JP5940398B2 - Information processing apparatus, information processing method, and program - Google Patents

Description

  The present invention relates to a technique for improving communication security.

  It is desired to improve security by communication between a server and a client (terminal device) via a network such as the Internet. For example, when providing a service such as Internet banking or online shopping where money exchange occurs, the server generally uses a user-specific ID (hereinafter referred to as UID) and a password from the user himself / herself. Authenticate whether it is access. However, when the UID and password are leaked, access from other users is facilitated. Therefore, it has been studied to further improve security by using other information for user authentication.

  For example, in Japanese Patent Laid-Open No. 2004-228688, the location of the terminal device when attempting to log in is estimated from a past movement route, and if the estimated position does not match the position that the user has answered, the UID and password are illegally A technology for recognizing that a third party who has obtained access is accessing is disclosed.

JP 2007-60172 A

  Although measures to improve security have been taken as described above, if access from an unauthorized third party cannot be detected on the server side, this third party is authenticated as a legitimate user, Processing will be executed. However, when the original user subsequently accesses the server, there is a case in which it is not noticed whether there was an unauthorized access from a third party last time.

  It is an object of the present invention to improve communication security by making it possible to easily confirm whether or not there has been an access from an unauthorized third party.

According to one embodiment of the present invention, the extracted identification information identifying the user, a request message including authentication information and extraction information for authenticating the user from the request message and receiving means, the received received from the terminal device When the user is authenticated as a valid user based on the extraction means for acquiring information and at least the identification information included in the received request message and the authentication information, the information is acquired from the identification information and the request message. Registration means for registering a correspondence relationship with the extracted information in a database; and referring to the database, the request message including the identification information included in the received request message received when the request message was previously received Specifying means for specifying the extracted information, and information based on the specified extracted information, the terminal An information processing apparatus and a presenting means for presenting to a user via a location is provided.

Acquisition According to one embodiment of the present invention, identification information for identifying the user, receiving a request message containing the authentication information and the extraction information for authenticating the user from the terminal device, the extracted information from the request message received And referring to a database in which the correspondence between the identification information included in the received request message and the extracted information acquired from the request message is registered, the identification information included in the received request message Including identifying the extracted information acquired when the request message was received last time, and presenting information based on the identified extracted information to the user via the terminal device , the database including at least The user is authorized based on the identification information and the authentication information included in the received request message. If it is authenticated as a user, an information processing method corresponding relationship between the extracted information acquired from the identification information and the request message is registered is provided.

According to one embodiment of the present invention, the computer receives a request message including identification information for identifying a user , authentication information for authenticating the user, and extraction information from the terminal device, and the received request message. extracting means for obtaining said extract information from, at least, when the user is authenticated as a legitimate user based on the identification information and the authentication information included in the request message received, the identification information and the request message Registration means for registering the correspondence relationship with the extracted information acquired from the database in the database, and referring to the database, acquired when the request message including the identification information included in the received request message is received last time Specifying means for specifying the extracted information, and based on the specified extracted information The broadcast program to function as presentation means for presenting to the user via the terminal device is provided.

  According to the present invention, it is an object to improve communication security by making it possible to easily check afterwards whether there has been an unauthorized access from a third party.

It is the schematic which shows the structure of the information processing system 1000 which concerns on embodiment of this invention. It is a block diagram which shows the hardware constitutions of the information processing apparatus 1 which concerns on embodiment of this invention. It is a block diagram which shows the hardware constitutions of the terminal device 2 which concerns on embodiment of this invention. It is a figure explaining the conversion table memorize | stored in the reference server 6 which concerns on embodiment of this invention. It is a block diagram which shows the function structure of the information processing apparatus 1 which concerns on embodiment of this invention. It is a figure explaining the information registered into the database 190 which concerns on embodiment of this invention. It is a communication flow figure showing processing of information processor 1 and terminal unit 2 concerning an embodiment of the present invention. It is a figure explaining the login screen displayed on the touch panel 24 which concerns on embodiment of this invention. It is a figure explaining the confirmation screen displayed on the touch panel 24 which concerns on embodiment of this invention. It is a figure explaining the address specification information memorize | stored in the reference server 6 which concerns on the modification 1 of this invention. It is a flowchart which shows the process which acquires the positional information which concerns on the modification 1 of this invention. It is a flowchart which shows the process which acquires the positional information which concerns on the modification 2 of this invention. It is a figure explaining the confirmation screen displayed on the touch panel 24 which concerns on the modification 4 of this invention.

