the first terminal is a terminal that transmits terminal identification information, the generated one A screen in which a time password is set is transmitted to the terminal, and when the first terminal is a terminal that does not transmit terminal identification information, an email in which the generated one-time password is described is transmitted to the terminal.

  According to the present invention, it is possible to provide a user authentication technique that reduces the risk of a one-time password leaking to a third party and ensures higher security.

1 is an overall configuration diagram of an authentication system to which an embodiment of the present invention is applied. It is a figure which shows an example of an authentication table. It is a figure which shows the hardware structural example of each apparatus. It is a sequence diagram which shows the issuing process of the one time password using individual identification information. It is a sequence diagram which shows the issuing process of the one-time password using a mail address. It shows an example of screen transition of the one-time password issuing process. It is a sequence diagram which shows PIN change processing of a mobile phone. It is a sequence diagram which shows the PIN change process of a smart phone. An example of screen transition of PIN change processing is shown. It is a sequence diagram which shows the 1st model change process (a mobile phone-> mobile phone). It shows an example of screen transition of the first model change process. It is a sequence diagram which shows the 2nd model change process (a mobile telephone-> smart phone). An example of the screen transition of the 2nd model change process is shown. It is a sequence diagram which shows the 3rd model change process (smart phone-> mobile phone). An example of the screen transition of a 3rd model change process is shown. The example of the screen transition of the old terminal of a 4th model change process (smart phone-> smart phone) is shown. The example of the screen transition of the new terminal of a 4th model change process (smart phone-> smart phone) is shown.

  Embodiments of the present invention will be described below.

  FIG. 1 is an overall configuration diagram of an authentication system to which an embodiment of the present invention is applied. The illustrated authentication system includes a mobile terminal (first terminal) 1 owned by a user, a user terminal (second terminal) 2 such as a PC (Personal Computer), an authentication PL (presentation layer) server 3, and an authentication. A BL (business logic layer) server 4 and at least one business server 5 (external system) are included. The mobile terminal 1 is connected to the authentication PL server 3 via a network 9 such as a mobile phone network or the Internet, and the user terminal 2 is connected to the business server 5 via the network 9 such as the Internet.

  In the present embodiment, it is assumed that each business server 5 jointly uses the authentication PL server 3 and the authentication BL server 4. That is, the authentication PL server 3 and the authentication BL server 4 are ASPs (Application Service Providers) and provide a user authentication function to each business server 5. In this embodiment, the authentication PL server 3 and the authentication BL server 4 are provided. However, these servers may be integrated into one authentication server (authentication system, authentication device).

  The user of this authentication system is a user who can use the service of the website (business system) provided by at least one business server 5, and is registered in advance on the website of the predetermined business server 5, It is assumed that a login ID for identifying the user is acquired. In addition, when a user logs in (accesses) a predetermined business server 5 website using the user terminal 2, the user acquires a one-time password from the authentication PL server 3 and the authentication BL server 4 using the mobile terminal 1. The one-time password is input from the user terminal 2.

  The portable terminal 1 accepts user instructions, displays various information / screens on the output device, and transmits and receives mail. The mobile terminal 1 includes a mobile terminal that transmits an individual identification number (for example, a mobile phone) and a mobile terminal that does not transmit an individual identification number (for example, a smartphone or a PC having a PDA (personal digital assistant) function). There is. In this embodiment, a portable terminal will be described below as an example of a portable terminal that transmits an individual identification number, and a smartphone as an example of a portable terminal that does not transmit an individual identification number.

  The mobile phone is a terminal that transmits an individual identification number (terminal identification information), and the individual identification number is stored in advance in a storage device such as a memory (not shown). Note that the memory or the like in which the individual identification number is stored may be an IC card that can be detached from the mobile terminal 1. On the other hand, a smartphone is a terminal that does not transmit an individual identification number.

  The user terminal 2 accepts user instructions, displays various information / screens on the output device, and has the same function as the Web browser. The user accesses the business server 5 using the user terminal 2 and inputs the one-time password acquired from the mobile terminal 1 to the user terminal 2 when performing a login operation to a predetermined Web site.

  The authentication PL server 3 and the authentication BL server 4 generate a one-time password and transmit it to the mobile terminal 1, authenticate the validity of the login request transmitted from the user terminal 2, and change the model of the mobile terminal 1 and PIN Perform the change process. The illustrated authentication PL server 3 performs input / output processing for the mobile terminal 1.

 The authentication BL server 4 includes a password generation unit 41 that generates a one-time password, an authentication unit 42 that authenticates the validity of the login request, a change unit 43 that changes the PIN and the model of the mobile terminal 1, and an authentication table. 44. Various kinds of information necessary for authentication are registered in the authentication table 44. The authentication table 44 will be described later.

  The business server 5 is a system that provides various services via a network, and provides Web sites (business systems) such as online banking, online trade, and online shopping to the user terminal 2. The business server 5 has a user table in which user information of users who can use the Web site provided by the business server 5 is set. The user information includes, for example, a login ID.

  Next, the authentication table 44 of the authentication BL server 4 will be described.

  FIG. 2 is a diagram illustrating an example of the authentication table 44. The illustrated authentication table 44 includes a user ID 441, a PIN (Personal Identification Number) 442, a one-time password 443, an individual identification number 444, a mail address 445, and the like for each portable terminal 1.

