JPS62260260A - Security system - Google Patents
Security systemInfo
- Publication number
- JPS62260260A JPS62260260A JP61104077A JP10407786A JPS62260260A JP S62260260 A JPS62260260 A JP S62260260A JP 61104077 A JP61104077 A JP 61104077A JP 10407786 A JP10407786 A JP 10407786A JP S62260260 A JPS62260260 A JP S62260260A
- Authority
- JP
- Japan
- Prior art keywords
- modem
- terminal
- access
- user
- station
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 claims abstract description 13
- 238000012795 verification Methods 0.000 claims description 16
- 238000000034 method Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 2
- 238000004891 communication Methods 0.000 abstract description 7
- 230000004044 response Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 244000025254 Cannabis sativa Species 0.000 description 2
- 241000894006 Bacteria Species 0.000 description 1
- 101000741965 Homo sapiens Inactive tyrosine-protein kinase PRAG1 Proteins 0.000 description 1
- 102100038659 Inactive tyrosine-protein kinase PRAG1 Human genes 0.000 description 1
- 239000003795 chemical substances by application Substances 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007274 generation of a signal involved in cell-cell signaling Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/313—User authentication using a call-back technique via a telephone network
Abstract
Description
【発明の詳細な説明】
〔産業上の利用分野〕
本発明はセキュリティ方式、特にデータベース・サービ
スなどのデータ通信時にユーザ識別番号の盗用によって
被害が発生するのを防止するためのセキュリティ方式に
関する。DETAILED DESCRIPTION OF THE INVENTION [Field of Industrial Application] The present invention relates to a security system, particularly to a security system for preventing damage caused by theft of a user identification number during data communication such as a database service.
従来、データベース・サービスなどのデータ通信方式で
アクセス権をもたないユーザのアクセスを排除するため
のセキュリティ方式として、アクセス用端末からユーザ
識別用の識別信号(以下では、IDと略記する)を入力
するようくし、データベースなどを設置したセンターで
このIDを受信しアクセス権をもつユーザか否かを照合
して、照合結果がアクセス嘲をもつユーザである場合の
みアクセスを許可する方式が広く使用されている。Conventionally, as a security method for excluding access by users who do not have access rights in data communication systems such as database services, an identification signal for user identification (hereinafter abbreviated as ID) is input from an access terminal. In order to do so, a widely used method is to receive this ID at a center that has a database, etc., and check whether the user has access rights, and to permit access only if the verification result indicates that the user has access privileges. ing.
この方式では通常、アクセス用の端末へ入力されたID
は端末側のモデムで変調されて伝送路を介しセンター側
に伝送され、センター側のモデムで復調されたIDがデ
ータペースなどのプロセッサへ送られて上述の照合を受
ける。In this method, the ID entered into the access terminal is usually
is modulated by a modem on the terminal side and transmitted to the center side via a transmission line, and the ID demodulated by the modem on the center side is sent to a processor such as Datapace and subjected to the above-mentioned verification.
上述した従来のセキュリティ方式では、センター側へ送
られてくるIDの照合しかできず、そのIDを入力した
端末の場所は識別できないので、不正な手段でアクセス
権をもつユーザのIDを盗取した者が、本来アクセス権
が無い他の場所の端末から、盗取したIDを使って勝手
にアクセスすることができ、アクセス権が無い部外者へ
の機密漏曳や、IDを盗用されたユーザへの不当な料金
請求などの被害が発生するのを防ぎ得ないという問題点
がある。With the conventional security method described above, it is only possible to verify the ID sent to the center side, and the location of the terminal where the ID was entered cannot be identified, so the ID of the user who has access rights can be stolen by illegal means. A person may be able to access without permission using a stolen ID from a terminal in another location to which he or she does not have access rights, resulting in leakage of confidential information to outsiders who do not have access rights, or users whose IDs have been stolen. There is a problem in that it is impossible to prevent damage such as unfair charges from occurring.
本発明の目的は、上述の問題を解決するためユーザID
およびモデムIDの双方を照合することによfiID盗
用による被害発生を防止したセキュリティ方式を提供す
ることにある。An object of the present invention is to solve the above-mentioned problems by
An object of the present invention is to provide a security method that prevents damage caused by fiID theft by verifying both the FIID and the modem ID.