  Hereinafter, an information processing system according to an embodiment of the present invention will be described in detail with reference to the drawings. In addition, embodiment shown below is an example of embodiment of this invention, and this invention is not limited to these embodiment.

<Embodiment>
An information processing system according to an embodiment of the present invention will be described in detail with reference to the drawings.

[overall structure]
FIG. 1 is a schematic diagram showing a configuration of an information processing system 1000 according to an embodiment of the present invention. The information processing system 1000 includes an information processing device 1 connected to a network NW such as the Internet, a terminal device 2 connected to the information processing device 1 via the network NW and the base station 5, and a reference server 6 connected to the network NW. Have

  The information processing device 1 is a server device that provides services such as Internet banking to the user of the terminal device 2. Various functions of the information processing apparatus 1 described below may be realized not only by one server apparatus but also by a plurality of server apparatuses in cooperation.

  The terminal device 2 is a device used by a user such as a mobile phone, a smartphone, or a laptop computer, and transmits and receives information to and from the information processing device 1 via the base station 5.

  In this example, the information processing apparatus 1 and the terminal apparatus 2 communicate information using a protocol that is compliant with HTTP (HyperText Transfer Protocol). When communicating this information, the terminal device 2 transmits an HTTP request message (hereinafter simply referred to as a request message) to be transmitted to the information processing device 1. On the other hand, the information processing apparatus 1 transmits an HTTP response message (hereinafter simply referred to as a response message) to the terminal device 2 as a response to the request message.

  As described in detail below, the present invention can improve security by generating a question for the user using the extracted information acquired based on the request message. In this example, a protocol conforming to HTTP is used, but a protocol conforming to HTTP may not be used.

  The base station 5 is a base station that performs communication according to a mobile phone information communication standard (non-IEEE standard) such as 3G (3rd Generation) or LTE (Long Term Evolution), and information communication used for a wireless LAN (Local Area Network). This is a concept including a base station called an access point that performs communication according to a standard (compliant with the IEEE standard), and performs wireless communication with the terminal device 2 to connect the terminal device 2 to the network NW.

  When the terminal device 2 communicates with the information processing device 1 via the base station 5, information for identifying the base station 5 is added to the data to be communicated on the communication path. For example, an IP (Internet Protocol) address assigned to the base station 5 is added to the IP header, or a MAC (Media Access Control) address assigned to the base station 5 is added to the MAC header. In the information communication standard for mobile phones, position information indicating the position of the base station 5 is added to the HTTP request body part.

[Configuration of Information Processing Apparatus 1]
FIG. 2 is a block diagram showing a hardware configuration of the information processing apparatus 1 according to the embodiment of the present invention. The information processing apparatus 1 includes a control unit 11, a storage unit 12, and a communication unit 13. The control unit 11 has a CPU and a memory. The control part 11 implement | achieves various functions, such as a communication control function mentioned later, by running the program memorize | stored in the memory | storage part 12 or memory. Each component of the information processing apparatus 1 is controlled by various functions realized by the control unit 11. The storage unit 12 is a hard disk or the like and stores information necessary for realizing various functions. The communication unit 13 transmits / receives information to / from other devices via the network NW.

