JP5873772B2 - Information processing apparatus, information processing method, and program - Google Patents

Description

  The present invention relates to a technique for improving communication security.

  It is desired to improve security by communication between a server and a client (terminal device) via a network such as the Internet. For example, when providing a service such as Internet banking or online shopping where money exchange occurs, the server generally uses a user-specific ID (hereinafter referred to as UID) and a password from the user himself / herself. Authenticate whether it is access. However, when the UID and password are leaked, access from other users is facilitated. Therefore, it has been studied to further improve security by using other information for user authentication.

  For example, in Japanese Patent Laid-Open No. 2004-228688, the location of the terminal device when attempting to log in is estimated from a past movement route, and if the estimated position does not match the position that the user has answered, the UID and password are illegally A technology for recognizing that a third party who has obtained access is accessing is disclosed.

JP 2007-60172 A

  When the information stored in the terminal device is transmitted to the server and used for user authentication, the user's personal information is disclosed. For example, in the technique disclosed in Patent Document 1, since the movement route of the terminal device is transmitted to the server, the user's behavior and the like are disclosed. Therefore, it is desirable to reduce the transmission of information stored in the terminal device to the server.

  An object of the present invention is to improve communication security by using information stored by a user in user authentication.

  According to one embodiment of the present invention, the receiving means for receiving a request message including identification information for identifying a user from the terminal device, the predetermined extracted information acquired based on the request message, and the identification information A plurality of means including a specifying means for specifying the extracted information corresponding to the identification information included in the received request message with reference to the database in which the correspondence relationship is registered, and a first option based on the specified extracted information Presenting means for presenting an option to the user via the terminal device to select one, a second option selected by the user from a plurality of the options, and a matching means for matching the first option; The extraction means for acquiring the extraction information based on the received request message, and the received response based on the result of collation by the collation means. Registration means for registering the correspondence between the identification information included in the est message and the extracted information acquired from the request message in the database; and execution means for executing processing based on the result of collation by the collation means An information processing apparatus is provided.

  According to an embodiment of the present invention, a request message including identification information for identifying a user is received from a terminal device, and a correspondence relationship between predetermined extraction information acquired based on the request message and the identification information is Referring to a registered database, the extracted information corresponding to the identification information included in the received request message is specified, and a plurality of options including a first option based on the specified extracted information are selected as the terminal device. The request is received by the user through the selection, the second option selected by the user from a plurality of the options is verified with the first option, and the received request is based on the result of the verification A correspondence relationship between the identification information included in the message and the extracted information acquired based on the request message is registered in the database, and the reference An information processing method for executing result to based processing is provided.

  According to an embodiment of the present invention, the computer receives a request message including identification information for identifying a user from the terminal device, the predetermined extracted information acquired based on the request message, and the identification Referencing a database in which a correspondence relationship with information is registered, specifying means for specifying the extracted information corresponding to the identification information included in the received request message, and a first option based on the specified extracted information Presenting means for presenting a plurality of options to be presented to the user via the terminal device and selecting one of them, collation for comparing the second option selected by the user from the plurality of options, and the first option Based on the result of collation by the means, the extraction means for obtaining the extraction information based on the received request message, and the collation means Execution of executing processing based on the result of collation by the collation means, registration means for registering the correspondence relationship between the identification information included in the received request message and the extracted information acquired from the request message in the database A program for functioning as a means is provided.

  According to the present invention, in user authentication, communication security can be improved by using information stored by the user.

It is the schematic which shows the structure of the information processing system 1000 which concerns on embodiment of this invention. It is a block diagram which shows the hardware constitutions of the information processing apparatus 1 which concerns on embodiment of this invention. It is a block diagram which shows the hardware constitutions of the terminal device 2 which concerns on embodiment of this invention. It is a figure explaining the conversion table memorize | stored in the reference server 6 which concerns on embodiment of this invention. It is a block diagram which shows the function structure of the information processing apparatus 1 which concerns on embodiment of this invention. It is a figure explaining the information registered into the database 190 which concerns on embodiment of this invention. It is a communication flow figure showing processing of information processor 1 and terminal unit 2 concerning an embodiment of the present invention. It is a figure explaining the login screen displayed on the touch panel 24 which concerns on embodiment of this invention. It is a figure explaining the selection screen displayed on the touch panel 24 which concerns on embodiment of this invention. It is a figure explaining the address specification information memorize | stored in the reference server 6 which concerns on the modification 1 of this invention. It is a flowchart which shows the process which acquires the positional information which concerns on the modification 1 of this invention. It is a flowchart which shows the process which acquires the positional information which concerns on the modification 2 of this invention. It is a figure explaining the information registered into the database 190 which concerns on the modification 3 of this invention. It is a flowchart which shows the process of the information processing apparatus 1 which concerns on the modification 3 of this invention.

