JP6489732B2 - User authentication device - Google Patents

Description

  The present invention relates to a user authentication device, method, and program, and more particularly, to a user authentication device, a user authentication method, and a computer for authenticating whether or not an operator operating a user terminal is an authorized user. The present invention relates to a user authentication program for functioning as the user authentication device.

  In a website that provides a predetermined service online to a pre-registered user, the user terminal operator who has accessed the website via the user terminal inputs a user ID and password, and the entered user ID and It is common to adopt a user authentication method that confirms whether or not the operator of the accessing user terminal is a pre-registered user based on whether or not a combination of passwords is registered in the database. is there.

  However, since the above user authentication method does not depend on the individuality of the user terminal held and operated by the user, if the user ID and password are leaked to others, before the user notices the leak, There is a drawback that a person who knows the user ID and password can impersonate a legitimate user and gain unauthorized access.

  In this connection, in Patent Document 1, an IP address (and link source URL) that allows the use of a service is stored in a database together with an ID and a password, and in addition to authentication based on the ID and password, an access source IP address A technique for determining whether or not to permit use of a service by determining whether or not is registered in a database is disclosed.

  In the above-mentioned Patent Document 1, it is easily conceivable to use the MAC address or individual identification number of the terminal or the identification number of the hardware key attached to the terminal instead of the access source IP address.

  As a technique for preventing spoofing and improving security, a technique for authenticating a user terminal using an electronic certificate prior to user authentication based on a user ID and a password is also known. If this technology is applied, even if the user ID and password are leaked to others, as long as the person who knows the user ID and password does not operate the user terminal on which the regular electronic certificate is installed, It can prevent fraud.

JP-A-2001-325229

  The technique described in Patent Document 1 uses an IP address to determine whether an access source user terminal is a user terminal that is held and operated by a legitimate user. Is operating (whether or not a third party is impersonating a legitimate user). However, although the IP address is always constant as long as it is a global IP address fixedly assigned to a specific user terminal, there are very few user terminals to which such a global IP address is assigned. In most user terminals that are used, the IP address fluctuates each time the Internet is accessed. This is a random IP address selected from a large number of global IP addresses held by an Internet service provider (Internet service provider, hereinafter simply referred to as “provider”) when accessing the Internet. This is because the user terminal is automatically assigned. For this reason, as in the technique described in Patent Document 1, when the user confirmation or authentication is performed based on whether or not the IP addresses match, access by a legitimate user is erroneously determined as unauthorized access, There is a risk of misjudging an unauthorized user as an authorized user.

  In addition, when the MAC address or the user terminal individual identification device or hardware key is used instead of the IP address, the same network environment is restored using another terminal in the event that these devices fail. There is a problem that it is difficult.

  In addition, when using the digital certificate technology, there is a problem that a burden on the user is heavy because it is necessary to perform a complicated work of installing the electronic certificate in the user terminal in advance.

  The present invention has been made in consideration of the above-mentioned facts, and its problem is that a user authentication apparatus and a user authentication method can perform user authentication using authentication information as information having high security strength while being easy to set and reproduce. It is to obtain a user authentication program and a user authentication request program.

A user authentication apparatus, a user authentication method, and a user authentication program according to the present invention store information for specifying a selection order of a plurality of applications for each user, receive information from a user terminal accessed through the network, and the receiving unit Determines whether the information received from the user terminal includes information specifying the selection order of a plurality of applications stored in the storage means.
Further, the user authentication request program according to the present invention corresponds to such a user authentication device, and is executed by a computer that can communicate with a server that executes the user authentication method and the user authentication program through a network. A procedure for accepting selection of an application by a user operating the computer, a procedure for recognizing the order of selection of the application by the user, and a procedure for transmitting information identifying the selection order of the recognized application to the server. Let it run.

  According to the user authentication device, the user authentication method, the user authentication program, and the user authentication request program of the present invention, it is possible to authenticate a person using authentication information that is easy to set and reproduce and has high security strength.

1 is a block diagram showing a schematic configuration of a computer system according to a first embodiment. Table showing the data structure of some tables that make up the user database The figure which shows the example of a display of the display of a user terminal The flowchart which shows the content of the process which CPU of a user terminal performs according to a bank application program The flowchart which shows the content of the process which CPU of a user terminal performs according to a bank application program The flowchart which shows the content of the process which CPU of a web server performs according to a user authentication program The flowchart which shows the content of the process by the password application registration program performed in S211 of FIG. The figure which shows the example of a display of the display of a user terminal Sequence chart showing data exchange between the user terminal that executes processing according to each program and the server A table showing the data structure of a part of the tables constituting the user database according to the second embodiment The flowchart which shows the content of the process which CPU of a user terminal performs according to a bank application program The flowchart which shows the content of the process which CPU of a user terminal performs according to a bank application program The flowchart which shows the content of the process which CPU of a web server performs according to a user authentication program The flowchart which shows the content of the process by the audible range registration program performed by S611 of FIG. The figure which shows the example of a display of the display of a user terminal