[Configuration of Terminal Device 2]
FIG. 3 is a block diagram showing a hardware configuration of the terminal device 2 according to the embodiment of the present invention. The terminal device 2 includes a control unit 21, a storage unit 22, a communication unit 23, and a touch panel 24. The control unit 21 has a CPU and a memory. The control unit 21 implements various functions by executing a program stored in the storage unit 22 or the memory. Each component of the terminal device 2 is controlled by various functions realized by the control unit 21.

  The storage unit 22 is a semiconductor memory or the like, and stores information necessary for realizing various functions. The communication unit 23 is wirelessly connected to the base station 5 and transmits / receives information to / from other devices via the network NW. The touch panel 24 includes a display that displays a screen corresponding to the received response message, and a touch sensor that detects a user's contact with the display surface, accepts the user's operation, and outputs a signal corresponding to the operation. When an operation by the user is accepted by the touch panel 24, a request message is transmitted to the information processing apparatus 1 according to the content of the operation. Thus, the user's instruction is input to the terminal device 2 by an operation on the touch panel 24.

[Configuration of Reference Server 6]
The reference server 6 has the same configuration as that of the information processing apparatus 1 and stores a conversion table in which IP addresses or MAC addresses are associated with position information.

  FIG. 4 is a diagram illustrating a conversion table stored in the reference server 6 according to the embodiment of the present invention. In the example of the conversion table shown in FIG. 4, the correspondence between addresses (addresses A, B, C,...) And position information (positions A, B, C,...) Is defined. The address indicates a MAC address or an IP address. The location information is information indicating the location of the base station 5 having the corresponding MAC address, for example. In this example, the location information is information represented by administrative divisions up to the municipality, but may be information represented by administrative divisions showing a narrower range, or administrative divisions showing a wider range (for example, It may be information expressed by (prefecture).

[Functional configuration of information processing apparatus 1]
FIG. 5 is a block diagram showing a functional configuration of the information processing apparatus 1 according to the embodiment of the present invention. The information processing apparatus 1 implements a communication control function by the receiving unit 110, the extracting unit 120, the specifying unit 130, the presenting unit 140, the response receiving unit 150, the registration unit 160, the execution unit 170, and the database (DB) 190.

  The receiving unit 110 receives a request message from the terminal device 2. In this example, a UID that is identification information for identifying a user is described in a part of the request message. For example, if the GET method is used as the HTTP method, “https://www.xxx.yyy.jp/members.php?uid=aa12345 is added at the end of the URL (Uniform Resource Locator) described in the request line. Will be described as follows. In this case, the UID is “aa12345”.

  The extraction unit 120 acquires the extraction information and the UID from the received request message. In this example, the extracted information is position related information. The extracted information includes information that changes when the communication status changes, such as when the terminal device 2 that accesses the information processing device 1 changes, or when the base station 5 to which the terminal device 2 connects during communication changes. ing.

  The position related information is information related to the position of the base station 5 on the communication path, and in this example, is a MAC address or an IP address. Accordingly, the position-related information changes its address when the position of the terminal device 2 changes and is connected to another base station 5. The location-related information is acquired from the MAC header of the HTTP packet when it is a MAC address, and is acquired from the IP header when it is an IP address.

  The specifying unit 130 acquires a UID from the received request message. The specifying unit 130 refers to the database 190 and specifies the MAC address or IP address corresponding to this UID.

  FIG. 6 is a diagram for explaining information registered in the database 190 according to the embodiment of the present invention. In the example of the database 190 illustrated in FIG. 6, a correspondence relationship between a UID (ABC, DEF, GHI,...) And an address (address XX, address YY, address ZZ,...) Is defined. The address corresponds to the position related information and indicates a MAC address or an IP address as described above. The correspondence between the UID and the address is registered in the database 190 by the registration unit 160.

  The registration unit 160 registers the correspondence relationship between the UID acquired by the extraction unit 120 and the position related information (MAC address or IP address) in the database 190. When the position related information corresponding to the UID has already been registered, it may be overwritten and updated, or may be registered over a plurality of generations in time series.

