JP7079528B2 - Service provision system and service provision method - Google Patents

Description

The present invention relates to a service providing system and a service providing method.

Services such as online banking, online shopping, and online trading using the Internet are widespread. In order to use such a service, the user needs to operate a terminal device such as a PC (Personal Computer) or a smartphone to access a dedicated site, enter an ID and a password, and log in.

In the case of login using an ID and password, there is a problem of spoofing by another person. In Patent Document 1, after the server authenticates the user using the ID and password, the server guides the user to make a call to the registered communication terminal (for example, a mobile phone or a smartphone), and calls from the registered communication terminal. It describes an invention that addresses the problem of spoofing by starting processing of a service when there is an incoming call.

JP-A-2015-111329

In the case of the invention described in Patent Document 1, the server can authenticate that the client terminal is a legitimate client terminal by confirming the incoming number from the client terminal. On the other hand, on the client terminal side, it is difficult to authenticate that the server is a legitimate server. That is, the invention described in Patent Document 1 has an insufficient aspect regarding mutual authentication between the server and the client terminal. Mutual authentication is possible if the server obtains the digital certificate and sends it to the client terminal, but obtaining the digital certificate is troublesome and troublesome.

The present invention has been made in view of the above circumstances, and an object of the present invention is to provide a service providing system and a service providing method capable of improving security at the time of login without imposing a burden on the user.

In order to achieve the above object, the service providing system according to the present invention is
A login request acquisition method for acquiring a login request requesting the user to log in to the service from the terminal,
When the login request is acquired, the telephone authentication request means for transmitting the telephone request information requesting the local system to make a telephone connection with the specified telephone number to the terminal, and the telephone authentication request means.
A telephone authentication means that authenticates based on an incoming call from the user's mobile terminal after transmitting the telephone request information.
OTP creation method to create a one-time password,
When the authentication by the telephone authentication means is successful, the encryption means for encrypting the address information for accessing the own system including the one-time password by using the password of the user, and the encryption means.
An address transmission means for transmitting address information encrypted by the encryption means to the terminal, and an address transmission means.
An OTP authentication means that authenticates the terminal based on the one-time password received from the terminal after transmitting the address information and the one-time password created by the OTP creating means.
A service execution means that executes a process for providing the service to the terminal when the authentication by the OTP authentication means is successful.
To prepare for.

According to the present invention, it is possible to improve the security at the time of login without imposing a burden on the user.

It is a figure which shows the configuration example of the service provision system which concerns on Embodiment 1 of this invention. It is a block diagram which shows the configuration example of a server. It is a figure which shows the configuration example of the customer DB. It is a block diagram which shows the configuration example of an authentication apparatus. It is a figure which shows the structural example of the telephone number storage DB. It is a figure which shows the configuration example of the incoming call management DB. It is a block diagram which shows the configuration example of a user terminal. It is a functional block diagram of the service provision system which concerns on Embodiment 1 of this invention. It is a flowchart (the 1) which shows an example of the login process which concerns on Embodiment 1. FIG. 2 is a flowchart (No. 2) showing an example of the login process according to the first embodiment. FIG. 3 is a flowchart (No. 3) showing an example of the login process according to the first embodiment. FIG. 4 is a flowchart (No. 4) showing an example of the login process according to the first embodiment. It is a flowchart which shows an example of a password authentication process. It is a figure which shows the example of the telephone request screen. It is a figure which shows the example of the input screen. It is a figure which shows the configuration example of the service provision system which concerns on Embodiment 2 of this invention. It is a functional block diagram of the service provision system which concerns on Embodiment 2 of this invention. It is a flowchart (the 1) which shows an example of the login process which concerns on Embodiment 2. FIG. 2 is a flowchart (No. 2) showing an example of the login process according to the second embodiment. FIG. 3 is a flowchart (No. 3) showing an example of the login process according to the second embodiment. It is a figure which shows the example of the telephone request screen in Embodiment 2.

<Embodiment 1>
Hereinafter, Embodiment 1 of the present invention will be described in detail with reference to the drawings. In the figure, the same or equivalent parts are designated by the same reference numerals.

FIG. 1 is a diagram showing an overall configuration of a service providing system 1 according to the first embodiment of the present invention. The service providing system 1 includes a server 10 and an authentication device 20. The server 10 is connected to the user terminal 30 via the Internet N1. The authentication device 20 is connected to the mobile terminal 40 via the telephone network N2 and is connected to the server 10 via the Internet N1.

The server 10 is a Web server that provides various services to the user terminal 30 via the Internet N1. The "service" here is, for example, a service such as online banking, online shopping, online trading, and electronic ticket system using the Internet N1, and it is necessary to be authenticated as a legitimate user at the time of use. There is. The server 10 is managed by, for example, a company that operates a service to be provided. As shown in FIG. 2, the server 10 includes a communication unit 11, a storage unit 12, and a control unit 13. The server 10 may be composed of one computer or a plurality of computers. Although only one server 10 is shown in FIG. 1, a plurality of servers 10 that provide different services may be connected to the authentication device 20 respectively.