  Hereinafter, an information processing system according to an embodiment of the present invention will be described in detail with reference to the drawings. In addition, embodiment shown below is an example of embodiment of this invention, and this invention is not limited to these embodiment.

<Embodiment>
An information processing system according to an embodiment of the present invention will be described in detail with reference to the drawings.

[overall structure]
FIG. 1 is a schematic diagram showing a configuration of an information processing system 1000 according to an embodiment of the present invention. The information processing system 1000 includes an information processing device 1 connected to a network NW such as the Internet, a terminal device 2 connected to the information processing device 1 via the network NW and the base station 5, and a reference server 6 connected to the network NW. Have

  The information processing device 1 is a server device that provides services such as Internet banking to the user of the terminal device 2. Various functions of the information processing apparatus 1 described below may be realized not only by one server apparatus but also by a plurality of server apparatuses in cooperation.

  The terminal device 2 is a device used by a user such as a mobile phone, a smartphone, or a laptop computer, and transmits and receives information to and from the information processing device 1 via the base station 5.

  In this example, the information processing apparatus 1 and the terminal apparatus 2 communicate information using a protocol that is compliant with HTTP (HyperText Transfer Protocol). When communicating this information, the terminal device 2 transmits an HTTP request message (hereinafter simply referred to as a request message) to be transmitted to the information processing device 1. On the other hand, the information processing apparatus 1 transmits an HTTP response message (hereinafter simply referred to as a response message) to the terminal device 2 as a response to the request message.

  As described in detail below, the present invention can improve security by generating a question for the user using the extracted information acquired based on the request message. In this example, a protocol conforming to HTTP is used, but a protocol conforming to HTTP may not be used.

  The base station 5 is a base station that performs communication according to a mobile phone information communication standard (non-IEEE standard) such as 3G (3rd Generation) or LTE (Long Term Evolution), and information communication used for a wireless LAN (Local Area Network). This is a concept including a base station called an access point that performs communication according to a standard (compliant with the IEEE standard), and performs wireless communication with the terminal device 2 to connect the terminal device 2 to the network NW.

  When the terminal device 2 communicates with the information processing device 1 via the base station 5, information for identifying the base station 5 is added to the data to be communicated on the communication path. For example, an IP (Internet Protocol) address assigned to the base station 5 is added to the IP header, or a MAC (Media Access Control) address assigned to the base station 5 is added to the MAC header. In the information communication standard for mobile phones, position information indicating the position of the base station 5 is added to the HTTP request body part.

[Configuration of Information Processing Apparatus 1]
FIG. 2 is a block diagram showing a hardware configuration of the information processing apparatus 1 according to the embodiment of the present invention. The information processing apparatus 1 includes a control unit 11, a storage unit 12, and a communication unit 13. The control unit 11 has a CPU and a memory. The control part 11 implement | achieves various functions, such as a communication control function mentioned later, by running the program memorize | stored in the memory | storage part 12 or memory. Each component of the information processing apparatus 1 is controlled by various functions realized by the control unit 11. The storage unit 12 is a hard disk or the like and stores information necessary for realizing various functions. The communication unit 13 transmits / receives information to / from other devices via the network NW.

[Configuration of Terminal Device 2]
FIG. 3 is a block diagram showing a hardware configuration of the terminal device 2 according to the embodiment of the present invention. The terminal device 2 includes a control unit 21, a storage unit 22, a communication unit 23, and a touch panel 24. The control unit 21 has a CPU and a memory. The control unit 21 implements various functions by executing a program stored in the storage unit 22 or the memory. Each component of the terminal device 2 is controlled by various functions realized by the control unit 21.