  The user ID 441 is identification information for identifying each user in the entire authentication system in the present embodiment. The PIN 442 is a password set by the user. In the one-time password 443, the one-time password generated by the password generation unit 41 is set. In the individual identification number 444, when the mobile terminal 1 is a mobile phone that transmits the individual identification number, the individual identification number of the mobile phone (or the telephone number of the mobile phone) is set. When the mobile terminal 1 is a terminal (such as a smartphone) that does not transmit an individual identification number, the mail address of the terminal is set as the mail address 445.

  The portable terminal 1, the user terminal 2, the authentication PL server 3, the authentication BL server 4 and the business server 5 described above all include, for example, a CPU 901, a memory 902, and an external storage device such as an HDD as shown in FIG. A general-purpose computer system including an input device 904 such as a keyboard and mouse, an output device 905 such as a display and a printer, and a communication control device 906 for connecting to a network can be used. In this computer system, the CPU 901 executes a predetermined program loaded on the memory 902, thereby realizing each function of each device.

  For example, the functions of the authentication PL server 3 and the authentication BL server 4 are performed by the CPU 901 of the authentication PL server 3 in the case of the program for the authentication PL server 3, and the authentication BL server 4 in the case of the program for the authentication BL server 4. Each of the CPUs 901 is implemented by executing each of them. It is assumed that the authentication table 44 of the authentication BL server 4 uses the memory 902 of the authentication server 3 or the external storage device 903. In addition, regarding the input device 904 and the output device 905, each device is provided as necessary.

  Next, the one-time password issuing process will be described. It is assumed that the user obtains a one-time password in advance using the mobile terminal 1 before logging in to the desired business system 5 from the user terminal 2.

  FIG. 4 is a sequence diagram showing a one-time password issuing process when the mobile terminal 1 is a terminal (a mobile phone in this embodiment) that transmits an individual identification number. FIG. 5 is a sequence diagram illustrating a one-time password issuing process in the case where the mobile terminal 1 is a terminal (a smartphone in this embodiment) that does not transmit an individual identification number. FIG. 6 shows an example of various screens (screen transitions) displayed on the output devices of mobile phones and smartphones.

  First, a one-time password issuing process for a mobile phone will be described with reference to FIGS. The mobile phone receives a user instruction, specifies a predetermined URL registered in a bookmark, etc., acquires the top page from the authentication PL server 3, and displays the top page 101 (see FIG. 6) on the output device. .

  And a mobile telephone requests | requires a menu screen to the authentication PL server 3 by a user's instruction | indication (S11). When transmitting a variety of information to the authentication PL server 3, the mobile phone also transmits the individual identification number stored in the memory of the mobile phone. Upon receiving the request together with the individual identification number, the authentication PL server 3 transmits a menu screen to the mobile phone (S12).

  The mobile phone displays the menu screen 102 (see FIG. 6) on the output device, accepts the user's instruction, transmits a one-time password acquisition request to the authentication PL server 3 (S13), and the authentication PL server 3 receives the PIN. The input screen is transmitted to the mobile phone (S14).

  The mobile phone displays a PIN input screen 103. When the user inputs the PIN in the PIN input field and clicks the issue button, the mobile phone transmits the PIN and the individual identification number to the authentication PL server 3 (S15). The authentication PL server 3 transmits a password generation request including the transmitted PIN and individual identification number to the authentication BL server 4 (S16).

  The password generation unit 41 of the authentication BL server 4 receives the password generation request, and determines whether or not a record having the PIN and the individual identification number specified in the password generation request exists in the authentication table 44. When the record exists in the authentication table 44, the password generation unit 41 generates a one-time password by a predetermined algorithm, and stores the generated one-time password in a corresponding record in the authentication table 44 (S17). If the record does not exist in the authentication table 44, an error message is transmitted to the mobile phone.

  And the password production | generation part 41 transmits the produced | generated one-time password to the authentication PL server 3 (S18). The authentication PL server 3 transmits a one-time password display screen including the generated one-time password to the mobile phone (S19), and the mobile phone displays the one-time password display screen 104.

  As described above, when the mobile terminal 1 is a mobile phone, two-factor authentication is performed, that is, the property confirmation by using the individual identification number of the mobile phone owned by the user and the identity verification by knowledge using the PIN input by the user. By doing so, advanced user authentication is realized.

  Next, the one-time password issuing process of the smartphone will be described with reference to FIGS. First, similarly to S11 in FIG. 4, the smartphone designates a predetermined URL registered in a bookmark or the like, and displays the top page 111 (see FIG. 6) acquired from the authentication PL server 3 on the output device.

  The smartphone requests a menu screen from the authentication PL server 3 according to a user instruction (S31). Unlike a mobile phone, a smartphone does not transmit an individual identification number. When the authentication PL server 3 accepts a request without an individual identification number, the owner PL cannot be confirmed by the individual identification number, and instead transmits a user ID input screen for inputting a user ID to the smartphone (S32). The smartphone displays the user ID input screen 112 and transmits the user ID input by the user to the authentication PL server 3 (S33).

  Then, as in S12 to S15 in FIG. 5, the authentication PL server 3 transmits a menu screen (S34), and the smartphone displays the menu screen 113 and transmits a one-time password acquisition request (S35). The server 3 transmits a PIN input screen (S36). The smartphone displays the PIN input screen 114 and transmits the PIN input by the user (S37).

