WO2004090738A1 - パスワード変更システム - Google Patents
パスワード変更システム Download PDFInfo
- Publication number
- WO2004090738A1 WO2004090738A1 PCT/JP2004/005205 JP2004005205W WO2004090738A1 WO 2004090738 A1 WO2004090738 A1 WO 2004090738A1 JP 2004005205 W JP2004005205 W JP 2004005205W WO 2004090738 A1 WO2004090738 A1 WO 2004090738A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- password
- management server
- application
- user
- update
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
- H04L63/0846—Network architectures or network communication protocols for network security for authentication of entities using passwords using time-dependent-passwords, e.g. periodically changing passwords
Definitions
- the present invention relates to a password change system.
- Patent Document 1 discloses a password change method for a plurality of services using the same password. According to this password change method, the password management device sequentially activates each application program that provides the service and instructs the password change. At this time, a failure may occur in which one of the plurality of application programs cannot change the password normally.
- Examples of cases where the password cannot be changed normally include a power failure such as a hard failure of the external disk of the system or an instantaneous interruption, or a connection failure of a network cable.
- the password management device When such a failure occurs, the password management device notifies the user again of the application program that cannot change the password correctly when the user restarts the application program to use the corresponding service. Prompts you to change your password.
- Patent Document 1 Japanese Patent Application Laid-Open No. 2000-169777
- the present invention has been made in view of such a problem, and when one of the plurality of application apparatuses fails to change the path mode, the path modes of the plurality of application apparatuses are unified.
- the purpose is to provide a management server device, an application device, and a password change system that can do this.
- the present invention provides a management server device that instructs a plurality of application devices that provide each service to one user authenticated by one password to update the password.
- a third means is provided in which, when one device exists, the passcodes of all application devices are those before updating.
- the passwords of all the application devices are the same as those before the update.
- the passwords of a plurality of application devices can be kept unified.
- the management server device may further include fourth means for receiving a password update request from a user device, and the first means may attempt to update a password based on the received update request. .
- the management server device can attempt to update the password based on the user's intention.
- the first means instructs all application apparatuses to update a passcode
- the second means includes: For each application device, it is determined whether or not the update of the password has failed.
- the third means may determine that the update of the password has failed for at least one of the application devices. Instructs the other application devices that have been updated successfully to restore the password before the update.
- the second judging means judges whether or not the password update of any of the application devices has failed, and the third judging device judges whether or not the password of at least one application device has been updated. If it is determined that the password has failed, an instruction is issued to the application device that has successfully updated the password to restore the password before the update. Even if the update fails, the passcodes of all application devices can be quickly unified.
- the fourth means receives the update request including a user's new password and an old password, and the first means includes a new password included in the received update request. And generating an update instruction including the old passcode and transmitting the generated update instruction to all the application devices.
- the fourth means receives an instruction to update the password including the new passcode from the user. This allows the user to specify any new password.
- the second means includes: a response receiving unit that receives a response indicating success or failure of updating the password from each application device; and, when the received response indicates success, the application receiving unit. And determining that the password update has failed for the application device when the received response indicates failure in updating the password of the application device. .
- the response receiving unit receives the ⁇ response from each application device, and the determination unit determines that the change of the path guide of the application device has failed when the response indicates failure. I conclude. This allows Failure to update the password of each application device can be accurately detected.
- the present invention is also ...
- the second means resets the elapsed time measured by the timer to an initial value at the time when the update instruction is transmitted by the first means, and a timer for measuring the elapsed time as time elapses.
- Initialization unit a standby unit that waits for a response indicating success or failure of updating the password from each application device, and a determination that determines whether the measured elapsed time is greater than a predetermined threshold value And the determination unit determines that the elapsed time is equal to or smaller than the threshold value, and the standby unit receives a response from each application device, and the response indicates success.
- For the application device determine that the update of the passcode was successful; otherwise, determine that the update of the password for the application device failed.
- a management server apparatus which comprises a part.
- the determination unit determines that the password change has failed if the response is not received. Therefore, it is possible to reduce wasteful waiting time exceeding the threshold value.
- the first means instructs all application devices to prepare for updating the password
- the second means determines whether or not the preparation for updating the password has not been completed for each application device. And determining that the update preparation has not been completed for at least one of the application devices.
- the management server device is characterized by canceling the update preparation instruction.
- the fourth means receives the update request including a user's new password and an old password, and the first means includes a new password and an old password included in the received update request. Generate an update preparation instruction including a password and transmit the generated update preparation instruction to all application devices? ).
- the fourth means receives an instruction for updating the password including the new password from a user. This allows the user himself to specify any new password.
- the second means includes: a response receiving unit that receives a response from the application device indicating completion or incomplete preparation for updating the password; If it indicates completion, it is determined that preparation for updating the password has been completed for the application device, and if the received response indicates incomplete, preparation for updating the password has not been completed for the application device. And an asserting unit that asserts the following.
- the response receiving unit receives a response from each application device, and the determination unit determines that the preparation for changing the password of the application device is not completed when the response indicates incomplete. I do. As a result, it is possible to accurately detect the incomplete preparation of the password update of each application device.
- the second unit is measured by a timer unit that measures an elapsed time as time elapses, and at a time when the first unit transmits an instruction to prepare for updating, the timer unit measures the time.
- the initialization unit that resets the elapsed time to the initial value
- the standby unit that waits for a response from the application device indicating completion or incomplete preparation for updating the password
- the measured elapsed time A determination unit that determines whether the elapsed time is equal to or smaller than the threshold value, and a response from the application device is received by the standby unit.
- the response indicates completion
- it is characterized in that it includes a determination unit that determines that the preparation for updating the password has been completed, and otherwise determines that the preparation for updating the password has not been completed.
- the management server device is further configured to transmit a message for returning to the original password to the user device when it is determined that the password cannot be updated by the second means. It is characterized by including message transmission means.
- the message transmitting unit transmits the message to the user device, so that the user can know that the password to be used is before the update.
- the management server device further includes management storage means for storing whether or not each application device is under maintenance, and the first means is that there is no application device under maintenance. In this case, the password is tried to be updated.
- the first means attempts to update the password when the application device under maintenance does not exist. Therefore, the first means updates the password of the other application device by updating the password of the application device under maintenance. It is possible to avoid in advance that the change of one step is prevented.
- the first means stops updating the password when there is an application device under maintenance
- the management server further stops the updating of the password by the first means.
- a message transmitting means for transmitting a message to the effect that the updating of the pass-pad is stopped to the user device is included.
- the message transmission means transmits a message to the effect that the updating of the password is interrupted to the user device. It is possible to reliably know that the passcode cannot be updated.
- the application device is connected to the management server device via a first network, and the use: the device is connected to a second device not connected to the first network. It is characterized by being connected to the management server device via a network.
- the management server device can monitor communication between the application device and the user device. it can.
- the first network and the second network are intranets.
- the application device and the user device are connected to the management server device via different intranets, the application device and the user device can be easily configured by using a technology popularized on the Internet. Can be configured.
- the management server device and each application device are connected via a dedicated line, and when updating a password, the management server device connects the dedicated line.
- Information for updating the password is transmitted to and received from each application device via the management server device, and when each service is provided, the management server device transmits and receives the information via the first and second networks. The transmission and reception of the information related to the service may be relayed between the user device and each application device.
- the management server device when updating the password, transmits and receives information for updating the pass- word to and from each application device via the dedicated line. Since communication using a dedicated line has little risk of eavesdropping by a third party, it is possible to omit the process of encrypting the transmission and reception of information at the time of updating the passcode.
- the management server device communicates with the user device and each application device via the first and second networks. Since the transmission and reception of the information related to the service is relayed between them, the transmission and reception of the information for updating the password and the transmission and reception of the information related to the service do not affect each other.
- the application device and the user device according to the present invention are connected to the management server device via a network, and the management server device further includes a type of application and each application.
- Storage means for storing a correspondence table for associating location information on the network of the application device with the network; and type information indicating an application and processing information indicating the content of the process are received from the user device.
- transmission means for transmitting information.
- the acquisition unit acquires the position information of the application device corresponding to the type information using the correspondence table, and the communication unit transmits the position information to the application device indicated by the position information. And transmitting the processing information received from the user device. This allows the management super-apparatus to accurately transfer the processing information transmitted from the user apparatus to the application apparatus.
- the network may be the Internet.
- the management server device can transfer the processing information between the user device located at a remote place and each application device via the Internet.
- the updated new password is an initial password initially assigned to the user
- the first means attempts to update all application devices to the initial password
- the second means For each application device, it is determined whether or not the update to the initial password is impossible.
- the third means described above is that if there is at least one application device that is determined to be impossible, all Update the passcode of the application device It is also a management server device characterized by the above.
- the first means attempts to update to the initial passcode. As a result, even if the user cannot specify a new password, the user can try to update the password.
- the present invention is an application device that provides a service to one user authenticated by one password and updates a password in accordance with an instruction from a management server device, and stores an old password before updating.
- a password storage unit an authentication password storage unit that stores a password used for user authentication, a receiving unit that receives, from the management server device, a restoration instruction for restoring the password to the one before the update,
- An application apparatus comprising: a receiving unit that reads a password before updating from an old password storage unit upon receiving a restoration instruction and overwrites the read password with an authentication password storage unit. It is.
- the application device transmits and receives information related to the service to and from a user device of a user via the management server device.
- the application device since the application device transmits and receives information to and from the user terminal via the management server device, the application device refuses to receive information from devices other than the management server device. By doing so, access from anyone other than the authorized user can be avoided.
- the application apparatus is characterized in that when maintenance is being performed, the application server notifies the management server apparatus of the fact. t According to this configuration, the application apparatus notifies the management server apparatus in advance that maintenance is being performed.
- the server apparatus recognizes in advance that the application apparatus is under maintenance, and can stop or postpone the transmission of information and the transmission of instructions to the application apparatus.
- the application device is connected to the management server device via a first network, and the user device is connected via a second network that is not connected to the first network. It is characterized in that it is connected to the management server device.
- the management server device monitors communication between the application device and the user device. be able to.
- the application device and the management server device are connected via a dedicated line, and when updating a password, the management server device communicates with the management server via the dedicated line.
- Information for updating the password is transmitted and received between the devices, and when each service is provided, information on the service is transmitted and received via the first and second networks. Good.
- the application device uses the dedicated line for transmitting and receiving the information related to the password update, eavesdropping by a third party is hardly performed, and the communication security is high.
- the first network and the second network are used for transmitting and receiving information related to each service, the transmission and reception of information related to the update of the pass-way and the transmission and reception of information related to the service do not affect each other.
- the application device and the user device according to the present invention are connected to the management server device via the Internet.
- the application device and the user device are connected to the management server device via the Internet, the application device, the user device, and the management server device are connected to the management device. Information can be transmitted and received even when each is located in a remote place.
- the present invention relates to a user terminal device, a plurality of application devices that provide each service to one user terminal device authenticated by one password, and a plurality of application devices.
- a password update system comprising a management server device for instructing an update, wherein the management server device includes a first means for updating passwords of all application devices, and a password for each application device.
- a third means wherein each application device is provided with an old passcode storage means for storing a pre-update passcode.
- An authentication password storage unit that stores a password used for user authentication, a receiving unit that receives a restoration instruction for restoring a password before updating from the management server device, and a receiving unit that receives the restoration instruction.
- the passcodes of all the application devices can be set to those before updating.
- the terminal device and each application device in the present invention transmit and receive information via the management server device.
- the application device since the application device transmits and receives information to and from the user terminal via the management server device, the application device refuses to receive information from devices other than the management server device. By doing so, access from anyone other than authorized users can be avoided.
- the application device is connected via a first network to a
- the user device is connected to the management server device via a second network that is not connected to the first network. I do.
- the management server device monitors communication between the application device and the user device. be able to.
- the first network and the second network are intranets.
- the application device and the user device are connected to the management server device via different intranets, respectively, the technology that is widely used on the Internet is used. Can be easily configured.
- the management server device and each of the application devices are connected via a dedicated line, and when updating a password, the management server device: Information for updating the password is transmitted / received to / from the management server via the dedicated line, and when each service is provided, the information is updated via the first and second networks. Information regarding one service may be transmitted and received.
- the application device uses the dedicated line for transmitting and receiving the information related to the password update, so that eavesdropping by a third party is difficult and communication security is high.
- the first network and the second network are used for transmitting and receiving information related to each service, the transmission and reception of information related to the update of the passcode and the transmission and reception of information related to the service have an influence on each other. Absent.
- the application device and the user device are connected to the management server device via a network, and the management server device further includes an application server.
- the type is associated with the location information of each application device on the network.
- Storage means for storing a correspondence table to be associated; receiving means for receiving type information indicating an application and processing information indicating processing content from the user device; and a type received using the correspondence table.
- An acquisition unit for acquiring position information of the application device corresponding to the information, and a transmission unit for transmitting the processing information to the application device indicated by the acquired position information may be included. Good.
- the acquiring unit acquires the position information of the application device corresponding to the type information using the correspondence table, and the transmitting unit transmits the user to the application device indicated by the position information. And transmitting the processing information received from the device.
- the management server device can accurately transfer the processing information transmitted from the user device to the application device.
- the network is the Internet. According to this configuration, since the application device and the user device are connected to the management server device via the Internet, the application device, the user device, and the management server device are connected to each other. Information can be transmitted and received even when each is located in a remote place.
- Figure 1 shows the configuration of the password change system.
- FIG. 2 is a block diagram showing the configuration of the user terminal 100.
- FIG. 3 shows an example of information stored in the storage unit 110.
- FIG. 4 shows a form of information transmitted and received between devices in the present embodiment.
- FIG. 5 shows an example of a login screen and a menu screen displayed on a monitor connected to the user terminal 100.
- FIG. 6 shows an example of a settlement screen and a settlement end screen displayed on a monitor connected to the user terminal 100.
- FIG. 7 shows an example of the passcode change screen and the change completion screen displayed on the monitor connected to the user terminal 100.
- FIG. 8 shows an example of the change failure screen and the forced termination screen displayed on the monitor connected to the user terminal 100.
- FIG. 9 is a block diagram showing a configuration of the application server 200.
- FIG. 10 shows an example of information stored in the information storage unit 210.
- FIG. 11 shows details of the password table 221.
- FIG. 12 shows the details of the application mouth login table 2 31.
- FIG. 13 is a block diagram showing the configuration of the management server 600.
- FIG. 14 shows an example of information stored in the information storage section 610.
- FIG. 15 shows details of the login table 631.
- FIG. 16 shows details of the routing table 641.
- FIG. 17 shows details of the password change table 651.
- FIG. 18 is an example of an error screen displayed on the display unit 613 of the management server 600.
- Figure 19 shows the user terminal 100, management server 600, and application server 2
- Figure 20 shows user terminal 100, management server 600, and application server 2
- FIG. 6 is a front chart showing an operation according to 00. Continued from Figure 19.
- Figure 21 shows user terminal 100, management server 600, and application server 2
- Figure 22 shows the user terminal 100, management server 600, and application server 2
- FIG. 6 is a front chart showing an operation according to 00. Continued from Figure 19.
- Figure 23 shows user terminal 100, management server 600, and application server 2
- FIG. 6 is a front chart showing an operation according to 00. Continued from Figure 19.
- Figure 24 shows the user terminal 100, management server 600, and application server 2
- FIG. 6 is a front chart showing an operation according to 00. Continued from Figure 19.
- Figure 25 shows user terminal 100, management server 600, and application server 2
- Figure 26 shows the user terminal 100, the management server 600, and the application server 2
- FIG. 6 is a front chart showing an operation according to 00. Continued from Figure 19.
- FIG. 27 is a flowchart showing the operation of the password change processing by the management server 600.
- FIG. 28 is a flowchart showing the operation of the password change processing by the management server 600. Continued from Figure 27.
- FIG. 29 is a flowchart showing the operation of the password change process by the management server 600. Continued from Figure 27.
- FIG. 30 is a flow chart showing the operation of the password change processing of the application server 200.
- FIG. 31 is a flowchart showing the operation of the password change process of the application server 200. Continued from Figure 30.
- FIG. 32 is a flowchart showing the operation of the management server 600 for restoring the passcode.
- FIG. 33 is a flowchart showing the operation of password recovery of the application server 200.
- FIG. 34 is a flow chart showing the password recovery operation of the application server 200. Continued from Figure 33.
- Figure 35 is a flowchart showing the operation of mutual authentication between two devices.
- Figure 36 is a flowchart showing the operation of mutual authentication between two devices. Continued from Figure 35.
- FIG. 37 shows passwords stored in each of the abli- ance servers 200 during execution of the password change in the first embodiment.
- FIG. 38 is a configuration diagram showing a configuration of the second embodiment.
- FIG. 39 is a block diagram illustrating a configuration of the management server 600b according to the second embodiment.
- FIG. 40 is a configuration diagram showing the configuration of the third embodiment.
- FIG. 41 is a block diagram illustrating a configuration of the management server 600c according to the second embodiment.
- Fig. 42 shows the details of the password table 62 1 b in the modification (1). Show.
- FIG. 43 shows details of the routing table 641 b in the modification (6).
- the password change system includes a user terminal 100, a first application server 200a, a second application server 200b, a third application server 200c, and a It consists of four application servers 200 d and a management server 600. Each device is connected to the Internet 20.
- the first application server 200a to the fourth application server 200d respectively provide services such as travel expense settlement, vacation application, meeting room reservation, and employee purchase.
- the management server 600 and the first application server 200a to the fourth application server 200d store in advance user IDs of valid users.
- the user provides the first application server 200a to the fourth application server 200d through the Internet 20 and the management server 600 using the user terminal 100. Use services that do.
- the user terminal 100 stores the user's user in the management server 600.
- the 200 d verifies the user ID and password, authenticates that the user of the user terminal 100 is a legitimate user, and provides each application server with its own service.
- the management server 600 receives the instruction for changing the password from the user terminal 100, and receives the current passcode and the new password from the user terminal 100.
- the management server 600 sequentially transmits the received new password to the first application server 200a to the fourth application server 200d. To change the password.
- the management server 600 has already completed the change of the password.
- the current password is sent to the current application server, and the user is instructed to change the password to the current password.
- the application server 200 when the first application server 200a to the fourth application server 200d are not particularly distinguished and when the first application server 200a to the fourth application server 200d are common, all of these are simply referred to as the application server 200. Called.
- the user terminal 100 includes a transmission / reception unit 101, an authentication unit 103, a control unit 107, a storage unit 110, an input unit 112, and an image display unit 113. You.
- the user terminal 100 includes a microprocessor, a RAM, a ROM, and a hard disk (not shown). Computer programs are stored in the RAM, ROM, and hard disk, and the user terminal 100 performs its functions by the microprocessor operating according to these computer programs.
- the storage unit 110 includes a hard disk, a RAM, and a ROM, and stores various types of information.
- the application number table 120 is a table in which services provided by the application server 200 and the management server 600 are associated with application numbers assigned to the respective services.
- the application number “00 1” is a code that indicates a travel expense settlement service.
- the application number “002” is an identification number indicating a vacation application service.
- the application number “003” is an identification number indicating a conference room reservation service, and the application number “004” is an identification number indicating an employee purchase service.
- the application number “05” is an identification number indicating a service provided by the management server, such as a login process and a password change.
- the terminal ID 130 is identification information unique to the user terminal 100.
- the public key certificate 1336 certifies the validity of the public key paired with the private key 135, and includes a certificate ID, the public key, and data signed by a certificate authority.
- the signature data of the certificate authority is generated by applying a signature generation algorithm S to the public key using the secret key of the certificate authority.
- the certificate authority is a third-party organization that issues public key certificates for each device belonging to the password change system.
- the signature generation algorithm S is, for example, an E 1 G a m a 1 signature on a finite field. Since the E 1 G a m a 1 signature is publicly known, its description is omitted.
- CRL 137 contains the certificate ID of a revoked public key certificate issued by a certificate authority.
- the CA public key 1 38 is a public key that is paired with the CA private key.
- the transmitting and receiving unit 101 transmits and receives information between an external device connected to the Internet 20 and the control unit 107 and the authentication unit 103.
- the transmission / reception unit 101 stores the IP addresses of the user terminal 100 and the management server 600.
- the packet 140 is composed of a destination address 1441, a source address 1442, and a data part 144.
- the destination address is the IP address of the destination
- the source address 1442 is the IP address of the source.
- the data section 144 includes, for example, an application number 146, a terminal ID 147, and data 148.
- the application numbers 1 4 6 are the first application server 200 a to the fourth application server And the type of service provided by the management server 600, which is the same as the application number included in the application number table 120.
- the transmission / reception unit 101 receives the data unit 144 including the application number 146, the terminal ID 147 and the data 148 from the control unit 107, and receives the transmission instruction.
- the IP address of the user terminal 100 is set as the source address in 144, and the IP address of the management server 600 is set as the destination address for transmission.
- the abbreviated number 144, terminal ID 144, and data 148 included in the data section 144 are listed for ease of explanation, but in actuality, the data section Since the maximum bit length is determined, although the data length of the data portion is variable, if the data portion exceeds the maximum bit length, the data portion is divided and the divided data portion is divided. 4 Set the destination address and source address for each and transmit.
- the input unit 112 is connected to peripheral devices such as a keyboard and a mouse, accepts operation of the peripheral device by the user, and outputs operation instruction information corresponding to the accepted operation to the control unit 107.
- peripheral devices such as a keyboard and a mouse
- the control unit 107 controls various types of information processing executed by the user terminal 100 by the processor operating according to a computer program.
- control unit 107 receives various operation instruction information from the input unit 112. Based on the received operation instruction information, it performs login processing, use of various services and password change processing.
- the login screen data from the management server 600 the terminal menu screen data, the terminal settlement screen data, the terminal settlement completion screen data, the terminal password change screen data, and the terminal Change completion screen ⁇ Data, screen data such as terminal failure screen data, terminal forced termination screen data, etc., various services, password change, mutual authentication, encryption processing To receive various screen data and various received information.
- the information transmitted from the control unit 107 to the management server 600 via the transmission / reception unit 101 is in the form of a bucket 140 shown in FIG.
- the control unit 107 reads the terminal ID 130 from the storage unit 110, extracts the application number from the application number table 120, reads out the terminal ID 130, the extracted application number, and various information.
- a data part 1 4 3 consisting of The generated data section 144 is output to the transmission / reception section 101 to instruct transmission.
- the following describes the login process, the process of using various services, and the process of changing the password.
- control unit 107 Upon receiving the operation instruction information indicating the electronic application from the input unit 112, the control unit 107 instructs the authentication unit 103 to perform mutual authentication with the management server 600.
- the authentication unit 103 Mutual authentication by the authentication unit 103 is established, a terminal common key is received from the authentication unit 103, and the received terminal common key is stored.
- the login screen data is received from the management server 600 via the transmission / reception unit 101, and the received login screen data is used to generate the login screen 151, and the generated login is generated.
- the screen 1 5 1 is output to the image display section 1 13 and the display of the login screen 1 5 1 is instructed.
- the mouth-in screen 1 51 shown in FIG. 5 is an example of the screen displayed here.
- the login screen data is data for generating the login screen 151, and is described by H TML.
- the input and the input of the user are received via the input unit 112.
- the pass-pad entered in the password box 153 and the terminal common key are output to the encryption processing unit 108 to instruct encryption. I do.
- an encryption password is received from the encryption processing unit 108, and the application number “0 05” and the terminal ID 1 are received from the storage unit 110. Read out 30.
- the read application number “005”, the terminal ID 130, the received encryption password and the user ID input to the user ID box 152 are output to the transmitting / receiving unit 101, and the transmission to the management server 600 is instructed. .
- terminal menu screen data is received from the management server 600, a menu screen 16 1 is generated from the received terminal menu screen data, and the generated menu screen 16 1 is displayed on the image display section 1 1 Output to 3 and instruct the display of menu screen 16 1.
- FIG. 5 is an example of the menu screen 161 displayed here.
- the terminal menu screen data is data for generating the menu screen 161 and is described in HTML.
- the control unit 107 receives operation instruction information indicating that the button 162, 163, 164, or 165 has been pressed from the input unit 112, and calculates travel expenses, vacation application, meeting room reservation, or employee, respectively. Start the process of using the purchased service.
- the control unit 107 When receiving the operation instruction information indicating that the button 162 has been pressed from the input unit 112, the control unit 107 extracts the application number “00 1” from the application number table 120 of the storage unit 110, and ID 130 is read, and the extracted application number “00 1” and the read terminal ID 130 are transmitted to the management server 600 via the transmission / reception unit 101 to request service start.
- the control unit 107 receives a wait message, terminal forced termination screen data, or terminal settlement screen data from the management server 600 via the transmission / reception unit 101.
- the terminal forced termination screen data and the terminal settlement screen data are data for generating the forced termination screen 321 and the settlement screen 1-1, and are described in HTML.
- a forced termination screen 3 2 1 is generated from the received terminal forced termination screen data, and the generated forced termination screen 3 2 1 is output to the image display section 1 1 3 and forced termination is performed. Instruct the display of screen 3 2 1 and end the process.
- the forced termination screen 3 2 1 shown in FIG. 8 is an example of the screen displayed here.
- FIG. 6 shows an example of the settlement screen 17 1 displayed here.
- an input by the user is received via the input unit 112.
- operation instruction information indicating that the send button 1 7 3 on the checkout screen 1 7 1 has been pressed is received, and the input data entered on the checkout screen 1 7 1 and the terminal common key are received.
- Data 149 shown in FIG. 4 is an example of the input data output here, and includes a destination, a name of a transportation agency, a fee, and the like.
- the encrypted input data is received from the encryption processing unit 108, the application number “0 0 1” and the terminal ID 13 0 are read from the storage unit 110, and the read application number “0 0 1” and the terminal are read.
- the ID 130 and the received encrypted input data are transmitted to the management server 600 via the transmission / reception unit 101.
- terminal settlement end screen data is received from the management server 600, a terminal settlement end screen 181 is generated from the received terminal settlement end screen data, and the generated settlement end screen 18 1 is displayed as an image. Output to section 1 1 3 and instruct display.
- the settlement end screen 18 1 shown in FIG. 6 is an example of the screen displayed here.
- the terminal settlement end screen data is data for generating the settlement end screen, and is described in HTML.
- operation instruction information indicating that the menu button 18 2 or the log-in button 18 3 on the checkout end screen 18 1 is pressed is received from the input unit 112.
- the image display section 113 is instructed to display the menu screen 16 1, and the menu selection is accepted.
- the control unit 107 Upon receiving the operation instruction information indicating that the logout button 183 has been pressed, the control unit 107 generates a logout notification, and reads the application number “050” and the terminal ID from the storage unit 110. Then, the read application number “050”, the terminal ID, and the log-log notification are transmitted to the management server 600 via the transmission / reception unit 101, and the process ends.
- the control unit 107 Upon receiving the operation instruction information indicating that the button 16 6 on the menu screen 16 1 has been pressed, the control unit 107 generates a password change instruction requesting a password change, and the storage unit 110 The application number “0 0 5” and the terminal ID 13 0 are read out from the device, and the read application number “0 0 5”, the terminal ID 13 0 To the management server 600 via the Internet.
- terminal passcode change screen data is received from the management server 6Q0 via the transmission / reception unit 101.
- a password change screen 191 is generated from the received terminal password change screen data, and the generated password change screen 191 is output to the image display unit 113 to instruct display.
- FIG. 7 is an example of the passcode change screen 191 displayed here.
- the terminal password change screen data is data for generating the password change screen 191, and is described by HTML.
- the passcode entered by the user in the blank 192 will be referred to as the current passcode
- the password entered in the blanks 193 and 194 will be referred to as the new passcode.
- Operation instruction information indicating that the send button 195 has been pressed is received from the input unit 1 1 2. Then, the received current password and new password and the terminal common key are output to the encryption processing unit 108 to instruct encryption. Next, it receives the current encrypted password and the new encrypted password from the encryption processing unit 108.
- the application number “0 05” and the terminal ID 13 0 are read from the storage unit 110, and the read application number “0 5”, the terminal ID 13 0, the received encrypted current password and the encryption are read.
- the new password is transmitted to the management server 600 via the transmission / reception unit 101.
- terminal change completion screen data, terminal change failure screen data, or terminal forced termination screen data is received from the management server 600.
- the change completion screen data for the terminal and the change failure screen data for the terminal are data for generating the change completion screen 301 and the change failure screen 311, respectively, and are described as HTML as an example.
- a forced termination screen 3 2 1 is generated from the received terminal forced termination screen data, and the generated forced termination screen 3 2 1 is generated via the image display unit 1 1 3 Display it on the monitor and end the process.
- a change completion screen 301 is generated from the received terminal change completion screen data, and the generated change completion screen 301 is displayed on the monitor via the image display section 113. indicate.
- FIG. 7 shows an example of the change completion screen 301 displayed here.
- a button operation of the user is received via the input unit 1 1 2.
- operation instruction information indicating that the menu button 3 02 on the change completion screen 3 0 1 has been pressed is received from the input section 1 1 2, the image display section 1 1 3 is instructed to display the menu screen 1 6 1, and Return to menu selection by user.
- the control unit 107 Upon receiving the operation instruction information indicating that the log-in button 303 has been pressed, the control unit 107 generates a log-in notification, and the application number “050” and the terminal ID 130 from the storage unit 110. Is read, the read application number “050”, the terminal ID 130, and the log notification are transmitted to the management server 600 via the transmission / reception unit 101, and the process ends.
- the control unit 107 Upon receiving the terminal change failure screen data, the control unit 107 A change failure screen 3 1 1 is generated from the terminal change failure screen data, and the generated change failure screen 3 1 1 is displayed on the monitor via the image display section 1 13.
- FIG. 8 shows an example of the change failure screen 3 1 1 displayed here.
- a button operation of the user is received via the input unit 1 1 2.
- the operation instruction information indicating that the menu button 3 1 2 on the change failure screen 3 1 1 1 is pressed is received from the input section 1 1 2, the image display section 1 1 3 is instructed to display the menu screen 1 6 1. Return to accepting the menu selection.
- the control unit 107 Upon receiving the operation instruction information indicating that the logout button 3 13 is pressed, the control unit 107 generates a logout notification, and stores the application number “0 0 5” and the terminal ID 1 3 0 from the storage unit 1 10. And transmits the read application number “050”, terminal ID 130, and log-log notification to the management server 600 via the transmission / reception unit 101, and terminates the processing.
- the authentication unit 103 Prior to communication between the control unit 107 and the external device, the authentication unit 103 performs mutual authentication with the external device using the private key 135 and the public key certificate 136, and performs mutual authentication. Only when the authentication is successful, the communication between the control unit 107 and the external device is permitted, and the same terminal common key as the external device is generated.
- the external device is, specifically, the management server 600.
- the encryption processing unit 108 receives various information and the terminal common key from the control unit 107, and is instructed to perform encryption. Upon receiving the encryption instruction, the received terminal common key is used to generate encryption information by applying the encryption algorithm E1 to the received various information, and output the generated encryption information to the control unit 107. I do.
- the various information that the encryption processing unit 108 receives from the control unit 107 is, specifically, a password, input information, a current password, and a new password. Also, it receives various types of encryption information and a terminal common key from the control unit 107, and is instructed to decrypt them.
- the encryption processing unit Upon receiving the decryption instruction, the encryption processing unit performs a decryption algorithm D2 on the received encrypted information using the terminal common key, and generates various types of information.
- the decryption algorithm D 2 is an algorithm for decrypting the cipher text generated by the encryption algorithm E 2, and the encryption algorithms E 1 and E 2 use a common key encryption method such as the DES encryption method as an example. . Description of the DES encryption method is omitted because it is known.
- the image display unit 113 is connected to an external monitor.
- the image display unit 113 receives various screens from the control unit 107 and is instructed to display the screens.
- An image signal is generated from the received screen, a vertical synchronization signal and a horizontal synchronization signal are generated, and the image signal is output to a monitor in accordance with the generated vertical synchronization signal and the horizontal synchronization signal.
- the first application server 200a to the fourth application server 200d provide various services to the user terminal 100.
- the first application server 200a is a travel expense settlement
- the second application server 200b is a vacation application
- the third application server 200c is a conference room reservation
- the fourth application server 200d is an employee. Provide purchase service.
- the application server 200 includes a transmission / reception unit 201, an authentication unit 203, a control unit 207, an encryption processing unit 208, an information storage unit 210, an input unit 212, and a display unit 213.
- the application server 200 includes a microprocessor, a RAM, a ROM, and the like, which are not specifically illustrated. Computer programs are stored in the RAM and ROM, and the application server 200 achieves its functions by the microprocessor operating according to the procedures indicated by these computer programs.
- the information storage unit 210 is composed of a hard disk unit. As an example, as shown in FIG. 10, a password table 221, an application login table 231, a private key 242, a public key certificate 243, a CRL 244 and ⁇
- the certificate authority public key 245 is stored. Also, not specifically shown Stores various programs and image data for executing the service provided by the application server 200.
- the password table 22 is composed of a plurality of password information 2 23, 2 24, 2 25 ....
- Each password information is composed of a user ID, a name and a password. including.
- the user ID has a one-to-one correspondence with a valid user of the application server 200.
- the password is a character string or a numeric string for determining whether the user corresponding to the user ID is a valid user of the application server 200.
- the application login table 2 31 is composed of a plurality of login information 2 32, 2 3 3.
- Each login information includes user ID, name password and terminal ID.
- the user ID corresponds to the user who has completed the password authentication by the application server 200 and is currently using the service provided by the application server 200, and the name and password correspond to the user ID.
- the terminal ID is identification information unique to the user terminal currently used by the user.
- the public key certificate 243 certifies the validity of the public key paired with the private key 242, and includes a certificate ID, the public key, and signature data from a certificate authority.
- the CRL 244 and the certification authority public key 245 are the same as the CRL 137 and the certification authority public key 138 stored in the user terminal 100, and therefore description thereof is omitted.
- the transmission / reception unit 201 stores the IP address of the application server 200 and the IP address of the management server 600.
- the transmission / reception unit 201 transmits / receives information between the control unit 207 and the authentication unit 203 and the management server 600.
- Transmission / reception unit 201 transmits / receives between control unit 207 and management server 600 Each type of information is in the form of a bucket 140 shown in FIG.
- the control unit 207 receives a data unit 143 including an application number, a terminal ID, and various kinds of information, and is instructed to transmit.
- the IP address of the application server 200 is set as the transmission source in the received data unit 144, and the IP address of the application server 200 is set as the transmission destination. Set and send.
- the transmitting / receiving unit 201 refuses to receive information from an external device other than the management server 600. Specifically, it is checked whether or not the source address included in the received bucket is the IP address of the management server 600, and the IP address of the management server 600 is checked. If not, delete the received bucket.
- the input unit 212 receives input of information and instructions by the operator, and outputs the received information and operation instruction information corresponding to the received instructions to the control unit 207.
- the display unit 2 13 displays various information under the control of the control unit 2 07.
- the control unit 2007 controls various kinds of information processing executed by the application server 2000 by the processor operating according to the computer program.
- the control unit 207 receives the public key certificate from the management server 600, outputs the received public key certificate to the authentication unit 203, and instructs mutual authentication with the management server 600.
- the mutual authentication by the authentication unit 203 is successful and the server common key is received from the authentication unit 203, the received server common key is stored. Secret communication is performed using the stored server common key, and information is transmitted and received safely in each process described below.
- control unit 2007 stores an application number indicating a service provided by the application server 200 itself, and stores the application number when transmitting information via the transmission / reception unit 200 in the following processing.
- Application number and the terminal ID of the user terminal 100 used by the user being processed. It generates a data section 144 composed of the information and the generated data section 144, and outputs the generated data section 144 to the transmission / reception section 201.
- the generation of the data section 144 is omitted, and is simply expressed as an application number, a terminal ID, and various information.
- the control unit 207 receives, from the management server 600, the absolute number of the application server 200, the terminal ID, the user ID, the encryption password, and the service start request. Further, the management server 600 receives the application number, the terminal ID, and the password notification from the management server 600.
- the control unit 2007 receives an application number, a terminal ID, a user ID, an encrypted current password, an encrypted new password, and a password change instruction from the management server 600, which correspond to the application server 200.
- the management server 600 receives an application number corresponding to the application server 200, a user ID, an encryption current password, an encryption new password, and a password recovery instruction.
- the control unit 207 receives login information 23 3 including the terminal ID of the user terminal 100, which receives the various information from the management server 600 each time the information is received. Confirm that 2 exists in the application login table 2 3 1, and confirm that the user of the user terminal 100 has already logged in. In the following description of service provision, explanation of confirmation of login at the time of reception is omitted.
- the control unit 207 sends, from the management server 600, the application number, the terminal ID of the user terminal 100 used by the user to be processed, the user ID, the encrypted password, and the service start request. Upon receipt, the service provision process starts.
- a travel expense settlement service provided by the first application server 200a will be described.
- the control unit 2007 receives the encrypted password and generates it by mutual authentication.
- the server common key thus output is output to the encryption processing unit 108, and decryption is instructed.
- the control unit 207 determines whether or not passcode information including the received user ID and password exists in the passcode table 221. If it is determined that the password information including the received user ID and password does not exist in the password table 221, the control unit 207 determines the password stored in the management server 600 and the first password.
- the passcode error signal indicating that the passcodes stored in the application server 200a do not match and the received user ID are transmitted to the management server 600, and the service providing process ends.
- the received user ID and password information 223 including the password are selected.
- login information 2 32 is generated from the received terminal ID, the extracted terminal ID, and the selected password information 2 2 3, and the generated login information 2 3 2 is added to the application login table 2 3 1.
- control unit 207 reads the settlement screen data from the information storage unit 210, extracts the user ID and name from the login information 232, reads the readout adjustment image data, and the extracted user ID and name. Based on the above, terminal settlement screen data is generated.
- the terminal ID is extracted from the login information 2 32, and the application number “0 0 1” stored in the control unit 2 07 itself, the extracted terminal ID, and the generated terminal adjustment screen data are transmitted and received. The information is transmitted to the management server 600 through the unit 201.
- the application number “001”, the terminal ID, and the encryption input data are received from the management server 600.
- the received encrypted input data and the server common key are output to the encryption processing unit 208 to instruct decryption.
- the input data is received from the cryptographic processing unit 108, and the payment processing of the user's expenditure is performed based on the received input data.
- the settlement end screen data is read out from the information storage unit 210, and the read-out settlement end screen data and mouth login information 2 3 2 to generate terminal settlement screen data for the terminal, and transmit the application number “0 0 1”, the terminal ID included in the login information 2 32 and the generated terminal settlement screen data for the terminal to the management server 600. End the travel expense settlement service.
- the control unit 207 sends, from the management server 600, the application ID corresponding to the application server 200 and the terminal ID and user of the user terminal 100 used by the user whose password is to be changed.
- the received terminal ID is temporarily stored.
- the received encrypted current password, the encrypted new password, and the server common key are output to the encryption processing unit 208 to instruct decryption.
- the current password and the new password are received from the encryption processing unit 208, and the password information 222 including the received current password and the received user ID is selected from the password table 221.
- the password of the selected password information 2 2 3 is rewritten with the new password.
- the control unit 207 When the rewriting ends normally, the control unit 207 generates an end signal “1”. If the rewriting fails due to a hard disk failure or the like, an end signal “0” is generated, and the application number of the application server 200, the terminal ID temporarily stored, and the generated end signal are transmitted and received by the transmission / reception unit 20. The password is transmitted to the management server 600 via 1 and the password change process ends.
- the terminal ID Upon receiving an application number, terminal ID, user ID, encrypted current password, encrypted new password and password recovery instruction corresponding to the application server 200 from the management server 600, the terminal ID is temporarily stored. To memorize. Next, the control unit 2007 outputs the received encrypted current password, the encrypted new password, and the server common key to the encryption processing unit 208, and instructs decryption.
- the current password and the new password are received from the cryptographic processing unit 208, and the password information including the received new password and the received user ID is received. Select 2 2 3 from the password table 2 2 1. The password included in the selected password information 2 2 3 is rewritten to the received current password.
- an end signal “1” is generated. If the password rewriting fails, an end signal “0” is generated.
- the application number of the application server 200 itself, the terminal ID temporarily stored, and the generated end signal are transmitted to the management server 600 via the transmission / reception unit 201, and the processing is performed. To end.
- the control unit 207 Upon receiving the application number, the terminal ID of the user terminal 100, and the log notification from the management server 600 via the transmission / reception unit 201, the control unit 207 stores the application login table 231 in the application login table 231. Search for mouth login information 2 3 2 including the terminal ID received by. If the login information including the received terminal ID does not exist in the application login table 231, the logout processing ends.
- the mouth login information 2 32 including the received terminal ID exists in the application login table 231 31, the mouth login information 2 32 including the received terminal ID is deleted, and the logout process is terminated.
- the authentication unit 203 performs mutual authentication with the external device using the secret key 242 and the public key certificate 243 before communication between the control unit 207 and the external device. Only when the authentication is successful, the communication between the control unit 2007 and the external device is permitted, and the same server common key as that of the external device is generated.
- the external device is, specifically, the management server 600.
- the encryption processing unit 208 receives various information and the server common key from the control unit 207, and is instructed to perform encryption.
- the received information is subjected to the encryption algorithm E4 using the received server common key, encryption information is generated, and the generated encryption information is output to the control unit 2007.
- the control unit 207 receives various types of encrypted information and the server common key, and instructs to receive and decrypt them.
- the decryption algorithm D3 is applied to the received encrypted information using the received server common key to generate information, and the generated information is output to the control unit 207.
- the encryption information that the encryption processing unit 208 receives from the control unit 207 is, specifically, an encryption password, encryption input data, an encryption current password, and an encryption new password.
- the decryption algorithm D3 is an algorithm for decrypting the ciphertext generated by the encryption algorithm E3, and the encryption algorithms E3 and E4 are, for example, symmetric key cryptosystems such as DES cryptosystem. It is a method.
- the management server 600 has a transmission / reception unit 601, an authentication unit 603, a password change unit 606, a control unit 607, an encryption processing unit 608, and a password. It is composed of a recovery section 614, a change determination section 609, a change result notification section 615, an information storage section 610, an input section 612, and a display section 613.
- the management server 600 is composed of a microprocessor, RAM, ROM, and hard disk not specifically shown. A computer program is stored in the RAM, ROM, and hard disk, and the management server 600 achieves its functions by the microprocessor operating according to the computer program.
- the information storage unit 610 is composed of a hard disk unit, and as an example, as shown in FIG. 14, a password table 621, a login table 631, a routing table 641, and a password. It stores a change table 651, a private key 661, a public key certificate 662, a CRL 666, and a certificate authority public key 664.