本発明の方式は、アクセス用の端末および第1のモデム
をもつ端末局から第2のモデムおよび被アクセス用のデ
ータ処理装置をもつセンター局へのアクセス時に、前記
端末から入力されたユーザ識別用の@lの識別信号を前
記センター局で受けて該ユーザのアクセス権の有無を照
合しアクセス潅有りの場合に該アクセスを許可するセキ
ュリティ方式において、前記41のモデムtriR記ア
クセス時にセンター局から発した送信要求に応答して予
め付与されてあるモデム識別用の第2の識別信号を発生
し返送するための職別信号発生手段を可し、前記第2の
モデムは前記アクセス時に前記送信要求を発したあと返
送されてくる前記第2の識別信号を受けてこれを返送し
た前記第1のモデムのアクセス権の有無を照合するため
のモデム照合手段を有し、前記第1および第2の識別信
号の両照合哨果が共にアクセス権M夛の場合にだけ該ア
クセスを許可することを特徴とする。The method of the present invention provides for user identification information input from the terminal when accessing from a terminal station having an access terminal and a first modem to a center station having a second modem and a data processing device to be accessed. In a security system in which the center station receives an identification signal of @l, checks whether or not the user has an access right, and if the user has the right to access, the access is permitted. job-specific signal generation means for generating and returning a second identification signal for modem identification assigned in advance in response to the transmission request, and the second modem receives the transmission request at the time of access. modem verification means for verifying whether or not the first modem that has received the second identification signal and sent it back has an access right; The present invention is characterized in that the access is permitted only when both verification results of the signals indicate the access right M.
次に、本発明について図面を参照して説明する。 Next, the present invention will be explained with reference to the drawings.
第1図は本発明の一実施例を示すブロック図、第2図は
本実施例における信号授受の手順を示すシーケンス図で
ある。FIG. 1 is a block diagram showing one embodiment of the present invention, and FIG. 2 is a sequence diagram showing the procedure of signal exchange in this embodiment.
第1図において、端末1およびモデム2はアクセス用端
末局側に設置してあり、またモデム4およびデータベー
ス5はセンター局側に設置しである。端末およびセンタ
両局間は、公衆電話網3を介して接続されている。モデ
ム2は、端末インタフェース20.送信回路21.受信
回路22.およびラインインタフェース23を具備した
従来のモデムに、より発生回路24を付加接続した構成
を有する。またモデム4は、端末インタフェース40、
送信回路41.受信回路42.およびラインインタフェ
ース43を具備した従来のモデムに、ID照合回路44
を付加接続した構成を有する。In FIG. 1, a terminal 1 and a modem 2 are installed on the access terminal station side, and a modem 4 and a database 5 are installed on the center station side. The terminal and the center are connected via a public telephone network 3. The modem 2 has a terminal interface 20. Transmission circuit 21. Receiving circuit 22. It has a configuration in which a generation circuit 24 is additionally connected to a conventional modem equipped with a line interface 23 and a line interface 23. The modem 4 also has a terminal interface 40,
Transmission circuit 41. Receiving circuit 42. An ID verification circuit 44 is added to a conventional modem equipped with a line interface 43 and a line interface 43.
It has a configuration in which it is additionally connected.
ID発生回路24は、モデム2に対し予め付与したモデ
ム場所を識別するための識別信号(モデムIf))が書
込まれているメモリーを内蔵しており、後述のごとくモ
デム4からモデムID送信要求が送られて来た時K、上
述のモデムIDを読出してセンタ局へ送信する。またI
D照合回路44は、モデム2から送られてくるモデムI
Dを受信した時に、これがアクセス権をもつ端末局のモ
デムであるか否かを照合して、照合結果を示す照合信号
を送出する。The ID generation circuit 24 has a built-in memory in which is written an identification signal (modem If) assigned in advance to the modem 2 for identifying the modem location, and receives a modem ID transmission request from the modem 4 as described later. When K is sent, the above-mentioned modem ID is read out and sent to the center station. Also I
The D verification circuit 44 receives the modem I signal sent from the modem 2.
When it receives D, it checks whether it is the modem of a terminal station that has access rights, and sends out a check signal indicating the check result.