(Embodiment 1)
Hereinafter, a first embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 shows an online transaction system 10 according to the present embodiment. The online transaction system 10 according to the present embodiment includes a bank system 12 installed in a specific financial institution.
The above specified financial institution performs online financial transactions from users through online financial transaction websites as a service that enables users who have opened an account with the specific financial institution to conduct online financial transactions. An online financial transaction acceptance service that accepts instructions is provided. In the financial transaction using this online financial transaction reception service, the user browses the web page of the online financial transaction website via the user terminal 18 and inputs necessary information on the web page, so that the user can Information (financial transaction instruction information) for instructing execution of a desired financial transaction is transmitted from the user terminal 18 to the bank system 12. Then, the financial transaction instruction information is transferred from the bank system 12 to the account system 28 connected to the intranet 26, so that the financial transaction instructed by the user based on the financial transaction instruction information is performed in the account system 28, etc. To be executed by.

  The bank system 12 includes a CPU 12A, a memory 12B, a hard disk drive (HDD) 12C, and a network interface (I / F) unit 12D that are connected to each other through a bus B.

  The network I / F unit 12D is directly connected to a public computer network (Internet) 16 in which a large number of web servers are connected to each other via a communication line, and further installed in a specific financial institution. An intranet (LAN) 26 is also connected. A billing system 28 is connected to the intranet 26.

  A large number of user terminals 18 each consisting of a PC or the like are connected to the Internet 16. A browser is installed in each user terminal 18. Since each user terminal 18 is assumed to have an Internet connection function like a so-called smartphone or tablet terminal, the network I / F unit 12D is connected to each user via the Internet 16. Connected to terminal 18.

  The memory 12B is a storage device composed of a RAM (Random Access Memory), and a work area by the CPU 12A is developed.

  The CPU 12A is a processing device that controls the entire hardware constituting the bank system 12 by executing a program read out on the memory 12B, and corresponds to a part of a storage unit and a determination unit.

  The HDD 12C is a storage device that incorporates a computer-readable storage medium that stores various data and programs. The programs stored in the HDD 12C include a user authentication server program 13 and a database server program 14 that are read and executed on the memory 12B by the CPU 12A. Various data stored in the HDD 12C includes data registered by the CPU 12A executing the database server program 14 and a user database 15.

  The database server program 14 and the user database 15 are a part of storage means, and are stored in a storage device of a separate computer that can communicate with the computer executing the user authentication server program 13 through the intranet 26. It may be executed by the CPU 17 of the computer. Hereinafter, the CPU 12A that executes the user authentication server program 13 may be abbreviated as “user authentication server 13”, and the CPU 12A that executes the database server program 14 may be abbreviated as “database server 14”.

  In addition, the user database 15 stores the address or address, name or name, user ID (contract number), password, account, etc. for all customers who have signed an account opening contract with the specific financial institution by the user data server 14. A database in which types and account numbers are recorded and managed. Furthermore, the password database registration table shown in FIG. 2 is stored in the user database 15 as a configuration unique to the present embodiment. As shown in FIG. 2, this password application registration table registers a user ID for linking with another table and an application program for user authentication (hereinafter referred to as “password application”) to be described later. A flag indicating whether or not (hereinafter referred to as “password application registered flag”) and a predetermined number (four in the example of FIG. 2) of password application identification information (hereinafter referred to as “application ID”) are respectively registered. It is a table to be. The application ID is registered in the order of selection of the corresponding password application. In other words, the application ID of the password application to be selected first should be selected third in the “password application 1” field, and the application ID of the password application to be selected second should be selected in the “password application 2” field. The application ID of the password application to be selected fourth is registered in the “password application 3” field, and the application ID of the password application to be selected fourth is registered in the “password application 4” field. The number of application IDs that can be registered in the password application registration table may be arbitrary or may be fixed in advance. In this example, the password application registration table stores information specifying the selection order of each password application in the form of the position of the column in which the application ID is registered, but specifies the selection order of password applications. As information, the selection time of each password application may be registered. According to the man-machine interface of FIG. 8 to be described later, since it is not possible to select a plurality of password apps at the same time, it is possible to specify the selection order of each password app by comparing before and after the selection time of each password app. Because it becomes.

  Returning to FIG. 1, the user terminal 18 includes a CPU 19, a memory 20, a touch panel 21, a communication module 22, a display 23, a speaker 24, an acceleration sensor 25, and a home button 26 that are connected to each other through a bus B so as to exchange data. doing.