  The presentation unit 140 refers to the conversion table of the reference server 6 and acquires location information (hereinafter referred to as specific location information) corresponding to the MAC address or IP address specified by the specification unit 130. The presentation unit 140 generates a confirmation screen (see FIG. 9) for presenting and confirming the specific position information to the user. This specific location information is presented in order to confirm where the user made a transaction last time. The place where the transaction was made corresponds to the position at which the terminal device 2 used by the user accessed the information processing apparatus 1, more precisely the position of the base station 5 to which the terminal apparatus 2 was connected when this access was made. To do. Further, the confirmation screen may include a display showing the position of the specific position information on the map.

  The presenting unit 140 transmits a response message including information for displaying the generated confirmation screen to the terminal device 2 that has transmitted the request message. As will be described later, from the terminal device 2, a request message including the confirmation result input by the user on the confirmation screen is transmitted to the information processing device 1. In this example, the confirmation result is either confirmation that the display of the place where the transaction was made last time is correct (hereinafter referred to as approval confirmation) or confirmation that it is not correct (hereinafter referred to as non-approval confirmation). Note that the confirmation result may not be input. This case will be described separately in the modification.

  The response receiving unit 150 receives a request message including a confirmation result by the user as a user response to the presentation of the confirmation screen. If the confirmation result is an approval confirmation, the previous transaction location stored by the user matches the transaction location indicated by the presented specific position information. Therefore, during the period from the previous transaction to the current transaction, there is no transaction from another location that the user does not remember.

  On the other hand, if the confirmation result is non-approval confirmation, the previous transaction location stored by the user and the transaction location indicated by the presented specific position information do not match. Therefore, during the period from the previous transaction to the current transaction, this indicates that there was a transaction from another location that the user did not remember. Thus, since it has shown that there was a transaction from the place which is not in the memory which the user traded, it has shown that possibility that the third party impersonated the user and traded is high. Therefore, the user can easily confirm whether there has been an unauthorized access from a third party during the period from the previous transaction to the current transaction by looking at the confirmation screen.

  The execution unit 170 executes processing for determining the description content of the response message to be transmitted to the terminal device 2 as a response to the request message based on the user confirmation result included in the request message received by the response receiving unit 150. For example, when the user confirmation result is an approval confirmation, the execution unit 170 transmits a response message corresponding to the request message request as a response to the request message, assuming that there has been no unauthorized access from a third party. To do.

  On the other hand, if the user's confirmation result is an unapproved confirmation, there is a high possibility that there was an unauthorized access from a third party between the previous transaction and the current transaction. A response message for causing the terminal device 2 to display a notification screen for filling in information for notifying the user is transmitted as a response to the request message. Information regarding unauthorized access may be notified to the administrator of the information processing apparatus 1. An administrator's notification destination (e-mail address or the like) may be set in the information processing apparatus 1 in advance. The information related to unauthorized access may be information using a predetermined fixed sentence, or includes information related to a request message corresponding to unauthorized access (message when there is unauthorized access from a third party). It may be.

[Communication flow]
FIG. 7 is a communication flow diagram showing processing of the information processing device 1 and the terminal device 2 according to the embodiment of the present invention. First, the terminal device 2 receives a login instruction from a user for a specific service (such as Internet banking) (step S111). The login instruction to this service is performed on a login screen displayed on the touch panel 24 of the terminal device 2.

  FIG. 8 is a diagram illustrating a login screen displayed on the touch panel 24 according to the embodiment of the present invention. The login screen displayed on the touch panel 24 displays a UID (user ID) input area, a password input area, and a login button B1 for inputting a login instruction when operated. When the login button B1 is operated after the UID and password are input, a login instruction is input and a request message including the UID and password is transmitted.

  Returning to FIG. 7, the description will be continued. The terminal device 2 generates and transmits a request message based on the login instruction (step S112). This request message includes a UID that identifies a user for receiving the service. Further, information (MAC address in this example) for identifying the base station 5 to which the terminal device 2 is connected wirelessly is added on the communication path.

