JP5991727B2 - Logon support system - Google Patents

Description

  The present invention relates to a simple logon support system for a mobile terminal to access a site on the Internet.

  In recent years, the range of use of mobile terminal devices such as mobile phones, PHSs (Personal Handyphone Systems), and smartphones has dramatically increased. In particular, the data communication function is enhanced in addition to the telephone function, and various information providing services are provided to the user via the Internet. On the other hand, there are many occasions where users who want to provide information are limited, and user confirmation is performed using a method of using an ID and a password, a method of performing individual identification, or the like (Patent Document 1).

JP 2005-332282 A

  However, the method of using the ID and password requires a troublesome registration operation and authentication operation from the user, and is not convenient. Although the method for individual identification of the mobile terminal itself is very simple, it is not necessarily safe, and there is a problem that it is difficult for a smartphone that is rapidly spreading.

  Accordingly, an object of the present invention is to provide a logon support system that enables a server side to determine whether a user has an access right without requiring special processing from the user.

In order to solve the above-described problem, the logon support system of the present invention is a logon support method for a website that is predetermined and has a requirement for permission to access a specific place common to each user. Then, for each user, a change in the current location information of the mobile communication device to be used is recorded as a location information history. A record of the user visiting the specific location is searched from the history, and it is determined whether to permit the access request based on a result of the search.

  According to the logon support system of the present invention, the location information history is automatically stored and saved on the mobile communication device side. The server determines whether or not the user having the mobile communication device has an access right based on the location information history. Therefore, a user with access right can access the same as a normal website without access restriction without performing any special operation.

FIG. 1 is a diagram illustrating an overall configuration of a logon support system according to the first embodiment of the present invention. FIG. 2 is a diagram illustrating a configuration of a history database stored in the mobile communication device in the logon support system according to the first embodiment of the present invention. FIG. 3 is a diagram illustrating the overall configuration of the logon support system according to the fourth embodiment of the present invention. FIG. 4 is a diagram for explaining an encryption method used in the logon support system according to the fourth embodiment of the present invention. FIG. 5 is a diagram for explaining an encryption method used in the logon support system according to the fourth embodiment of the present invention. FIG. 6 is a diagram for explaining an encryption method used in the logon support system according to the fourth embodiment of the present invention.

  Hereinafter, a logon support system according to an embodiment of the present invention will be described with reference to the accompanying drawings. As a portable communication device to be used, a device that can acquire current position information and has a communication function to the Internet is assumed. Specifically, a general mobile phone, a multi-function mobile phone with a touch panel called a smartphone, and a tablet computer are included. Current position information acquisition methods include GPS (Global Positioning System) and triangulation by a base station.

  In this embodiment, a mobile communication device 3 carried by a person attending or commuting to a university is specified, access to the university website from the mobile communication device 3 is permitted, and access from a general terminal is permitted. Describes a system that requires the presentation of an ID or password.

  FIG. 1 is a diagram illustrating an overall configuration of a logon support system according to the first embodiment of the present invention. That is, this system includes a website installed on the university server 1 connected to the Internet, and a browser and utility program installed on the mobile communication device 3 carried by the user. In this embodiment, the browser has the functions necessary for this system described below. Incorporation of such a function is implemented by using an auxiliary program such as a plug-in.

  The utility program periodically acquires the current position information from the GPS using the satellite 5 or the base station 7 and accumulates the history of the position information acquired in the recording area inside the mobile communication device 3. The structure of this history database is shown in FIG. This history database is provided with fields of date and time of recording, latitude and longitude, Cell-ID for identifying the base station 7 communicating at that time, and reception sensitivity.

  However, the history is recorded only when the position information has changed. In this case, if the user stays at a certain place for one hour, for example, the recording at time 13:30 is followed by the recording at time 14:30. Cell-ID and reception sensitivity can be used as auxiliary data for reliability of longitude and latitude.

  When the user accesses the university website, the university server 1 returns an html file including a command such as “getGeoLocationHistory”. A parameter indicating the latitude and longitude range of the university location is added to this command. The browser is equipped with a function for interpreting this command, and in response to this, the history data of the geographic coordinate range corresponding to the parameter is returned from the history database. For example, if the parameters are latitude 35.682712 degrees, longitude 139.750299 degrees, latitude range 0.001 degrees, longitude range 0.001 degrees, latitude is 35.681712 degrees to 35.683712 degrees, longitude is included in the range of 139.749299 degrees to 139.751299 degrees Is returned to server 1.

  The university server 1 processes this history data and determines whether or not to permit access by the user. Decision criteria include information such as how many days you have visited this university during the past month. For example, if the user has visited the geographic coordinate range for 15 days or more in the past month, the access is permitted, and if it is less than that, the access is denied. In summer vacation, etc., consideration is given to judging from the data before the vacation. Even when it is determined that access is denied, the process proceeds to an authentication process using an ID or password, and access is permitted after passing through the process.

