WO2004061691A1 - Dispositif de controle de mot de passe - Google Patents

Dispositif de controle de mot de passe Download PDF

Info

Publication number
WO2004061691A1
WO2004061691A1 PCT/JP2002/013671 JP0213671W WO2004061691A1 WO 2004061691 A1 WO2004061691 A1 WO 2004061691A1 JP 0213671 W JP0213671 W JP 0213671W WO 2004061691 A1 WO2004061691 A1 WO 2004061691A1
Authority
WO
WIPO (PCT)
Prior art keywords
password
authentication
information
authentication destination
destination
Prior art date
Application number
PCT/JP2002/013671
Other languages
English (en)
Japanese (ja)
Inventor
Naoya Takahashi
Original Assignee
Fujitsu Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fujitsu Limited filed Critical Fujitsu Limited
Priority to PCT/JP2002/013671 priority Critical patent/WO2004061691A1/fr
Publication of WO2004061691A1 publication Critical patent/WO2004061691A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present invention relates to an authentication technique using a password.
  • the more the amount of information the more secure the user ID or password.
  • the more characters in a character string that compose a password the more secure the password.
  • the more complex the combination of character strings that make up the password the more difficult it is to crack the password, and the higher the security provided by the password. Disclosure of the invention
  • an object of the present invention is to improve user convenience while ensuring security in user authentication using a password.
  • the present invention employs the following means in order to solve the above problems. That is, the present invention is a password management device for managing a password,
  • Password generating means for generating a second password based on the first password and the information on the authentication destination;
  • Means for obtaining authentication by the authentication destination by the second password are provided.
  • This password is, for example, a password for the server to authenticate the user when the user accesses the server on the network from the client terminal. Therefore, in such a case, the present password management device can be configured as a client terminal.
  • a first password for the authentication destination is input by the user.
  • the first password may be a character string that is easy for the user to remember.
  • This password management device generates a second password based on the first password and the information on the authentication destination. It is preferable that the second password has a more complicated configuration than that of the first nesting mode to enhance security.
  • This password management device registers the second password with the above-mentioned authentication destination. Thereby, when accessing the authentication destination from the next time, the password management computer obtains the authentication by the authentication destination using the second password. Therefore, the user memorizes the simple first password, and the password management device obtains the authentication of the authentication destination with a password that is highly secure.
  • the password management device stores the second password together with the information on the authentication destination,
  • Means for retrieving the second password when obtaining the authentication by the authentication destination may be further provided.
  • the password management device further includes random number generation means, and the password generation means generates a second password based on the first password, the information on the authentication destination, and a random number. Good.
  • the password management device further comprises: means for referring to information relating to a current time;
  • the passcode generating means may generate a second password based on the first password, the information on the authentication destination, and the information on the current time.
  • the second password is composed of the changing information such as the information related to the current time such as the random number, the date or the time, and the first password and the information related to the authentication destination. Generated based on Therefore, even if the user uses the same first password for the same connection destination, a different second password is generated every time the password is registered, and the connection destination password is updated.
  • the user can update the password of the connection destination simply by performing the password update operation while storing the same simple password. There is no burden on the user for storing a new password by updating the password. For this reason, the same password can be prevented from being used for a long time.
  • the present invention may be a method in which a computer or other device, machine, or the like executes any one of the above processes.
  • the present invention may be a program that causes a computer or other device, machine, or the like to realize any of the above functions.
  • such a program may be recorded on a recording medium readable by a computer or the like.
  • These computers are, for example, information devices such as personal computers, PDAs, mobile phones, PHSs, digital TVs, satellite TV tuners, and set-top boxes for cable TVs.
  • FIG. 1 is a system configuration diagram of an information system according to a preferred embodiment of the present invention
  • FIG. 2 is a processing outline diagram of this information system.
  • FI G. 3 is a flowchart showing the password registration process in this information system.
  • FIG. 4 is a flowchart showing the user authentication process in this information system.
  • FIG. 5 is a flowchart showing a user authentication process according to a modification of the information system.
  • FIG. 1 shows a system configuration diagram of an information system according to a preferred embodiment of the present invention.
  • This information system includes a server 2 that provides various services to a user, and a client 1 that accesses the server 2 through a network.
  • the server 2 is a general computer having a communication board for communicating through a network, a storage device (memory, hard disk, etc.) for storing information, a CPU for executing programs, and the like.
  • the client 1 is a personal computer, a PDA (Personal Digital (Data) Assistants), a portable telephone, a PHS (Personal Handyphone System), a Tesita Nore TV, a satellite TV tuner, a Cape-Nore TV set-top box, or the like.
  • PDA Personal Digital
  • PHS Personal Handyphone System
  • Tesita Nore TV a satellite TV tuner
  • Cape-Nore TV set-top box or the like.
