WO2001071515A1 - Procede pour empecher un acces simultane non autorise a un reseau et systeme serveur utilise a cet effet - Google Patents

Procede pour empecher un acces simultane non autorise a un reseau et systeme serveur utilise a cet effet Download PDF

Info

Publication number
WO2001071515A1
WO2001071515A1 PCT/JP2000/001819 JP0001819W WO0171515A1 WO 2001071515 A1 WO2001071515 A1 WO 2001071515A1 JP 0001819 W JP0001819 W JP 0001819W WO 0171515 A1 WO0171515 A1 WO 0171515A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
temporary
authentication information
information
access
Prior art date
Application number
PCT/JP2000/001819
Other languages
English (en)
Japanese (ja)
Inventor
Takuyu Ueda
Yannis Lazarou
Original Assignee
Kabushikikaisha I-Broadcast
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Kabushikikaisha I-Broadcast filed Critical Kabushikikaisha I-Broadcast
Priority to PCT/JP2000/001819 priority Critical patent/WO2001071515A1/fr
Priority to AU33273/00A priority patent/AU3327300A/en
Publication of WO2001071515A1 publication Critical patent/WO2001071515A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present invention provides an unauthorized access to a network that transmits and receives information only between a server and a specific user (for example, a managed network in which a server distributes video, music, etc. in response to a request from a specific user).
  • the present invention relates to a method for preventing simultaneous access and a super system used for the method.
  • the specific user In a network that transmits and receives information only between a server and a specific user as described above, in order to prevent anyone other than the specific user from accessing the superuser, the specific user must be registered in advance.
  • the server issues authentication information such as ID and password, and when the server receives an access request from the user, the server prompts the user to enter the authentication information, and the authentication information that was input first is issued.
  • the information is collated with the information, if it matches, it is determined that it is a specific user and access is permitted. If it does not match, it is determined that it is an unauthorized user other than the specific user and access is denied.
  • the conventional authentication method has the following problems.
  • the server determines that the user is a legitimate specific user and permits access. Therefore, if a specific user intentionally leaks his / her own authentication information or leaks authentication information due to negligence, even unauthorized users other than the specific user can access the server, and the same authentication information can be used. Many people including the specific user can access based on the. However, as long as the authentication information is the same, only one specific user is accessing the server.
  • An object of the present invention is to limit only one user who can transmit / receive information to / from a server based on one authentication information, regardless of whether the user is an authorized user or another user. This prevents unauthorized simultaneous access based on the same authentication information.
  • the method for preventing simultaneous unauthorized access to a network comprises the steps of simultaneous unauthorized access to a network for transmitting and receiving information between a server and a specific user having authentication information registered in advance on the server.
  • This is a prevention method, which has the following configurations (1) to (6).
  • a server system is a server system in a network for transmitting and receiving information between a server and a specific user who has authentication information registered in advance in the server.
  • the authentication information transmitted from the beginning is input, the authentication information is compared with pre-registered authentication information to determine whether the two match or not, and when the authentication information matches, each time the authentication information matches.
  • the first processing unit that issues a different temporary ID, the authentication information that has been confirmed to match by the first processing unit, and the temporary ID issued at that time can be stored, and the same authentication information differs from the previous time.
  • FIG. 1 is a diagram showing a flow of a reception process in the method for preventing unauthorized simultaneous access to a network according to the present invention.
  • FIG. 2 is a diagram showing a flow after a reception process in the method for preventing unauthorized simultaneous access to a network according to the present invention.
  • FIG. 3 is a diagram showing an embodiment of a server system according to the present invention. BEST MODE FOR CARRYING OUT THE INVENTION
  • a first embodiment of the method for preventing unauthorized simultaneous access to a network according to the present invention will be described.
  • This method of preventing simultaneous unauthorized access to the network is based on a server on the Internet and the Internet that has authentication information (for example, ID and passcode) issued in advance and registered in the server.
  • authentication information for example, ID and passcode
  • a managed network environment where information is exchanged with a specific user, if two or more users access the server at the same time (at the same time) based on the same authentication information, The only user who can send and receive information to and from the user is always the latest user (regardless of whether it is a legitimate specific user or another unauthorized user). is there.
  • a first embodiment of a method for preventing simultaneous unauthorized access to a network according to the present invention will be described in detail, and an embodiment of a server system of the present invention for implementing the method will also be described in detail. I do.
  • the server receiving the access request from the user prompts the user to enter authentication information.