The communication unit 11 performs data communication with the user terminal 30 and the authentication device 20 via the Internet N1 under the control of the control unit 13. The communication unit 11 includes, for example, a communication interface such as a NIC (Network Interface Card). For example, the communication unit 11 receives a service login request from the user terminal 30 via the Internet N1.

The storage unit 12 is a hard disk drive or the like, and stores various data necessary for the server 10 to operate. For example, the storage unit 12 stores the customer DB 121.

The customer DB 121 stores information about each user who can use the service provided by the server 10. Specifically, as shown in FIG. 3, the customer DB 121 has a user ID, a password, a telephone number, a password valid / invalid flag, the number of errors on the day, the cumulative number of errors, the first encryption key, and encryption for each user. Data etc. are stored.

The telephone number stored in the customer DB 121 is a telephone number set in the user's mobile terminal 40, and is information that uniquely identifies the mobile terminal 40. The record registered in the customer DB 121 associates the user (user ID) with the mobile terminal 40 (telephone number) of the user.

Further, the password valid / invalid flag stored in the customer DB 121 indicates whether the password is currently valid or invalid. The number of errors on the day stored in the customer DB 121 indicates the number of times on the day when the password entered by the user does not match in the login process described later and an error occurs. The number of errors on the day is reset when the date changes. When the number of errors on the day exceeds the predetermined limit on the day, the password valid / invalid flag is set to "invalid" for a predetermined stop period. This prevents the user from logging in to the service during the outage period.

Further, the cumulative number of errors stored in the customer DB 121 indicates the cumulative number of times that an error has occurred because the password entered by the user does not match. If the cumulative number of errors exceeds the predetermined cumulative limit, the password valid / invalid flag is set to "invalid". As a result, login from this user is stopped until a predetermined reset process or the like is performed.

Further, the first encryption key stored in the customer DB 121 is irreversibly created from the one-time password (hereinafter referred to as OTP) received from the authentication device 20 and the user password, and after login, the server 10 and the user terminal 30 are used. It is used to encrypt and decrypt data sent and received between. For example, the first encryption key is created by hashing a character string in which an OTP and a password are concatenated with a hash function such as MD (Message Digest algorithm) 5.

Further, the encrypted data stored in the customer DB 121 is the encrypted data having high confidentiality among the data related to the user required when the server 10 provides the service. The encrypted data is, for example, data in which the user's credit information is encrypted or data in which the user's account information is encrypted. What kind of data is stored in the customer DB 121 as encrypted data may be set for each user, or may be uniformly set on the server 10 side.

For example, the encrypted data is encrypted by the server 10 using the encryption key acquired from the authentication device 20 for registration data (credit information, etc.) received from the user terminal 30 after the initial login from the user terminal 30. It is created by the above and stored in the customer DB 121. For example, the authentication device 20 uses the authentication information of the logged-in user stored in the incoming call management DB 222 with predetermined processing as the encryption key of the encrypted data. The encrypted data may be encrypted using another encryption key. Encryption of encrypted data is performed by a common key method, and it is possible to decrypt encrypted data with the encryption key used for encryption. In the following description, the encryption key used for encrypting the encrypted data will be referred to as a second encryption key.

Returning to FIG. 2, the control unit 13 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), etc. (none of which are shown), and the CPU uses the RAM as a work memory. , The entire server 10 is controlled by appropriately executing various programs stored in the ROM and the storage unit 12.

Returning to FIG. 1, the authentication device 20 will be described subsequently. When the user terminal 30 requests to log in to the server 10, the authentication device 20 performs a process of creating an OTP for authentication based on the request from the server 10. Further, the authentication device 20 accepts an incoming call from the user's mobile terminal 40 and performs a process of authenticating the mobile terminal 40 (telephone authentication) based on the telephone number or the like of the called source. As shown in FIG. 4, the authentication device 20 includes a communication unit 21, a storage unit 22, and a control unit 23. The authentication device 20 may be composed of one computer or a plurality of computers.

The communication unit 21 communicates with the mobile terminal 40 via the telephone network N2 under the control of the control unit 23. Further, the communication unit 21 communicates with the server 10 via the Internet N1 under the control of the control unit 23.

The storage unit 22 is, for example, a hard disk drive or the like, and stores various data necessary for the authentication device 20 to operate. Further, the storage unit 22 stores the telephone number storage DB 221 and the incoming call management DB 222.

The telephone number storage DB 221 stores a plurality of telephone numbers set in the authentication device 20. The mobile terminal 40 can make a telephone call to the authentication device 20 by designating any one of a plurality of telephone numbers stored in the telephone number storage DB 221. Specifically, as shown in FIG. 5, the telephone number storage DB 221 stores a plurality of records in which the telephone number and the contract date are associated with each other. The contract date indicates the date on which this telephone number was contracted for telephone connection. For example, the administrator may delete a telephone number for which a certain period (for example, one year) has passed from the contract date from the telephone number storage DB 221. The telephone number storage DB 221 may store only one telephone number.