  • the user operates the operation unit of the client 1, for example, a keyboard, a pointing device, a remote controller, a push button, and the like, and accesses the server 2 via the network.
  • Server 2 grants access from client 1 after completing user authentication. Conventionally, in such user authentication, the ID, password, and the like input by the user have been transmitted to the server 2 as it is.
  • the client 1 executes an application program for converting a password.
  • This application program is The password input by the user is converted into a more complicated format by a predetermined procedure and transmitted to the server 2.
  • a simple and easy-to-remember password can be selected as the password input by the user.
  • the password transmitted from the client 1 to the server 2 may be complicated and secure.
  • Fig. 2 shows a schematic diagram of the processing of this information system.
  • a user accesses a specific server (corresponding to an authentication destination) from Client 1 and receives information or services.
  • a specific server corresponding to an authentication destination
  • receives information or services for the first time access to the server, no .
  • An outline of a process for setting a puzzle will be described.
  • the user selects a server to be connected (S1). Therefore, the user inputs information specifying a connection destination to the client 1, for example, a URL (Uniform Resource Locator), an IP (Internet Protocol) address, and the like.
  • the server may be designated by selecting a channel of a dedicated medium such as a cable television, a satellite broadcast, and a terrestrial digital broadcast. This server is also called a connection destination.
  • the user inputs a user ID for accessing the server and a password for authenticating the user (S2).
  • the application program executed on the client 1 generates a random number when accessing the server for the first time. Then, the application program generates a complicated second password from the connection destination, a character string (first password) that is the input password, and the generated random number (S3), and transmits it to the server (S4). ).
  • the client 1 executing step S4 of the application program corresponds to a means for registration and a means for obtaining authentication.
  • the client 1 corresponds to a password management device.
  • the server registers the user with the transmitted second password and uses it for subsequent user authentication (S5).
  • Client 1 saves the generated second password, so that the next time the server is accessed, it will be accessed using the second password. I'll do it.
  • FIG. 3 is a flowchart showing a password registration process in this information system. This process is executed when a password is registered from the client 1 to the server.
  • Client 1 When Client 1 connects to the server for the first time, Client 1 displays, for example, an ID registration screen.
  • the ID registration screen is also displayed when updating the password on a server whose password is already registered.
  • This ID registration screen is a screen generally provided by the server to the user. This ID registration screen is displayed by a communication program, for example, a browser on the client 1.
  • the user inputs a first password composed of an ID and a simple character string on the ID registration screen (S11). Then, the application program on the client 1 acquires the ID, the first password, and the server name (such as a URL indicating a connection destination) (S12).
  • This application program may be executed as one module in the communication program, or may be executed as a program independent of the communication program.
  • the application program creates a unique character string (hereinafter referred to as a search key) based on the ID, the first password, and the server name (S13).
  • the application program generates a random number (S14).
  • the application program generates a character string (hereinafter, referred to as a second password) based on the ID, the first password, and the random number of the server name (S15).
  • the application program passes the second password to the communication program (browser) that displays the ID registration screen.
  • the communication program sends the input ID and the generated second password to the server (S16).
  • the server executes registration processing of the transmitted ID and the second password (S17).
  • the server reports the processing result to client 1.
  • This report is a registration completion or non-registration notice.
  • the user confirms the completion of the registration (S18). For example, the registration cannot be made because the combination of the ID and the second password is This is the case when it is being used by the user. In this case, the user displays the ID registration screen again and repeats the processing procedure from S11.
  • Client 1 registers the second password together with the search key created in S13 in a database (corresponding to a means for storing the second password) (S1). 9). After that, the client 1 ends the processing (S20).
  • the search password is used to search for the second password, which is used for user authentication.
  • FIG. 4 shows a flowchart showing the user authentication process in this information system.
  • the client 1 When the client 1 connects to the user-registered server, the client 1 displays, for example, an ID input screen.
  • This ID input screen is, for example, a normal screen provided by the server to the user when the user logs on to the server.
  • This ID input screen is displayed by a communication program, for example, a browser on the client 1.
  • the user inputs the ID and the first password on the ID input screen (S21). Then, the application program on the client 1 acquires the ID, the first password, and the server name (such as a URL indicating the connection destination) (S22). Then, the application program creates a search key based on the ID, the first password, and the server name (S23).
  • this database is composed of a record having a search key (key and display in FIG. 4) and a character string as a second password.
  • the structure of this database may be realized as a table of fixed-length records, or may be realized by records of variable-length records. Also, it may be expressed by tags in a language such as record XML (extensible Markup Language).
  • the application program passes the second password to the communication program (browser) that displays the ID registration screen.
  • the communication program sends the input ID and the second password acquired from the database to the server (S26).