  The storage unit 22 is a semiconductor memory or the like, and stores information necessary for realizing various functions. The communication unit 23 is wirelessly connected to the base station 5 and transmits / receives information to / from other devices via the network NW. The touch panel 24 includes a display that displays a screen corresponding to the received response message, and a touch sensor that detects a user's contact with the display surface, accepts the user's operation, and outputs a signal corresponding to the operation. When an operation by the user is accepted by the touch panel 24, a request message is transmitted to the information processing apparatus 1 according to the content of the operation. Thus, the user's instruction is input to the terminal device 2 by an operation on the touch panel 24.

[Configuration of Reference Server 6]
The reference server 6 has the same configuration as that of the information processing apparatus 1 and stores a conversion table in which IP addresses or MAC addresses are associated with position information.

  FIG. 4 is a diagram illustrating a conversion table stored in the reference server 6 according to the embodiment of the present invention. In the example of the conversion table shown in FIG. 4, the correspondence between addresses (addresses A, B, C,...) And position information (positions A, B, C,...) Is defined. The address indicates a MAC address or an IP address. The location information is information indicating the location of the base station 5 having the corresponding MAC address, for example. In this example, the location information is information represented by administrative divisions up to the municipality, but may be information represented by administrative divisions showing a narrower range, or administrative divisions showing a wider range (for example, It may be information expressed by (prefecture).

[Functional configuration of information processing apparatus 1]
FIG. 5 is a block diagram showing a functional configuration of the information processing apparatus 1 according to the embodiment of the present invention. The information processing apparatus 1 implements a communication control function by the reception unit 110, the extraction unit 120, the identification unit 130, the presentation unit 140, the verification unit 150, the registration unit 160, the execution unit 170, and the database (DB) 190.

  The receiving unit 110 receives a request message from the terminal device 2. In this example, a UID that is identification information for identifying a user is described in a part of the request message. For example, if the GET method is used as the HTTP method, “https://www.xxx.yyy.jp/members.php?uid=aa12345 is added at the end of the URL (Uniform Resource Locator) described in the request line. Will be described as follows. In this case, the UID is “aa12345”.

  The extraction unit 120 acquires the extraction information and the UID from the received request message. In this example, the extracted information is position related information. The extracted information includes information that changes when the communication status changes, such as when the terminal device 2 that accesses the information processing device 1 changes, or when the base station 5 to which the terminal device 2 connects during communication changes. ing.

  The position related information is information related to the position of the base station 5 on the communication path, and in this example, is a MAC address or an IP address. Accordingly, the position-related information changes its address when the position of the terminal device 2 changes and is connected to another base station 5. The location-related information is acquired from the MAC header of the HTTP packet when it is a MAC address, and is acquired from the IP header when it is an IP address.

  The specifying unit 130 acquires a UID from the received request message. The specifying unit 130 refers to the database 190 and specifies the MAC address or IP address corresponding to this UID.

  FIG. 6 is a diagram for explaining information registered in the database 190 according to the embodiment of the present invention. In the example of the database 190 illustrated in FIG. 6, a correspondence relationship between a UID (ABC, DEF, GHI,...) And an address (address XX, address YY, address ZZ,...) Is defined. The address corresponds to the position related information and indicates a MAC address or an IP address as described above. The correspondence between the UID and the address is registered in the database 190 by the registration unit 160.

  The presentation unit 140 refers to the conversion table of the reference server 6 and acquires location information (hereinafter referred to as specific location information) corresponding to the MAC address or IP address specified by the specification unit 130. The presenting unit 140 generates a selection screen (see FIG. 9) for selecting a plurality of pieces of position information including specific position information as options and presenting them to the user. This option is presented to allow the user to select where the last transaction was made. The place where the transaction was made corresponds to the position at which the terminal device 2 used by the user accessed the information processing apparatus 1, more precisely the position of the base station 5 to which the terminal apparatus 2 was connected when this access was made. To do.

  Here, the position information other than the specific position information among the position information as options is determined according to a predetermined algorithm. For example, municipalities in and outside Japan are determined at random, municipalities that are more than a predetermined distance away from the position of the specific position information are randomly determined, position information registered in the database 190 is determined, or the reference server 6 It may be determined from position information included in the conversion table.