  The CPU 19 is a processing device that controls the entire user terminal 18 by reading and executing a program.

  The memory 20 is developed by a program that is read and executed by the CPU 19, a nonvolatile rewritable memory such as a ROM (Read Only Memory) and flash memory storing various data, and a temporary storage area as a work area of the CPU 19. RAM. The program includes a basic program for controlling the basic operation of the user terminal 18 and an application program (hereinafter referred to as “application”) for adding a desired function arbitrarily used by the user using the user terminal 18 to the CPU 19. Abbreviated).

  The communication module 22 terminates various wireless network protocols that can be used by the user using the user terminal 18, and performs wireless communication with a base station of the wireless network in a data format according to the protocol. It is a wireless device.

  The display 23 is a liquid crystal panel, an EL (electroluminescence) panel, or the like on which visible information such as various images, screens, and messages is displayed by the CPU 19. The visible information displayed on the display 23 includes a software keyboard.

  The touch panel 21 is a transparent member that is placed over the entire area of the display 23, and is a pointing device that detects a position where the operator's finger or touch pen has touched and inputs coordinate values indicating the position to the CPU 19.

  The speaker 24 emits sound based on the sound signal reproduced by the CPU 19 (and a sound processor (not shown)). If the user terminal 18 is a smartphone, the speaker 24 is also used for calling.

  The acceleration sensor 25 is a mechanical sensor that detects accelerations in three directions orthogonal to each other and inputs them to the CPU 19.

  The home button 26 is a push button installed side by side with the display 23 as shown in FIG.

  The basic program that the CPU 19 reads from the memory 20 and executes is input with items (icons, characters, buttons, etc.) displayed on the display 23 overlapping the position indicated by the coordinate value input from the touch panel 21. And a module that gives the CPU 19 a function of recognizing that the software keyboard is operated and recognizing an input character string. The basic program includes a list of icons 100 and 101 associated with a function for starting an application installed in the memory 20, as shown in FIG. The displayed screen (hereinafter referred to as “home screen”) is displayed on the display 23, and when any of the icons 100 and 101 is input, a function of starting an application associated with the icons 100 and 101 is provided. A module to be given to the CPU 19 is included.

  In the present embodiment, as a unique configuration, a “bank application” that shows a part of the processing contents in the flowcharts of FIGS. 4 and 5 is installed in the memory 20. In this bank application, it is detected based on the coordinate data from the touch panel 21 that the user has input the icon displayed on the display 23 (the icon 101 displayed as “silver” in FIG. 3). Triggered by that. Then, the CPU 19 executing the bank application accesses the bank system 12 according to the operation content input through the touch panel 21 and receives various services by the bank system 12. Then, when executing an important transaction (transfer or the like) while receiving various services, the CPU 19 executing the bank application executes the process of FIG. 4 in response to a request from the bank system 12. .

  In the first S001, the CPU 19 displays an ID input field and an OK button (not shown) on the display 23, and in the next S002, the user operates the above-described software keyboard to display a predetermined format in the ID input field. A character string satisfying the above condition is input and waiting for an OK button to be input. Then, when the user operates the software keyboard described above to input a character string satisfying a predetermined format in the ID input field and inputs an OK button, the CPU 19 advances the process to S003.

  In S003, the CPU 19 accesses the bank system 12 and makes a password application registration inquiry regarding the character string input in S001. Upon completion of S003, the CPU 19 waits for a response (S203, S210) from the bank system 12 in the next S004.

  In the bank system 12 that has received this password application registration inquiry, the user authentication server 13 interrupts and starts the process shown in FIG. 6, and receives and accepts a character string related to the inquiry as a user ID in S201 (corresponding to a receiving means). ).

  In the next S202, the user authentication server 13 determines whether or not the password application has been registered for the user ID accepted in S201 through the database server 14, in accordance with the user ID, the password application registration table of the user database 15. The determination is made based on whether or not the password application registered flag is set in FIG. If the password application registered flag is set in the password application registration table (FIG. 2) of the user database 15 corresponding to the user ID, it is determined that the password application has been registered for the user ID. In step S203, the inquiry source user terminal 18 is responded that it has been registered, and then the process proceeds to step S204. On the other hand, if the password application registered flag is not set in the password application registration table (FIG. 2) of the user database 15 corresponding to the user ID, the password application has not been registered for the user ID. In step S210, the inquiry source user terminal 18 is responded to the fact that it is not registered, and then the process proceeds to step S211.

  Returning to FIG. 4, if the response from the bank system 1 is “registered” in S <b> 004, the CPU 19 of the requesting user terminal 18 proceeds to S <b> 005, and proceeds to S <b> 021 if “not registered”.