  • a simple character string (first password) input by the user
  • a new character string (first password) based on the server name of the connection destination, and the like.
  • Generate a second password and use it as a password to access the server.
  • the character string entered by the user is an easy-to-remember character string, and authentication to the server can be performed using a complicated character string that cannot be easily understood by others when transmitted to the server.
  • the generated character string is created by the application program for each connection destination, the user does not need to manage a plurality of passwords for each connection destination.
  • a server can use a more secure password without having to make the user remember a long password.
  • the second password is generated from information including a random number in addition to the character string input by the user and the server name of the connection destination. Therefore, even if the user inputs the same simple character string to the same connection destination, a different second password is generated for each input, and is registered in the partner server and also in the database.
  • a random number is used when generating the second password.
  • the practice of the present invention is not limited to such a procedure.
  • information such as date and time is used as a simple character string for the first password, You may generate a second password in addition to the name.
  • the second password was generated from the first password, which is a simple character string entered by the user, the server name of the connection destination, and a random number. Then, this second password was registered in the connection destination server and also in the database in client 1. As a result, the second password was referenced in subsequent access to the server and used for user authentication.
  • a second password may be easily managed without using a database.
  • FIG. 5 is a flowchart showing a user authentication process according to a modification of the information system.
  • random numbers are not used to generate the character string that is the second password.
  • FIG.5 shows the process when connecting (for example, logging on) to a server for which a password has already been registered.
  • an ID input screen is displayed on the client 1 (S21). Therefore, the user inputs the ID and the first password which is a simple character string.
  • the application program obtains the ID, the first password, and the server name of the connection destination (S22).
  • the application program generates a character string that is the second password based on the ID, the first password, and the server name of the connection destination (S25A).
  • a random number is not used unlike FIG.3. Therefore, as long as the user sets the same simple character string for the same connection destination, the same second password is generated. Therefore, this process does not require the second password to be stored in the database.
  • the communication program of the client 1 acquires the second password from the application program, and transmits the second password to the server together with the ID (S26).
  • the application program does not use information such as a random number or date and time when generating the second password, so that the second password is fixedly generated from the first password and the server name of the connection destination. Therefore, the second pass To update the password, the user must change the primary password.
  • this makes it possible to simply configure the application program. Also, there is no need to provide a database, and the configuration of the client 1 can be simplified.
  • the computer-readable recording medium refers to a recording medium in which information such as data and programs is stored by electrical, magnetic, optical, mechanical, or chemical action, and can be read from the computer.
  • Examples of such a recording medium that can be removed from the computer include a flexible disk, a magneto-optical disk, CD_R0M, CD-R / W, DVD, DAT, 8 mm tape, and a memory card.
  • a recording medium fixed to the computer includes a hard disk and a ROM (read only memory).
  • the above program can be stored in a hard disk or a memory of a computer and distributed to other computers through a communication medium.
  • the program is transmitted over a communication medium as a data communication signal embodied by a carrier wave.
  • the computer receiving the distribution can be provided with the above function.
  • the communication medium may be a wired communication medium such as a metal cable including a coaxial cable and a twisted pair cable, an optical communication cable, or a wireless communication medium such as a satellite communication and a terrestrial radio communication. Either may be used.
  • a wired communication medium such as a metal cable including a coaxial cable and a twisted pair cable, an optical communication cable, or a wireless communication medium such as a satellite communication and a terrestrial radio communication. Either may be used.
  • the carrier is an electromagnetic wave or light for modulating a data communication signal.
  • the carrier may be a DC signal.
  • the data communication signal has a baseband waveform without a carrier. Therefore, the data communication signal embodied in the carrier consists of a modulated broadband signal and an unmodulated baseband signal (voltage (Corresponding to a case where a DC signal of 0 is used as a carrier wave).
  • the present invention can be used in the information communication service industry and the information communication equipment manufacturing industry.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un dispositif de contrôle de mot de passe permettant de contrôler un mot de passe. Ce dispositif comprend un moyen (S11) pour recevoir l'entrée d'un premier mot de passe sur une destination d'authentification prédéterminée, un moyen de génération de mot de passe (S15) pour générer un second mot de passe en fonction du premier mot de passe et des informations concernant la destination d'authentification, un moyen (S16) pour enregistrer le second mot de passe sur la destination d'authentification, et un moyen (S26) pour acquérir l'authentification par la destination d'authentification, au moyen du second mot de passe.
PCT/JP2002/013671 2002-12-26 2002-12-26 Dispositif de controle de mot de passe WO2004061691A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/JP2002/013671 WO2004061691A1 (fr) 2002-12-26 2002-12-26 Dispositif de controle de mot de passe