端末局からセンター局へのアクセス時には、第2図に示
すごとく、端末局からの発呼(およびダイヤル)を行な
い、これに対するセンタ局の自動応答により、公衆電話
網3での回線接続が完了する。ここまでの動作は従来の
方式と同じであるが、本実施例ではこのあと、センタ局
のモデム4が端末局に対しモデムID送信要求を行なう
。この送信要求を受信したモデム2は、自身に付与され
ているモデムIDの送信を行なう。これを受けたモデム
4は、アクセス権をもつ端末局のモデムIDであるか否
かを遂−照合し、照合結果がアクセス権肩シを示した時
だけ肯定応答A CK (1)を端末局へ送信する。も
し照合結果がアクセス頂無しを示した時には、否定応答
(NACK )を端末局へ返送したあと、回+fM接続
を切る(第2図ではこの場合の図示は省略した)。モデ
ム2は、肯定応答ACK(1)を受信すると、端末1へ
通信可を示す信号を送シューザID入力要求を行なう。When the terminal station accesses the center station, as shown in Figure 2, the terminal station makes a call (and dials), and the center station automatically responds to this, completing the line connection on the public telephone network 3. . The operation up to this point is the same as the conventional system, but in this embodiment, the modem 4 of the center station then requests the terminal station to send a modem ID. The modem 2 that has received this transmission request transmits the modem ID assigned to itself. Upon receiving this, the modem 4 finally verifies whether the modem ID is of a terminal station that has access rights, and only when the verification result indicates that the terminal station has access rights, sends an acknowledgment A CK (1) to the terminal station. Send to. If the verification result indicates that there is no access, a negative response (NACK) is sent back to the terminal station, and then the +fM connection is disconnected (this case is not shown in FIG. 2). When the modem 2 receives the positive response ACK(1), the modem 2 sends a signal indicating that communication is possible to the terminal 1 and requests input of the shoer ID.
同時にセンタ局では、モデム4からデータベース5へ通
信可を示す信号を送って、データベース5へのアクセス
を待機する。このあとでは従来の方式と同様に、端末l
からユーザ1.&別するための職別信号(ユーザID)
を入力し、これを受信したデータベース5のプロセッサ
は、アクセス権をもつユーザのIDであるか否かを照合
して、照合結果がアクセス権有シを示した時だけ、肯定
応答ACK (2)を端末局へ返送して両局間のオンラ
イン通信に移行する。At the same time, the center station sends a signal from the modem 4 to the database 5 indicating that communication is possible, and waits for access to the database 5. After this, the terminal l
From user1. &Occupational signal for separation (user ID)
The processor of the database 5 that receives this inputs the ID and checks whether it is the ID of a user who has access rights, and only when the check result shows that the user has access rights, sends an affirmative response ACK (2). is returned to the terminal station, and online communication between the two stations begins.
第3図は、第1図中のID照合回路44の一構成例を示
すブロック図である。受信回路42(あるいは端末イン
タフェース40)から送られてくるクロックおよび受信
ID(モデムID)はそれぞれ、メモリー回路45およ
びバッファメモIJ −46に送られる。メモリー回路
45は、アクセス権をもつ端末局のモデムID群を予め
書込んであるメモリーを内蔵しておシ、クロックに応答
してアドレス力ウノトシながらメモリーからモデムより
iを遂次読出してデータ比較器47へ送る。バッファメ
モリー46は端末局から到来したモデムID(受信ID
)を一時記憶するためのメモリーであシ、メモリ回路4
5のモデムID群の読出しが行われている間、受信ID
をデータ比較器47へ送り続ける。データ比較器47は
、メモリー回路45およびバッファメモリー46から送
られてくる二つのモデムIDを比較し、両者が一致して
いるか否かを示す照合信号を送信回路41(あるいは端
末インタフェース40)へ送ル。FIG. 3 is a block diagram showing an example of the configuration of the ID verification circuit 44 in FIG. 1. The clock and reception ID (modem ID) sent from the reception circuit 42 (or terminal interface 40) are sent to the memory circuit 45 and buffer memo IJ-46, respectively. The memory circuit 45 has a built-in memory in which a group of modem IDs of terminal stations that have access rights are written in advance, and in response to a clock, sequentially reads out i from the modem from the memory while keeping the address correct, and compares the data. Send to container 47. The buffer memory 46 stores the modem ID (reception ID) received from the terminal station.