The incoming call management DB 222 stores information and the like regarding incoming calls from the mobile terminal 40. Specifically, as shown in FIG. 6, the incoming call management DB 222 stores the authentication information, the incoming telephone number, the OTP, and the registration date and time in association with each other. The incoming call management DB 222 is an example of the authentication information storage means of the present invention.

The authentication information stored in the incoming call management DB 222 is information obtained by irreversibly converting an incoming telephone number from a mobile terminal 40 by using a predetermined method (for example, hashing). The authentication information is set as a key for identifying a record stored in the incoming call management DB 222. Therefore, records having the same authentication information are not duplicately registered in the incoming call management DB 222.

The called destination telephone number stored in the incoming call management DB 222 is a telephone number indicating the destination of the incoming call. The called destination telephone number is one of a plurality of valid telephone numbers stored in the telephone number storage DB 221. The registration date and time stored in the incoming call management DB 222 indicates the date and time when the incoming call was received.

Returning to FIG. 4, the control unit 23 includes a CPU, ROM, RAM, etc. (none of which are shown), and the CPU uses the RAM as a work memory and appropriately uses various programs stored in the ROM and the storage unit 22. By executing this, the entire authentication device 20 is controlled.

Returning to FIG. 1, the user terminal 30 will be described subsequently. The user terminal 30 is, for example, a PC (Personal Computer) operated by the user, and is connected to the server 10 via the Internet N1. As shown in FIG. 7, the user terminal 30 includes a communication unit 31, an input unit 32, a display unit 33, a storage unit 34, and a control unit 35.

The communication unit 31 is provided with a communication interface, and under the control of the control unit 35, performs data communication with the server 10 via the Internet N1.

The input unit 32 is a keyboard, a mouse, or the like, and is used for inputting various information to the user terminal 30. For example, when logging in to the service, the user operates the input unit 32 to input his / her user ID. Further, the user operates the input unit 32 to input a password required for decoding the URL (Uniform Resource Locator) received from the server 10. The URL corresponds to the address information of the present invention.

The display unit 33 is, for example, a liquid crystal display or the like, and outputs various information under the control of the control unit 35. For example, the display unit 33 displays an input screen and a telephone request screen, which will be described later.

The storage unit 34 is, for example, a hard disk tribe or a flash memory, and stores various data and programs necessary for the user terminal 30 to operate. For example, the storage unit 34 stores screen data of the login screen.

The control unit 35 controls the entire user terminal 30. The control unit 35 includes, for example, a CPU, a ROM, a RAM, and the like. For example, the control unit 35 performs a process of decrypting an encrypted URL received from the server by using the password input from the user via the input unit 32.

Returning to FIG. 1, the mobile terminal 40 is, for example, a smartphone or a mobile phone, and includes a touch panel (CPU), ROM, RAM, flash memory, etc. (not shown). The mobile terminal 40 has a telephone function, and can be telephone-connected to the authentication device 20 via the telephone network N2.

Subsequently, the functional configuration of the service providing system 1 according to the first embodiment of the present invention will be described with reference to FIG.

As a functional configuration, the server 10 includes a login request acquisition unit 101, an encryption unit 102, a URL transmission unit 103, a password authentication unit 104, a telephone authentication request unit 105, and a service execution unit 106. .. Each of these units 101 to 106 is realized by a communication unit 11, a storage unit 12, and a control unit 13. The authentication device 20 includes an OTP creation unit 201, an OTP authentication unit 202, and a telephone authentication unit 203 as functional configurations. Each of these units 201 to 203 is realized by the communication unit 21, the storage unit 22, and the control unit 23.

The login request acquisition unit 101 acquires a login request requesting the user to log in to the service from the user terminal 30 via the Internet N1. The login request contains only the user ID and does not include the password. The login request acquisition unit 101 is an example of the login request acquisition means of the present invention.

The OTP creation unit 201 creates an OTP such as a random number and transmits it to the server 10 together with the telephone number of the authentication device 20. The OTP creating unit 201 is an example of the OTP creating means of the present invention.

The telephone authentication request unit 105 transfers the screen data of the telephone request screen for requesting the authentication device 20 to make a telephone call from the user's mobile terminal 40 to the user terminal 30 which is the sender of the login request. Send. The telephone authentication requesting unit 105 is an example of the telephone authentication requesting means of the present invention.

The telephone authentication unit 203 authenticates (terminal authentication) that the mobile terminal 40 is a legitimate terminal based on an incoming call from the mobile terminal 40 to a designated telephone number, and if the authentication is successful, the telephone authentication is performed. The completion notification is transmitted to the encryption unit 102. The telephone authentication unit 203 is an example of the telephone authentication means of the present invention.

The encryption unit 102 encrypts the URL for accessing the server including the OTP received from the authentication device 20 as a parameter by using the password of the login user. The encryption unit 102 is an example of the encryption means of the present invention.

The URL transmission unit 103 transmits the URL encrypted by the encryption unit 102 and the screen data of the input screen for inputting the information for decrypting the URL to the user terminal 30 which is the transmission source of the login request. .. The URL transmission unit 103 is an example of the address transmission means of the present invention.