  When receiving the request message, the information processing apparatus 1 acquires a UID from the request line (step S121). The information processing device 1 refers to the database 190 and identifies the MAC address corresponding to the acquired UID (step S122). The specified MAC address is an address described in the MAC header of the request message transmitted when the same user has previously given a login instruction.

  The information processing apparatus 1 refers to the conversion table of the reference server 6 and acquires position information (specific position information) corresponding to the specified MAC address (step S123). The information processing apparatus 1 generates a confirmation screen for confirming the specific position information (step S124), and transmits a response message including information for displaying the generated confirmation screen (step S125). Upon receiving the response message, the terminal device 2 displays a confirmation screen (step S131).

  FIG. 9 is a diagram illustrating a confirmation screen displayed on the touch panel 24 according to the embodiment of the present invention. On the confirmation screen, specific location information (in FIG. 9, the character “Chiba Prefecture Chiba” and a map indicating its location), OK button B2 indicating approval confirmation, and NG button indicating non-approval confirmation are displayed as the previous transaction location. B3 is displayed. The OK button B2 is a button operated when the user confirms the specific position information and is the same as the previous transaction place stored by the user. The NG button B3 is a button operated when the user confirms the specific position information and is different from the previous transaction place stored by the user. When one of the buttons is operated by the user, an approval confirmation or non-approval confirmation response instruction is given. Note that not only the previous transaction location, but also the previous transaction location may be displayed, and the transaction location may be displayed multiple times.

  Returning to FIG. 7, the description will be continued. When the user issues an approval confirmation or non-approval confirmation response instruction (step S132), the terminal device 2 transmits a request message including the confirmation result (approval confirmation or non-approval confirmation) (step S133).

When the confirmation result included in the request message is an approval confirmation, the information processing apparatus 1 generates a response message corresponding to the request message request, assuming that there is no unauthorized access from a third party (step S141). ), As a response to the request message to the terminal device 2 (step S142).

  On the other hand, if the user's confirmation result is an unapproved confirmation, there is a high possibility that there was an unauthorized access from a third party between the previous transaction and the current transaction. A response message that causes the terminal device 2 to display a notification screen for entering information for notification is generated (step S141), and is transmitted to the terminal device 2 as a response to the request message (step S142).

  The information processing apparatus 1 registers the correspondence between the UID and the MAC address included in the request message transmitted in step S112 (or step S133) in the database 190. Registration of the correspondence relationship in the database 190 may be performed at any timing as long as the request message transmitted in step S112 (or step S133) is received. The correspondence relationship between the UID and the MAC address registered in the database 190 in this way is used for the specific position information displayed on the confirmation screen when the user performs the next transaction.

  Thus, in the information processing apparatus 1, the specific position information corresponding to the position of the terminal device 2 when the previous transaction is performed is presented to the user as a confirmation screen when starting the current transaction. Therefore, the user can easily confirm whether there has been unauthorized access from a third party other than the user from the previous transaction to the current transaction, and security can be improved.

<Modification>
As mentioned above, although embodiment and the Example of this invention were described, this invention can be implemented in various aspects as follows.

[Modification 1]
In the above-described embodiment, the correspondence relationship between the UID and the position related information is registered in the database 190, but the correspondence relationship between the UID and the position information may be registered. In this case, position information described in the HTTP request body part may be used.

  About the structure of the information processing system which concerns on the modification 1, it is the structure similar to embodiment, However, In addition to the conversion table, the address designation information is memorize | stored in the reference server 6. FIG. Note that the conversion table and the addressing information may be stored in different servers.

  The address designation information is information for designating an address satisfying a predetermined condition, for example, information for designating the IP address of the base station 5 of the cellular phone information communication standard (non-IEEE standard).