  The presenting unit 140 transmits a response message including information for displaying the generated selection screen to the terminal device 2 that has transmitted the request message. From the terminal device 2, a request message including a result (hereinafter referred to as “selected position information”) selected by the user from a plurality of options displayed on the selection screen is transmitted to the information processing device 1.

  The collation unit 150 receives a request message including a result (selected position information) selected by the user, and collates the selected position information with the specific position information. If they match, the user's selection is correct, and if they are different, the user's selection is incorrect. That is, since a legitimate user should know the previous transaction place, the correct selection is possible. On the other hand, if it is a user who tries to gain access by illegally acquiring a UID, the possibility of making an incorrect selection is very high because the user does not know the previous transaction location. Based on this selection result, it is possible to authenticate whether or not the user is a valid user.

  The registration unit 160 indicates the correspondence relationship between the UID acquired by the extraction unit 120 and the position related information (MAC address or IP address) when the user makes a correct selection from the collation result by the collation unit 150. Register with. On the other hand, if the user makes an incorrect selection, the correspondence relationship is not registered in the database 190. The extraction unit 120 acquires the UID and the position related information from the request message received by the matching unit 150, and the registration unit 160 acquires the UID and the position related information acquired from the request message received by the matching unit 150. May be registered in the database 190. When the position related information corresponding to the UID has already been registered, it may be overwritten and updated, or may be registered over a plurality of generations in time series.

  The execution unit 170 executes processing for determining the description content of the response message to be transmitted to the terminal device 2 as a response to the request message, based on the comparison result by the verification unit 150. For example, the execution unit 170 authenticates the user who has made an access from the terminal device 2 when the user has made a correct selection from the collation result by the collation unit 150, and sends a response message corresponding to the request message request. And sent as a response to the request message.

  On the other hand, if the user makes an incorrect selection, there is a high possibility that another user is accessing even if the UIDs match. Therefore, a response message notifying that the user who has accessed is not authenticated and not accepting access from the terminal device 2 is transmitted as a response to the request message. After that, access from the terminal device 2 may be blocked for a certain period. Further, information regarding unauthorized access may be notified to the administrator of the information processing apparatus 1. An administrator's notification destination (e-mail address or the like) may be set in the information processing apparatus 1 in advance. The information regarding unauthorized access may be information using a predetermined fixed sentence, or may include information regarding a request message corresponding to unauthorized access.

[Communication flow]
FIG. 7 is a communication flow diagram showing processing of the information processing device 1 and the terminal device 2 according to the embodiment of the present invention. First, the terminal device 2 receives a login instruction from a user for a specific service (such as Internet banking) (step S111). The login instruction to this service is performed on a login screen displayed on the touch panel 24 of the terminal device 2.

  FIG. 8 is a diagram illustrating a login screen displayed on the touch panel 24 according to the embodiment of the present invention. The login screen displayed on the touch panel 24 displays a UID (user ID) input area, a password input area, and a login button B1 for inputting a login instruction when operated. When the login button B1 is operated after the UID and password are input, a login instruction is input and a request message including the UID and password is transmitted.

  Returning to FIG. 7, the description will be continued. The terminal device 2 generates and transmits a request message based on the login instruction (step S112). This request message includes a UID that identifies a user for receiving the service. Further, information (MAC address in this example) for identifying the base station 5 to which the terminal device 2 is connected wirelessly is added on the communication path.

  When receiving the request message, the information processing apparatus 1 acquires a UID from the request line (step S121). The information processing device 1 refers to the database 190 and identifies the MAC address corresponding to the acquired UID (step S122). The specified MAC address is an address described in the MAC header of the request message transmitted when the same user has previously given a login instruction.

  The information processing apparatus 1 refers to the conversion table of the reference server 6 and acquires position information (specific position information) corresponding to the specified MAC address (step S123). The information processing apparatus 1 generates a selection screen using a plurality of pieces of position information including the specific position information as options (step S124), and transmits a response message including information for displaying the generated selection screen (step S125). . Upon receiving the response message, the terminal device 2 displays a selection screen (step S131).