  The authentication PL server 3 transmits a password generation request including the PIN transmitted in S37 and the user ID transmitted in S33 to the authentication BL server 4 (S38). The password generation unit 41 of the authentication BL server 4 determines whether or not a record having the PIN and user ID specified in the received password generation request exists in the authentication table 44. If the record exists in the authentication table 44, a one-time password is generated by a predetermined algorithm, and the generated one-time password is stored in a corresponding record in the authentication table 44 (S39). When the record does not exist in the authentication table 44, an error message is displayed on the smartphone screen.

  Then, the password generation unit 41 notifies the authentication PL server 3 of the generated one-time password and the mail address corresponding to the user ID stored in the authentication table 44 (S40).

  The authentication PL server 3 sends an issuance completion screen for notifying that the issuance of the one-time password has been completed to the smartphone (S41), generates an e-mail describing the notified one-time password, and notifies the e-mail A mail is transmitted with the received mail address as a destination (S42).

  The smartphone displays the issuance completion screen 115 on the output device and receives the mail 116 in which the one-time password is described. Thus, since the individual identification number is not transmitted when the mobile terminal 1 is a smartphone, the property confirmation by notifying the smartphone of the one-time password by e-mail to a pre-registered e-mail address, High-level user authentication is realized by performing two-factor authentication with identity verification based on knowledge using the entered PIN.

  With the one-time password issuing process described above, the user uses the one-time password acquired from the mobile terminal 1 (mobile phone, smartphone, etc.) when logging in to the desired business server 5 site from the user terminal 2. Specifically, the user accesses the desired business server 5 using the user terminal 2 and displays a predetermined login screen transmitted from the business server 5 on the output device of the user terminal 2.

  Then, the user terminal 2 transmits the one-time password, login ID, and the like input on the login screen to the business server 5. The business server 5 refers to a user table (not shown) in which user information is stored in advance, identifies a record having the transmitted login ID, and acquires the user ID for authentication set in the record. Then, the business server 5 transmits an authentication request including the acquired user ID and the one-time password received from the user terminal 2 to the authentication BL server 4. If the record having the received login ID does not exist in the user table, the business server 5 determines that the request is from an unregistered or unauthorized user and transmits an error message to the user terminal 2.

  The authentication unit 42 of the authentication BL server 4 that has received the authentication request determines whether or not it matches the one-time password generated in FIGS. 4 and 5. A failure notification is transmitted to the business server 5. Specifically, the authentication unit 42 identifies the record of the user ID received from the business server 5 from the authentication table 44, and the one-time password of the record matches the one-time password received from the business server 5. It is determined that the authentication has succeeded, and if they do not match, it is determined that the authentication has failed. When the business server 5 receives the authentication success notification, the business server 5 regards it as a login request from a legitimate user, permits login from the user terminal 2, and performs predetermined business processing in response to the user's request. When receiving the authentication failure notification, the business server 5 transmits an error message indicating that the authentication has failed to the user terminal 2.

  Next, PIN change processing registered in the authentication table 44 of the authentication BL server 4 will be described.

  FIG. 7 is a sequence diagram showing PIN change processing when the mobile terminal 1 is a mobile phone, and FIG. 8 is a sequence diagram showing PIN change processing when the mobile terminal 1 is a smartphone. FIG. 9 shows an example of various screens (screen transitions) displayed on the output devices of mobile phones and smartphones.

  First, PIN change processing of a mobile phone will be described with reference to FIGS. As described with reference to FIG. 5, the mobile phone displays a top menu screen using a predetermined URL registered in a bookmark or the like, and transitions to a menu screen 201 (see FIG. 9). As described above, when transmitting information, the mobile phone also transmits the individual identification number of the mobile phone.

  Then, the mobile phone accepts the user instruction and transmits a setting change request to the authentication PL server 3 (S61), and the authentication PL server 3 transmits a setting change screen to the mobile phone (S62). The mobile phone displays the setting change screen 202, receives a user instruction, and transmits a PIN change request to the authentication PL server 3 (S63), and the authentication PL server 3 transmits the PIN change screen to the mobile phone (S64). ).

  The mobile phone displays a PIN change screen 203 having an input field for the current PIN and an input field for the new PIN, and transmits the current PIN and the new PIN input by the user and the individual identification number to the authentication PL server 3. (S65). The authentication PL server 3 transmits a PIN change request including the transmitted current PIN, new PIN, and individual identification number to the authentication BL server 4 (S66).

  The change unit 43 of the authentication BL server 4 receives the PIN change request, and if a record having the current PIN and the individual identification number specified in the request exists in the authentication table 44, the current set in the record Is changed to a new PIN (S67). If the target record does not exist in the authentication table 44, an error message is transmitted to the mobile phone.

  Then, the changing unit 43 transmits a change completion notification to the authentication PL server 3 (S68), and the authentication PL server 3 transmits a change completion screen notifying that the PIN change has been completed to the mobile phone (S69). . The mobile phone displays a setting change completion screen 204.

  As described above, when the mobile terminal 1 is a mobile phone, the two-factor authentication includes the property confirmation by using the individual identification number of the mobile phone owned by the user and the identity verification by knowledge using the PIN input by the user. After advanced user authentication, PIN change processing is performed.

  Next, the smartphone PIN change process will be described with reference to FIGS. 8 and 9. First, as described in FIG. 5, the smartphone displays a top menu screen using a predetermined URL registered in a bookmark or the like, and transitions to a user ID input screen 211. As described above, since the smartphone does not transmit the individual identification number, the authentication PL server 3 transmits the user ID input screen 211 to the smartphone. The smartphone displays the user ID input screen 211, transmits the user ID input by the user to the authentication PL server 3 (S71), and the authentication PL server 3 transmits the menu screen (S72).