  In S005, the CPU 19 searches the memory 20 for an application program installed in the user terminal 18, generates screen data listing the installed application programs, and based on this screen data, shown in FIG. Such a list screen is displayed on the display 23. In this list screen, icons and names of all application programs installed in the user terminal 18 are displayed in a list together with check boxes corresponding thereto. Note that only one of the icons and names of the application programs may be listed on the list screen. Further, the number of application programs whose icons or / and names are displayed on the list screen may be the total number of application programs installed in the user terminal 18, but in order to improve operability, Only a limited number may be used. However, all icons and / or names of all application programs registered in the password application registration table in the bank system 12 in association with the user ID of the user operating the user terminal 18 must be displayed. . Therefore, in the latter case, the CPU 19 and the database server 14 communicate with each other. For example, the CPU 19 notifies the application IDs of all application programs installed in the user terminal 18 to the database server 14. Among the notified application IDs, the above-mentioned number of application IDs including all application IDs registered in the password application registration table in response to the user ID of the user operating the user terminal 18 are responded to the user terminal 18. Then, the CPU 19 may display the icons or / and names of the above-mentioned number of application programs corresponding to the responded application ID on the list screen. Of the number of icons or / and names displayed on the list screen at this time, other than those corresponding to the application program whose application ID is registered in the password application registration table in association with the user ID of the user, Hereinafter, it is called “Decoy (dummy data)”.

  In next S006, the CPU 19 accepts selection of a password application. That is, on the list screen shown in FIG. 8, the user can input a check mark to the check box by touching the touch panel 21 that overlaps an arbitrary check box. When the check mark is input, the CPU 19 recognizes that the application program displaying the icon and the title corresponding to the check box in which the check mark is input is “selected” as the password application, and the selected application The program application IDs are stored in a temporary storage area on the memory 20 in the order of selection.

  In the next S007, the CPU 19 determines whether or not the user has selected the password application. For example, if the number of password application IDs that can be registered in the password application registration table (FIG. 2) of the user database 15 is fixed (four in the example of FIG. 2), this determination is the same as the number. This is performed based on whether or not an icon has been input (or whether or not the same number of applications have been selected). If the number of app IDs that can be registered is arbitrary, an “input completion” button (not shown) is displayed on the list screen, and the password application can be selected by inputting to the “input completion” button. You may determine with having completed.

  If it is determined in S007 that the password application has not yet been selected by the user, the CPU 19 returns the process to S006. On the other hand, if it is determined that the password application has been selected by the user, the CPU 19 advances the process to step S008.

  In S008, the CPU 19 displays on the display 23 a confirmation dialog (not shown) in which icons or names corresponding to the application IDs stored in the temporary storage area on the memory 20 are listed in the selection order. This confirmation dialog includes an NG button and an OK button. When the NG button is input, the CPU 19 resets the application ID stored in the temporary storage area on the memory 20 in step S010, and then returns to step S005. On the other hand, when the OK button is input, the CPU 19 advances the process to S011.

  In S011, the CPU 19 generates data (list of selected applications) that lists these application IDs in the order of selection based on the application IDs recorded in the temporary storage area of the memory 20 in the order of activation. In the selected application list, information for specifying the selection order of each password application is included, for example, in the form of a predetermined position in a message corresponding to the order or order of the matrix of application IDs. That is, the application ID of the selected password application is set at a predetermined position of the authentication request message transmitted from the terminal to the authentication server corresponding to the selection order. As described above, when the password application selection time is stored in the password application registration table, the selected application list only needs to include the selection time of each password application.

  In the next S012, the CPU 19 transmits the selected application list created in S011 to the bank system 12. When S012 is completed, the CPU 19 waits for a response from the bank system 12 in S013.

  Returning to FIG. 6, in S204 executed after responding “Registered” in S203, the user authentication server 13 receives the selected application list transmitted by the inquiry source user terminal 18 in S012 (reception means). Equivalent).

  In the next S206, the CPU 19 determines whether or not the password application selection order is correct. That is, the CPU 19 corresponds to the user ID received in S201, the selection order indicated by the identification information of the application ID selection order of the password application registered in the password application registration table (FIG. 2) of the user database 15, It is determined whether or not the selection order indicated by the identification information of the application ID selection order in the selected application list received in S204 matches. When the specific information of the selection order is the password application selection time, the CPU 19 compares the selection times of the password applications registered in the password application registration table (FIG. 2) to determine the password application selection time. Recognize the selection order. Similarly, the selection times of application IDs in the selected application list are compared to recognize the selection order of the password applications. Then, the CPU 19 determines whether or not the two selected selection orders match. If the former selection order and the latter selection order are different, the user authentication server 13 returns an authentication failure to the inquiry source user terminal 18 in S208, and then ends the interrupt process.