  The above access control is simple and effective when it is desired to limit access to general users. Therefore, it is possible to control access to information that requires further security by combining the access control based on the position information and the authentication process using a normal ID or password.

  Also, time information may be used to determine whether access is possible. For example, data in a certain time zone of a university lecture is weighted more than other data. Specifically, data for a time zone without a lecture is handled as one day in two days.

  The above example assumes a university website, but people who are active in a particular place, such as other schools, workplaces, companies, research institutes, and local communities, can smoothly use the website or other websites. It can be used as a system that enables access to other networks.

  It can also be used for home LAN access control. That is, when connecting to a home LAN router, the utility program of the mobile communication device 3 is requested to obtain a history of location information around the location. If it is a family of the house, since the positional information of the circumference | surroundings should be accumulate | stored for a very long time, if there is no such data, access will be refused. For example, it is not easy for another person to simply access the portable communication device 3 in front of the house and access is easily performed.

  In this embodiment, a measuring instrument mounted inside a portable communication device is used to supplement position information. Specifically, in addition to the information recorded in the first embodiment, measurement results inside the portable communication device such as temperature, humidity, and atmospheric pressure are also recorded. Then, in order to confirm the reliability of the location information, it is compared with the data at that location published on the net at that time. If they do not correspond, it is determined that the position information does not correspond, and access is not permitted. This is effective in preventing tampering.

  In this embodiment, access to the site is permitted only to portable communication devices that transmit specific location information. For example, it is possible to limit access to a special site related to an event to only those who participate in the event. Alternatively, in posting to a tweet blog or the like, whether or not posting is possible is determined by position information from the mobile communication device. For example, in a post including a hash tag related to an event, it is possible to accept only posts from around the event venue.

  In this embodiment, the logon mediation server 9 is used (FIG. 3). The website that wants to use the logon support system accesses the logon mediation server 9 and registers the URL of the website location information history recording and the desired geographic coordinate range in association with each other. A utility program is installed in a mobile communication device carried by the user, and the following cookie processing algorithm is implemented in the server 1 on the website side.

  The utility program accesses the logon mediation server 9 periodically (for example, about several minutes, at a sufficient interval in this embodiment). This website acquires the current location information of the mobile communication device and returns a URL for recording location information history of the website registered in association with the location.

  The location information history recording URL is a URL for recording location information history data in the mobile communication device. The utility program that has received this URL accesses the URL. At this time, the current position information may be acquired from the mobile communication device, and it may be confirmed whether or not it corresponds to the registered geographic coordinate range.

  The accessed website records the location information history data as a cookie on a portable communication device carried by the user. However, the position information history data may not include actual position information. This is because the cookie is recorded only when the current position information is in the geographic coordinate range.

  The location information history recording URL is preferably updated to another URL every few minutes (for example, every 5 minutes). That is, the website accesses the logon mediation server 9 every few minutes and updates the location information history recording URL. For example, the random number portion “iew8s” of “daigaku.ac.jp/iew8s.html” is changed to another random number to be “daigaku.ac.jp/iew7.html”. However, even after the update, the URL of “daigaku.ac.jp/iew8s.html” is valid for about several minutes (for example, about five minutes).

  In this embodiment, the cookie is data in which date information is enumerated. The date / time information is a numerical value counted in sufficient units from 0:00 am on January 1, 2000. If one date and time information is 3 byte unsigned data, it will not overflow for more than 300 years. Cookies can only handle character strings, so when converted with Base64, one date / time information becomes 4-character data.

  The date and time information when entering the geographic coordinate range and the date and time information immediately before exiting from the geographic coordinate range are recorded in the cookie. If the two pieces of date / time information are the same, that is, if the user stays in the geographic coordinate range only at most, it is not recorded as a cookie. So don't update cookies just by accident.

  This tells you how long you stayed around the university, for example. Furthermore, since the capacity of a cookie is limited in a normal browser, it is divided and recorded every month. For example, the data for September 2011 is recorded with the cookie name “201109”. Even if there is an average of 10 stays a day, the number of monthly data is 600. Since one piece of date / time information is 4-character data, the cookie data is 2400 characters.

  In this embodiment, history data indicating how much a certain location has been visited is accumulated very easily. In addition to being used for logon as in the first embodiment, it can also be used for sales promotion. For example, when entering a cafeteria, the utility program automatically accesses the URL for recording location information history of the cafeteria and accumulates history data. If you access the cafeteria website, you can send the accumulated history data as a cookie to the website. Thereby, for example, it becomes possible to issue a coupon to a person who has always come based on the history data.

  In the above embodiment, the position information history is recorded in the mobile communication device carried by the user. Therefore, there is a possibility that the user will tamper. Encryption may be used to prevent this. An example of this will be described below with reference to FIGS.