  Then, similarly to S61 to S65 in FIG. 7, the smartphone displays the menu screen 212 and transmits a change request (S73), displays the setting change screen 213 received from the authentication PL server 3 (S74), and PIN. A change request is transmitted (S75), the PIN change screen 214 received from the authentication PL server 3 is displayed (S76), and the current PIN and new PIN input by the user are transmitted to the authentication PL server 3 (S77).

  The authentication PL server 3 transmits a PIN change request including the transmitted current PIN and new PIN and the user ID transmitted in S71 to the authentication BL server 4 (S78). When the change unit 43 of the authentication BL server 4 receives the PIN change request and a record having the current PIN and user ID specified in the request exists in the authentication table 44, the mail address set in the record is changed. The change start notification including this is transmitted to the authentication PL server 3 (S79). In addition, when the target record does not exist in the authentication table 44, an error message is transmitted to the smartphone.

  Upon receiving the change start notification, the authentication PL server 3 transmits to the smartphone a PIN change start screen 215 for notifying that a URL for PIN change is to be transmitted to the mail address registered in the authentication table 44 (S80). . Accordingly, the smartphone displays the PIN change start screen 215.

  Further, the authentication PL server 3 generates a PIN change completion acceptance screen 217 for inputting a PIN change instruction, and generates a time-limited URL for accessing the screen. Then, the authentication PL server 3 generates a mail describing the generated time-limited URL, and transmits the mail generated with the mail address included in the change start notification in S79 as the destination (S81).

  The smartphone receives the mail 216 in which the time-limited URL is described, accesses the URL according to the user's instruction, displays the PIN change completion reception screen 217 transmitted from the authentication PL server 3, and displays the user's instruction (send button The PIN change instruction is transmitted to the authentication PL server 3 (S82). The authentication PL server 3 transmits a PIN change instruction to the authentication BL server 4 (S83).

  The change unit 43 of the authentication BL server 4 receives the PIN change instruction, and changes the current PIN set in the record of the authentication table 44 specified in S79 to the new PIN transmitted in S78 (S84). Then, the changing unit 43 transmits a change completion notification to the authentication PL server 3 (S85), the authentication PL server 3 transmits a setting change completion screen to the smartphone (S86), and the smartphone displays the setting change completion screen 218. indicate.

  Thus, since the individual identification number is not transmitted when the mobile terminal 1 is a smartphone, the PIN change process is performed after the PIN change instruction is input via the mail and the property is confirmed.

  Next, the model change process of the portable terminal 1 will be described.

  The first model change is from a mobile phone to a mobile phone, the second model change is from a mobile phone to a smartphone, and the third model change is from a smartphone to a mobile phone. It is a change, and the fourth model change is a model change from a smartphone to a smartphone.

  First, the first model change (mobile phone → mobile phone) will be described. FIG. 10 is a sequence diagram showing the first model change processing, and FIG. 11 shows various screens displayed on the output device of the mobile phone of the old terminal before the model change and the mobile phone of the new terminal after the model change. An example is shown.

  The mobile phone of the old terminal (hereinafter “old terminal”) currently used transitions from the top menu screen to the menu screen 301 as described with reference to FIG. As described above, when transmitting information, the mobile phone also transmits the individual identification number of the mobile phone.

  Then, the old terminal accepts the user instruction and transmits a model change request to the authentication PL server 3 (S101), and the authentication PL server 3 transmits a model change terminal selection screen to the old terminal (S102). The old terminal displays the model change terminal selection screen 302, receives a user instruction, and transmits a model change request to another mobile terminal to the authentication PL server 3 (S103). The authentication PL server 3 displays the model change screen. Is transmitted to the old terminal (S104).

  The old terminal displays a model change screen 303 having a PIN input field and an authentication key input field. Then, the old terminal transmits the PIN and authentication key input by the user and the individual identification number to the authentication PL server 3 (S105). The user inputs an arbitrary key in the authentication key input field. The authentication PL server 3 transmits a model change request including the transmitted PIN, authentication key, and individual identification number to the authentication BL server 4 (S106).

  The change unit 43 of the authentication BL server 4 receives the model update request, and when a record having the PIN and the individual identification number specified in the request exists in the authentication table 44, generates a predetermined reception number, The reception number is notified to the authentication PL server 3 (S107). If the target record does not exist in the authentication table 44, an error message is transmitted to the old terminal.

  Then, the changing unit 43 generates a model change start screen 304 in which the notified receipt number and the time limit for performing the procedure using the mobile phone of the new terminal are set and transmitted to the old terminal (S108). The old terminal displays a model change start screen 304. The user performs the model change process on the mobile phone of the new terminal by the time limit set on the model change start screen 304.

  That is, the mobile phone of the new terminal (hereinafter referred to as “new terminal”) accesses a predetermined URL, displays the menu screen 305, receives a user instruction, and transmits a model change request to the authentication PL server 3 (S109). ), The model change screen 306 transmitted from the authentication PL server 3 is displayed (S110). Here, the user inputs the reception number displayed on the model change start screen 304 of the old terminal, the PIN, and the authentication key entered on the model change screen 303 of the old terminal to the model change screen 306.