), memory circuit 4
While the modem ID group of 5 is being read, the receiving ID
continues to be sent to the data comparator 47. The data comparator 47 compares the two modem IDs sent from the memory circuit 45 and the buffer memory 46, and sends a verification signal indicating whether or not they match to the transmission circuit 41 (or terminal interface 40). Le.
メモリー回路45のモデムID群の読出し期間中くい上
述の照合信号が一致を示した時にはモデム4から肯定応
答ACK (1)を送信し、また照合信号が終始に亘り
一致を示さなかった時にはモデム4から否定応答(NA
CK)を送信させる。During the reading period of the modem ID group in the memory circuit 45, when the above-mentioned collation signal indicates a match, the modem 4 transmits an acknowledgment ACK (1), and when the collation signal does not indicate a match from start to finish, the modem 4 Negative response (NA
CK) is transmitted.
本実施例で、端末局のモデム2に付与したモデムIDは
、ユーザにも知らせないでおく。またモデム2あるいは
4は通常、モデムIDあるいはモデムID群のほかに多
量のデータを書込んだメモリーを有しているので、その
メモリーの内容を読出してモデムIDを盗取しようとし
ても、殆んど不可能である。従って、従来方式の場合の
ようにユーザIDを盗取した者がアクセス権をもたない
他の場所の端末から不正にアクセスしようとしても、モ
デムIDの照合の段階でそのような不正アクセスを排除
できる。更に、上述のモデムID照合はセンタ局および
端末局の両モデム間で独立に行なわれるから、既存の従
来方式の通信プロコトルに影響されず容易に適用し得る
。In this embodiment, the modem ID assigned to the modem 2 of the terminal station is not made known to the user. In addition, modem 2 or 4 usually has a memory in which a large amount of data is written in addition to the modem ID or modem ID group, so even if an attempt is made to read the contents of the memory and steal the modem ID, it will be difficult to steal the modem ID. It's impossible. Therefore, even if a person who has stolen a user ID tries to gain unauthorized access from a terminal in another location to which he or she does not have access rights, as in the case of the conventional method, such unauthorized access will be eliminated at the stage of verifying the modem ID. can. Furthermore, since the modem ID verification described above is performed independently between the modems of both the center station and the terminal station, it can be easily applied without being affected by existing conventional communication protocols.
以上説明したように本発明には、従来方式でのユーザI
D照合に灯し更に端末局のモデムIDの照合を加えた二
重照合を行なうことにより、より盗用による被害の発生
を防止したセキュリティ方式を実現できるという効果が
ある。As explained above, in the present invention, the user I
By performing a double verification that includes verification of the modem ID of the terminal station in addition to the D verification, it is possible to realize a security system that further prevents damage caused by theft.
第1図および第3図は本発明の実施例を示すブロック図
、第2図は本発明の実施例の動作を説明するためのシー
ケンス図である。
1・・・・・・端末、2,4・・・・・・モデム、20
.40・・・・・・端末インタフェース、21.41・
・・・・・送信回路、22.42・・・・・・受信回路
、23.43・・・・・・ラインインタフェース、24
・−・・・・ID発生回路、44・・・・・・ID照合
回路、3・・・・・・公衆電話網、5・・・・・・デー
タベース。
代理人 弁理士 内 原 晋 、二第 11!I
茅 2m
茅 3 菌1 and 3 are block diagrams showing an embodiment of the present invention, and FIG. 2 is a sequence diagram for explaining the operation of the embodiment of the present invention. 1... terminal, 2, 4... modem, 20
.. 40...Terminal interface, 21.41.