  FIG. 9 is a diagram illustrating a selection screen displayed on the touch panel 24 according to the embodiment of the present invention. The selection screen displays a plurality of options (“Hokkaido Sapporo City”, “Sendai City, Miyagi Prefecture”,...) As a previous transaction place, and an answer button B2. One of the plurality of options is specific position information. When one of a plurality of options is designated by the user and the answer button B2 is operated, the designated position information is selected.

  Returning to FIG. 7, the description will be continued. When any position information is selected by the user from the position information presented as a plurality of options (step S132), the terminal device 2 transmits a request message including the selected result (selected position information) (step S132). S133).

  The information processing apparatus 1 collates the selected position information included in the request message with the specific position information acquired in step S123 (step S141). When the selected position information matches the specific position information, the user of the terminal device 2 that transmitted the request message in step S112 (hereinafter referred to as user A) and the terminal device 2 that transmitted the request message in step S133. The user (hereinafter referred to as user B) is likely to be the same. Therefore, it is determined that the request message transmitted in step S133 is a message transmitted from the terminal device 2 in accordance with an instruction from the user A.

  Therefore, when the selected position information matches the specific position information, the information processing apparatus 1 registers the correspondence between the UID and the MAC address included in the request message transmitted in step S112 or S133 in the database 190 (step S142). ). Thus, the correspondence between the UID and the MAC address registered in the database 190 is used for user authentication when the user A accesses next time. Further, the information processing device 1 generates a response message in response to the request message request (step S143), and transmits the response message to the terminal device 2 as a request message response (step S144). Note that step S142 may be processed after the processing of steps S143 and S144.

  On the other hand, when the selected position information and the specific position information do not match, there is a high possibility that the user A and the user B are different. Therefore, the request message transmitted in step S133 is determined to be a transmission from the user B impersonating the user A, and the information processing apparatus 1 generates a response message notifying that access is not accepted (step S143). ) And transmitted as a response to the request message (step S144). In this case, the correspondence relationship between the UID and the MAC address is not registered in the database 190.

  As described above, the information processing apparatus 1 collates the specific position information corresponding to the position accessed last time from the terminal apparatus 2 with the selected position information selected by the user from a plurality of options. Therefore, whether or not the user of the terminal device 2 that has accessed the information processing apparatus 1 is a valid user can be authenticated depending on whether or not the user knows the position of the previous access, and security can be improved. is there.

<Modification>
As mentioned above, although embodiment and the Example of this invention were described, this invention can be implemented in various aspects as follows.

[Modification 1]
In the above-described embodiment, the correspondence relationship between the UID and the position related information is registered in the database 190, but the correspondence relationship between the UID and the position information may be registered. In this case, position information described in the HTTP request body part may be used.

  About the structure of the information processing system which concerns on the modification 1, it is the structure similar to embodiment, However, In addition to the conversion table, the address designation information is memorize | stored in the reference server 6. FIG. Note that the conversion table and the addressing information may be stored in different servers.

  The address designation information is information for designating an address satisfying a predetermined condition, for example, information for designating the IP address of the base station 5 of the cellular phone information communication standard (non-IEEE standard).

  FIG. 10 is a diagram for explaining the address designation information stored in the reference server 6 according to the first modification of the present invention. In the example of the address designation information shown in FIG. 10, the range of the IP address is designated by a combination of the IP address and the prefix value. The base station 5 to which the IP address included in this range is assigned communicates with the mobile phone information communication standard (non-IEEE standard). When a request message is transmitted via the base station 5, position information indicating the position of the base station 5 is added to the HTTP request body part. In this modification, the position information added in this way is used.

  FIG. 11 is a flowchart showing processing for acquiring position information according to the second modification of the present invention. First, the extraction unit 120 acquires an IP address from the request message, and refers to the address designation information to determine whether the acquired IP address is included (step S211). If the IP address is included (step S211; Yes), the position information described in the HTTP request body part is acquired (step S213). On the other hand, if the IP address is not included (step S211; No), the MAC address (or IP address) is acquired from the request message, and the location information is obtained by referring to the conversion table stored in the reference server 6. Is acquired (step S212). Then, the registration unit 160 registers the correspondence between the position information acquired by the extraction unit 120 and the UID in the database 190 instead of the correspondence between the position related information and the UID.