  The new terminal transmits the information (reception number, PIN, authentication key) entered by the user from the model change screen 306 and the individual identification number to the authentication PL server 3 (S111), and the authentication PL server 3 is input by the user. A model change instruction including the information and the individual identification number is transmitted to the authentication BL server 4 (S112). The change unit 43 of the authentication BL server 4 matches the receipt number included in the model change instruction with the receipt number notified in S107, and the PIN included in the model change instruction matches the PIN transmitted in S106. If the authentication key included in the ID matches the authentication key transmitted in S106, the record having the individual identification number of the old terminal transmitted in S106 is identified from the authentication table 44, and the individual identification number of the record is transmitted in S112. The individual identification number of the new terminal is changed (S113). Thereby, the model change from the old terminal to the new terminal is completed.

  Then, the changing unit 43 transmits a model change completion notification to the authentication PL server 3 (S114), and the authentication PL server 3 transmits a model change completion screen notifying the user that the model change is completed to the new terminal. (S115) The new terminal displays a model change completion screen 307.

  Thus, in the case of a model change from a mobile phone to a mobile phone, the possession confirmation by using the individual identification number of the mobile phone owned by the user and knowledge (reception number given by the authentication BL server 4 and only the person himself / herself are After advanced user authentication by two-factor authentication with identity verification using a known PIN and authentication key), a model change process is performed.

  Next, the second model change (mobile phone → smartphone) will be described.

  FIG. 12 is a sequence diagram showing the second model change process in the smartphone of the new terminal, and FIG. 13 is displayed on the output device of the mobile phone of the old terminal before the model change and the smartphone of the new terminal after the model change. It shows an example of various screens. Since the process of the old terminal in the mobile phone is the same as the first model change process (S101 to S108 in FIG. 10), the description is omitted here. In addition, in the mobile phone of the old terminal of the second model change, “model change to smartphone” is selected on the model change terminal selection screen 402 in FIG.

  After the processing on the mobile phone of the old terminal is completed, the smart phone of the new terminal (hereinafter “new terminal”) displays a top menu screen using a predetermined URL and transitions to the user ID input screen 411. The new terminal displays a user ID input screen 411, transmits the user ID input by the user to the authentication PL server 3 (S121), and the authentication PL server 3 transmits a menu screen (S122).

  Then, the new terminal displays the menu screen 412 and transmits a model change request (S123), and displays the model change screen 413 received from the authentication PL server 3 (S124). The new terminal transmits information (reception number, PIN, authentication key, mail address of the new terminal) input by the user from the model change screen 413 to the authentication PL server 3 (S125). The user inputs into the model change screen 413 the reception number displayed on the model change start screen 404 of the old terminal, the PIN, the authentication key entered on the model change screen 403 of the old terminal, and the mail address of the new terminal. The authentication PL server 3 transmits a model change instruction including information input by the user to the authentication BL server 4 (S126).

  The change unit 43 of the authentication BL server 4 matches the reception number included in the model change instruction with the reception number of the model change start screen 404 notified to the old terminal, and the PIN and authentication key included in the model change instruction are the model change screen. If the PIN and the authentication key input from 403 coincide with each other, a change completion notification is transmitted to the authentication PL server 3 (S127).

  Upon receiving the change completion notification, the authentication PL server 3 transmits a model change completion screen for notifying the user that a model change URL is to be transmitted to the new terminal (S128). As a result, the new terminal displays a model change completion screen 414.

  Further, the authentication PL server 3 generates a model change completion acceptance screen 416 for inputting a model change completion instruction, and generates a time-limited URL for accessing the screen. Then, the authentication PL server 3 generates a mail 415 describing the generated time-limited URL, and transmits the mail address transmitted in S125 as a destination (S129).

  The new terminal receives the mail 415 in which the time-limited URL is described, accesses the URL according to the user's instruction, displays the model change completion reception screen 416 transmitted from the authentication PL server 3, and displays the user's instruction (transmission) Button click etc.) is received and a model change completion instruction is transmitted to the authentication PL server 3 (S130). The authentication PL server 3 transmits a model change completion instruction to the authentication BL server 4 (S131).

  The change unit 43 of the authentication BL server 4 receives the model change completion instruction, and the individual identification of the mobile phone of the old terminal set in the corresponding record of the authentication table 44 (the record in which the individual identification number of the old terminal is set) The number is deleted and the mail address of the new terminal transmitted in S126 is registered in the record (S132). Then, the change unit 43 transmits a change completion notification to the authentication PL server 3 (S133), the authentication PL server 3 transmits a setting change completion screen to the new terminal (S134), and the new terminal displays the setting change completion screen. 417 is displayed.

  Thus, since the individual identification number is not transmitted when the new terminal is a smartphone, the model is changed after an instruction to change the model is input via email and the property is confirmed.

  Next, the third model change (smart phone → mobile phone) will be described.

  FIG. 14 is a sequence diagram showing a third model change process in the old terminal smart phone and the new terminal mobile phone, and FIG. 15 shows the old terminal smart phone before the model change and the carrying of the new terminal after the model change. It shows an example of various screens displayed on the output device of the telephone.

  The smartphone of the new terminal (hereinafter “new terminal”) displays a top menu screen using a predetermined URL, and transitions to a user ID input screen 501. The new terminal displays a user ID input screen 501 and transmits the user ID input by the user to the authentication PL server 3 (S141), and the authentication PL server 3 transmits a menu screen (S142).

  Then, the new terminal displays the menu screen 502, transmits a model change request (S143), and displays the model change terminal selection screen 503 received from the authentication PL server 3 (S144). The new terminal receives a user instruction and transmits a model change request to another portable terminal to the authentication PL server 3 (S145), and displays the model change screen 504 transmitted by the authentication PL server 3 (S146).

  Then, the new terminal transmits the PIN and authentication key input by the user to the authentication PL server 3 (S147), and the authentication PL server 3 transmits the PIN and authentication key transmitted in S147 and the user ID transmitted in S141. A model change request including the above is transmitted to the authentication BL server 4 (S148).

  The change unit 43 of the authentication BL server 4 receives the model change request, and when a record having the PIN and user ID specified in the request exists in the authentication table 44, generates a predetermined reception number and generates the generated reception The number and the mail address set in the record are notified to the authentication PL server 3 (S149). If the target record does not exist in the authentication table 44, an error message is transmitted to the old terminal.

  The authentication PL server 3 transmits, to the old terminal, a model change acceptance screen 505 for notifying that a URL for model change is to be transmitted to the mail address registered in the authentication table 44 (S150). As a result, the old terminal displays the model change acceptance screen 505.

  Further, the authentication PL server 3 generates a model change start acceptance screen 507 for inputting a model change instruction, and generates a time-limited URL for accessing the screen. Then, the authentication PL server 3 generates a mail describing the generated time-limited URL, and transmits the mail generated using the mail address of the old terminal notified in S148 as a destination (S151).

  The old terminal receives the mail 506 in which the time-limited URL is described, accesses the URL according to the user's instruction, displays the model change start acceptance screen 507 transmitted from the authentication PL server 3, and displays the user's instruction (transmission) Button click etc.) is received and a model change instruction is transmitted to the authentication PL server 3 (S152). The authentication PL server 3 generates a setting change start screen 508 in which the receipt number notified in S149 and the time limit for performing the procedure with the mobile phone of the new terminal are set and transmitted to the old terminal (S153). The old terminal displays a setting change start screen 508.

  The user performs a model change process on the mobile phone of the new terminal by the time limit set on the setting change start screen 508. Since the process (S154 to S160) in the mobile phone of the new terminal is the same as the first model change process (S109 to S115 in FIG. 10), the description is omitted here. In the model change in S158, the changing unit 43 of the authentication BL server 4 uses the mail address of the old terminal set in the corresponding record (the record in which the user ID transmitted from the old terminal is set) in the authentication table 44. At the same time, the individual identification number of the new terminal is registered in the record.

  As described above, when the old terminal is a smartphone, the individual identification number is not transmitted. Therefore, after confirming the property by inputting a model change instruction via mail, the reception number is transmitted.

  Next, the fourth model change (smart phone → smart phone) will be described.

  FIG. 16 shows an example of various screens displayed on the output device of the smartphone of the old terminal before the model change. FIG. 17 shows an example of various screens displayed on the output device of the smartphone of the new terminal after the model change.

  The process on the old terminal smartphone is the same as the third model change process (FIG. 14: S141 to S153), and the process on the new terminal smartphone is the second model change process (FIG. 12: S121). ~ S134), the description is omitted here. In addition, in the old terminal of the fourth model change, “model change to smartphone” is selected on the model change terminal selection screen 602 in FIG. Further, in the process from the new terminal for the fourth model change, in the model change process (FIG. 12: S132), the change unit 43 of the authentication BL server 4 performs the corresponding record (from the old terminal and the new terminal) The mail address of the old terminal set in the record in which the transmitted user ID is set) is changed to the mail address transmitted from the new terminal.

  In the fourth model change, since the individual identification number is not sent on the old terminal and the new terminal smartphone, the receipt number is notified via email, and the model change instruction is input via email, and the property confirmation After changing the model, change the model.

  In the present embodiment described above, it is possible to provide a user authentication technique that reduces the risk of a one-time password leaking to a third party and ensures higher security. Specifically, in the present embodiment, when the mobile terminal 1 is a mobile phone that transmits an individual identification number when issuing a one-time password, the possessed item by using the individual identification number of the mobile phone owned by the user High security is realized by issuing a one-time password after performing two-factor authentication of confirmation and identity verification by knowledge using a PIN input by the user. In addition, when the mobile terminal 1 is a terminal (such as a smartphone) that does not transmit an individual identification number, the possession confirmation by notifying the terminal of the one-time password by e-mail to a pre-registered e-mail address, High security is realized by issuing a one-time password after performing two-factor authentication with identity verification based on knowledge using the entered PIN.

  In this embodiment, when the PIN is changed, if the mobile terminal 1 is a mobile phone that transmits the individual identification number, the property confirmation by using the individual identification number of the mobile phone and the PIN input by the user are changed. Performs two-factor authentication with identity verification based on the knowledge used, and if the mobile terminal 1 is a terminal that does not transmit an individual identification number, possession by transmitting mail to a pre-registered mail address for the terminal By performing two-factor authentication of object confirmation and identity verification based on knowledge using the PIN input by the user, the PIN can be changed after performing advanced user authentication.

  Further, in the present embodiment, when changing the model of the mobile terminal 1, in the case of the mobile phone in which the old terminal or the new terminal transmits the individual identification number, the property confirmation by using the individual identification number of the mobile phone, Performs two-factor authentication with knowledge using the PIN, authentication key, and receipt number entered by the user, and if the old terminal or the new terminal does not transmit an individual identification number, Advanced user authentication by performing two-factor authentication: possession confirmation by sending e-mail to registered e-mail address and identity verification by knowledge using PIN, authentication key, and receipt number entered by the user After doing, you can change the model.

  Therefore, when the mobile terminal 1 is a mobile phone, a malicious third party needs to steal the mobile phone and the PIN from a legitimate user at the same time. If any one of them is missing, unauthorized use cannot be performed. Further, if the mobile terminal 1 is a terminal that does not transmit an individual identification number, a malicious third party must steal the user ID, mail address, and PIN from a legitimate user at the same time. Cannot be used. As described above, in the authentication system of the present embodiment, unauthorized use by a third party can be prevented and higher security can be ensured.

  In addition, this invention is not limited to said embodiment, Many deformation | transformation are possible within the range of the summary. For example, in the above embodiment, whether the mobile terminal 1 is a terminal (for example, a mobile phone) that transmits an individual identification number or a terminal (for example, a smartphone) that does not transmit an individual identification number is determined from the mobile terminal 1. If it is determined by the presence or absence of the transmitted individual identification number and it is determined that the terminal transmits the individual identification number, the menu screen is displayed without displaying the user ID input screen for inputting the user ID, and the individual identification number is transmitted. If it is determined that the terminal does not, the menu screen is displayed after the user ID input screen is displayed (FIGS. 6, 9, 11, etc.). However, the information used for determining the model of the mobile terminal 1 is not limited to the presence / absence of transmission of the individual identification number. For example, the connection source IP, domain, User-Agent, etc. added to transmit information from the mobile terminal 1 It may be used. In this case, the authentication PL server 3 stores a correspondence table in which the connection source IP and the like are associated with the mobile terminal model (a terminal that transmits an individual identification number or a terminal that does not transmit an individual identification number). And so on. When the authentication PL server 3 receives predetermined information from the mobile terminal 1, the authentication PL server 3 refers to the correspondence table to determine the model of the transmission source mobile terminal.

  When it is determined that the terminal is a terminal that transmits an individual identification number using the correspondence table, the authentication PL server 3 is used as a terminal that transmits the individual identification number, or is used as a terminal that does not transmit the individual identification number. It is good also as transmitting the screen which confirms to a user to the portable terminal 1. If there is a response from the portable terminal that the individual identification number is used as a terminal, the mobile phone explained in the above embodiment is processed and used as a terminal that does not transmit the individual identification number from the portable terminal. When there is a response, the process for the smartphone described in the above embodiment is performed, and the user ID input screen is displayed to input the user ID.

  1: mobile terminal, 2: user terminal, 3: authentication PL server, 4: authentication BL server, 41: password generation unit, 42: authentication unit, 43: change unit, 44: authentication table, 5: business server, 9 network

Claims (8)