  On the other hand, if the former selection order matches the latter selection order, the user authentication server 13 returns a success of authentication to the inquiry source user terminal 18 in S207, and advances the process to S209. In S209, the user authentication server 13 recognizes that the message from the inquiry source user terminal 18 is from the user corresponding to the user ID received in S201, and performs a serious transaction according to the content of the message. Perform the process.

  In other words, in S206, the information received from the user terminal by the receiving means is associated with the user who is operating the user terminal, and a plurality of elements stored in the storage means (user database 15) are stored. This corresponds to determination means for determining whether or not information specifying the selection order is included. Further, in S207, the information received by the receiving unit includes information for specifying the selection order of a plurality of elements stored in the storage unit (user database 15) in association with the user operating the user terminal. Corresponds to response means for responding that the authentication is successful.

  Returning to FIG. 4, if the response from the bank system 1 is “authentication failure” in S <b> 013, the CPU 19 of the inquiry source user terminal 18 returns the process to S <b> 001 and repeats the authentication process. If so, proceed to processing for a critical transaction that requires user authentication.

  In contrast, in S021, which is executed when it is determined in S004 that the response received from the bank system 12 is “unregistered”, the CPU 19 displays a password input field and an OK button (not shown) on the display 23. After the display, in the next S022, the user waits until the user operates the above-described software keyboard to input a character string satisfying a predetermined format in the password input field and input the OK button. When the user operates the software keyboard described above to input an arbitrary character string in the password input field and inputs an OK button, the CPU 19 advances the process to S023.

  In S023, the CPU 19 transmits the character string input in the password input field to the bank system 12 as a password. After completing S023, the CPU 19 waits for a response from the bank system 12 in the next S024.

  At this time, in the bank system 12, the user authentication server 13 starts the password application registration process shown in FIG. 7 in S211 of FIG. Then, when the user authentication server 13 receives the password from the inquiry source user terminal 18 in the first S301, in S302, is the password registered in the user database 15 in association with the user iD received in S201? Check whether or not. If the received password is not registered in the user database 15 in association with the user ID received in S201, the user authentication server 13 registers the inquiry source user terminal 18 in S303. The password application registration process is terminated in response to the failure. On the other hand, when the received password is registered in the user database 15 in association with the user ID received in S201, the user authentication server 13 sends the inquiry user terminal 18 to the inquiry source user terminal 18 in S304. In response to the fact that registration is possible, in step S305, the reception of the selected application list from the inquiry source user terminal 18 is awaited.

  Returning to FIG. 5, if the response from the bank system 12 is “registration impossible” in S <b> 024, the CPU 19 of the inquiry source user terminal 18 ends the processing by the bank application. On the other hand, if the response from the bank system 12 is “registration possible”, the CPU 19 advances the process to S025. Since the processing from S025 to S032 is the same as the processing from S005 to S012 described above, a description thereof will be omitted. Upon completion of S028, the CPU 19 proceeds to processing for a serious transaction requiring user authentication.

  Returning to FIG. 7, in S <b> 305 executed after responding “Registered” in S <b> 304, the user authentication server 13 receives the selected application list transmitted by the inquiry source user terminal 18 in S <b> 032.

  In the next S306, the user authentication server 13 associates the user ID received in S201 with the application ID in the selected application list received in S305 in the password application registration table (FIG. 2) of the user database 15. Are registered in the order of selection. In other words, the user authentication server 13 includes any combination of the personal identification information and the password stored in the storage unit in association with each other in the information received by the reception unit from the user terminal 18. The identification information and the selection order of the plurality of applications included in the information received by the reception unit are stored in the storage unit (user database 15) in association with the personal identification information received in S201. Corresponds to registration means.

  In next S307, the user authentication server 13 sets a password application registered flag in the password application registration table (FIG. 2) of the user database 15 in association with the user ID received in S201. When S307 is completed, the user authentication server 13 advances the process to S209.

  Next, the operation of each component of the present embodiment configured as described above will be described with reference to the sequence diagram of FIG.

  A user who uses an online financial transaction acceptance service applies to a specific financial institution in advance to use the service. When the user applies for the use of the service, the specific financial institution assigns a user ID to the user, and the assigned user ID together with the password set by the customer and other information related to the customer's account, the bank system 12 Registered in the user database 15 stored in the HDD 12C. Further, the user authentication server 13 registers the application IDs of a predetermined number of application programs selected by the customer according to a desired order in the password application registration table (FIG. 2) of the user database 15 as a password application.

  Thereafter, the user operates the user terminal 18 held and used by the user, and accesses various services provided by the bank system 12 using the bank application. Then, when performing an important procedure (for example, transfer or settlement) in any service, the customer inputs his / her user ID in accordance with an instruction from the bank application (S001 to S002, S402). Then, according to the bank application, the CPU 19 of the user terminal issues a password application registration inquiry (S003, S402).

  Then, in the bank system 12, the database server 14 reads out information about the customer from the password application registration table (FIG. 2) of the user database 15 and outputs it to the user authentication server 13 (S421). Then, the user authentication server 13 checks whether or not the password application has been registered based on the value of the password application registration flag included in the information notified from the database server 14 (S202, S4011). In this case, the user authentication server 13 determines that the password application has been registered, and responds to that effect to the user terminal 18 (S203).

  Then, the user terminal 18 displays a list screen of application programs on the display 23 (S005, S403), and accepts selection by the user (S006, S404). Based on the selection order, a confirmation dialog is displayed (S008, S405). When the user confirms (S009, S406), a selected application list is created (S011), and the created selected application list is displayed in the bank system. 12 (S012, S407).

  Then, in the bank system 12, the user authentication server 13 matches the application IDs and the order of the password applications shown in the selected application list with all the application IDs and the order included in the information notified from the database server 14. (S206, S412), and notifies the user terminal 13 of successful authentication (S207, S413).

  Then, the user terminal 13 continues the process (S408), and can execute a serious transaction with the bank system 12 (S209).

  As described above, according to the present embodiment, the customer can be authenticated by selecting an application registered in advance as a password application in the order of registration on the list screen instead of the password. The number of apps that can be registered as such password apps is much larger than the number or number of characters. Therefore, it is very unlikely that the same combination as the combination of a predetermined number of applications registered as a password application by a customer is installed in a terminal held and used by another person. Furthermore, the probability of accidentally selecting password apps in order of registration from among a large number of installed apps including password apps is reasonably lower. Therefore, the strength of security is higher than that of a normal password, and the risk of impersonation is correspondingly lower than that of a normal password. Furthermore, every time a user adds an application program using the user terminal 18, Decoy (dummy data) increases, so that the security strength is further improved. Nevertheless, since applications that can be registered as password applications are generally distributed, even if the user changes the user terminal 18, the user before the change can be obtained by installing the same password application. The environment of the terminal 18 can be easily restored. In addition, icons and names of application programs are easier for users to recognize and store visually and conceptually than conventional passwords consisting essentially of phonetic characters, and store them in association with their own behavior patterns. There is an advantage that it is easy.

  Note that user authentication using the password application selection order according to the present embodiment may be used in combination with conventional user authentication using a password. In this embodiment, user authentication is performed based on the selection order of password applications. However, user authentication is performed based on a combination of selected password applications without using selection order specifying information as an element of user authentication. You can go. However, in that case, the user terminal 18 and the database server 14 communicate, and the CPU 19 notifies the application IDs of all application programs installed in the user terminal 18 to the database server 14. In response to the user terminal 18, the number of application IDs including all application IDs registered in the password application registration table in association with the user ID of the user who is operating the user terminal 18 among the application IDs that have been received. The CPU 19 preferably employs a configuration in which icons or / and names of the above-mentioned number of application programs corresponding to the responded application ID are displayed on the list screen.

  In the present embodiment, the application program is selected as the user authentication element, but other elements may be selected. For example, an access point, a point recorded in a log file, or the like may be used as an element for user authentication.

(Embodiment 2)
Hereinafter, the second embodiment of the present invention will be described in detail. In the second embodiment, so-called mosquito sounds, which use high sounds located near the upper limit of the human audible sound range, and specific information that specifies the upper limit of the sound range that the user can listen to are intended to be used as personal identification information. Is. In other words, there is an upper limit in the range that humans can listen to, and this upper limit is higher for younger people and lowers with age, but it depends on the individual. Therefore, information that specifies the upper limit of treble that the user can listen to can be used as personal identification information.

  Since the hardware configuration of the second embodiment is the same as that of the first embodiment described above, description thereof is omitted. Since the second embodiment is different from the first embodiment described above only in the processing contents of the user database 15 and each program, only such differences will be described below.

  FIG. 10 is an audible range registration table stored in the user database 15 instead of the password application registration table shown in FIG. As shown in FIG. 10, this audible sound range registration table includes a user ID for linking with other tables and a flag (hereinafter referred to as “the audible sound range for user authentication” described later). The audible sound range registered flag ”) and the audible sound range are tables registered respectively.

  As in the first embodiment described above, when executing an important transaction (transfer or the like) while receiving various services, the CPU 19 executing the bank application in response to a request from the bank system 12 11 is executed.

  In the first S501, the CPU 19 displays an ID input field and an OK button (not shown) on the display 23, and then in the next S502, the user operates the above-described software keyboard to display a predetermined format in the ID input field. A character string satisfying the above condition is input and waiting for an OK button to be input. Then, when the user operates the software keyboard described above to input a character string satisfying a predetermined format in the ID input field and inputs an OK button, the CPU 19 advances the process to S503.

  In S503, the CPU 19 accesses the bank system 12 and makes a registration inquiry for the audible range specifying information regarding the character string input in S501. Upon completion of S503, the CPU 19 waits for a response (S603, S610) from the bank system 12 in the next S504.

  In the bank system 12 that has received the registration inquiry for the audible range specifying information, the user authentication server 13 starts interrupting the process shown in FIG. 13 and receives and accepts a character string related to the inquiry as a user ID in S601.

  In next step S602, the user authentication server 13 determines whether or not the audible range specifying information has already been registered for the user ID received in S601 through the database server 14 in accordance with the user ID. The determination is made based on whether the audible range registered flag is set in the registration table (FIG. 10). If the audible range registered flag is set in the audible range registration table (FIG. 10) of the user database 15 corresponding to the user ID, it is determined that the audible range has been registered for the user ID. In step S603, the inquiry source user terminal 18 is responded that it has been registered, and then the process proceeds to step S604. On the other hand, if the audible range registered flag is not set in the audible range registration table (FIG. 10) of the user database 15 corresponding to the user ID, the audible range is not registered for the user ID. In step S610, the inquiry source user terminal 18 is responded to the fact that it is not registered, and then the process proceeds to step S611.

  Returning to FIG. 11, if the response from the bank system 1 is “registered” in S <b> 504, the CPU 19 of the requesting user terminal 18 advances the process to S <b> 505, and if “response is not registered”, advances the process to S <b> 511.

  In S505, the CPU 19 displays an “authenticating” screen shown in FIG. 15 on the display 23, and outputs an ultrasonic level high tone (that is, a high frequency range that cannot be heard even by a child). Generated from the speaker 24.

  In next step S506, the CPU 19 checks whether or not an operation indicating that the user has heard a high tone has been detected. Here, the operation to the effect that a high tone is heard is selected in advance from touching the touch panel 21 or pressing the home button 26. If the user terminal 18 includes the acceleration sensor 25, an operation of shaking the user terminal 18 itself may be selected as an operation indicating that a high sound has been heard. If an operation indicating that a high tone has been heard has not been detected, the CPU 19 lowers the frequency of the high tone emitted from the speaker 24 by a predetermined amount in S507, and then in S506. Perform the check again. On the other hand, when the operation indicating that the high temperature is heard is detected, the CPU 19 advances the processing to S508.

  In S508, the CPU 19 makes an audible sound range centered on the frequency of the high sound emitted from the speaker 24 at the time of detecting that the user has heard a high sound in S508 (the sound range having a certain amount of width). Specified as a range.

  In next S509, the CPU 19 transmits information (audible sound range specifying information) specifying the audible sound range specified in S508 to the bank system 12. Upon completion of S509, the CPU 19 waits for a response from the bank system 12 in S510.

  Returning to FIG. 13, in S <b> 604 executed after responding “Registered” in S <b> 603, the user authentication server 13 receives the audible range specifying information transmitted by the inquiry source user terminal 18 in S <b> 509 (reception means). Equivalent).

  In next step S606, the CPU 19 determines whether or not the audible sound range is matched. In other words, the CPU 19 corresponds to the audible range registered in the audible range registration table (FIG. 10) of the user database 15 corresponding to the user ID received in S601, and the audible range indicated by the audible range specifying information received in S604. Are in agreement with each other. If they are different, the user authentication server 13 returns an authentication failure to the inquiry source user terminal 18 in S608, and then ends the interrupt processing.

  On the other hand, when the former audible sound range and the latter audible sound range coincide with each other, the user authentication server 13 returns a success of authentication to the inquiry source user terminal 18 in S607 and advances the process to S609. In S609, the user authentication server 13 recognizes that the message from the inquiry source user terminal 18 is from the user corresponding to the user ID received in S601, and performs a serious transaction according to the content of the message. Perform the process.

  In other words, S606 includes a combination of personal identification information and audible sound range stored in the storage means (user database 15) in association with each other in the information received from the user terminal by the receiving means. S609 includes a combination of personal identification information and audible sound range stored in the storage means (user database 15) in association with the information received by the receiving means. Is determined, it corresponds to a processing means for processing information from the user terminal 18 thereafter as information from the user indicated by the personal identification information received in S601. Further, in S607, if it is determined that the combination of the personal identification information stored in the storage unit (user database 15) and the audible range is included in association with the information received by the receiving unit, the authentication is performed. This corresponds to response means for responding to the effect.