...Transmission circuit, 22.42 ...Reception circuit, 23.43 ...Line interface, 24
. . . ID generation circuit, 44 . . ID verification circuit, 3 . . . public telephone network, 5 . . . database. Agent: Susumu Uchihara, Patent Attorney, 2nd 11th! I grass 2m grass 3 bacteria
Claims (1)
2のモデムおよび被アクセス用のデータ処理装置をもつ
センター局へのアクセス時に、前記端末から入力された
ユーザ識別用の第1の識別信号を前記センター局で受け
て該ユーザのアクセス権の有無を照合しアクセス権有り
の場合に該アクセスを許可するセキュリティ方式におい
て、前記第1のモデムは前記アクセス時にセンター局か
ら発した送信要求に応答して予め付与されてあるモデム
識別用の第2の識別信号を発生し返送するための識別信
号発生手段を有し、前記第2のモデムは前記アクセス時
に前記送信要求を発したあと返送されてくる前記第2の
識別信号を受けてこれを返送した前記第1のモデムのア
クセス権の有無を照合するためのモデム照合手段を有し
、前記第1および第2の識別信号の両照合結果が共にア
クセス権有りの場合にだけ該アクセスを許可することを
特徴とするセキュリティ方式。When accessing from a terminal station having an access terminal and a first modem to a center station having a second modem and a data processing device to be accessed, a first identification signal for user identification inputted from the terminal is transmitted. In the security method, the first modem responds to the transmission request issued from the center station at the time of the access, in which the center station receives the request, verifies whether or not the user has the access right, and if the user has the access right, permits the access. The second modem has an identification signal generating means for generating and returning a second identification signal for identifying the modem which is assigned in advance to the modem, and the second modem is returned after issuing the transmission request at the time of the access. modem verification means for verifying whether or not the first modem that has received and returned the second identification signal has an access right; A security method characterized in that access is permitted only if the user has access rights.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP61104077A JPS62260260A (en) | 1986-05-06 | 1986-05-06 | Security system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP61104077A JPS62260260A (en) | 1986-05-06 | 1986-05-06 | Security system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| JPS62260260A true JPS62260260A (en) | 1987-11-12 |
Family
ID=14371085
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP61104077A Pending JPS62260260A (en) | 1986-05-06 | 1986-05-06 | Security system |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JPS62260260A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009116154A1 (en) * | 2008-03-19 | 2009-09-24 | 緒方 延泰 | Modem device |
| JP2011014159A (en) * | 2008-03-19 | 2011-01-20 | Junko Suginaka | Line server |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS5585966A (en) * | 1978-12-22 | 1980-06-28 | Hitachi Ltd | Terminal system |
-
1986
- 1986-05-06 JP JP61104077A patent/JPS62260260A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JPS5585966A (en) * | 1978-12-22 | 1980-06-28 | Hitachi Ltd | Terminal system |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2009116154A1 (en) * | 2008-03-19 | 2009-09-24 | 緒方 延泰 | Modem device |
| WO2009116220A1 (en) * | 2008-03-19 | 2009-09-24 | 緒方 延泰 | Authentication server and line server |
| JP2011014159A (en) * | 2008-03-19 | 2011-01-20 | Junko Suginaka | Line server |
| JPWO2009116220A1 (en) * | 2008-03-19 | 2011-07-21 | 順子 杉中 | Authentication device and line server for modem device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US4531023A (en) | Computer security system for a time shared computer accessed over telephone lines | |
| JPH0418497B2 (en) | ||
| US4799153A (en) | Method and apparatus for enhancing security of communications in a packet-switched data communications system | |
| US6173172B1 (en) | System and method for preventing the unauthorized use of a mobile communication device | |
| JP3479634B2 (en) | Personal authentication method and personal authentication system | |
| JPS6253061A (en) | Method for preventing illegal access | |
| JPH11507451A (en) | System for detecting unauthorized account access | |
| JPH0621886A (en) | Radiotelephony equipment | |
| JP2000003336A (en) | Method and system for user authentication in portable type data communication terminal | |
| CN106791627A (en) | Network Video Surveillance and security alarm integrated system and its secure access method for authenticating | |
| JP2002101091A (en) | User authentication method and user authentication program | |
| CN100413368C (en) | A method for verifying user card validity | |
| JPH10198636A (en) | System and method for personal authentication | |
| KR940006171B1 (en) | Method of confirming user in modem communications and its system | |
| JPS62260260A (en) | Security system | |
| JPS6248424B2 (en) | ||
| JP2001325435A (en) | Method and system for authenticating card | |
| JPS63237631A (en) | Security system | |
| JPS6247762A (en) | Checking system for other party to be connected in on-line system | |
| JPH11289328A (en) | Recognition management device | |
| JPH10304444A (en) | Mobile terminal clone detection exclusion method | |
| JP2001358774A (en) | Method and device for preventing illegal data outflow | |
| JP2002163414A (en) | Electronic voting system using individual authentication by position information | |
| JPH0691531B2 (en) | Security method in data communication | |
| JP2748941B2 (en) | Home terminal |