  When the mobile communication device 3 first enters the geographic coordinate range, a 256-bit random number RC is generated on the server 1 side, converted to a character string on Base 64, and recorded as a cookie on the mobile communication device side. . This random number RC is a different numerical value for each user. On the server 1 side, a random number RS is stored in advance. This random number RS is common to all users.

  The date / time information calculates an exclusive OR for each bit of the random number RC and the random number RS, extracts only the bit corresponding to the date / time information from the LSB of the hash value (here, SHA-2), To do. Since the hash value is 256 bits, the hash value is recursively calculated and concatenated with the previous hash value to obtain an encryption random number having a required number of digits. For example, if calculation and concatenation of hash values are repeated 10 times, a 2560-bit encryption random number can be obtained.

  Referring to FIG. 4, if the date and time of the position information is September 3, 2011, 12:40, the position information data is 0x37B0. When the mobile communication device enters the geographic coordinate range, the server 1 tries to acquire a cookie “201109”. If the mobile communication device enters the geographic coordinate range for the first time in the month, the cookie will not be obtained. In this case, in order to encrypt the data 0x37B0, an exclusive OR is calculated with the LSB side 24 bits (actually 16 bits) of the random number for encryption, converted into a character string with Base64, and the cookie name “201109” is obtained as encrypted data. As the value.

  Again, if a mobile communication device has already entered the geographic coordinate range several times in the month and the current value of the cookie is obtained, the new 4 characters will be concatenated to that value. . First, the current value is acquired, and the Base64 character string is decoded into a binary data bit string (FIG. 5). Also, the random number RC is acquired, and the Base64 character string is decoded into a bit string. Then, by the hash calculation, an encryption random number that is 24 bits longer than the bit length of the current cookie is calculated from the random number RC and the random number RS.

  An exclusive OR of the encryption random number and the decoded cookie data is calculated to obtain a position information history. Here, it is verified whether or not the position information history is in a correct range as data for September 2011. Also verify whether the order is ascending. If the verification fails, the fact is notified and the process is terminated. If the verification is successful, 0x37B0 is concatenated and an exclusive OR with the random number for encryption is calculated. Then, the value of the cookie name “201109” is updated with the encrypted data obtained by encoding the calculated data with Base64. In this case, on the mobile communication device side, the character string “N7A =” corresponding to 0x37B0 is appended to the cookie data (FIG. 6).

  When accessing this website, the server 1 reads the value of the cookie name “20118” and the value of the cookie name “201109”. After confirming whether the location information history is correct as described above, whether access is possible or not depends on whether the access conditions, for example, the number of visits in the past month (the number of location information data) exceeds the regulation. Judging. With this method, the server 1 can control the position information history without holding any user data.

  As described above, according to the logon support system of the present invention, access control can be performed without imposing a burden on the user, and a user who is expected to access can be effectively guided to the site.

1 server 3 mobile communication device 5 satellite 7 base station 9 logon mediation server

Claims (10)

A method for assisting logon to a website, which is predetermined and requires a permission to access a specific place common to each user,
For each user, record changes in the current location information of the mobile communication device used as location information history,
When there is a request for access to the website from a certain user, a record of the user visiting the specific place is retrieved from the location information history of the certain user,
A logon support method, wherein whether to permit the access request is determined based on the search result. The logon support method according to claim 1, wherein the website is associated with a specific facility, and the specific location is a predetermined range centered on geographical coordinates of the specific facility. When a certain user visits the specific place a predetermined number of times during a predetermined period as a result of searching a record of the user visiting the specific place from the position information history of the certain user 3. The logon support method according to claim 2, wherein the access request is permitted. The location information history is recorded in the mobile communication device, and when the logon support system determines whether to permit the access request, at least the location information history for the mobile communication device. 4. The logon support method according to claim 3 , wherein a part is requested. 5. The logon support method according to claim 4 , wherein the current position information is recorded after being encrypted. The current position information is encrypted using an encryption value stored on the mobile communication device side and an encryption value stored on the website side. 5. Logon support method. The numerical value for encryption on the mobile communication device side uses a different value for each mobile communication device using the website, and the numerical value on the website side is common regardless of the mobile communication device using the website. 7. The logon support method according to claim 6 , wherein a numerical value is used. The mobile communication device side encryption value is recorded as a cookie on the mobile communication device side, and when the current location information is recorded, the mobile communication device side encryption value on the website side 8. The logon support method according to claim 7 , wherein encryption is performed using both of the numerical values for encryption on the website side. The website registers the geographic coordinate range in an intermediary server, and the mediation server stores the information on the website when the current position information received from the mobile communication device corresponds to the geographic coordinate range. 9. The log-on support according to claim 8 , wherein the mobile communication device accesses the website based on the transmitted information, and the encrypted current location information is recorded as a cookie. Method. 10. The log-on according to claim 9 , wherein the cookie data corresponding to the current position information does not include data indicating a position, and a position information history is recorded by associating with the information of the owner of the cookie. Support method.

Images