  FIG. 10 is a diagram for explaining the address designation information stored in the reference server 6 according to the first modification of the present invention. In the example of the address designation information shown in FIG. 10, the range of the IP address is designated by a combination of the IP address and the prefix value. The base station 5 to which the IP address included in this range is assigned communicates with the mobile phone information communication standard (non-IEEE standard). When a request message is transmitted via the base station 5, position information indicating the position of the base station 5 is added to the HTTP request body part. In this modification, the position information added in this way is used.

  FIG. 11 is a flowchart showing processing for acquiring position information according to the second modification of the present invention. First, the extraction unit 120 acquires an IP address from the request message, and refers to the address designation information to determine whether the acquired IP address is included (step S211). If the IP address is included (step S211; Yes), the position information described in the HTTP request body part is acquired (step S213). On the other hand, if the IP address is not included (step S211; No), the MAC address (or IP address) is acquired from the request message, and the location information is obtained by referring to the conversion table stored in the reference server 6. Is acquired (step S212). Then, the registration unit 160 registers the correspondence between the position information acquired by the extraction unit 120 and the UID in the database 190 instead of the correspondence between the position related information and the UID.

  In this case, the specifying unit 130 refers to the database 190 and specifies position information instead of specifying position related information. This position information is used as specific position information in the presentation unit 140.

[Modification 2]
In the embodiment described above, the correspondence relationship between the UID and the position related information is registered in the database 190, but the correspondence relationship between the UID and the position information may be registered as in the first modification. In this case, position information described in the HTTP request body part may be used.

  The configuration of the information processing system according to Modification 2 is the same as that of Modification 1. Similarly to the first modification, the second modification is added to the HTTP request body part when a request message is transmitted via the base station 5 of the mobile phone information communication standard (non-IEEE standard). It uses location information. In the first modification, it is determined whether or not the base station 5 uses the mobile phone information communication standard using the addressing information. In the second modification, a case where the determination is made by another method will be described. .

  FIG. 12 is a flowchart showing processing for acquiring position information according to the second modification of the present invention. First, the extraction unit 120 refers to the MAC header of the request message and determines whether there is a description of the MAC address (step S311). When the MAC address is described (step S311; Yes), the MAC address (or IP address) is acquired from the request message, and the location information is acquired by referring to the conversion table stored in the reference server 6. (Step S312). On the other hand, when the MAC address is not described (step S311; No), the position information described in the HTTP request body part is acquired (step S313). Then, the registration unit 160 registers the correspondence between the position information acquired by the extraction unit 120 and the UID in the database 190 instead of the correspondence between the position related information and the UID.

  In this case, the specifying unit 130 refers to the database 190 and specifies position information instead of specifying position related information. This position information is used as specific position information in the presentation unit 140.

[Modification 3]
In the above-described embodiment, when the confirmation screen is displayed on the terminal device 2, the confirmation result (approval confirmation or non-approval confirmation) is input from the user, but the input is not performed. It may be. In this case, the response receiving unit 150 and the execution unit 170 in the embodiment may not exist. At this time, the confirmation screen may be displayed together with, for example, a screen for actually performing a transaction when the screen is displayed on the terminal device 2. Even in this case, since the user can see the confirmation screen, it is possible to confirm whether there has been an unauthorized access from a third party.

[Modification 4]
In the embodiment described above, the position-related information is used as the extraction information. However, other information may be used, and these may be used in combination. Other information includes, for example, the contents of the HTTP header, terminal identification information (for example, a serial number of the CPU) stored in the terminal device 2 and identifying the terminal device 2. For example, when the model of the terminal device 2 is extracted information in the content of the HTTP header, an image simulating the model name and model of the terminal device is presented to the user on the confirmation screen.

  FIG. 13 is a diagram for explaining a confirmation screen displayed on the touch panel 24 according to Modification 4 of the present invention. On the confirmation screen, the model name of the terminal device 2 used in the previous transaction (characters “XXXXXX” in FIG. 13) and an image of the model are displayed. Similarly to the embodiment, an OK button B2 indicating approval confirmation and an NG button B3 indicating non-approval confirmation are displayed. The OK button B2 is operated when the user confirms the model name of the terminal device 2 and is the same as the model name of the terminal device 2 used for the previous transaction stored by the user. The NG button B3 is operated when the user confirms the model name of the terminal device 2 and is different from the model name of the terminal device 2 used for the previous transaction stored by the user. There is little possibility that a third party who has illegally accessed uses the terminal device 2 of the same model as the legitimate user, and such a confirmation method is also effective. As described in the embodiment, the model name of the terminal device 2 that has been used for transactions a plurality of times may be displayed.

DESCRIPTION OF SYMBOLS 1 ... Information processing apparatus, 2 ... Terminal device, 5 ... Base station, 11 ... Control part, 12 ... Memory | storage part, 13 ... Communication part, 21 ... Control part, 22 ... Memory | storage part, 23 ... Communication part, 24 ... Touch panel, DESCRIPTION OF SYMBOLS 110 ... Reception part, 120 ... Extraction part, 130 ... Identification part, 140 ... Presentation part, 150 ... Response reception part, 160 ... Registration part, 170 ... Execution part, 1000 ... Information processing system

Claims (7)

Receiving means for receiving from the terminal device a request message including identification information for identifying the user, authentication information for authenticating the user, and extraction information;
Extraction means for obtaining the extraction information from the received request message;
Correspondence relationship between the identification information and the extracted information acquired from the request message when the user is authenticated as a valid user based on at least the identification information and the authentication information included in the received request message Registration means for registering in the database;
A specifying means for specifying the extracted information acquired when the request message including the identification information included in the received request message is previously received with reference to the database;
Presenting means for presenting information based on the identified extracted information to the user via the terminal device ,
The extraction information includes location related information related to the location of a base station on a communication path from the terminal device,
The extraction means refers to information designating an IP address that satisfies a predetermined condition, and when the IP address of the base station added to the request message on the communication path satisfies the predetermined condition, Get the position information described in the body part,
It said presenting means, the information processing apparatus that determine the information presented to the user based on the acquired position information. Receiving means for receiving from the terminal device a request message including identification information for identifying the user, authentication information for authenticating the user, and extraction information;
Extraction means for obtaining the extraction information from the received request message;
Correspondence relationship between the identification information and the extracted information acquired from the request message when the user is authenticated as a valid user based on at least the identification information and the authentication information included in the received request message Registration means for registering in the database;
A specifying means for specifying the extracted information acquired when the request message including the identification information included in the received request message is previously received with reference to the database;
Presenting means for presenting information based on the identified extracted information to the user via the terminal device;
With
The extraction information includes location related information related to the location of a base station on a communication path from the terminal device,
When the MAC address is not described in the MAC header added to the request message on the communication path, the extraction unit acquires the position information described in the body part of the request message,
The information processing apparatus that determines information to be presented to the user based on the acquired position information. The request message is an HTTP-compliant message,
The extraction information processing apparatus according to claim 1 or 2 including the information set in the HTTP header of the request message. In addition to the extracted information acquired when the request message was received last time, the specifying unit also specifies the extracted information acquired when received in the past,
It said presenting means, the information processing apparatus according to any one of claims 1 to 3 presenting information based on a plurality of the extracted information specified. The extraction information includes terminal identification information that can identify the model of the terminal device,
It said presenting means, the information corresponding to the model of the terminal device, the information processing apparatus according to any one of claims 1 to 4 to provide to the user. Response receiving means for receiving a response to the presentation to the user;
The information processing apparatus according to any one of claims 1 to 5 further comprising an execution unit for executing processing based on the received response. The information processing apparatus according to claim 6 , wherein the execution unit notifies the administrator of information related to unauthorized access when the received response satisfies a predetermined condition.

Images