  In this case, the specifying unit 130 refers to the database 190 and specifies position information instead of specifying position related information. This position information is used as specific position information in the presentation unit 140.

[Modification 2]
In the embodiment described above, the correspondence relationship between the UID and the position related information is registered in the database 190, but the correspondence relationship between the UID and the position information may be registered as in the first modification. In this case, position information described in the HTTP request body part may be used.

  The configuration of the information processing system according to Modification 2 is the same as that of Modification 1. Similarly to the first modification, the second modification is added to the HTTP request body part when a request message is transmitted via the base station 5 of the mobile phone information communication standard (non-IEEE standard). It uses location information. In the first modification, it is determined whether or not the base station 5 uses the mobile phone information communication standard using the addressing information. In the second modification, a case where the determination is made by another method will be described. .

  FIG. 12 is a flowchart showing processing for acquiring position information according to the second modification of the present invention. First, the extraction unit 120 refers to the MAC header of the request message and determines whether there is a description of the MAC address (step S311). When the MAC address is described (step S311; Yes), the MAC address (or IP address) is acquired from the request message, and the location information is acquired by referring to the conversion table stored in the reference server 6. (Step S312). On the other hand, when the MAC address is not described (step S311; No), the position information described in the HTTP request body part is acquired (step S313). Then, the registration unit 160 registers the correspondence between the position information acquired by the extraction unit 120 and the UID in the database 190 instead of the correspondence between the position related information and the UID.

  In this case, the specifying unit 130 refers to the database 190 and specifies position information instead of specifying position related information. This position information is used as specific position information in the presentation unit 140.

[Modification 3]
In the above-described embodiment, authentication using user agent information set in the HTTP header may be combined. About the structure of the information processing system which concerns on the modification 3, although it is the structure substantially the same as embodiment, the information registered in the database 190, the operation | movement of the presentation part 140, etc. differ. Hereinafter, differences from the embodiment will be mainly described.

  In this example, the presentation unit 140 includes at least user agent information for the user agent information set in the HTTP header of the request message transmitted at the previous access and the user agent information at the current access. Part of information (for example, the model of the terminal device 2) is collated, and if they do not match, the processing from step S122 shown in FIG. 7 is performed.

  FIG. 13 is a diagram for explaining information registered in the database 190 according to the third modification of the present invention. As shown in FIG. 13, the database 190 according to the third modification is associated with user agent information in addition to the correspondence between UIDs and addresses. The user agent information indicates at least part of the information described in the “User-Agent” part set in the HTTP header. In this example, the information (model A) indicates the model of the terminal device 2. , Model B,... The user agent information may be the type of browser used in the terminal device 2.

  FIG. 14 is a flowchart showing processing of the information processing apparatus 1 according to the third modification of the present invention. First, the information processing apparatus 1 acquires a UID (step S121). Step S121 is the same as the processing in the embodiment (step S121 in FIG. 7).

  Subsequently, the information processing apparatus 1 (identification unit 130) identifies the user agent information corresponding to the acquired UID with reference to the database 190, and the user agent information set in the HTTP header of the received request message and Collation is performed (step S411). If the user agent information does not match as a result of the collation (step S412; No), the process proceeds to step S122 of FIG. 7 in the embodiment. On the other hand, if both user agent information matches (step S412; Yes), the process proceeds to step S143 of FIG. 7 in the embodiment, and a part of the processing of the embodiment (in this example, the user selects a plurality of options) The processing related to selecting one of the above may be omitted.

[Modification 4]
In the embodiment described above, the position-related information is used as the extraction information. However, other information may be used, and these may be used in combination. Other information includes, for example, the contents of the HTTP header, terminal identification information (such as a CPU serial number) stored in the terminal device 2 and identifying the terminal device 2, and transaction time (transaction time zone). For example, when the model of the terminal device 2 is extracted information in the content of the HTTP header, a plurality of options presented to the user on the selection screen are various model names of the terminal device.