  • an access request (access request signal 1) from the user is received by the third processing unit 2 in the server system 1 of the present invention, and the access request signal 1 is received.
  • 3Processing unit 2 sends a signal (screen display signal ⁇ ) to display a screen prompting the user's terminal device (personal computer) to enter authentication information.
  • the personal computer of the user who has received the screen display signal ⁇ ⁇ displays at least a box for inputting authentication information (ID and password) and a transmission button for transmitting the authentication information input in the box to the server. If you enter your credentials in the box and click the submit button, the entered credentials are automatically sent to the server.
  • the server that receives the authentication information transmitted from the user compares the authentication information with the pre-registered authentication information to determine the match / mismatch.
  • the user is allowed to access, a temporary ID is generated, and this is transmitted (issued) to the user. If they do not match, the user is denied access and an error message indicating this is given to the user.
  • Send Specifically, as shown in FIG. 3, the authentication information 3 transmitted from the user 1 is received by the third processing unit 2 in the server system 1 of the present invention, and is input from the processing unit 2 to the first processing unit 3. (Authentication information is queried).
  • the first processing unit 3 into which the authentication information 3 has been input checks this against the pre-registered authentication information (authentication information list) to determine whether the authentication information matches or not. Is generated and output to the third processing unit 2 together with the authentication information determination result ⁇ , and if the authentication information does not match, the determination result ⁇ to that effect is output to the third processing unit 2. Further, when the authentication information matches, the first processing unit 3 sets a pair of the authentication information (ID only) of the user whose match is confirmed and the generated temporary ID (temporary ID collation data 6). Is output to the second processing unit 4.
  • the third processing unit 2 to which the determination result ⁇ indicating that the authentication information matches is input permits the access of the user based on the input, and transmits a temporary ID I to the user.
  • the third processing unit 2 in which the determination result that the authentication information does not match is input is rejected by the user and a signal for displaying an error message indicating the fact on the personal computer of the user. (Error display signal) is sent.
  • the temporary ID is obtained by encrypting desired information (for example, an IP address) according to a predetermined algorithm, or adding a randomly generated number of digits to a numeric string representing Greenwich Mean Time (Unix time axis), It is a random number or letter generated according to a predetermined algorithm, and a temporary ID of 99.999% is not generated. Further, before outputting the temporary ID to the third processing unit 2, the first processing unit 3 confirms that the temporary ID does not overlap with the temporary ID generated up to the previous time. Since the temporary ID is generated, even if the same temporary ID is generated, the probability that it will be issued is even lower.
  • desired information for example, an IP address
  • desired information for example, an IP address
  • the temporary ID transmitted from the third processing unit 2 to the user cannot be recognized even by the user, and the temporary ID is automatically input to his own personal computer, and the personal computer is Each time information (signal) is sent to the server, it is automatically added to the information and sent to the server.
  • the second processing unit 4 shown in FIG. 3 monitors whether or not the temporary ID ⁇ has been normally transmitted from the third processing unit 2 to the user.
  • causes the first processing unit 3 to generate a new temporary ID4 causes the third control unit 2 to retransmit it, and repeats this until a normal transmission is performed.
  • the reception processing of the user is completed.
  • the server repeats the series of reception processing shown in Fig. 1 each time it receives an access request from the user, issues a different temporary ID to the user every time access is granted, and also stores the temporary ID collation data. Create Also, when two or more access requests are made based on the same authentication information, a different temporary ID is issued to each as long as the authentication information is correct.In this case, the temporary ID collation data is sequentially transmitted. Rewrite. More specifically, the first processing unit 3 in the server system 1 of the present invention shown in FIG. 3 is different from each other as long as the authentication information is correct, even if there are two or more access requests based on the same authentication information. ID # is issued, and the temporary ID collation data is output to the second processing unit 4 each time.
  • the second processing unit 4 to which the data has been input already has the same authentication information as the authentication information existing during the data input this time in the previously input data.
  • the temporary ID paired with the previously entered authentication information during the night is rewritten to the temporary ID in the data entered this time.
  • the second processing unit 4 creates and stores information (temporary ID list) in which one (latest) temporary ID is paired with one piece of authentication information.
  • the server receives the information (information request signal requesting the server 1 to deliver the desired information) transmitted from the user who is permitted to access under the above environment, the server It is determined whether or not the same temporary ID as the added temporary ID exists in the temporary ID list stored in the second processing unit 4 in FIG.
  • the transmission and reception of information with the user is continued, and music information, video information and other desired information are distributed to the user. If a temporary ID identical to the temporary ID added to the signal from the user is not present in the temporary ID list, the signal from the user is ignored and an error is displayed.
  • the information request signal 8 transmitted from the user is received by the second processing unit 4 in the server system 1 of the present invention, and the temporary ID added to the signal is It is determined whether or not the temporary ID is present in the temporary ID list of the second processing unit 4. If the same temporary ID exists, the received information request signal 8 is The information is transmitted to various processing units (not shown) for providing information according to the primary request. On the other hand, if the same temporary ID does not exist in the temporary ID list, the information request signal 8 is ignored, and a signal for displaying an error message to that effect on the personal computer of the user (error display signal 9). Is sent.
  • the server system 1 of the present invention shown in FIG. 3 executes the method for preventing unauthorized simultaneous access to the network of the present invention shown in FIGS. Is prevented. That is, it is possible to prevent two or more users from simultaneously transmitting and receiving information based on the same authentication information as the server on the network.
  • the server system of the present invention in the first embodiment implements the method for preventing unauthorized simultaneous access to a network of the present invention by three processing units of a first processing unit to a third processing unit.
  • Fourth and fifth processing units may be provided, and a part of the processing performed by the first to third processing units may be performed by another processing unit.
  • all or part of the processing performed by each of the first to third processing units is performed by another processing unit to reduce the load on some of the processing units.
  • the number can be reduced (for example, the first processing unit performs all or a part of the processing performed by the third processing unit in FIG. 3).
  • the processing unit in the server system performs the processing according to a software program for causing the processing unit to perform the processing.
  • a special software program must be installed on a user's personal computer or special settings must be made. No need to go.
  • the reception, storage, and addition to the transmission signal of the temporary ID issued from the server can all be realized by a general-purpose software program.
  • this type of software program is pre-installed on ordinary personal computers at the time of purchase, or can be installed extremely easily and at low cost.
  • the predetermined processing unit It is desirable to record the processing results, access information, and other necessary information, and to be able to confirm such information as necessary.
  • the method for preventing unauthorized simultaneous access to a network even if access to the server itself is permitted based on the same authentication information, it is issued every time access is permitted separately from the authentication information. If the temporary ID automatically added to the information sent to the server from the user end is not the latest temporary ID, it is impossible to continue sending and receiving information to and from the server. Therefore, even if a legitimate specific user intentionally leaks his / her own authentication information or leaks authentication information due to negligence, it sends and receives information to and from the server based on the authentication information (for example, the transmission of specific information to the server).
  • the temporary ID added to the information transmitted by the user is ignored because it is not the latest one, even though the user is a legitimate specific user, the user's authentication information is not recognized by a third party. Since it is known that the information has been leaked, contacting the server and issuing new authentication information can quickly protect their own interests.
  • a specific user when accepting advance reservations for tickets on the Internet on a first-come, first-served basis, a specific user intentionally leaks his / her authentication information to a plurality of persons, and the plurality of persons simultaneously access the Internet to make a profit. It is also possible to prevent attempts to occupy a single user, thereby protecting the interests of the ticket issuer and other well-intentioned specific users.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne une identification temporaire changée en permanence et émise séparément d'une information d'authentification émise au préalable, chaque fois qu'un utilisateur effectue un accès. Lorsqu'une identification temporaire, différente de la précédente, est émise à l'intention de l'utilisateur de certaines informations d'authentification, cette identification temporaire est actualisée dans l'ordre par rapport à la dernière. Seule l'information à laquelle est ajoutée la dernière identification temporaire est reçue, un seul utilisateur pouvant ainsi transmettre / recevoir les informations au / du serveur, conformément à un ensemble d'informations d'authentification.
PCT/JP2000/001819 2000-03-24 2000-03-24 Procede pour empecher un acces simultane non autorise a un reseau et systeme serveur utilise a cet effet WO2001071515A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2000/001819 WO2001071515A1 (fr) 2000-03-24 2000-03-24 Procede pour empecher un acces simultane non autorise a un reseau et systeme serveur utilise a cet effet
AU33273/00A AU3327300A (en) 2000-03-24 2000-03-24 Method for preventing unauthorized simultaneous access to network and server system used therefor

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2000/001819 WO2001071515A1 (fr) 2000-03-24 2000-03-24 Procede pour empecher un acces simultane non autorise a un reseau et systeme serveur utilise a cet effet

Publications (1)

Publication Number Publication Date
WO2001071515A1 true WO2001071515A1 (fr) 2001-09-27

Family

ID=11735824

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2000/001819 WO2001071515A1 (fr) 2000-03-24 2000-03-24 Procede pour empecher un acces simultane non autorise a un reseau et systeme serveur utilise a cet effet

Country Status (2)

Country Link
AU (1) AU3327300A (fr)
WO (1) WO2001071515A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005038661A1 (fr) * 2003-10-22 2005-04-28 Matsushita Electric Industrial Co., Ltd. Dispositif et procédé d'authentification d'un terminal
JP2008239021A (ja) * 2007-03-28 2008-10-09 Denso Corp 車両制御装置及びそのデータ書換システム
JP2014158300A (ja) * 2011-04-05 2014-08-28 Apple Inc 電子的アクセスクライアントを記憶する装置及び方法

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11149451A (ja) * 1997-11-14 1999-06-02 Fujitsu Ltd 複数サーバ間のid共有方法及びシステム及び複数サーバ間のid共有プログラムを格納した記憶媒体及び管理装置及び管理プログラムを格納した記憶媒体
JPH11174956A (ja) * 1997-11-11 1999-07-02 Internatl Business Mach Corp <Ibm> 臨時署名認証の方法及びそのシステム
JPH11306141A (ja) * 1998-04-23 1999-11-05 Nec Eng Ltd 有資格者判定方式

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11174956A (ja) * 1997-11-11 1999-07-02 Internatl Business Mach Corp <Ibm> 臨時署名認証の方法及びそのシステム
JPH11149451A (ja) * 1997-11-14 1999-06-02 Fujitsu Ltd 複数サーバ間のid共有方法及びシステム及び複数サーバ間のid共有プログラムを格納した記憶媒体及び管理装置及び管理プログラムを格納した記憶媒体
JPH11306141A (ja) * 1998-04-23 1999-11-05 Nec Eng Ltd 有資格者判定方式

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005038661A1 (fr) * 2003-10-22 2005-04-28 Matsushita Electric Industrial Co., Ltd. Dispositif et procédé d'authentification d'un terminal
US7603369B2 (en) 2003-10-22 2009-10-13 Panasonic Corporation Terminal authentication apparatus and method
JP2008239021A (ja) * 2007-03-28 2008-10-09 Denso Corp 車両制御装置及びそのデータ書換システム
JP2014158300A (ja) * 2011-04-05 2014-08-28 Apple Inc 電子的アクセスクライアントを記憶する装置及び方法
US9332012B2 (en) 2011-04-05 2016-05-03 Apple Inc. Apparatus and methods for storing electronic access clients
US9686076B2 (en) 2011-04-05 2017-06-20 Apple Inc. Apparatus and methods for storing electronic access clients

Also Published As

Publication number Publication date
AU3327300A (en) 2001-10-03

Similar Documents

Publication Publication Date Title
JP5274096B2 (ja) デジタルコンテンツ配信に対する否認防止
CN101589361B (zh) 控制数字身份表示的分发和使用的方法
CN101202762B (zh) 用于存储和检索身份映射信息的方法和系统
US7457950B1 (en) Managed authentication service
US6393563B1 (en) Temporary digital signature method and system
JP4274421B2 (ja) 擬似匿名によるネットワーク上におけるユーザーおよびグループ認証方法およびシステム
KR100632984B1 (ko) 네트워크를 통해 이용자와 컴퓨터의 인증과 보증을수행하기 위한 방법 및 장치
US20020049912A1 (en) Access control method
US10496806B2 (en) Method for secure operation of a computing device
JP3479634B2 (ja) 本人認証方法および本人認証システム
US20100042847A1 (en) Method for authentication using one-time identification information and system
US7055742B2 (en) Method for secure on-line voting
CN102741851A (zh) 提高用户账户访问安全性的系统和方法
GB2354102A (en) System for communicating over a public network
JP2001175599A (ja) 認証システム
KR100375273B1 (ko) 인터넷상에서의 신원확인방법 및 시스템
US12093403B2 (en) Systems and methods of access validation using distributed ledger identity management
US20010048359A1 (en) Restriction method for utilization of computer file with use of biometrical information, method of logging in computer system and recording medium
JP2007133743A (ja) サービス提供サーバおよび認証システム
US20070192606A1 (en) Electronic terminal device protection system
KR20070029537A (ko) 무선단말기와 연동한 개인별고유코드를 활용한인증시스템과 그 방법
KR20000037267A (ko) 지문을 이용한 인터넷 인증 시스템 및 그 방법
WO2001071515A1 (fr) Procede pour empecher un acces simultane non autorise a un reseau et systeme serveur utilise a cet effet
US20140373131A1 (en) Method for controlling the access to a specific type of services and authentication device for controlling the access to such type of services
JPH06290152A (ja) 利用者認証装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AU BR CA CN ID IL IN JP KR MN MX NO NZ RU SG TR US ZA

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT CH DE DK ES FI FR GB GR IT LU NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref country code: JP

Ref document number: 2001 569636

Kind code of ref document: A

Format of ref document f/p: F

122 Ep: pct application non-entry in european phase