- the pass table 621 has the same configuration as the pass table 221 stored in the application server 200, and thus the description is omitted.
- the mouth gui table 631 as shown in FIG. , And each login information includes user ID, name, password, terminal ID, and processing status.
- the user ID has passed the password authentication by the management server 600 and corresponds to the user who is currently using various services.
- the name and password are the name and password of the user indicated by the user ID.
- the terminal ID is identification information unique to the user terminal currently used by the user indicated by the user ID.
- the processing status indicates the type of processing performed between the user terminal indicated by the terminal ID and the management server 600 and the application server 200. “Normal” is set when processing related to various services by the application server 200 is performed.
- the routing table 641 is composed of a plurality of pieces of route information 642, 643, ..., and each piece of route information includes an application number, a host name, Includes IP address and port number.
- the application number corresponds to the first application server 200a to the fourth application server 200d and is identification information indicating a service provided by each application server. This is the same as the application number included in the application number table 120 stored in the user terminal 100.
- the host name is identification information for specifying the application server 200 corresponding to the application number.
- the IP address is an IP address indicating the location of the application server on the network, and the port number is a destination specified by the management server 600 when transmitting information to the application server 200. Port number.
- the password change table 651 is composed of a plurality of pieces of change information 652, 653, 654, and so on. Each change includes the user ID, the current password and the new password.
- the user ID is identification information assigned to a valid user of the application server 200 and the management server 600.
- the current password is the password change
- the password used by the user at the time of processing, and the new password is the new password set by the user in the password change process.
- the current password is a character string that is entered in the blank box 192 in the password change screen 191 shown in FIG. 7, and the new password is entered in the blank boxes 193 and 194. It is a character string.
- the public key certificate 662 certifies the validity of the public key paired with the private key 661, and includes a certificate ID, the public key, and data signed by a certificate authority.
- the CRL 636 and the certificate authority public key 664 are the same as the CRL 137 and the certificate authority public key 138 stored in the user terminal 100, and therefore description thereof is omitted.
- the information storage section 6 10 stores various screen data.
- the transmitting / receiving unit 600 stores the terminal ID of the user terminal 100 and the IP address of the user terminal 100 in association with each other. Also, the IP address of the management server 600 is recorded.
- the transmission / reception unit 6001 transmits / receives information between each unit in the management server 600 and an external device.
- Various types of information transmitted and received by the transmission / reception unit 600 are in the form of a packet 140 shown in FIG. 4 as an example.
- the transmission / reception unit 601 includes a control unit 607, a password change unit 606 or a password recovery unit 614, and a data unit 14 including an application number, a terminal ID of the user terminal 100, and various information. Receive 3 and be instructed to send.
- the control unit 607 When instructed by the control unit 607 to transmit to the user terminal 100, the source is set to the IP address of the management server 600, and the destination is set to the user terminal 100 based on the terminal ID. Set the IP address, and send the received data section 144.
- the route information is obtained from the routing table 641, based on the application number. Select, extract the IP address and port number from the selected route information, and send to the destination address. Is set to the extracted IP address, the transmission source is set to the IP address of the management server 600, the transmission destination port number is set to the extracted port number, and then transmitted.
- the input unit 612 receives the input of information and instructions by the operator, and outputs the received information and operation instruction information corresponding to the received instructions to the control unit 607.
- the display unit 613 displays various information according to an instruction from the control unit 607.
- the password changing unit 606 receives the application number, the terminal ID, the user ID, the encrypted current password and the encrypted new password from the control unit 607, and is instructed to change the password.
- a password change is instructed from the control unit 607, the following password change process is performed.
- the description of the generation of the data section 144 will be omitted, and will be simply referred to as an output of an absolute number, a terminal ID, and various information.
- the password changing unit 606 Upon receiving the application number, the terminal ID, the encrypted current password, and the encrypted new password from the control unit 607, the password changing unit 606 sends the application server 200 a command to change the password. And generates a password change instruction for instructing a password change, and outputs the received user ID, application number, user ID, encrypted current password, encrypted new password, and generated password change instruction to the transmission / reception unit 601. Then, transmission is instructed to the application server 200.
- the password change unit 606 Simultaneously with the transmission, the password change unit 606 generates a change instruction transmitted signal indicating that the password change instruction has been transmitted to the application server 200, and generates the generated change instruction transmitted signal and the control unit 6.
- the application number and terminal ID received from 07 are output to the change judging unit 609.
- the password recovery unit 614 receives the application number, the terminal ID, the user ID, the encrypted current password, and the encrypted new password from the control unit 607, and is instructed to recover the password.
- the password recovery unit 614 Upon receiving the application number, the terminal ID, the user ID, the encrypted current password, and the encrypted new password from the control unit 607, the password recovery unit 614 receives the application number, the terminal ID, the user ID, the encrypted current password and the encrypted new password. It generates a password recovery instruction to instruct 0 to return the password to the current password, and transmits the received application number, terminal ID, encrypted current password, encrypted new password and generated password recovery instruction.
- the received application number, terminal ID, encrypted current password, encrypted new password, and generated password recovery instruction are output to the transmitting / receiving unit 61, and the application server 2 corresponding to the abbreviated number is output. Send to 0 0.
- the password recovery unit 614 Simultaneously with the transmission, the password recovery unit 614 generates a recovery transmitted signal indicating that the password recovery instruction has been transmitted to the application server 200, and the generated recovery transmitted signal and the stored application number. And the terminal ID are output to the change determination unit 609.
- the password recovery unit 614 When instructed by the change determination unit 609 to retransmit a password recovery instruction, the password recovery unit 614 stores the stored application number, terminal ID, encrypted current password, encrypted new password, and password recovery. The instruction is read, and the read application number, terminal ID, encrypted current password, encrypted new password, and password recovery instruction are retransmitted via the transmission / reception unit 601. At the same time as retransmission, it outputs a restored transmission completed signal to the change determination unit 609. (6) Change determination section 6 0 9
- the change judging unit 609 has a time counter for measuring the elapsed time as time elapses and a number counter for counting the number of transmissions of the password recovery instruction.
- the change determination unit 609 stores a maximum waiting time and a limited number of times in advance.
- the maximum wait time is the upper limit of the wait time from when the password change unit 606 or the pass-word recovery unit 614 transmits the password change instruction or the pass-word recovery instruction to when it receives the end signal ⁇ 1 second. It is. If the end signal is not received for more than the maximum wait time after transmitting the password change instruction, a change end signal “0” indicating failure of the password change is generated. If the end signal is not received within the maximum waiting time after transmitting the password recovery instruction, the password recovery unit 6 14 instructs the password recovery unit 6 14 to retransmit the password recovery instruction.
- the limited number of times is the maximum value “3 times” of the number of times that the password recovery instruction can be transmitted to one application server 200. If the number of password recovery instruction transmissions exceeds “3”, a recovery end signal “0” indicating password recovery failure is generated.
- the change determination unit 609 receives the change instruction transmission completed signal, the application number, and the terminal ID from the password change unit 606.
- the change determination unit 609 receives the recovery instruction transmitted signal, the application number, and the terminal ID from the password recovery unit 614. Also, it receives only the recovery instruction transmitted signal from the password recovery unit 6 14.