When the user terminal 30 accesses by URL, the password authentication unit 104 performs authentication (password authentication) based on the number of password authentication errors received together with this URL, and if the password authentication is successful, the OTP authentication unit 202 Send an OTP authentication request to. The password authentication unit 104 is an example of the password authentication means of the present invention.

After confirming that the OTP received from the user terminal 30 matches the OTP created by the OTP creation unit 201, the OTP authentication unit 202 sends an authentication completion notification to the service execution unit 106. The OTP authentication unit 202 is an example of the OTP authentication means of the present invention.

When the service execution unit 106 receives the authentication completion notification from the OTP authentication unit 202, the service execution unit 106 executes a process for providing a predetermined service to the user terminal 30 that is the source of the login request. Further, the service execution unit 106 creates a second encryption key for encrypting the data transmitted / received to / from the user terminal 30 after logging in, and stores the second encryption key in the customer DB 121. The service execution unit 106 is an example of the service execution means of the present invention.

Subsequently, the login process for causing the user to log in to a predetermined service in the above-mentioned service providing system 1 will be described with reference to the flowcharts of FIGS. 9 to 12.

A user who wants to use the service provided by the server 10 (hereinafter, also referred to as a "login user") operates the input unit 32 of the user terminal 30 and displays his / her user ID on the login screen displayed on the display unit 33. Enter and perform the specified operation. In response to this operation, the control unit 35 of the user terminal 30 transmits a login request including the input user ID to the server 10 via the Internet N1 (step S101 in FIG. 9). In the following description, the user ID included in the login request is also referred to as a login user ID.

When the login request acquisition unit 101 of the server 10 receives the login request, the record including the login user ID is stored in the customer DB 121, and the password of the record is valid (that is, the password valid / invalid flag is set. Confirm that it is "valid") (step S102). If no such record is stored, the login process ends with an error.

Subsequently, the login request acquisition unit 101 acquires the telephone number of the login user's mobile terminal 40 from the customer DB 121, and creates authentication information for authentication from the telephone number (step S103).

Specifically, the login request acquisition unit 101 processes the acquired telephone number in accordance with a predetermined rule (hereinafter referred to as a number processing rule), and then performs a predetermined rule (hereinafter referred to as a number conversion rule). Create authentication information by performing irreversible conversion according to the above. The number processing rule may be any rule, for example, a rule for moving the last four digits of a telephone number to the beginning or a rule for inserting a specific character string or number between each number of a telephone number. Is also good. Further, the number conversion rule may be any conversion as long as it is irreversible, and may be, for example, a rule for performing hash conversion using MD5.

Subsequently, the login request acquisition unit 101 transmits an OTP acquisition request including the created authentication information to the authentication device 20 (step S104).

The telephone authentication unit 203 of the authentication device 20 confirms that the record having the authentication information included in the received OTP acquisition request is not registered in the incoming call management DB 222 (step S105). If such a record is registered, the process ends as an error.

Subsequently, the OTP creation unit 201 creates an OTP (step S106). Then, the OTP creation unit 201 selects one from a plurality of valid telephone numbers stored in the telephone number storage DB 221 (step S107).

Subsequently, the OTP creation unit 201 receives a record including the authentication information included in the received OTP acquisition request, the telephone number (destination telephone number) selected in step S107, and the OTP created in step S106. Register in the management DB 222 (step S108). Then, the OTP creation unit 201 transmits the selected telephone number and the created OTP to the server 10 (step S109).

Upon receiving the telephone number and OTP, the telephone authentication request unit 105 of the server 10 uses the login user's password and the authentication device as the first encryption key for encrypting the data transmitted to and received from the user terminal 30 after login. It is created from the OTP received from 20 and registered in the record of the logged-in user of the customer DB 121 (FIG. 10, step S110).

Subsequently, the telephone authentication request unit 105 transmits the screen data of the telephone request screen requesting to make a telephone call to the telephone number received from the authentication device 20 in step S109 to the user terminal 30 of the sender of the login request (then, the telephone authentication request unit 105 transmits the screen data of the telephone request screen. Reply) (step S111). The screen data of the telephone request screen corresponds to the telephone request information of the present invention. The telephone authentication request unit 105 may transmit only the telephone number of the telephone call destination to the user terminal 30 as the telephone request information.

Subsequently, the control unit 35 of the user terminal 30 causes the display unit 33 to display the telephone request screen as shown in FIG. 14 based on the received screen data (step S112). The telephone number "03-1234-4444" displayed on the telephone request screen shown in FIG. 14 is the telephone number selected in step S107.

Returning to FIG. 10, the user operates his / her own mobile terminal 40 according to the contents instructed on the telephone authentication request screen, and in response to the operation, the mobile terminal 40 uses the telephone number instructed on the telephone request screen. A telephone call is made to the authentication device 20 (step S113).