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2002/013671 WO2004061691A1 (fr) 2002-12-26 2002-12-26 Dispositif de controle de mot de passe

Publications (1)

Publication Number Publication Date
WO2004061691A1 true WO2004061691A1 (fr) 2004-07-22

Family

ID=32697309

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2002/013671 WO2004061691A1 (fr) 2002-12-26 2002-12-26 Dispositif de controle de mot de passe

Country Status (1)

Country Link
WO (1) WO2004061691A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006008318A1 (de) * 2006-02-20 2007-08-30 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Verfahren und Vorrichtung zum automatischen Erzeugen von Passwörtern
WO2009157482A1 (fr) * 2008-06-27 2009-12-30 エヌ・ティ・ティ・コミュニケーションズ株式会社 Terminal de communication, dispositif de génération d’informations d’authentification, système d’authentification, programme de génération d’informations d’authentification, procédé de génération d’informations d’authentification et procédé d’authentification

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000148689A (ja) * 1998-11-10 2000-05-30 Nec Corp ネットワークシステムのユーザ認証方法
JP2002073562A (ja) * 2000-09-04 2002-03-12 Ntt Communications Kk 単一ユーザパスワードによる複数サイトアクセス方法及びその装置

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2000148689A (ja) * 1998-11-10 2000-05-30 Nec Corp ネットワークシステムのユーザ認証方法
JP2002073562A (ja) * 2000-09-04 2002-03-12 Ntt Communications Kk 単一ユーザパスワードによる複数サイトアクセス方法及びその装置

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102006008318A1 (de) * 2006-02-20 2007-08-30 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Verfahren und Vorrichtung zum automatischen Erzeugen von Passwörtern
DE102006008318B4 (de) * 2006-02-20 2008-03-20 Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. Verfahren und Vorrichtung zum automatischen Erzeugen von Passwörtern
WO2009157482A1 (fr) * 2008-06-27 2009-12-30 エヌ・ティ・ティ・コミュニケーションズ株式会社 Terminal de communication, dispositif de génération d’informations d’authentification, système d’authentification, programme de génération d’informations d’authentification, procédé de génération d’informations d’authentification et procédé d’authentification

Similar Documents

Publication Publication Date Title
CN108322469A (zh) 信息处理系统、方法和装置
US8402518B2 (en) Secure management of authentication information
CN102100111B (zh) 用于提供时间性信息的方法和设备
JP2013143616A (ja) 無線通信端末、情報提供媒体、アクセスポイント、無線通信方法およびプログラム
US10375061B2 (en) Communication apparatus, reminder apparatus, and information recording medium
JP2005502943A (ja) デバイスをプログラムするためのプログラミング情報を提供するための方法とシステム
CN101605031A (zh) 一种面向电视台应用的跨域单点登陆系统
JP2009237687A (ja) 画面共有サーバ、画面共有システム及び画面共有方法
JP2012124604A (ja) 機器制御装置、機器制御方法およびプログラム
KR101770297B1 (ko) 온라인 서비스 접속 방법 및 그 장치
KR100782836B1 (ko) 컨텐츠 관리 방법, 장치 및 저장매체와 이를 이용한 적응적컨텐츠 재생 방법
JP2004342088A (ja) 端末機器認証システム、端末機器、第1の振り分けサーバ、振り分けシステム、サービスサーバ、第2の振り分けサーバ、端末機器方法、第1の振り分け方法、振り分け方法、サービス提供方法、サービスサーバ方法、第1の振り分け方法、第2の振り分け方法、端末機器プログラム、第1の振り分けプログラム、振り分けプログラム、サービスサーバプログラム、第2の振り分けプログラム、及び記憶媒体
US20050076096A1 (en) Registering device and method, information processing device and method, providing device and method, and program storage medium
CN103974141B (zh) 视频自动跳转播放的方法、终端及系统
JP2012005037A (ja) Webサイトログイン方法及びWebサイトログインシステム
JP2005032230A (ja) 電子装置及びWebページ生成方法
US20130326601A1 (en) Communication system
JP4453656B2 (ja) 端末認証装置および方法
US20070136359A1 (en) Contents list providing apparatus and contents list providing method
JP2002034067A (ja) サーバ装置
US7908553B2 (en) Information processing apparatus, information processing method, recording medium, and program
WO2004061691A1 (fr) Dispositif de controle de mot de passe
JP2013211647A (ja) 情報処理装置、通信システムおよび情報処理方法
JP5069168B2 (ja) ネットワーク運用監視システム、マネージャ装置、及びネットワーク運用監視方法
CN107222859A (zh) 一种设备联网的方法及装置

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): JP US

NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP