JP6259536B1 - Authentication system, authentication method and program - Google Patents

Abstract

An authentication system capable of authenticating a mobile terminal associated with the telephone number by using the telephone number on the application side without acquiring the telephone number via an API of the mobile terminal OS. A server device receives an authentication request including terminal-specific information unique to the mobile terminal from an application of the mobile terminal and generates an authentication request log, and receives authentication information from the gateway device. An SMS information receiving unit 150 that receives and acquires terminal-specific information, an authentication request log regarding whether or not the SMS source telephone number included in the authentication information exists in the storage unit, and terminal-specific information included in the authentication information An authenticity determination unit that determines whether or not it exists, and when the SMS source telephone number exists in the storage unit and there is an authentication request log related to the terminal specific information included in the authentication information, the terminal specific information is And an authenticity determination unit 160 that stores the telephone number associated with the storage unit. [Selection] Figure 2

Description

  The present invention relates to an authentication system, an authentication method, and a program.

  In recent years, mobile terminals such as smartphones are rapidly spreading. When using a mobile terminal phone number in an application (hereinafter also referred to as an application) installed in a mobile terminal, the company providing the application must be a telephone number provided by a genuine user to prevent unauthorized use. It is necessary to confirm.

  On the other hand, in the iPhone (registered trademark), from the viewpoint of personal information protection, it is currently a specification that an application cannot obtain a telephone number via an API of iOS. For this reason, in order for an application to acquire a telephone number, many methods are currently used for allowing a user to input a telephone number. However, simply inputting the telephone number cannot guarantee that the input telephone number is the same as the actual telephone number of the portable terminal, and therefore cannot be used by an unauthorized user. Therefore, measures are taken to strengthen security using SMS (short message service) authentication or the like (see, for example, Patent Document 1).

  In recent years, electronic tickets have been used as tickets for entertainment events. For example, Patent Document 2 discloses a technology in which when a user accesses a management server through a mobile terminal and desires to purchase a ticket, an electronic ticket is transmitted from the management server to the user's mobile terminal.

JP 2013-145533 A JP 2012-073890 A

  Tickets for popular entertainment events are the target of the scalper act that is deliberately bought by unscrupulous traders and sold at a high price. For example, using the existing SMS authentication, (1) the user inputs a telephone number on the application, (2) the application provider transmits an SMS message including the authentication code in the input telephone number, (3 ) When the user is authenticated by allowing the user to input an authentication code on the application, it is possible to prevent unauthorized use from a third party who has illegally obtained a telephone number.

  However, the third party who has acquired the authentication code directly from the user who has acquired the authentication code in (2) can receive authentication even though he / she does not have a mobile phone associated with the phone number. End up. For example, in the example of the above-mentioned ticket, authentication is established in a third-party mobile terminal by a bad dealer who has successfully reserved and purchased a ticket for a popular entertainment event and discloses the authentication code to the third party.

  Therefore, the present invention provides an authentication system and an authentication method capable of authenticating a mobile terminal associated with the telephone number using the telephone number on the application side without acquiring the telephone number via the API of the mobile terminal OS And to provide a program.

  A server device communicably connected to a gateway device and a mobile terminal according to an aspect of the present invention includes a storage unit that stores a phone number of the mobile terminal, and terminal-specific information unique to the mobile terminal from an application of the mobile terminal. Receiving an authentication request including an authentication request receiving unit that generates an authentication request log based on terminal-specific information, and receiving authentication information included in the SMS message transmitted from the mobile terminal to the gateway device from the gateway device; An SMS information receiving unit that acquires terminal-specific information from received authentication information, wherein the authentication information includes an SMS information receiving unit including the terminal-specific information and the SMS source telephone number, and the SMS source telephone number in the storage unit. First determination to determine whether or not exists, and determination whether or not there is an authentication request log related to terminal-specific information included in the authentication information 2 is a genuineness determination unit that executes the determination of No. 2. When the SMS source telephone number exists in the storage unit and there is an authentication request log related to the terminal specific information included in the authentication information, the terminal specific information is stored. A genuineness determination unit that stores the information in association with the telephone number of the unit.

  According to this aspect, the mobile terminal associated with the telephone number can be authenticated by using the telephone number on the application side without acquiring the telephone number via the API of the mobile terminal OS. The mobile terminal that has transmitted the SMS message to the gateway device by the first determination for determining whether or not the SMS transmission source telephone number exists in the storage unit is a mobile terminal associated with the telephone number managed by the storage unit I can confirm that. In addition, the SMS message transmitted to the gateway device generated the terminal specific information included in the message by the second determination that determines whether or not the authentication request log related to the terminal specific information included in the authentication information exists. It can be confirmed that it is from a mobile terminal.

  In the server device, the authenticity determination unit may delete the authentication request log regarding the terminal specific information included in the authentication information when the SMS source telephone number does not exist in the storage unit.

  According to this aspect, a stronger authentication system can be constructed by deleting an authentication request log derived from an authentication request from a mobile terminal that is not associated with a telephone number managed by the storage unit.

  In the server device, when the SMS source telephone number exists in the storage unit and there is an authentication request log related to the terminal specific information included in the authentication information, the mobile terminal starts the application and uses the terminal specific information for the application. An authentication response unit may be further included that generates a URL scheme for enabling the process to be executed and transmits an SMS message including the URL scheme to the SMS source telephone number.

  According to this aspect, by generating the URL scheme for enabling the application to execute the process using the terminal specific information, the server apparatus reliably performs the process using the terminal specific information associated with the telephone number. This can be done and a stronger authentication system can be constructed.

  In the server apparatus, the URL scheme allows the application to execute processing for determining whether the terminal specific information specified by the SMS message matches the terminal specific information generated by the application when the authentication request is transmitted. Also good.

  According to this aspect, using the URL scheme, the mobile terminal that has been successfully authenticated by confirming that the terminal-specific information included in the SMS message matches the terminal-specific information generated by the application when transmitting the authentication request. Only above, predetermined processing specified by the URL scheme can be executed, and a stronger authentication system can be constructed.

  The server apparatus may further include an authentication request log management unit that deletes an authentication request log after a predetermined period has elapsed since the reception of the authentication request.

  According to this aspect, it is possible to construct a stronger authentication system by deleting an authentication request log after a certain period from the reception of the authentication request as invalid.

  According to another aspect of the present invention, there is provided a method in which one or a plurality of computers that are communicably connected to a gateway device and a mobile terminal store a phone number of the mobile terminal in a storage unit, and an application of the mobile terminal Receiving an authentication request including terminal-specific information unique to the mobile terminal, generating an authentication request log based on the terminal-specific information, and authenticating information included in the SMS message transmitted from the mobile terminal to the gateway device Receiving from the device and obtaining terminal-specific information from the received authentication information, the authentication information including the terminal-specific information and the SMS source telephone number, and the SMS source telephone number in the storage unit A step of determining whether there is an authentication request, a step of determining whether there is an authentication request log related to terminal-specific information included in the authentication information, and S S source telephone number is present in the storage unit, if the authentication request log for the terminal-specific information included in the authentication information is present, and a step for storing terminal unique information, in association with the telephone number of the storage unit.

  The program which concerns on the other aspect of this invention transmits the SMS message to the gateway apparatus which produces | generates the terminal specific information intrinsic | native to the said portable terminal to the portable terminal connected so that communication with a server apparatus and a gateway apparatus is possible. For this purpose, the step of starting the SMS application of the portable terminal, the step of generating the SMS message including the terminal specific information in the body, and the authentication including the terminal specific information when the SMS application transmits the SMS message under a predetermined condition Transmitting the request to the server device.

  In the program, in response to selection of a URL scheme including terminal-specific information in the mobile terminal, a step of starting the program, and a step of executing processing using the terminal-specific information included in the URL scheme May be further executed.

  In the method according to another aspect of the present invention, a portable terminal that is communicably connected to a server apparatus and a gateway apparatus generates terminal specific information unique to the portable terminal, and transmits an SMS message to the gateway apparatus. For this purpose, the step of starting the SMS application of the portable terminal, the step of generating the SMS message including the terminal specific information in the body, and the authentication including the terminal specific information when the SMS application transmits the SMS message under a predetermined condition Transmitting the request to the server device.

  A mobile terminal connected to be communicable with a server device and a gateway device according to another aspect of the present invention generates terminal specific information unique to the mobile terminal, and sends an authentication request including the terminal specific information to the server device. An authentication request transmitter for transmitting an SMS application of the mobile terminal to transmit the SMS message to the gateway device, generating an SMS message including terminal-specific information in the text, and the SMS application is a predetermined condition When an SMS message is transmitted below, an authentication request transmission unit that transmits an authentication request to the server device is provided.