When there is an incoming call, the telephone authentication unit 203 of the authentication device 20 converts the incoming telephone number into authentication information by the same method as in step S103. Then, the telephone authentication unit 203 has registered a record having a set of the converted authentication information and the telephone number of the incoming call source in the incoming call management DB 222, and has a predetermined time from the registration date and time of the record. For example, telephone authentication is performed to confirm that 10 minutes) has not passed (step S114). If there is no such record, the process ends as an error.

The telephone authentication unit 203 immediately disconnects the incoming call without answering the incoming call from the mobile terminal 40. As a result, the login user will not be charged for the telephone bill. Further, the telephone authentication unit 203 may answer the incoming call with a predetermined voice only when an error occurs in step S114. This is because there is a high possibility that the call is received from an unjust third party.

If the telephone authentication is successful, the telephone authentication unit 203 transmits a telephone authentication completion notification to the server 10 (step S115).

Upon receiving the telephone authentication completion notification, the encryption unit 102 of the server 10 creates a URL for accessing the server 10 including the OTP received from the authentication device 20 as a parameter (step S116). Specifically, this URL is a URL in which an OTP is added as a query parameter to a URL including the domain name of the server 10.

Subsequently, the encryption unit 102 encrypts the created URL using the password of the login user as an encryption key (FIG. 11, step S117). Note that this encryption is performed by a common key encryption method, and the encrypted URL can be decrypted with the encryption key used for encryption (that is, the password of the logged-in user). The password of the logged-in user may be obtained from the customer DB 121.

Subsequently, the URL transmission unit 103 transmits the encrypted URL and the screen data of the input screen for causing the logged-in user to input the password to the user terminal 30 (step S118).

The control unit 35 of the user terminal 30 causes the display unit 33 to display an input screen as shown in FIG. 15A based on the received screen data (step S119). The login user inputs his / her password on the input screen via the input unit 32 of the user terminal 30, and presses the OK button. In response to this operation, the control unit 35 of the user terminal 30 decodes the received URL using the entered password (step S120).

If the URL cannot be decrypted with the entered password, the control unit 35 causes the display unit 33 to display an input screen for prompting the re-entry of the password as shown in FIG. 15B. Further, the control unit 35 counts the number of times the password is re-entered (the number of errors). For example, the control unit 35 may set the number of errors by subtracting 1 from the number of times the OK button is pressed from the input screen.

Returning to FIG. 11, when the decryption of the URL is completed, the control unit 35 of the user terminal 30 creates a first encryption key from the OTP included in the URL and the password input from the input screen, and stores the first encryption key in the storage unit 34. (Step S121). This first encryption key is used for encrypting data transmitted to and received from the server 10 after login. If the first encryption key is already stored, it is updated with the first encryption key created this time. By the process of step S121 and the process of step S110 described above, the same first encryption key is stored in both the user terminal 30 and the server 10.

Subsequently, the control unit 35 of the user terminal 30 accesses the server 10 using the decrypted URL, and notifies the server 10 of the number of errors (step S122). As a result, the OTP included in the URL is transmitted to the server 10 together with the number of errors.

When the user terminal 30 accesses the password authentication unit 104 by the URL, the password authentication unit 104 of the server 10 executes a password authentication process for performing authentication based on the number of errors received at the same time (FIG. 12, step S123). The details of the password authentication process will be described with reference to the flowchart of FIG.

When the password authentication process is started, the password authentication unit 104 first determines whether or not the number of received errors is 0 (step S123A). If the number of errors is 0 (step S123A; Yes), the password authentication unit 104 determines that the authentication is successful (step S123B) because the user has correctly entered his / her password with one input. Then, the password authentication unit 104 updates the cumulative error count of the logged-in user and the error count on the day stored in the customer DB 121 to 0 (step S123C), and the password authentication process ends.

On the other hand, when the number of errors is 1 or more (step S123A; No), the password authentication unit 104 adds the number of errors on the day and the cumulative number of errors stored in the customer DB 121 by the number of received errors. (Step S123D).

Subsequently, the password authentication unit 104 determines whether or not the cumulative number of errors exceeds a predetermined cumulative limit (step S123E). If it exceeds (step S123E; Yes), the password authentication unit 104 sets the password valid / invalid flag of the logged-in user to "invalid" (step S123F), and the password authentication process and the login process end as an error.

On the other hand, if the cumulative number of errors does not exceed the cumulative limit (step S123E; No), but the number of errors on the day exceeds the predetermined limit on the day (step S123G; Yes), the password authentication unit 104 determines. For a predetermined period, the password valid / invalid flag of the logged-in user is set to "invalid" (step S123H), and the password authentication process and the login process end as an error.

On the other hand, if the cumulative number of errors does not exceed the cumulative limit (step S123E; No) and the number of errors on the day does not exceed the limit on the day (step S123G; No), the password authentication unit 104 determines that the authentication is successful. (Step S123B), the cumulative number of errors and the number of errors on the day are updated to 0 (step S123C), and the password authentication process ends.

Returning to FIG. 12, after the password authentication process determines that the authentication is successful, the password authentication unit 104 of the server 10 transmits an OTP authentication request to the authentication device 20 (step S124). This OTP authentication request includes the OTP attached to the URL received from the user terminal 30 and the authentication information of the logged-in user created in step S103.