DESCRIPTION OF SYMBOLS 1 ... Information processing apparatus, 2 ... Terminal device, 5 ... Base station, 11 ... Control part, 12 ... Memory | storage part, 13 ... Communication part, 21 ... Control part, 22 ... Memory | storage part, 23 ... Communication part, 24 ... Touch panel, DESCRIPTION OF SYMBOLS 110 ... Reception part, 120 ... Extraction part, 130 ... Identification part, 140 ... Presentation part, 150 ... Collation part, 160 ... Registration part, 170 ... Execution part, 1000 ... Information processing system

Claims (11)

Receiving means for receiving a request message including identification information for identifying the user from the terminal device;
The extracted information corresponding to the identification information included in the received request message with reference to a database in which the correspondence between predetermined extracted information acquired based on the request message and the identification information is registered Identifying means for identifying
Presenting means for presenting a plurality of options including the first option based on the identified extracted information to the user via the terminal device and selecting one of them,
Collating means for collating the second option selected by the user from the plurality of options and the first option;
Extraction means for obtaining the extraction information based on the received request message;
Registration means for registering the correspondence between the identification information included in the received request message and the extracted information acquired from the request message in the database, based on the result of matching by the matching unit;
An information processing apparatus comprising: execution means for executing processing based on the result collated by the collating means.   The information processing apparatus according to claim 1, wherein the extracted information includes position related information related to a position of a base station on a communication path from the terminal apparatus. The extraction means refers to a table in which MAC addresses and position information are associated with each other, acquires position information corresponding to the MAC address of the base station added to the request message on the communication path,
The information processing apparatus according to claim 2, wherein the presenting unit determines the option based on the acquired position information. The extraction means refers to a table in which IP addresses and position information are associated with each other, acquires position information corresponding to the IP address of the base station added to the request message on the communication path,
The information processing apparatus according to claim 2, wherein the presenting unit determines the option based on the acquired position information. The extraction means refers to information designating an IP address that satisfies a predetermined condition, and when the IP address of the base station added to the request message on the communication path satisfies the predetermined condition, Get the position information described in the body part,
The information processing apparatus according to claim 2, wherein the presenting unit determines the option based on the acquired position information. When the MAC address is not described in the MAC header added to the request message on the communication path, the extraction unit acquires the position information described in the body part of the request message,
The information processing apparatus according to claim 2, wherein the presenting unit determines the option based on the acquired position information.   The information processing apparatus according to any one of claims 1 to 6, wherein the execution unit notifies the administrator of information related to unauthorized access when a result of collation by the collation unit is inconsistent. The request message is an HTTP-compliant message,
In the database, the correspondence between the user agent information set in the HTTP header of the request message and the identification information is registered,
The specifying means further specifies the user agent information corresponding to the identification information,
The presenting means provides the user with the option based on a result of matching between the user agent information specified according to the identification information included in the received request message and the user agent information of the request message. The information processing apparatus according to claim 1 to be presented. The request message is an HTTP-compliant message,
The extraction means acquires user agent information set in an HTTP header of the received request message,
The information processing apparatus according to claim 1, wherein the presenting unit determines the option based on the acquired user agent information. A request message including identification information for identifying the user is received from the terminal device,
The extracted information corresponding to the identification information included in the received request message with reference to a database in which the correspondence between predetermined extracted information acquired based on the request message and the identification information is registered Identify
Presenting a plurality of options including the first option based on the identified extracted information to the user via the terminal device, and selecting one of them,
Collating a second option selected by the user from a plurality of the options with the first option;
Based on the collation result, the correspondence between the identification information included in the received request message and the extracted information acquired based on the request message is registered in the database,
An information processing method for executing processing based on the collated result. Computer
Receiving means for receiving a request message including identification information for identifying the user from the terminal device;
The extracted information corresponding to the identification information included in the received request message with reference to a database in which the correspondence between predetermined extracted information acquired based on the request message and the identification information is registered Identifying means for identifying
Presenting means for presenting a plurality of options including the first option based on the identified extracted information to the user via the terminal device and selecting one of them,
Collating means for collating the second option selected by the user from the plurality of options and the first option;
Extraction means for obtaining the extraction information based on the received request message;
Registration means for registering the correspondence between the identification information included in the received request message and the extracted information acquired from the request message in the database, based on the result of matching by the matching unit;
The program for functioning as an execution means which performs the process based on the result collated by the collation means.

Images