  Returning to FIG. 11, if the response from the bank system 1 is “authentication failure” in S510, the CPU 19 of the inquiry source user terminal 18 returns the process to S501 and repeats the authentication process. If so, proceed to processing for a critical transaction that requires user authentication.

  In contrast, in S511, which is executed when it is determined in S504 that the response received from the bank system 12 is “unregistered”, the CPU 19 displays a password entry field and an OK button (not shown) on the display 23. After the display, in step S512, the user waits for the user to operate the software keyboard described above to input a character string satisfying a predetermined format in the password input field and input the OK button. Then, when the user operates the software keyboard described above to input an arbitrary character string in the password input field and inputs the OK button, the CPU 19 advances the process to S513.

  In S513, the CPU 19 transmits the character string input in the contract number input field to the bank system 12 as a password. After completing S513, the CPU 19 waits for a response from the bank system 12 in the next S514.

  At this time, in the bank system 12, the user authentication server 13 starts the audible range-registration process shown in FIG. 14 in S611 of FIG. When the user authentication server 13 receives the password from the inquiry source user terminal 18 in the first S701, is the password registered in the user database 15 in S702 in association with the user iD received in S601? Check whether or not. If the received password is not registered in the user database 15 in association with the user ID received in S601, the user authentication server 13 registers the inquiry source user terminal 18 in S703. The password application registration process is terminated in response to the failure. On the other hand, when the received password is registered in the user database 15 in association with the user ID received in S601, the user authentication server 13 sends the inquiry user terminal 18 to the inquiry source user terminal 18 in S704. In response to the fact that registration is possible, in the next S705, reception of audible range specifying information from the inquiry source user terminal 18 is awaited.

  Returning to FIG. 12, if the response from the bank system 12 is “registration impossible” in S <b> 514, the CPU 19 of the inquiry source user terminal 18 ends the processing by the bank application. On the other hand, if the response from the bank system 12 is “registration possible”, the CPU 19 advances the process to S515. Since the processing from S515 to S519 is the same as the processing from S505 to S509 described above, the description thereof is omitted. Upon completion of S519, the CPU 19 proceeds to processing for a serious transaction requiring user authentication.

  Returning to FIG. 14, in S <b> 705 executed after responding “Registered” in S <b> 704, the user authentication server 13 receives the audible range specifying information transmitted by the inquiry source user terminal 18 in S <b> 519.

  In next step S706, the user authentication server 13 registers the audible range specifying information received in S705 in the audible range registration table (FIG. 10) of the user database 15 in association with the user ID received in S601. In other words, the user authentication server 13 includes any combination of the personal identification information and the password stored in the storage unit in association with each other in the information received by the reception unit from the user terminal. The audible range specifying information included in the information received by the receiving means corresponds to the registration means for storing the information in the storage means (user database 15) in association with the personal identification information received in S601.

  In next step S707, the user authentication server 13 sets an audible range registered flag in the audible range registration table (FIG. 10) of the user database 15 in association with the user ID received in step S601. When S707 is completed, the user authentication server 13 advances the process to S609.

  As described above, according to this embodiment, instead of a password, a customer can be authenticated by starting a bank application and performing a predetermined operation when a high tone is heard from the speaker 24. . Since the upper limit of the audible sound range depends on the individual, it is unlikely that another person will perform a predetermined operation at the timing when the sound in the same sound range is emitted. Therefore, the strength of security is higher than that of a normal password, and the risk of impersonation is correspondingly lower than that of a normal password. Since the specification of the audible band does not depend on the model, even if the user changes the user terminal 18, authentication can be easily performed.

10 Online transaction system 12 Bank system 12A CPU
12C HDD
13 User Authentication Server Program 14 Database Server Program 15 User Database 16 Internet 18 User Terminal 19 CPU
20 Memory 21 Touch Panel 22 Communication Module 23 Display

Claims (4)

Storage means for storing information specifying the selection order of several elements,
From User chromatography The terminal, receiving means for receiving information input as the authentication information by the user,
Determining means for determining whether or not the information received from the user terminal by the receiving means includes information specifying a selection order of a plurality of elements stored in the storage means;
The element is a user authentication device selected from application programs installed in the user terminal. The storage means stores information specifying the selection order of the plurality of elements in association with the user,
Information that specifies the selection order of a plurality of elements stored in the storage unit in association with a user who is operating the user terminal is added to the information received by the receiving unit from the user terminal by the determination unit. 2. The user authentication device according to claim 1, further comprising response means for responding that the authentication is successful when it is determined that the authentication is included. The storage means stores, as information for specifying a selection order of the plurality of elements, information for specifying a selection order of a plurality of applications identified by identification information about the plurality of elements. The user authentication device according to claim 1. The user authentication apparatus according to claim 1, wherein the information specifying the selection order of the plurality of elements is a selection time of the plurality of elements.

Images