The OTP authentication unit 202 of the authentication device 20 confirms that the record having the set of the authentication information and the OTP included in the received OTP confirmation request is registered in the incoming call management DB 222 (step S125). If such a record is not registered, the process ends as an error.

Subsequently, the OTP authentication unit 202 creates a second encryption key in which the authentication information included in the record of the incoming call management DB 222 confirmed in step S125 is subjected to predetermined processing (step S126). The second encryption key is used to decrypt the encrypted data of the logged-in user stored in the server 10. After creating the second encryption key, the OTP authentication unit 202 deletes the record (step S127). Then, the OTP authentication unit 202 transmits the authentication completion notification to the server 10 together with the second encryption key (step S128).

Upon receiving the authentication completion notification, the service execution unit 106 of the server 10 uses the second encryption key received at the same time to decrypt the encrypted data of the logged-in user stored in the customer DB 121 (step S129). The data decoded in step S129 is, for example, credit information, account information, etc., which is used in transfer processing, payment processing, etc. after login, and is deleted at logoff.

Subsequently, the service execution unit 106 causes the user terminal 30 that is the source of the login request to log in to the service provided by the server 10 (step S130). As a result, the user terminal 30 can use the service provided by the server 10. This completes the login process.

As described above, according to the present embodiment, the login request transmitted from the user terminal 30 to the service providing system in the login process includes only the user ID and does not include the password. Then, after performing authentication (telephone authentication) based on the incoming call from the mobile terminal 40, the user terminal 30 decrypts the encrypted URL received from the server 10 with the password entered by the user, and uses the URL. Access server 10. Then, when the user terminal 30 accesses the server 10, the authentication device 20 can confirm that the password is correct by checking the OTP included in the URL. That is, in the present embodiment, the service providing system 1 can confirm that the password is correctly input even though the password is not acquired from the user terminal 30 during the login process. Therefore, in the present embodiment, there is an extremely low risk that the password will be leaked at the time of login, and it is possible to reliably prevent unauthorized login.

Further, according to the present embodiment, it can be seen that the user terminal 30 can correctly store the password of the logged-in user in the server 10 because the URL received from the server 10 can be decrypted with the password. Therefore, the user terminal 30 can authenticate that it is a legitimate server 10. On the other hand, the server 10 can authenticate that the user terminal 30 is a legitimate terminal by confirming that the OTP received from the user terminal 30 matches the created OTP. Therefore, mutual authentication can be performed between the user terminal 30 and the server 10 without issuing an electronic certificate or the like. Therefore, it is possible to improve the security at the time of login without imposing a burden on the user.

Further, according to the present embodiment, when the number of password input errors received from the user terminal 30 is equal to or more than a predetermined limit number, it is determined as an error and login is not permitted. Therefore, even if the URL can be successfully decrypted by trying to enter the password from the input screen multiple times using automatic input software, login is not permitted, so unauthorized login can be prevented more reliably. ..

Further, according to the present embodiment, the user cannot log in to the service unless the authentication by the password authentication unit 104 and the authentication by the OTP authentication unit 202 are successful in addition to the telephone authentication by the telephone authentication unit 203. As a result, a third party urges a legitimate user to make a call from the mobile terminal 40 to a predetermined telephone number, and the legitimate user makes a call in response to the call, so that the third party illegally logs in. It is possible to reliably prevent fraud that may occur with conventional telephone authentication, which is possible.

Further, according to the present embodiment, the same first encryption key is stored in both the server 10 and the user terminal 30 in the process of login processing. Then, after login, the data transmitted / received between the server 10 and the user terminal 30 is encrypted and decrypted using this first encryption key. Therefore, it is possible to improve the security after login.

Further, according to the present embodiment, the telephone number of the user is not stored in the incoming call management DB 222 of the authentication device 20, and the authentication information irreversibly created from the telephone number is stored instead. Therefore, even if the data stored in the incoming call management DB 222 is leaked due to unauthorized access, the authentication information is completely meaningless to a third party, so it is possible to minimize the damage caused by the leak. It becomes.

In this embodiment, the password authentication unit 104 executes an authentication process (password authentication process) based on the number of errors received from the user terminal 30. However, it is not always necessary to execute the password authentication process, and if it is not executed, it is not necessary to receive the error count from the user terminal 30.

<Embodiment 2>
Subsequently, the service providing system 2 according to the second embodiment will be described. The configuration of the service providing system 2 is shown in FIG. In the present embodiment, the user terminal 30 is, for example, a smartphone and has a telephone connection function. Unlike the first embodiment, the user terminal 30 is also connected to the authentication device 20 via the telephone network N2. The telephone number stored in the customer DB 121 is a telephone number set in the user terminal 30 of the user.

FIG. 17 shows a functional configuration diagram of the service providing system 2. The service providing system 2 does not include the URL transmitting unit 103 and the password authentication unit 104 as compared with the service providing system 1 according to the first embodiment. Further, the authentication device 20 does not include the OTP authentication unit 202. Further, the encryption unit 102 of the present embodiment uses the user's password as an encryption key to encrypt the screen data of the OTP and the telephone request screen.

Subsequently, the login process executed by the service providing system 2 will be described with reference to the flowcharts of FIGS. 18 to 20. The description of the parts common to the login process of the first embodiment will be simplified as appropriate.

In response to an operation from the user, the control unit 35 of the user terminal 30 transmits a login request including the user ID of the logged-in user to the server 10 via the Internet (step S201).

The login request acquisition unit 101 of the server 10 confirms that the record including the login user ID included in the received login request is stored in the customer DB 121 and that the password of the record is valid (step). S202). After confirmation, the login request acquisition unit 101 creates authentication information from the telephone number of the logged-in user (step S203), and transmits an OTP acquisition request including the created authentication information to the authentication device 20 (step S204).

The telephone authentication unit 203 of the authentication device 20 confirms that the record having the authentication information included in the received OTP acquisition request is not registered in the incoming call management DB 222 (step S205), and after the confirmation, creates an OTP (step). S206).

Subsequently, the OTP creation unit 201 selects one of a plurality of valid telephone numbers stored in the telephone number storage DB 221 (step S207). Then, the OTP creation unit 201 registers the authentication information included in the OTP acquisition request, the selected telephone number (destination telephone number), and the record including the created OTP in the incoming call management DB 222 (step S208). Then, the OTP creation unit 201 transmits the selected telephone number and the OTP to the server 10 (step S209).

Upon receiving the telephone number and OTP, the telephone authentication request unit 105 of the server 10 creates a first encryption key based on the password of the logged-in user and the OTP received from the authentication device 20, and the logged-in user of the customer DB 121. Register in the record of (FIG. 19, step S210).

Subsequently, the encryption unit 102 encrypts the screen data of the telephone request screen requesting to make a call to the received OTP and the received telephone number by a common key method using the password of the logged-in user as an encryption key (the encryption unit 102). Step S211). Then, the telephone authentication request unit 105 transmits the screen data of the input screen for causing the logged-in user to input the password and the encrypted data to the user terminal 30 (step S212).

The control unit 35 of the user terminal 30 causes the display unit 33 to display the input screen based on the received screen data (step S213). Then, in response to the operation from the user received from the input screen, the control unit 35 of the user terminal 30 decodes the received data using the input password (step S214). By this process, the screen data of the OTP and the telephone request screen are decoded.

Subsequently, the control unit 35 of the user terminal 30 creates a first encryption key from the decrypted OTP and the password input from the input screen, and stores it in the storage unit 34 (step S215).

Subsequently, the control unit 35 of the user terminal 30 causes the display unit 33 to display the telephone request screen as shown in FIG. 21 based on the decoded screen data (step S216). The user clicks the telephone number displayed on the telephone request screen. In response to the operation, the control unit 35 makes a telephone call to the telephone number indicated on the telephone request screen (FIG. 20, step S217).

When there is an incoming call, the telephone authentication unit 203 of the authentication device 20 converts the incoming telephone number into authentication information. Then, the telephone authentication unit 203 has registered a record having a set of the converted authentication information and the telephone number of the incoming call destination in the incoming call management DB 222, and has a predetermined time (for example, 10 minutes) from the registration date and time of the record. ) Has not passed (step S218).

Then, the telephone authentication unit 203 creates a second encryption key in which the authentication information included in the record of the incoming call management DB 222 confirmed in step S218 is subjected to predetermined processing (step S219), and then deletes the record (step S219). Step S220). Then, the telephone authentication unit 203 transmits the created second encryption key, the authentication information of the login user included in the deleted record, and the authentication completion notification to the server 10 (step S221).

Upon receiving the authentication completion notification, the service execution unit 106 of the server 10 uses the second encryption key received at the same time to decrypt the encrypted data of the logged-in user stored in the customer DB 121 (step S222). Then, the service execution unit 106 logs in the user terminal 30 that is the source of the login request to the service provided by the server 10 (step S223).

As described above, according to the service providing system 2 according to the present embodiment, the user terminal 30 can authenticate that the server 10 is a legitimate server 10 because the URL received from the server 10 can be decrypted with the password. .. On the other hand, the server 10 can authenticate that the user terminal 30 is a legitimate terminal based on the incoming call from the user terminal 30. That is, mutual authentication can be performed between the user terminal 30 and the server 10, and security at the time of login can be improved without imposing a burden on the user.

Further, in the service providing system 2 according to the present embodiment, unlike the service providing system 1 according to the first embodiment, the authentication process (OTP authentication) for confirming the OTP match is not executed on the server 10 side, and therefore, from the first embodiment. However, the processing speed at the time of login can be improved.

<Modification example>
It should be noted that each of the above-described embodiments is an example, and various changes and applications are possible. For example, the method of creating the OTP, the first encryption key, or the second encryption key is arbitrary.

For example, in each of the above-described embodiments, the service providing systems 1 and 2 are composed of two devices, the server 10 and the authentication device 20, but the service providing system 1 is provided by one device that integrates the functions of both. 2 may be configured.