  In the present invention, “part”, “means”, “apparatus”, and “system” do not simply mean physical means, but “part”, “means”, “apparatus”, “system”. This includes the case where the functions possessed by "are realized by software. Further, even if the functions of one “unit”, “means”, “apparatus”, and “system” are realized by two or more physical means or devices, two or more “parts” or “means”, The functions of “device” and “system” may be realized by a single physical means or device.

  ADVANTAGE OF THE INVENTION According to this invention, the authentication system and authentication method which can authenticate the portable terminal linked | related with the said telephone number using the telephone number on the application side, without acquiring a telephone number via API of portable terminal OS And programs can be provided.

It is a figure which shows the structural example of the authentication system which concerns on embodiment. It is a figure which shows the specific example of a function structure of the server apparatus which concerns on embodiment. It is a figure which shows the specific example of a function structure of the ticket application which concerns on embodiment. It is a flowchart which shows the specific example of the flow of the ticket purchase request process of the server apparatus which concerns on embodiment. It is a sequence diagram which shows the specific example of the flow of the ticket reception process of the authentication system which concerns on embodiment. It is a sequence diagram which shows the specific example of the flow of the ticket reception process of the authentication system which concerns on embodiment. It is a sequence diagram which shows the specific example of the flow of the ticket reception process of the authentication system which concerns on embodiment. It is a flowchart which shows the specific example of the flow of the authentication process of the server apparatus which concerns on embodiment. It is a figure which shows the specific example of the hardware constitutions of the server apparatus which concerns on embodiment. It is a figure which shows the specific example of the hardware constitutions of the portable terminal which concerns on embodiment.

  A preferred embodiment of the present invention will be described with reference to the accompanying drawings. In addition, in each figure, what attached | subjected the same code | symbol has the same or similar structure.

  1 to 10 are diagrams for explaining the embodiment. Hereinafter, embodiments will be described along the following flow with reference to these drawings. First, the outline of the authentication system according to the embodiment will be described with “1”. Subsequently, “2” describes the functional configuration of the server device, gateway device, and ticket application included in the authentication system, and “3” describes the processing flow of the authentication system. In “4”, another embodiment different from the embodiment described in “3” will be described. In “5”, a specific example of a hardware configuration capable of mounting a server device and a mobile terminal included in the authentication system. explain. Finally, the effect according to the present embodiment will be described in “6”.

(1. Overview)
FIG. 1 shows a configuration example of an authentication system according to an embodiment of the present invention. The authentication system 10 includes a server device 100 and a gateway device 200. The server device 100 is communicably connected to the gateway device 200 and mobile terminals 300 (ac) owned by a plurality of users U (AC) via a communication network N such as the Internet. The server apparatus 100 processes an authentication request accepted via the portable terminal 300 in cooperation with the gateway apparatus 200.

  In FIG. 1, only one server device 100 and one gateway device 200 managed by a service provider that provides an authentication service are shown, but the number of these devices is not particularly limited. Further, although only three portable terminals 300 are illustrated for illustration, the number of these terminals is not particularly limited. The embodiment of the present invention can be applied to various authentication processes using a telephone number, and the service content is not particularly limited. However, in the following description, an example of an authentication process executed when an electronic ticket is received will be described. And

  The user U can apply for ticket purchase in advance, and use the ticket application 400 of the portable terminal 300 to download the ticket data related to the winning ticket from the server device 100. The user U can enter the venue in the same manner as a paper ticket by presenting a display screen displaying the downloaded electronic ticket to the attendant at the venue.

  When downloading ticket data, the ticket application 400 transmits an authentication request to the authentication system 10 when receiving a ticket data receiving instruction from the user U.

  The authentication system 10 manages the telephone number of the mobile terminal 300 that has the right to receive a ticket in the server device 100. In the authenticity determination executed by the authentication system 10, the authentication request from the portable terminal 300a associated with the managed telephone number is successful, but from the portable terminal 300c not associated with the managed telephone number. The authentication request fails. Further, in the authenticity determination executed by the authentication system 10, even if the authentication request is from the mobile terminal 300b associated with the managed telephone number, the unauthorized terminal possesses the mobile terminal 300c associated with the unmanaged telephone number. When the unauthorized user UB performs an unauthorized operation in conspiracy with the user UC, the authentication request from the mobile terminal 300b fails.

  The server device 100 includes ticket management information 191 including the telephone number of the mobile terminal 300 that has the right to receive a ticket. The ticket management information 191 includes a telephone number associated with a purchase applicant who has won a lottery performed at a predetermined time after an existing ticket management server receives a ticket purchase application from a plurality of users via the mobile terminal 300. Is stored. Here, the telephone number associated with the winning purchase applicant may include not only the purchase applicant's own telephone number but also the accompanying person's telephone number accompanying the purchase applicant.

  As described above, the server device 100 cooperates with the gateway device 200 to process an authentication request accepted via the mobile terminal 300. In the authentication request, the server device 100 transmits the SMS message from the mobile terminal 300 to the gateway device 200, so that the ticket application 400 does not acquire the phone number via the API of the mobile terminal OS, and the server device 100 sets the SMS source phone number. The telephone number of the mobile terminal 300 can be acquired. On the other hand, information included in the text of the SMS message may be rewritten by the user U. Therefore, the server 100 can determine the unauthorized operation by the user U by transmitting the same non-rewritable information as the information included in the text of the SMS message from the ticket application 400 to the server device 100.

  The authentication request from the mobile terminal 300a associated with the telephone number managed in the ticket management information 191 succeeds in authenticity determination of the server device 100, and the user UA uses the ticket application 400 to check the ticket data related to the winning ticket. Can be downloaded from the server device 100. On the other hand, since the authentication request from the portable terminal 300c associated with the telephone number not managed by the ticket management information 191 fails in the authenticity determination of the server device 100, the user UC cannot receive the electronic ticket. Further, even if the authentication request is from the mobile terminal 300b associated with the telephone number managed in the ticket management information 191, if the unauthorized user UB performs an unauthorized operation, the authentication request is used to determine the authenticity of the server device 100. Fails to receive an electronic ticket.

(2. Functional configuration)
Hereinafter, the functional configuration of the ticket application 400 installed in the server device 100, the gateway device 200, and the mobile terminal 300 according to the present embodiment will be described with reference to FIGS. 2 and 3.

(2.1 Functional configuration of server apparatus 100)
First, the functional configuration of the server apparatus 100 will be described with reference to FIG. FIG. 2 is a functional block diagram illustrating a specific example of a functional configuration of the server apparatus 100. The server device 100 includes a website providing unit 110, a lottery unit 120, an authentication request receiving unit 130, an authentication request log managing unit 140, an SMS information receiving unit 150, an authenticity determining unit 160, an authentication responding unit 170, and a ticket data transmitting unit 180. And DB190. Note that the functional configuration of the server apparatus 100 is not necessarily realized by a single server, and may be realized by a plurality of servers. For example, the server device 100 according to the present embodiment has a ticket management system function. However, the present invention is not limited to this, and a separate ticket management server or the like that provides a ticket management function to the server device 100 is configured. It may be.

  The website providing unit 110 provides a website for providing an electronic ticket service on a network N that is, for example, the Internet. The website can provide various kinds of information such as tickets sold, and can actually sell tickets. For this purpose, the website providing unit 110 transmits a web page described in HTML (HyperText Markup Language) or the like to the mobile terminal 300 used by the user U, and the input result or the like by the user U from the mobile terminal 300. Receive. The website providing unit 110 includes a user screen transmission unit 111 and a ticket purchase application reception unit 113.

  In response to an input from the user U or the like, the user screen transmission unit 111 creates a corresponding web page and transmits it to the mobile terminal 300. Specifically, for example, the user screen transmission unit 111 transmits various web pages related to a list screen of tickets to be sold, an application screen for applying for ticket purchase, and the like to the browser 320 of the mobile terminal 300.

  The ticket purchase application reception unit 113 receives a purchase application for the ticket selected by the user U from the mobile terminal 300 of the user U. As described above, when the user U who applied for purchase obtains the purchase right of the ticket (for example, when the ticket is won), the input of the telephone number of the mobile terminal that receives the ticket as an electronic ticket is also accepted. Accept. Various information received by the ticket purchase application receiving unit 113 is stored in the DB 190 as ticket purchase application information 193.

  The lottery unit 120 determines which purchase applicant is given a purchase right for each ticket sold. The lottery unit 120 stores the telephone number associated with the purchase applicant who has won the lottery in the ticket management information 191 in association with the ticket.

  The authentication request receiving unit 130 receives an authentication request from the ticket application 400 of the mobile terminal 300 and generates an authentication request log. The authentication request is directly generated by the ticket application 400 using information unique to the portable terminal 300 (hereinafter referred to as terminal-specific information) and a time stamp (year / month / day / hour / minute / second). Includes time-encrypted data. In this embodiment, the authentication system 10 uses the mobile terminal ID that uniquely identifies the mobile terminal 300 as the terminal specific information, but uses any information unique to the mobile terminal 300 that can be acquired from the mobile terminal 300. Can do. As the mobile terminal ID, for example, identification information individually assigned to the ticket application 400 installed in the mobile terminal 300 can be used.

  Here, the terminal-specific information described in the present specification includes not only arbitrary information unique to the mobile terminal 300 such as a mobile terminal ID, but also, for example, one-time encryption generated using the mobile terminal ID and a time stamp. Information based on information unique to the mobile terminal 300 such as data is included.

  Here, the one-time encrypted data described in this specification is encrypted data that is valid only once within a certain period. In the present specification, among the one-time encrypted data generated by the ticket application 400, data directly transmitted from the portable terminal 300 to the server device 100 as an authentication request is referred to as “direct one-time encrypted data”, which will be described later. Information transmitted from the portable terminal 300 to the server device 100 via the gateway device 200 as authentication information included in the message is referred to as “routed one-time encrypted data”. In this specification, for convenience of explanation, the names are referred to with different names. However, unless the one-time encrypted data included in the body of the SMS message is intentionally rewritten, the direct one-time encrypted data and the intermediate one-time encrypted data Are the same content.

  The authentication request receiving unit 130 decrypts the direct one-time encrypted data included in the authentication request, and acquires terminal specific information. Then, the authentication request receiving unit 130 stores the acquired terminal specific information and the reception time in the authentication request log information 195 as an authentication request log. In the present embodiment, the authentication request receiving unit 130 acquires the mobile terminal ID directly from the one-time encrypted data, and stores the acquired mobile terminal ID and the reception time as an authentication request log.

  The authentication request log management unit 140 deletes, from the authentication request log information 195, an authentication request log that has passed a certain period from reception. In this embodiment, the authentication request log after 10 minutes from reception is described as being deleted. However, any other period can be set as the time for deleting the authentication request log. In this way, a more robust authentication system can be constructed by deleting an authentication request log that has passed a certain period from the reception of the authentication request as invalid.

  The SMS information receiving unit 150 receives authentication information included in the SMS message transmitted from the mobile terminal 300 to the gateway device 200 from the gateway device 200. The authentication information received from the gateway device 200 includes the transit one-time encrypted data generated by the ticket application 400 using the terminal unique information and the time stamp, and the SMS source telephone number. The SMS information receiving unit 150 decrypts the transit one-time encrypted data included in the authentication information, and acquires terminal-specific information. In the present embodiment, the SMS information receiving unit 150 acquires the mobile terminal ID from the transited one-time encrypted data.

  The authenticity determination unit 160 performs authenticity determination using the authentication information received by the SMS information receiving unit 150. First, the authenticity determination unit 160 determines whether or not the received SMS transmission source telephone number exists in the ticket management information 191 as the first authenticity determination. If the received SMS source telephone number exists in the ticket management information 191, it is confirmed that the telephone number of the mobile terminal 300 that has transmitted the SMS message to the gateway device 200 has the right to receive the ticket.

  Next, as the second authenticity determination, the authenticity determination unit 160 refers to the authentication request log information 195 and determines whether or not there is an authentication request log related to the terminal specific information obtained from the transited one-time encrypted data. Determine whether. In the present embodiment, the authenticity determination unit 160 determines whether or not an authentication request log related to the mobile terminal ID obtained from the transited one-time encrypted data exists in the authentication request log information 195.

  In the authentication request log information 195 including the terminal unique information obtained directly from the one-time encrypted data, when there is an authentication request log related to the terminal unique information obtained from the transited one-time encrypted data, it is transmitted to the gateway device 200. It is confirmed that the SMS message is from the portable terminal 300 in which the ticket application 400 that generated the one-time encrypted data is installed. That is, the SMS source telephone number of the SMS message is associated with the terminal specific information obtained from the one-time encrypted data included in the SMS message.

  The received SMS sender telephone number exists in the ticket management information 191 in the first authenticity determination, and the terminal-specific information obtained from the transited one-time encrypted data in the authentication request log information 195 in the second authenticity determination When there is an authentication request log related to information, the authenticity determination unit 160 associates the terminal-specific information that has undergone the second authenticity determination with the telephone number that has undergone the first authenticity determination in the ticket management information 191. Store.

  On the other hand, in the ticket management information 191 in the first authenticity determination, the received one-time encrypted data in the authentication request log information 195 in the second authenticity determination although the received SMS transmission source telephone number does not exist. When there is an authentication request log related to the terminal specific information obtained from the authenticity determination unit 160, the authenticity determination unit 160 converts the authentication request log related to the terminal specific information obtained from the transited one-time encrypted data into an authentication request from the unauthorized user U. Delete as originating.

  The authentication response unit 170 encrypts the terminal unique information and the time stamp obtained from the routed one-time encrypted data with a common key, and generates one-time encrypted data. Further, the authentication response unit 170 activates the ticket application 400 in the mobile terminal 300 and allows the ticket application 400 to execute processing using the one-time encrypted data generated by the authentication response unit 170. And send an SMS message containing the URL scheme to the SMS source telephone number.

  In the present embodiment, the URL scheme executes a process for determining whether or not the one-time encrypted data specified by the SMS message matches the one-time encrypted data generated when the authentication request is transmitted to the ticket application 400. Make it possible. When the two one-time encrypted data matches, it is authenticated that the request is an authentication request from the mobile terminal 300 associated with the telephone number having the right to receive the ticket, and the ticket application 400 transitions to a ticket data receiving process.

  The ticket data transmission unit 180 transmits the ticket data to the mobile terminal 300 in response to the ticket data transmission request from the mobile terminal 300. The ticket data transmission request includes terminal-specific information whose authenticity has been confirmed in a series of authentication processes. The ticket data transmission unit 180 refers to the ticket management information 191 and transmits ticket data associated with the terminal specific information included in the ticket reception request to the portable terminal 300. In the present embodiment, the ticket data transmission unit 180 receives a ticket data transmission request including a mobile terminal ID, and transmits ticket data associated with the received mobile terminal ID to the mobile terminal 300.

  The DB 190 manages ticket management information 191, ticket purchase application information 193, and authentication request log information 195.

  The ticket management information 191 stores data for managing each ticket issued by the event organizer / service provider, for example, for each event. In the ticket management information 191, it is possible to confirm the mobile terminal 300 of the user U who has the right to receive a ticket by managing the ticket in association with a telephone number. In addition, in one embodiment, the ticket management information 191 includes various information related to tickets, such as a performance name, a venue name, a ticket type, a ticket type based on user attributes, various time limits, terminal-specific information, and the like. It is desirable to be managed.

  The ticket purchase application information 193 stores a ticket for which ticket purchase has been applied and various information relating to the ticket purchase applicant. In one embodiment, the ticket purchase application information 193 may also include the phone number of the mobile terminal 300 that is used when the ticket purchase applicant and accompanying person receive an electronic ticket.

  As described above, the authentication request log information 195 stores the terminal unique information obtained from the direct one-time encrypted data included in the authentication request and the reception time. In this embodiment, as described above, the mobile terminal ID is stored as the terminal specific information.

(2.2 Functional configuration of gateway device 200)
Next, the functional configuration of the gateway device will be described. Gateway device 200 includes an authentication SMS receiver.

  The authentication SMS receiving unit receives the SMS message from the portable terminal 300 and transmits the one-time encrypted data and the SMS transmission source telephone number included in the received SMS message to the server device 100 as authentication information.

(2.3 Functional configuration of ticket application 400)
Next, the functional configuration of the ticket application 400 installed in the mobile terminal 300 will be described with reference to FIG. FIG. 3 is a functional block diagram showing a specific example of the functional configuration of the ticket application 400. As shown in FIG. The ticket application 400 includes an authentication request transmission unit 410, a one-time encrypted data management unit 420, a URL scheme execution unit 430, a ticket acquisition unit 440, a UI display unit 450, and a DB 460.

  The authentication request transmission unit 410 generates one-time encrypted data in order to transmit an authentication request to the server device 100. As described above, the authentication request includes the one-time encrypted data generated by the ticket application 400 using the terminal unique information and the time stamp. In the present embodiment, the authentication request transmission unit 410 uses a mobile terminal ID that uniquely identifies the mobile terminal 300 as terminal-specific information, encrypts the mobile terminal ID and the time stamp with a common key, and performs one-time encryption. Generate data.