An authentication system that issues a one-time password and authenticates the one-time password in response to a request from an external system,
For each first terminal, authentication storage means in which terminal identification information or a mail address and a user ID are stored;
A one-time password generation request including terminal identification information or a user ID is received from the first terminal, a one-time password corresponding to the terminal identification information or user ID is generated, and the generated one-time password is transmitted to the first terminal. Generating means for transmitting and storing the generated one-time password in the authentication storage means;
Authentication means for authenticating whether or not the one-time password input from the second terminal matches the one-time password stored in the authentication storage means;
Changing means for changing the model of the first terminal ,
When the first terminal is a terminal that transmits terminal identification information, the generation unit transmits the generated one-time password screen to the terminal, and the first terminal transmits the terminal identification information. If the terminal does not, send an email with the generated one-time password to the terminal ,
If the model change of the first terminal is a model change from an old terminal that transmits terminal identification information to a new terminal that transmits other terminal identification information, the changing means stores the authentication storage means stored in the authentication storage means Change the terminal identification information of the old terminal to the terminal identification information of the new terminal,
When the model change of the first terminal is a model change from an old terminal that transmits terminal identification information to a new terminal that does not transmit terminal identification information, the change means stores the old terminal stored in the authentication storage means And deleting the terminal identification information and storing the mail address inputted from the new terminal in the authentication storage means .   An authentication system that issues a one-time password and authenticates the one-time password in response to a request from an external system,
  For each first terminal, authentication storage means in which terminal identification information or a mail address and a user ID are stored;
  A one-time password generation request including terminal identification information or a user ID is received from the first terminal, a one-time password corresponding to the terminal identification information or user ID is generated, and the generated one-time password is transmitted to the first terminal. Generating means for transmitting and storing the generated one-time password in the authentication storage means;
  Authentication means for authenticating whether or not the one-time password input from the second terminal matches the one-time password stored in the authentication storage means;
  Changing means for changing the model of the first terminal,
  When the first terminal is a terminal that transmits terminal identification information, the generation unit transmits the generated one-time password screen to the terminal, and the first terminal transmits the terminal identification information. If the terminal does not, send an email with the generated one-time password to the terminal,
  When the model change of the first terminal is a model change from an old terminal that does not transmit terminal identification information to a new terminal that transmits terminal identification information, the change means stores the old terminal stored in the authentication storage means And the terminal identification information of the new terminal is stored in the authentication storage means,
  In the case where the model change of the first terminal is a model change from an old terminal that does not transmit terminal identification information to a new terminal that does not transmit other terminal identification information, the changing means is stored in the authentication storage means. Change the email address of the old device to the email address entered from the new device
  An authentication system characterized by   An authentication system that issues a one-time password and authenticates the one-time password in response to a request from an external system,
  For each first terminal, authentication storage means in which terminal identification information or a mail address and a user ID are stored;
  A one-time password generation request including terminal identification information or a user ID is received from the first terminal, a one-time password corresponding to the terminal identification information or user ID is generated, and the generated one-time password is transmitted to the first terminal. Generating means for transmitting and storing the generated one-time password in the authentication storage means;
  Authentication means for authenticating whether or not the one-time password input from the second terminal matches the one-time password stored in the authentication storage means;
  Changing means for changing the model of the first terminal,
  When the first terminal is a terminal that transmits terminal identification information, the generation unit transmits the generated one-time password screen to the terminal, and the first terminal transmits the terminal identification information. If the terminal does not, send an email with the generated one-time password to the terminal,
  When the model change of the first terminal is a model change from an old terminal that transmits terminal identification information to a new terminal that does not transmit terminal identification information, the change means stores the old terminal stored in the authentication storage means And the e-mail address input from the new terminal is stored in the authentication storage means
  An authentication system characterized by   An authentication system that issues a one-time password and authenticates the one-time password in response to a request from an external system,
  For each first terminal, authentication storage means in which terminal identification information or a mail address and a user ID are stored;
  A one-time password generation request including terminal identification information or a user ID is received from the first terminal, a one-time password corresponding to the terminal identification information or user ID is generated, and the generated one-time password is transmitted to the first terminal. Generating means for transmitting and storing the generated one-time password in the authentication storage means;
  Authentication means for authenticating whether or not the one-time password input from the second terminal matches the one-time password stored in the authentication storage means;
  Changing means for changing the model of the first terminal,
  When the first terminal is a terminal that transmits terminal identification information, the generation unit transmits the generated one-time password screen to the terminal, and the first terminal transmits the terminal identification information. If the terminal does not, send an email with the generated one-time password to the terminal,
  When the model change of the first terminal is a model change from an old terminal that does not transmit terminal identification information to a new terminal that transmits terminal identification information, the change means stores the old terminal stored in the authentication storage means And the terminal identification information of the new terminal is stored in the authentication storage means
  An authentication system characterized by The authentication system according to any one of claims 1 to 4 , wherein:
When the change means receives a model change request from the first terminal of the old terminal, the change means transmits a reception number to the first terminal of the old terminal and is input from the reception number and the first terminal of the new terminal An authentication system characterized by determining whether or not the receipt number matches. The authentication system according to any one of claims 1 to 5 ,
The authentication storage means further stores a PIN for each first terminal,
PIN change means for changing the PIN of the first terminal,
The PIN changing means receives a PIN change request from the first terminal, and if the first terminal is a terminal that does not transmit terminal identification information, an input screen for inputting a PIN change instruction via mail is displayed. An authentication system, wherein a PIN is changed when a change instruction transmitted to a terminal and input on the input screen is received. An authentication method performed by an authentication system that issues a one-time password and authenticates the one-time password according to a request from an external system,
The authentication system includes an authentication storage unit in which terminal identification information or a mail address and a user ID are stored for each first terminal,
A one-time password generation request including terminal identification information or a user ID is received from the first terminal, a one-time password corresponding to the terminal identification information or user ID is generated, and the generated one-time password is transmitted to the first terminal. A generation step of transmitting and storing the generated one-time password in the authentication storage unit;
An authentication step of authenticating whether or not the one-time password input from the second terminal matches the one-time password stored in the authentication storage unit;
Changing the model of the first terminal, and
In the generation step, when the first terminal is a terminal that transmits terminal identification information, the generated one-time password is transmitted to the terminal, and the first terminal transmits the terminal identification information. If the terminal does not, send an email with the generated one-time password to the terminal,
If the model change of the first terminal is a model change from an old terminal that transmits terminal identification information to a new terminal that transmits other terminal identification information, the change step is stored in the authentication storage unit. Change the terminal identification information of the old terminal to the terminal identification information of the new terminal,
When the model change of the first terminal is a model change from an old terminal that transmits terminal identification information to a new terminal that does not transmit terminal identification information, the change step includes the old terminal stored in the authentication storage unit And deleting the terminal identification information and storing the mail address input from the new terminal in the authentication storage unit . An authentication program executed by an authentication system that issues a one-time password and authenticates the one-time password in response to a request from an external system,
The authentication system includes an authentication storage unit in which terminal identification information or a mail address and a user ID are stored for each first terminal,
In the authentication system,
A one-time password generation request including terminal identification information or a user ID is received from the first terminal, a one-time password corresponding to the terminal identification information or user ID is generated, and the generated one-time password is transmitted to the first terminal. A generation step of transmitting and storing the generated one-time password in the authentication storage unit;
An authentication step of authenticating whether or not the one-time password input from the second terminal matches the one-time password stored in the authentication storage unit;
Changing the model of the first terminal, and
In the generation step , when the first terminal is a terminal that transmits terminal identification information, the generated one-time password is transmitted to the terminal, and the first terminal transmits the terminal identification information. If the terminal does not, send an email with the generated one-time password to the terminal,
If the model change of the first terminal is a model change from an old terminal that transmits terminal identification information to a new terminal that transmits other terminal identification information, the change step is stored in the authentication storage unit. Change the terminal identification information of the old terminal to the terminal identification information of the new terminal,
When the model change of the first terminal is a model change from an old terminal that transmits terminal identification information to a new terminal that does not transmit terminal identification information, the change step includes the old terminal stored in the authentication storage unit And deleting the terminal identification information and storing the mail address input from the new terminal in the authentication storage unit .

Images