The server 10, the authentication device 20, or one device in which these are integrated may be realized by a dedicated system or a normal computer system according to each embodiment. For example, by storing and distributing a program for executing the above-mentioned operation in a computer-readable recording medium, installing the program in the computer, and executing the above-mentioned processing, the server 10, the authentication device 20, and the like. Alternatively, one device may be configured by integrating these. Further, the above program may be stored in a server 10 on a network such as the Internet, an authentication device 20, or a disk device provided in one device in which these are integrated so that the program can be downloaded to a computer or the like. Further, the above-mentioned functions may be realized by the cooperation between the OS (Operating System) and the application software. In this case, the part other than the OS may be stored in a medium and distributed, or the part other than the OS may be stored in the server device so that it can be downloaded to a computer or the like.

The present invention allows for various embodiments and modifications without departing from the broad spirit and scope of the invention. Further, the above-described embodiment is for explaining the present invention, and does not limit the scope of the present invention. That is, the scope of the present invention is shown not by the embodiment but by the claims. And, various modifications made within the scope of the claims and within the scope of the equivalent invention are considered to be within the scope of the present invention.

The present invention is suitable for a service providing system that provides a service.

1, 2 Service provision system, 10 server, 11 communication unit, 12 storage unit, 121 customer DB, 13 control unit, 20 authentication device, 21 communication unit, 22 storage unit, 221 telephone number storage DB, 222 incoming call management DB, 23 Control unit, 30 user terminal, 31 communication unit, 32 input unit, 33 display unit, 34 storage unit, 35 control unit, 201 OTP creation unit, 202 OTP authentication unit, 203 telephone authentication unit, 101 login request acquisition unit, 102 encryption Chemical unit, 103 URL transmission unit, 104 password authentication unit, 105 telephone authentication request unit, 106 service execution unit, 40 mobile terminals, N1 Internet, N2 telephone network

Claims (7)

A login request acquisition method for acquiring a login request requesting the user to log in to the service from the terminal,
When the login request is acquired, the telephone authentication request means for transmitting the telephone request information requesting the local system to make a telephone connection with the specified telephone number to the terminal, and the telephone authentication request means.
A telephone authentication means that authenticates based on an incoming call from the user's mobile terminal after transmitting the telephone request information.
OTP creation method to create a one-time password,
When the authentication by the telephone authentication means is successful, the encryption means for encrypting the address information for accessing the own system including the one-time password by using the password of the user, and the encryption means.
An address transmission means for transmitting address information encrypted by the encryption means to the terminal, and an address transmission means.
An OTP authentication means that authenticates the terminal based on the one-time password received from the terminal after transmitting the address information and the one-time password created by the OTP creating means.
A service execution means that executes a process for providing the service to the terminal when the authentication by the OTP authentication means is successful.
Service provision system equipped with. The service executing means holds an encryption key for encrypting data transmitted to and received from the terminal, which is the same as the encryption key held in the terminal.
The service providing system according to claim 1 . Further equipped with an authentication information storage means for storing records using authentication information as a key,
The telephone authentication means is
When the login request is acquired, if the record containing the authentication information obtained by performing the predetermined processing on the telephone number associated with the user is already registered in the authentication information storage means, it is determined that the authentication has failed. ,
If it is not registered, the record including the authentication information is registered in the authentication information storage means.
The service providing system according to claim 1 or 2 . The telephone authentication means is
When a record containing the authentication information obtained by performing the predetermined processing on the incoming telephone number of the incoming call is registered in the authentication information storage means, it is determined that the authentication is successful.
If it is determined that the authentication is successful, the record is deleted or invalidated.
The service providing system according to claim 3 . The telephone authentication means determines that the authentication is successful when the record containing the authentication information is registered in the authentication information storage means and a predetermined period has not elapsed from the registration date and time of the record.
The service providing system according to claim 4 . The OTP authentication means is based on the number of password input errors received by the terminal in order to decrypt the encrypted address information received from the terminal after the address transmitting means transmits the encrypted address information. Further equipped with password authentication means for authentication,
The service providing system according to any one of claims 1 to 5 . From the terminal, the login request acquisition step to acquire the login request requesting the user to log in to the service, and
When the login request is acquired, the telephone authentication request step for transmitting the telephone request information requesting the local system to make a telephone connection with the specified telephone number to the terminal, and the telephone authentication request step.
After transmitting the telephone request information, a telephone authentication step of performing authentication based on an incoming call from the user's mobile terminal, and a telephone authentication step.
OTP creation step to create a one-time password,
When the authentication in the telephone authentication step is successful, the encryption step of encrypting the address information for accessing the own system including the one-time password by using the password of the user, and the encryption step.
An address transmission step of transmitting the encrypted address information to the terminal, and
An OTP authentication step that authenticates the terminal based on the one-time password received from the terminal after transmitting the address information and the one-time password created in the OTP creation step.
A service execution step for executing a process for providing the service to the terminal when the terminal is successfully authenticated in the OTP authentication step, and a service execution step.
Service provision method having.

Images