  Subsequently, the authentication request transmission unit 410 activates the SMS application 330 of the mobile terminal 300 to transmit the SMS message to the gateway device 200, and generates an SMS message including the generated one-time encrypted data in the text. Further, when the SMS application 330 has successfully transmitted an SMS message in response to a transmission instruction from the user U, the authentication request transmission unit 410 transmits an authentication request including the generated one-time encrypted data to the server device 100. The generated one-time encrypted data is stored in the DB 460 as one-time encrypted data 461.

  By transmitting the SMS message from the mobile terminal 300, the server 100 acquires the telephone number of the mobile terminal 300 as the SMS source telephone number without the ticket application 400 acquiring the telephone number via the API of the mobile terminal OS. can do. On the other hand, information included in the text of the SMS message may be rewritten by the user U. Therefore, the server 100 can determine the unauthorized operation by the user U by transmitting the same non-rewritable information as the information included in the text of the SMS message from the ticket application 400 to the server device 100.

  In the present embodiment, after the one-time encrypted data is generated by the authentication request transmission unit 410, another application is not validated (switching the task from the ticket application 400 to another application) for a predetermined time (for example, When the transmission of the SMS message is completed within 20 seconds, the authentication request transmission unit 410 determines that the SMS message has been transmitted normally. That is, the authentication request transmission unit 410 transmits an authentication request including the one-time encrypted data to the server device 100.

  The one-time encrypted data management unit 420 deletes, from the DB 460, the one-time encrypted data 461 that has passed a certain period since the one-time encrypted data generated by the authentication request transmission unit 410. In the present embodiment, it is assumed that the one-time encrypted data after 10 minutes has been deleted, but another arbitrary period can be set as the time for deleting the one-time encrypted data. As described above, it is possible to construct a stronger authentication system by deleting the one-time encrypted data after a certain period from the generation as invalid.

  The URL scheme execution unit 430 responds to the user selecting a URL scheme included in the SMS message, and the one-time encrypted data described in the URL scheme and the one-time encrypted data stored in the DB 460. It is determined whether or not 461 matches. Also, the URL scheme execution unit 430 deletes the one-time encrypted data 461 from the DB 460 after the determination.

  If the one-time encrypted data specified by the SMS message matches the one-time encrypted data generated at the time of transmitting the authentication request, the URL on the portable terminal having the terminal-specific information associated with the telephone number in the server device 100 It is confirmed that the scheme is executed. Therefore, it is possible to prevent unauthorized use by copying the URL scheme included in the SMS message.

  When the URL scheme execution unit 430 determines that the one-time encrypted data matches, the ticket acquisition unit 440 transmits a ticket data transmission request to the server device 100, and the ticket data that can be received by the user U is transmitted to the server device. Receive from 100. The ticket data transmission request includes terminal-specific information whose authenticity has been confirmed in a series of authentication processes. The received ticket data is stored in the DB 460 as ticket information 463.

  The UI display unit 450 displays, for the user U, a ticket reception screen for transmitting an authentication request, a ticket data display screen for viewing the acquired ticket data, and the like.

  The DB 460 manages one-time encrypted data 461 and ticket information 463.

  The one-time encrypted data 461 is data obtained by encrypting terminal unique information with a common key. In the present embodiment, as described above, the one-time encrypted data is generated by using the mobile terminal ID as the terminal unique information and encrypting the mobile terminal ID and the time stamp with the common key.

  The ticket information 463 is various information related to an electronic ticket that can be used by the user U. The ticket information 483 can include, for example, information such as a performance name, a venue name, a ticket type, a ticket type based on an attribute of a user to be used, an image to be displayed as an electronic ticket, a validity period, and the like. As described above, the ticket information 483 is acquired from the server device 100 by the ticket acquisition unit 440.

(3. Process flow)
Hereinafter, the processing flow of the authentication system 10 will be described with reference to FIGS. First, a process in which the server device 100 stores a telephone number related to the purchase applicant who has won the lottery in the ticket management information 191 in association with the ticket will be described with reference to FIG. Next, a flow in which the server device 100 processes an authentication request from the authentic user UA in cooperation with the gateway device 200 will be described with reference to FIG.

  Next, a flow in which the server apparatus 100 processes an authentication request from an unauthorized user U in cooperation with the gateway apparatus 200 will be described with reference to FIGS. 6 and 7. 6 and 7 are examples in which an unauthorized user UB, which is a scalper, and an unauthorized user UC who wants to purchase a ticket from the scalper, reconcile the text of the SMS message and make an authentication request. . FIG. 6 shows an example in which only an unauthorized user UB, which is a scalper, sends an authentication request, and FIG. 7 shows that both an unauthorized user UB, who is a scalper, and an unauthorized user UC who wants to purchase a ticket from the scalper An example of transmitting Finally, the flow of the authentication process of the server apparatus 100 will be described with reference to FIG.

  Each processing step to be described later can be executed in any order or in parallel as long as there is no contradiction in processing contents, and other steps can be added between the processing steps. good. Further, a step described as a single step for convenience can be executed by being divided into a plurality of steps, and a step described as being divided into a plurality of steps for convenience can be executed as one step.

(3.1 Processing when applying for electronic ticket purchase)
A processing flow in which the server apparatus 100 stores the telephone number associated with the purchase applicant who has won the lottery in the ticket management information 191 in association with the ticket will be described with reference to FIG. FIG. 4 is a flowchart showing a processing flow of the server apparatus 100 related to the electronic ticket purchase request. Note that the browser 110 used when the user U applies for electronic ticket purchase does not necessarily have to be on the mobile terminal 300 in which the ticket application 300 is installed. For example, a purchase application can be made using a browser of a personal computer (PC).

  When the user U accesses the ticket service site provided by the server device 100 using the browser 320 of the mobile terminal 300 (S401), the website providing unit 110 of the server device 100 displays a web page corresponding to the accessed URL. Is transmitted to the portable terminal 300 (S403).

  When a purchase request for a purchaseable ticket is transmitted from the mobile terminal 300 to the server device 100 in response to the operation of the user U on the browser 320 (S405), the user screen transmission unit 111 of the server device 100 causes the purchaseable ticket to be purchased. The list screen is transmitted to the portable terminal 300 (S407). In the present embodiment, the list screen includes information on tickets that can be purchased extracted from the ticket management information 191.

  When a ticket purchase request is transmitted from the mobile terminal 300 in response to the operation of the user U on the browser 320 (S409), the ticket purchase application reception unit 113 of the server device 100 receives the purchase request and transmits a user screen. The unit 111 transmits a purchase application information registration screen to the mobile terminal 300 (S411). In this embodiment, on the registration screen, as described above, the telephone number related to the purchase applicant's ticket receiving terminal, and the telephone number related to the accompanying person's ticket receiving terminal if the accompanying person's ticket is also purchased. Is included.

  When purchase application information is transmitted from the mobile terminal 300 in response to the operation of the user U on the browser 320 (S413), the ticket purchase application reception unit 113 stores the received purchase application information as ticket purchase application information 193 in the DB 190. Register (S415).

  In this way, when a predetermined lottery time comes after receiving a ticket purchase application from one or more users U (S417), the lottery unit 120 of the server device 100 performs a lottery (S419). After performing the lottery, the lottery unit 120 stores the telephone number related to the purchase applicant who has won the lottery in the ticket management information 191 in association with the ticket (S421). Finally, the server device 100 transmits an email notifying the lottery result to the user U who is the purchase applicant, for example, using the email address received as the purchase application information (S423).

(3.2 Processing when a genuine user receives an electronic ticket)
The flow of processing relating to receipt of an electronic ticket by the authentic user UA will be described with reference to FIG. In the present embodiment, in the ticket management information 191 of the server device 100, the telephone number of the mobile terminal 300a held by the authentic user UA is registered. FIG. 5 is a sequence diagram showing a processing flow of the authentication system 10 related to receipt of the electronic ticket.

  When the genuine user UA activates the ticket application 400 of the mobile terminal 300a, the UI display unit 450 of the ticket application 400 displays a ticket reception screen for transmitting an authentication request (S501). When the genuine user UA presses the ticket reception button on the ticket reception screen, for example, the authentication request transmission unit 410 of the ticket application 400 starts processing for acquiring ticket data. First, the authentication request transmission unit 410 acquires the mobile terminal ID from the mobile terminal 300a (S503), encrypts the mobile terminal ID and the time stamp with a common key, and generates one-time encrypted data (S505). .

  Next, the authentication request transmission unit 410 activates the SMS application 330 of the mobile terminal 300 to transmit the SMS message including the one-time encrypted data to the gateway device 200 (S507), and the generated one-time encrypted data. Is generated in the body. When the SMS application 330 normally transmits the SMS message in response to the transmission instruction from the user U (S509), the authentication request transmission unit 410 sends an authentication request including the generated one-time encrypted data to the server device 100. The data is transmitted (S511), and the generated one-time encrypted data is stored in the DB 460 as the one-time encrypted data 461 (S513).

  In the present embodiment, after the one-time encrypted data is generated by the authentication request transmission unit 410, another application is not validated (switching the task from the ticket application 400 to another application) for a predetermined time (for example, When the transmission of the SMS message is completed within 20 seconds, the authentication request transmission unit 410 determines that the SMS message has been transmitted normally. That is, the authentication request transmission unit 410 transmits an authentication request including the one-time encrypted data to the server device 100.

  When receiving the authentication request from the mobile terminal 300a, the authentication request receiving unit 130 of the server device 100 decrypts the direct one-time encrypted data included in the authentication request, and acquires the mobile terminal ID of the mobile terminal 300a (S515). . Further, the authentication request receiving unit 130 stores the acquired portable terminal ID in the authentication request log information 195 as an authentication request log together with information on the reception time (S517).

  On the other hand, when the gateway apparatus 200 receives the SMS message from the mobile terminal 300a, the authentication SMS receiving unit of the gateway apparatus 200 uses the one-time encrypted data and the SMS transmission source telephone number included in the received SMS message as authentication information. 100 (S519).

  When the SMS information receiving unit 150 of the server device 100 receives the authentication information of the mobile terminal 300a from the gateway device 200, the transit one-time encrypted data included in the authentication information is decrypted to acquire the mobile terminal ID (S521). In the present embodiment, the authentication information received from the gateway device 200 includes the one-time encrypted data generated by the ticket application 400 using the mobile terminal ID and the time stamp of the mobile terminal 300a, and the mobile phone as the SMS source telephone number. The telephone number of the terminal 300a is included.

  Next, the authenticity determination unit 160 performs authenticity determination using the authentication information received by the SMS information reception unit 150. First, the authenticity determination unit 160 determines whether or not the received SMS transmission source telephone number exists in the ticket management information 191 as the first authenticity determination (S523). In this embodiment, since the telephone number of the portable terminal 300a is registered in the ticket management information 191, the first authenticity determination is successful.

  Next, as the second authenticity determination, the authenticity determination unit 160 determines whether or not an authentication request log related to the mobile terminal ID obtained from the transited one-time encrypted data in S521 exists in the authentication request log information 195. Determination is made (S525). When the received SMS source telephone number exists in the ticket management information 191 and there is an authentication request log related to the mobile terminal ID obtained from the transited one-time encrypted data, the authenticity determination unit 160 In 191, the portable terminal ID that has passed the second authenticity determination is stored in association with the telephone number that has passed the first authenticity determination (S <b> 527).

  In this embodiment, the authentication log related to the mobile terminal ID of the mobile terminal 300a obtained by decrypting the transited one-time encrypted data is stored in the authentication request log information 195 in S517, so that the second authenticity determination is performed. The mobile terminal ID and the telephone number are associated with each other in S527.

  When the portable terminal ID and the telephone number are associated, the authentication response unit 170 of the server device 100 encrypts the terminal unique information and the time stamp obtained from the transited one-time encrypted data with the common key, and performs one-time encryption. Data is generated (S529). Further, the authentication response unit 170 activates the ticket application 400 in the portable terminal 300 and generates a URL scheme for allowing the ticket application 400 to execute processing using the one-time encrypted data (S531). An SMS message including the URL scheme is transmitted to the SMS source telephone number (S533).

  When the SMS message is received from the server apparatus 100, the SMS application 330 displays the received SMS message in response to a user operation (S535). When the user selects the URL scheme included in the SMS message, the ticket application 400 is activated, and the URL scheme execution unit 430 of the ticket application 400 and the one-time encrypted data specified by the SMS message and the one stored in the DB 460 are stored. It is determined whether or not the time encrypted data 461 matches (S537). Also, the URL scheme execution unit 430 deletes the one-time encrypted data 461 from the DB 460 after the determination.

  When the URL scheme execution unit 430 determines that the two-time encrypted data match, the ticket acquisition unit 440 of the ticket application 400 transmits a ticket data transmission request to the server device 100 (S539). The ticket data transmission request includes the mobile terminal ID of the mobile terminal 300a whose authenticity has been confirmed in a series of authentication processes.

  When the ticket data transmission request is received from the portable terminal 300a, the ticket data transmission unit 180 of the server device 100 refers to the ticket management information 191 and stores the ticket data associated with the portable terminal ID included in the ticket reception request. (S541). The ticket acquisition unit 440 stores the received ticket data in the DB 460 as ticket information 463 (S543).

(3.3 Processing when an electronic ticket is received by an unauthorized user 1)
Next, the flow of the first process related to the reception of the electronic ticket by the unauthorized user UB and the unauthorized user UC will be described with reference to FIG. In the present embodiment, the telephone number of the portable terminal 300b held by the unauthorized user UB that is a duff shop is registered in the ticket management information 191 of the server apparatus 100, and the unauthorized user UC receives a ticket from the unauthorized user UB that is a duff shop. An unauthorized user who wants to purchase FIG. 6 is a sequence diagram showing a processing flow of the authentication system 10 related to receipt of the electronic ticket.

  Since S501 to S507 in FIG. 6 are the same processes as S501 to S507 in FIG. 5, detailed description of these processes is omitted. However, in FIG. 6, instead of the mobile terminal 300a held by the user UA, the process is executed by the mobile terminal 300c held by the unauthorized user UC.

  After the SMS application 330 is activated in S507, the unauthorized user UC copies the one-time encrypted data included in the SMS message without transmitting the SMS message, and uses another mail application or the like to transmit the unauthorized user UB. (S601). Since the authentication SMS transmitting unit 420 has not normally transmitted the SMS message, the authentication request transmitting unit 410 does not transmit the generated authentication request including the generated one-time encrypted data to the server device 100, and sends the authentication request to the DB 460 one time. The encrypted data 461 is not stored.

  The unauthorized user UB receives the one-time encrypted data related to the portable terminal ID of the portable terminal 300c from the unauthorized user UC. Thereafter, the processing from S603 to S609, which is the same as S501 to S507 in FIG. 5, is executed on the portable terminal 300b of the unauthorized user UB, and the SMS application 330 is activated in S609.

  Here, the unauthorized user UB rewrites the text of the SMS message displayed in S609 with the one-time encrypted data related to the portable terminal ID of the portable terminal 300c received from the unauthorized user UC, and transmits the SMS message (S611). ). In response to the transmission instruction from the unauthorized user UB, since the SMS application 330 has successfully transmitted the SMS message, the authentication request transmission unit 410 has generated the one-time encryption (related to the portable terminal ID of the portable terminal 300b). An authentication request including data is transmitted to the server apparatus 100 (S613), and stored as one-time encrypted data 461 (related to the mobile terminal ID of the mobile terminal 300b) in the DB 460 (S615).

  When receiving the authentication request from the mobile terminal 300b, the authentication request receiving unit 130 of the server device 100 decrypts the direct one-time encrypted data included in the authentication request, and acquires the mobile terminal ID of the mobile terminal 300b (S617). . Further, the authentication request receiving unit 130 stores the acquired mobile terminal ID of the mobile terminal 300b in the authentication request log information 195 as an authentication request log together with information on the reception time (S619).

  On the other hand, when the gateway device 200 receives the SMS message from the mobile terminal 300b, the authentication SMS receiving unit of the gateway device 200 uses the one-time encrypted data and the SMS transmission source telephone number included in the received SMS message as authentication information. 100 is transmitted (S621).

  When the SMS information receiving unit 150 receives the authentication information from the gateway device 200, it decrypts the transit one-time encrypted data included in the authentication information and acquires the mobile terminal ID (S623). In the present embodiment, the authentication information received from the gateway device 200 includes the one-time encrypted data generated by the ticket application 400 using the mobile terminal ID and the time stamp of the mobile terminal 300c, and the mobile phone as the SMS source telephone number. Since the telephone number of the terminal 300b is included, the SMS information receiving unit 150 acquires the mobile terminal ID of the mobile terminal 300c.

  Next, as the first authenticity determination, the authenticity determination unit 160 determines whether or not the received SMS transmission source telephone number exists in the ticket management information 191 (S625). In the present embodiment, since the telephone number of the portable terminal 300b is registered in the ticket management information 191, the first authenticity determination is successful.

  Further, as the second authenticity determination, the authenticity determination unit 160 determines whether an authentication request log related to the mobile terminal ID obtained from the transited one-time encrypted data in S623 exists in the authentication request log information 195. (S627). In this embodiment, the mobile terminal ID of the mobile terminal 300c is obtained by decrypting the transited one-time encrypted data. On the other hand, an authentication log relating to the mobile terminal ID of the mobile terminal 300b is stored in the authentication request log in S619. Therefore, there is no authentication request log related to the portable terminal ID obtained from the transited one-time encrypted data.

  Therefore, the second authenticity determination fails, and the server apparatus 100 ends the process.

  In this way, when the unauthorized user UB and the unauthorized user UC conspire and the SMS message transmitted to the gateway device 200 is rewritten, that is, the mobile terminal 300b that transmits the SMS message and one-time encrypted data are generated. When the ticket application 400 to be installed is different from the portable terminal 300c installed, the authentication request from the portable terminal 300b fails in the authenticity determination in the server device 100. Therefore, an unauthorized user cannot obtain a ticket.

(3.4 Processing 2 when an unauthorized user receives an electronic ticket)
Furthermore, the flow of the second process related to the reception of the electronic ticket by the unauthorized user UB and the unauthorized user UC will be described with reference to FIG. Also in this embodiment, the telephone number of the portable terminal 300b held by the unauthorized user UB that is a duff shop is registered in the ticket management information 191 of the server apparatus 100, and the unauthorized user UC receives a ticket from the unauthorized user UB that is a duff shop An unauthorized user who wants to purchase FIG. 7 is a sequence diagram showing a processing flow of the authentication system 10 related to receipt of the electronic ticket.

  Since S501 to S507 in FIG. 7 are the same processes as S501 to S507 in FIG. 5, a detailed description of these processes is omitted. However, in FIG. 7, instead of the mobile terminal 300a owned by the user UA, the process is executed by the mobile terminal 300c owned by the unauthorized user UC.

  After the SMS application 330 is activated in S507, the unauthorized user UC copies the one-time encrypted data included in the SMS message and then transmits the SMS message (S509). In response to the transmission instruction from the unauthorized user UC, since the authentication SMS transmission unit 420 has successfully transmitted the SMS message, the authentication request transmission unit 410 generates the generated one-time (related to the mobile terminal ID of the mobile terminal 300c). The authentication request including the encrypted data is transmitted to the server device 100 (S511), and stored as one-time encrypted data 461 (related to the portable terminal ID of the portable terminal 300c) in the DB 460 (S513).

  Further, the unauthorized user UC transmits the one-time encrypted data included in the copied SMS message to the unauthorized user UB using another mail application or the like (S701).

  When receiving the authentication request from the mobile terminal 300c, the authentication request receiving unit 130 of the server device 100 decrypts the direct one-time encrypted data included in the authentication request, and acquires the mobile terminal ID of the mobile terminal 300c (S515). . Further, the authentication request receiving unit 130 stores the acquired mobile terminal ID of the mobile terminal 300c in the authentication request log information 195 as an authentication request log (S517).

  On the other hand, when the gateway device 200 receives the SMS message from the mobile terminal 300c, the authentication SMS receiver of the gateway device 200 uses the one-time encrypted data and the SMS transmission source telephone number included in the received SMS message as authentication information. 100 (S519).

  When the SMS information receiving unit 150 receives the authentication information from the gateway device 200, it decrypts the transit one-time encrypted data included in the authentication information and obtains the mobile terminal ID (S521). In the present embodiment, the authentication information received from the gateway device 200 includes the one-time encrypted data generated by the ticket application 400 using the mobile terminal ID and the time stamp of the mobile terminal 300c, and the mobile phone as the SMS source telephone number. Since the telephone number of the terminal 300c is included, the SMS information receiving unit 150 acquires the mobile terminal ID of the mobile terminal 300c.

  Next, as the first authenticity determination, the authenticity determination unit 160 determines whether or not the received SMS transmission source telephone number exists in the ticket management information 191 (S523). In this embodiment, since the telephone number of the mobile terminal 300c is not registered in the ticket management information 191, the first authenticity determination fails.

  Further, as the second authenticity determination, the authenticity determination unit 160 determines whether or not an authentication request log related to the mobile terminal ID obtained from the transited one-time encrypted data in S521 exists in the authentication request log information 195. (S525). In the present embodiment, an authentication request log related to the mobile terminal ID of the mobile terminal 300c obtained by decrypting the transited one-time encrypted data is stored in the authentication request log information 195.

  Since the first authenticity determination has failed, the authenticity determination unit 160 uses the authentication request log regarding the mobile terminal ID of the mobile terminal 300c obtained from the transited one-time encrypted data as an authentication request from the unauthorized user U. (S703).

  Therefore, the first authenticity determination fails, and the server apparatus 100 ends the process. In this embodiment, the unauthorized user UC is described as an unauthorized user who collaborates with the unauthorized user UB, which is a scalper. However, even when the user UC attempts to receive an electronic ticket alone, the above-described FIG. As described in S501 to S525 and S703, the authenticity determination in the server apparatus 100 fails.

  Further, the unauthorized user UB that has received the one-time encrypted data related to the portable terminal ID of the portable terminal 300c from the unauthorized user UC operates using the portable terminal 300b. The same processing from S705 to S711 as S603 to S609 in FIG. 6 is executed in the portable terminal 300b, and the SMS application 330 is activated in S711.

  Here, the unauthorized user UB rewrites the text of the SMS message displayed in S711 with the one-time encrypted data related to the portable terminal ID of the portable terminal 300c received from the unauthorized user UC, and transmits the SMS message (S713). ). In response to the transmission instruction from the unauthorized user UB, since the SMS application 330 has successfully transmitted the SMS message, the authentication request transmission unit 410 has generated the one-time encryption (related to the portable terminal ID of the portable terminal 300b). The authentication request including the data is transmitted to the server device 100 (S715), and stored as one-time encrypted data 461 (related to the mobile terminal ID of the mobile terminal 300b) in the DB 460 (S717).

  When receiving the authentication request from the mobile terminal 300b, the authentication request receiving unit 130 of the server device 100 decrypts the direct one-time encrypted data included in the authentication request, and acquires the mobile terminal ID of the mobile terminal 300b (S719). . Further, the authentication request receiving unit 130 stores the acquired mobile terminal ID of the mobile terminal 300b in the authentication request log information 195 as an authentication request log together with information on the reception time (S721).

  On the other hand, when the gateway device 200 receives the SMS message from the mobile terminal 300b, the authentication SMS receiving unit of the gateway device 200 uses the one-time encrypted data and the SMS transmission source telephone number included in the received SMS message as authentication information. 100 (S723).

  When the SMS information receiving unit 150 receives the authentication information from the gateway device 200, it decrypts the transit one-time encrypted data included in the authentication information and acquires the mobile terminal ID (S725). In the present embodiment, the authentication information received from the gateway device 200 includes the one-time encrypted data generated by the ticket application 400 using the mobile terminal ID and the time stamp of the mobile terminal 300c, and the mobile phone as the SMS source telephone number. Since the telephone number of the terminal 300b is included, the SMS information receiving unit 150 acquires the mobile terminal ID of the mobile terminal 300c.

  Next, as the first authenticity determination, the authenticity determination unit 160 determines whether or not the received SMS transmission source telephone number exists in the ticket management information 191 (S727). Since the telephone number of the portable terminal 300b is registered in the ticket management information 191, the first authenticity determination is successful.

  Further, as the second authenticity determination, the authenticity determination unit 160 determines whether or not an authentication request log related to the mobile terminal ID obtained from the transited one-time encrypted data in S725 exists in the authentication request log information 195. (S729). In this embodiment, since the portable terminal ID of the portable terminal 300c stored in S517 is deleted in S703, only the portable terminal ID of the portable terminal 300b stored in S721 is stored in the authentication request log. . That is, since there is no authentication request log related to the mobile terminal ID of the mobile terminal 300b obtained from the transited one-time encrypted data, the second authenticity determination fails and the server apparatus 100 ends the process.

  As described above, the authentication request from the mobile terminal 300c that is not registered in the ticket management information 191 including the telephone number of the mobile terminal 300 that has the right to receive the ticket fails in the first authenticity determination in the server device 100.

  Furthermore, the unauthorized user UB and the unauthorized user UC may collaborate and the one-time encrypted data generated by the ticket application 400 installed in the mobile terminal 300c may be transmitted to the mobile terminal 300b. However, the authentication request from the portable terminal 300b that rewrites and transmits the SMS message fails in the second authenticity determination in the server device 100. Therefore, an unauthorized user cannot obtain a ticket.

(3.5 Authentication process)
A processing flow related to the authentication request of the server apparatus 100 will be described with reference to FIG. FIG. 8 is a flowchart showing a flow of authentication processing of the server apparatus 100.

  When the authentication request is received from the mobile terminal 300 (S801), the authentication request receiving unit 130 decrypts the direct one-time encrypted data included in the authentication request and acquires the mobile terminal ID of the mobile terminal 300 (S803). Further, the authentication request receiving unit 130 stores the acquired portable terminal ID in the authentication request log information 195 as an authentication request log (S805).

  On the other hand, the SMS information receiving unit 150 receives the authentication information of the portable terminal 300 from the gateway device 200 (S807). In this embodiment, the authentication information received from the gateway device 200 includes the transit one-time encrypted data generated by the ticket application 400 using the mobile terminal ID of the mobile terminal 300 and the SMS source telephone number. The SMS information receiving unit 150 decrypts the transit one-time encrypted data included in the authentication information, and acquires the mobile terminal ID (S809).

  Next, as the first authenticity determination, the authenticity determination unit 160 determines whether or not the received SMS transmission source telephone number exists in the ticket management information 191 (S811). Further, as the second authenticity determination, the authenticity determination unit 150 determines whether or not the authentication request log related to the mobile terminal ID obtained from the transited one-time encrypted data in S809 exists in the authentication request log information 195. (S813).

  When the received SMS sender telephone number is present in the ticket management information 191 (S811: Yes) and there is an authentication request log related to the mobile terminal ID obtained from the transited one-time encrypted data (S813: Yes), The authenticity determination unit 160 stores the portable terminal ID that has undergone the second authenticity determination in the ticket management information 191 in association with the telephone number that has undergone the first authenticity determination (S815).

  Next, the authentication response unit 170 encrypts data including the portable terminal ID and the time stamp obtained from the transited one-time encrypted data with a common key, and generates one-time encrypted data (S817). Further, the authentication response unit 170 activates the ticket application 400 in the mobile terminal 300 and generates a URL scheme for enabling the ticket application 400 to execute processing using the one-time encrypted data (S819). Finally, the authentication response unit 170 transmits an SMS message including the generated URL scheme to the SMS source telephone number (S821), and ends the process.

  Here, even when the received SMS source telephone number does not exist in the ticket management information 191 (S811: No), the authenticity determination unit 160 authenticates the portable terminal ID obtained from the one-time encrypted data via S809. It is determined whether a request log exists in the authentication request log information 195 (S823). When the same authentication request log exists (S823: Yes), the authenticity determination unit 160 deletes the authentication request log (S825) and ends the process. When the same authentication request log does not exist (S823: No), the authenticity determination unit 160 ends the process. Even when the same authentication request log does not exist in S813 (S813: No), the authenticity determination unit 160 ends the process.

  In the example of FIGS. 5 to 8, after the server device 100 receives the authentication request from the mobile terminal 300, the authentication information is received from the gateway device 200. However, the order of reception is not particularly limited as described above, and the server apparatus 100 may receive an authentication request from the mobile terminal 300 after receiving authentication information from the gateway apparatus 200.

(4. Another embodiment)
In particular, among the embodiments described with reference to FIGS. 2, 3, 5, and 8, the authentication system 10 can perform the authentication process by omitting some processes. Specifically, in the present embodiment, the processing performed by the authentication response unit 170 of the server device and the URL scheme execution unit 430 of the ticket application 400 is omitted, and the user U authentication processing is performed.

  In the present embodiment, after the processing from S501 to S527 shown in FIG. 5 is performed, the association between the portable terminal ID and the telephone number in the ticket management information 191 of the server apparatus 100 is completed, so that the authentication from the portable terminal 300 is performed. The request is processed as authentic, and an email notifying the authentication result is transmitted to the user U using, for example, an email address managed in the ticket purchase application information 193.

  The user U that has received the authentication result activates the ticket application 400 on the mobile terminal 300 and presses a ticket data display button, for example, on the screen displayed by the UI display unit 450. In response to this, the ticket acquisition unit 440 is configured to transmit a ticket data transmission request to the server device 100 and receive the ticket data using the mobile terminal ID whose authenticity has been confirmed in a series of authentication processes. You can also.

(5. Hardware configuration)
Hereinafter, a hardware configuration capable of realizing the server device 100 and the mobile terminal 300 will be described with reference to FIGS. 9 to 10.

(5.1 Server apparatus 100)
First, a hardware configuration capable of realizing the server device 100 will be described with reference to FIG. FIG. 9 is a diagram illustrating a specific example of a hardware configuration capable of realizing the server device 100. As illustrated in FIG. 9, the server apparatus 100 includes a control unit 901, a communication I / F (interface) unit 905, a storage unit 907, a display unit 911, and an input unit 913, and each unit is a bus line 915. Connected through.

  The control unit 901 includes a CPU (Central Processing Unit, not shown), a ROM (Read Only Memory, not shown), a RAM (Random Access Memory) 903, and the like. The control unit 901 is configured to execute the control program 909 stored in the storage unit 907 so as to realize the authentication process related to the ticket service described above in addition to the function as a general information processing apparatus. For example, the website providing unit 110, the lottery unit 120, the authentication request receiving unit 130, the authentication request log managing unit 140, the SMS information receiving unit 150, the authenticity determining unit 160, the authentication responding unit 170, which are described with reference to FIG. The ticket data transmission unit 180 can be realized as a control program 909 that is temporarily stored in the RAM 903 and operates on the CPU.

  In addition to the code included in the control program 909, the RAM 903 temporarily holds part or all of the ticket management information 191, the ticket purchase application information 193, and the authentication request log information 195 shown in FIG. The RAM 903 is also used as a work area when the CPU executes various processes.

  The communication I / F unit 905 is a device for performing data communication via a wired or wireless network N with external devices including the gateway device 200 and the mobile terminal 300. Communication performed by the website providing unit 110, the authentication request receiving unit 130, the SMS information receiving unit 150, the authentication response 170, and the ticket data transmitting unit 180 shown in FIG. Performed by the I / F unit 905.

  The storage unit 907 is a nonvolatile storage medium such as an HDD (Hard Disk Drive) or a flash memory. The storage unit 907 stores an operation system (OS) and data (not shown) for realizing a function as a general information processing apparatus. The storage unit 907 stores a control program 909 and a DB 190.

  The control program 909 is a program for performing authentication processing related to the above ticket service. As described above, the website providing unit 110, the lottery unit 120, the authentication request receiving unit 130, the authentication request log managing unit 140, the SMS information receiving unit 150, the authenticity determining unit 160, the authentication response unit 170, and the like shown in FIG. The ticket data transmission unit 180 can be included in the control program 909.

  The DB 190 can include various data necessary for authentication processing related to the ticket service, such as ticket management information 191, ticket purchase application information 193, and authentication request log information 195. Various data included in the DB 190 is loaded into the RAM 903 as necessary, and is referred to by the CPU included in the control unit 901.

  The display unit 911 is a display device for presenting information to the service provider. Specific examples of the display unit 911 include a liquid crystal display and an organic EL (Electro-Luminescence) display. The input unit 913 is a device for receiving input from the service provider. Specific examples of the input unit 913 include a keyboard, a mouse, and a touch panel.

  The server device 100 does not necessarily include the display unit 911 and the input unit 913. Further, the display unit 911 and the input unit 913 may be connected to the server apparatus 100 from the outside via various interfaces such as a USB (Universal Serial Bus) and a display port.

(5.2 Mobile terminal 300)
Next, a hardware configuration capable of realizing the mobile terminal 300 will be described with reference to FIG. FIG. 10 is a diagram illustrating a specific example of the hardware configuration of the mobile terminal 300. As shown in FIG. 10, the mobile terminal 300 includes a control unit 301, a communication interface (I / F) unit 305, a storage unit 307, a touch panel display 309, and an input unit 315, and each unit is a bus line 317. Connected through.

  The control unit 301 includes a CPU, a ROM, a RAM 303, and the like. The control unit 301 can execute the ticket application 400, the browser 320, and the SMS application 330 stored in the storage unit 307. Thereby, the mobile terminal 300 can realize various processes related to the above-described ticket service in addition to the function as a general information processing apparatus.

  The RAM 303 temporarily stores part or all of the one-time encrypted data 461 and the ticket information 463 shown in FIG. 3 in addition to the codes included in the ticket application 400, the browser 320, and the SMS application 330. . The RAM 303 is also used as a work area when the CPU executes various processes.

  The communication I / F unit 305 is a device for performing data communication via a wired or wireless network N with external devices including the server device 100 and the gateway device 200. The communication I / F unit 305 performs all communications performed by the authentication request transmission unit 410, the ticket acquisition unit 440, and the like illustrated in FIG. 3 between the server device 100 and the gateway device 200.

  The storage unit 307 is a non-volatile storage medium such as an HDD or a flash memory. The storage unit 307 stores an operation system (OS), applications, and data (not shown) for realizing functions as general information processing. The storage unit 307 stores the ticket application 400, the browser 320, and the SMS application 330.

  The browser 320 is an application program that allows the user U to browse various websites on the network N including the ticket service site provided by the server device 100.

  The SMS application 330 is an application program for the user U to send and receive SMS messages with the gateway device 200 and other users.

  Since the ticket application 400 has been described above with reference to FIG. 3, the description thereof is omitted here.

  The touch panel display 309 is a device in which a display unit 311 that is a display device that presents information and a touch panel unit 313 that receives an operation input are mounted together. By using the touch panel display 309, the user U can obtain an intuitive operational feeling as if he / she directly operated the display content displayed on the display unit 311.

  The input unit 315 is a device provided separately from the touch panel display 309 for accepting an operation input from the user U. Specific examples of the input unit 315 include operation buttons, a keyboard, and a mouse.

  Note that the mobile terminal 300 does not necessarily include the input unit 315. The input unit 315 may be connected to the mobile terminal 300 from the outside via various interfaces such as USB (Universal Serial Bus) and Bluetooth (registered trademark).

  The embodiments described above are for facilitating the understanding of the present invention, and are not intended to limit the present invention. The present invention can be variously modified without departing from the gist thereof. Furthermore, those skilled in the art can employ embodiments in which the elements described below are replaced with equivalent ones, and such embodiments are also included in the scope of the present invention.

(6. Effects of the present embodiment)
As described above, according to the authentication system of the present invention, the mobile terminal 300 associated with the telephone number can be authenticated using the telephone number on the application side without acquiring the telephone number via the API of the mobile terminal OS. . The mobile terminal 300 that transmitted the SMS message to the gateway device 200 by the first determination for determining whether or not the SMS source telephone number exists in the ticket management information 191 is linked to the telephone number included in the ticket management information 191. It can be confirmed that the mobile terminal 300 is attached. Moreover, the SMS message transmitted to the gateway device 200 generates the mobile terminal ID included in the message by the second determination that determines whether or not the authentication request log related to the mobile terminal ID included in the authentication information exists. It can be confirmed that it is from the portable terminal 300.

  Further, by deleting an authentication request log derived from an authentication request from the mobile terminal 300 that is not associated with the telephone number included in the ticket management information 191, a stronger authentication system can be constructed.

  Further, by generating a URL scheme for enabling the ticket application 400 to execute processing using the one-time encrypted data, the server device 100 performs one-time encryption based on the mobile terminal ID associated with the telephone number. Processing using data can be performed reliably, and a stronger authentication system can be constructed.

  In addition, by using the URL scheme, it is confirmed that the one-time encrypted data specified by the SMS message matches the one-time encrypted data generated by the application when the authentication request is transmitted. Predetermined processing specified by the URL scheme can be executed only on the terminal 300, and a stronger authentication system can be constructed.

  Further, a stronger authentication system can be constructed by deleting an authentication request log after a certain period from the reception of the authentication request as invalid.

DESCRIPTION OF SYMBOLS 10 ... Authentication system, 100 ... Server apparatus, 110 ... Website provision part, 111 ... User screen transmission part, 113 ... Ticket purchase application reception part, 120 ... Lottery part, 130 ... Authentication request reception part, 140 ... Authentication request log management , 150 ... SMS information reception unit, 160 ... Authenticity determination unit, 170 ... Authentication response unit, 180 ... Ticket data transmission unit, 190 ... DB, 191 ... Ticket management information, 193 ... Ticket purchase application information, 195 ... Authentication request Log information, 200 ... Gateway device, 300 ... Mobile terminal, 301 ... Control unit, 303 ... RAM, 305 ... Communication I / F unit, 307 ... Storage unit, 309 ... Touch panel display, 311 ... Display unit, 313 ... Touch panel unit, 315 ... Input unit, 317 ... Bus line, 320 ... Browser, 330 ... SMS application, 400 Ticket application 410 ... Authentication request transmission unit 420 ... One-time encrypted data management unit 430 ... URL scheme execution unit 440 ... Ticket acquisition unit 450 ... UI display unit 460 ... DB 461 ... One-time encrypted data , 463 ... ticket information, 901 ... control unit, 903 ... RAM, 905 ... communication I / F unit, 907 ... storage unit, 909 ... control program, 911 ... display unit, 913 ... input unit, 315 ... bus line, 1001 ... Control unit, 1003 ... RAM, 1005 ... Communication I / F unit, 1007 ... Storage unit, 1009 ... Control program, 1011 ... Bus line, N ... Network, U ... User

Claims (9)

A server device communicably connected to a gateway device and a portable terminal,
A storage unit for storing the mobile phone number;
An authentication request receiving unit that receives an authentication request including terminal-specific information unique to the mobile terminal from an application of the mobile terminal, and generates an authentication request log based on the terminal-specific information;
An SMS information receiving unit that receives authentication information included in an SMS (Short Message Service) message transmitted from the portable terminal to the gateway device from the gateway device, and acquires terminal-specific information from the received authentication information. The authentication information includes an SMS information receiving unit including the terminal specific information and an SMS source telephone number;
A first determination for determining whether or not the SMS source telephone number exists in the storage unit; and a second determination for determining whether or not an authentication request log relating to the terminal-specific information included in the authentication information exists. Authenticity determination unit for executing the determination of the terminal, when the SMS source telephone number exists in the storage unit, and there is an authentication request log related to the terminal specific information included in the authentication information, the terminal specific A server device comprising: an authenticity determination unit that stores information in association with the telephone number of the storage unit.   The server apparatus according to claim 1, wherein the authenticity determination unit deletes an authentication request log related to the terminal unique information included in the authentication information when the SMS source telephone number does not exist in the storage unit. When the SMS source telephone number exists in the storage unit and there is an authentication request log related to the terminal-specific information included in the authentication information, the application is started on the mobile terminal, and the terminal-specific The authentication response part which produces | generates the URL scheme for enabling execution of the process using information, and transmits the SMS message containing the said URL scheme to the said SMS origination telephone number is further provided in Claim 1 or 2 The server apparatus of description.   The URL scheme enables the application to execute a process of determining whether the terminal specific information specified by the SMS message matches the terminal specific information generated by the application when transmitting an authentication request. The server device according to claim 3. The server device according to any one of claims 1 to 4, further comprising: an authentication request log management unit that deletes an authentication request log that has passed a predetermined period of time since reception of the authentication request. One or a plurality of computers that are communicably connected to the gateway device and the mobile terminal,
Storing the mobile phone number in the storage unit;
Receiving an authentication request including terminal-specific information unique to the mobile terminal from an application of the mobile terminal, and generating an authentication request log based on the terminal-specific information;
Receiving authentication information included in an SMS message transmitted from the portable terminal to the gateway device from the gateway device, and acquiring terminal-specific information from the received authentication information, wherein the authentication information is the A process including terminal specific information and an SMS source telephone number;
Determining whether the SMS source telephone number is present in the storage unit;
Determining whether there is an authentication request log related to the terminal-specific information included in the authentication information;
When the SMS source telephone number exists in the storage unit and there is an authentication request log related to the terminal specific information included in the authentication information, the terminal specific information is associated with the telephone number of the storage unit. Storing the method. A program, the mobile terminal communicatively connected to the server device and the gateway device,
Generating device-specific information unique to the mobile device;
Activating an SMS application on the mobile terminal to send an SMS message to the gateway device;
Generating an SMS message including the terminal-specific information in the body;
A step of transmitting an authentication request including the terminal-specific information to the server device when the SMS application transmits the SMS message within a predetermined time ;
Activating the program in response to selection of a URL scheme including the terminal-specific information;
Determining whether the terminal specific information included in the URL scheme matches the terminal specific information generated in the step of generating terminal specific information;
A program for executing a process using the terminal-specific information included in the URL scheme . A mobile terminal that is communicably connected to the server device and the gateway device,
Generating device-specific information unique to the mobile device;
Activating an SMS application on the mobile terminal to send an SMS message to the gateway device;
Generating an SMS message including the terminal-specific information in the body;
A step of transmitting an authentication request including the terminal-specific information to the server device when the SMS application transmits the SMS message within a predetermined time ;
In response to selection of a URL scheme including the terminal specific information, whether the terminal specific information included in the URL scheme matches the terminal specific information generated in the step of generating terminal specific information Determining whether or not,
Executing a process using the terminal-specific information included in the URL scheme . A portable terminal communicably connected to a server device and a gateway device,
An authentication request transmitting unit that generates terminal-specific information unique to the mobile terminal and transmits an authentication request including the terminal-specific information to the server device, and transmits the SMS message to the gateway device. The SMS application of the terminal is activated to generate an SMS message including the terminal-specific information in the body. When the SMS application transmits the SMS message within a predetermined time, the authentication request is transmitted to the server device. , An authentication request transmitter ,
In response to selection of a URL scheme including the terminal specific information, a determination is made as to whether the terminal specific information included in the URL scheme matches the terminal specific information generated by the authentication request transmission unit. A URL scheme execution unit;
A portable terminal comprising: a processing unit that executes processing using the terminal-specific information included in the URL scheme .