- the change determination unit 609 Upon receiving the change instruction transmitted signal f, the application number, and the terminal ID from the password changing unit 606, the change determination unit 609 temporarily stores the received application number and terminal ID therein. . At the same time as receiving the change instruction transmitted signal, it initializes the time counter to 0 and starts measuring the elapsed time.
- the received end signal is determined. If the end signal is “1”, the password of the application server 200 is received. Generates a change end signal “1” indicating that the change was successful. If it determines that the received end signal is “0”, it generates a change end signal “0” indicating that the password change of the application server 200 has failed.
- the value of the time counter is compared with the maximum waiting time. If it determines that the time counter has not exceeded the maximum wait time, it repeatedly compares the time counter with the maximum wait time until an end signal is received or the time counter exceeds the maximum wait time.
- the change determination unit 609 determines that the password change of the application server 200 has failed, and generates a change end signal “0”. .
- the change determination unit 609 Upon receiving the recovery instruction transmitted signal, the application number, and the terminal ID from the password recovery unit 614, the change determination unit 609 temporarily stores the received application number and terminal ID therein, and performs the number of times. Initialize the counter to 0. At the same time as receiving the restoration instruction transmission message, the password changing unit 606 initializes the time counter to 0 and starts measuring the elapsed time. When receiving only the recovery instruction transmitted signal from the password recovery unit 6 14, the count counter is not initialized, the time counter is initialized to 0, and the measurement of the elapsed time is started.
- the password recovery unit 614 If it determines that the received end signal is “0”, it adds 1 to the number counter. Next, the value of the number counter is compared with the limit number. If it is determined that the number-of-times counter has not exceeded the limit number, the password recovery unit 614 is instructed to retransmit the password recovery instruction.
- the time counter is compared with the maximum waiting time. If the time counter does not exceed the maximum wait time, the comparison between the time counter and the maximum wait time is repeated until an end signal is received or the elapsed time exceeds the maximum wait time.
- the time counter determines that the maximum wait time has been exceeded, the count is incremented by one. Next, the number counter is compared with the limit number. If the number counter is within the limited number of times, the password recovery unit 614 is instructed to retransmit the password recovery instruction.
- the recovery end signal When the recovery end signal is generated, the stored application number, terminal ID, and the generated recovery end signal are output to the control unit 607.
- the control unit 607 controls various types of information processing executed by the management server 600 by the processor operating according to a computer program.
- the control unit 607 stores the application server 200 and the application number indicating the service provided by the application server 200 in association with each other.
- the control unit 607 receives the public key certificate from the user terminal 100 via the transmission / reception unit 601.
- the received public key certificate is output to the authentication unit 603, and mutual authentication is instructed. According to the authentication unit 6 03 The mutual authentication is completed, and the terminal common key is received. By performing confidential communication using the received terminal common key, the processing described below is performed securely with the user terminal 100.
- Information transmitted and received by the control unit 607 via the transmission / reception unit 601 is in the form of a bucket 140 as shown in FIG.
- the control unit 607 determines the received application number, and determines whether the device that provides the service that the user intends to use is the application server 200 or the management server 600.
- the control unit 607 corresponds to the information to be transmitted, the terminal ID of the user terminal 100 used by the user to be processed, and the device that executes the processing.
- a data section 144 including an application number is generated, and the generated data section 144 is output to the transmission / reception section 61 to instruct transmission.
- the devices that execute the processing are the application server 200 and the management server 600.
- the description of the generation of the data unit 144 as described above is omitted, and is simply expressed as an application number, a terminal ID, and various information.
- the control unit 607 performs a user log-in process, a relay process of various services, a password change control, a password recovery control, and a log-in process.
- the following describes the user login process, the relay process of various services, the password change control, the password recovery control, and the logout process.
- the control unit 607 Upon completion of the mutual authentication by the authentication unit 603, the control unit 607 receives the terminal common key from the authentication unit 603 and stores the received terminal common key. The control unit 607 reads the mouth gin screen data from the information storage unit 610, and transmits the mouth gin screen data read via the transmission / reception unit 601 to the user terminal 100.
- an application number “050”, a terminal ID, a user ID, and an encryption password are received from the user terminal 100, and the encryption processing unit and the terminal common key are received by the encryption processing unit.
- Cryptographic processing unit When the password is received from 608, the password table 621 is searched for password information including the received user ID and the received password. If it is determined that there is no password information including the received user ID and the received password, the login screen data is transmitted to the user terminal 100 again.
- the password information including the received user ID and the received password is selected.
- the mouth login information 632 is generated, and the generated mouth login information 632 is added to the login table 631 and written.
- the processing status is set to “Normal”. As a result, it is determined that the mouth-in process has been completed.
- the mouth login information 632 including the terminal ID to be received together with the various information must exist in the mouth login table 631. Confirm that the user of user terminal 100 has logged in. In the following description, the detailed description of the confirmation of the completion of the login is omitted.
- the menu screen data is read from the information storage unit 6100, and the terminal menu screen data is generated based on the read menu image data and the user ID and name included in the written login information 632. Then, the generated terminal menu screen data is transmitted to the user terminal 100 via the transmission / reception unit 601.
- an application number, a terminal ID, and a service start request or an application number, a terminal ID, and a password change instruction are received from the user terminal 100 0 via the transmission / reception unit 600.
- the relay process between the user terminal 100 and the application server 200 is performed.
- the password change process and the password change process are performed.
- One-step recovery processing is performed.
- control unit 607 When the control unit 607 receives the application number and the terminal ID service start request, the control unit 607 executes the application server 2 indicated by the received application number in a procedure described below. A relay process is performed between 00 and the user terminal 100.
- the control unit 607 confirms that the user of the user terminal 100 has already logged in, and instructs the authentication unit 603 to perform mutual authentication with the application server 200a. After the mutual authentication by the authentication unit 603 ends, the server common key is received from the authentication unit 603, and the received server common key is stored.
- the user selects the login information 632 including the terminal ID received in the login table 631, and extracts the user ID and the password from the selected login information 632.
- the extracted password and server common key are output to the encryption processing unit 608, and the password encryption is instructed.
- an encryption password is received from the encryption processing unit 608.
- the transmission / reception unit 6001 receives the application number “001” received from the user terminal 100, the terminal ID, the service start request, the read user ID, and the encryption password received from the encryption processing unit 608. And instructs transmission to the first application server 200a.
- the control unit 607 sends the application number “0 0 1”, terminal ID, password error signal, user ID or application number “0” from the application server 200 a via the transmission / reception unit 601. 0 1 ”, terminal ID and terminal payment screen data.
- the control unit 607 Upon receiving the application number “001”, the terminal ID, the password error signal, and the user ID, the control unit 607 reads out the forced termination screen data from the information storage unit 610. Next, the user ID and name are extracted from the mouth login information 632 including the received user ID.
- terminal forced termination screen data is generated, and the received terminal ID and the generated terminal forced termination screen are generated via the transmission / reception unit 601.
- the data is transmitted to the user terminal 100.
- an error screen 331 is generated from the received user ID and the error screen data, output to the display unit 613, and the operation of the management server 600 indicates that a password mismatch has occurred. Notify others.
- the application number “0 0 1”, the terminal ID, and the terminal adjustment screen data are received, the received application number _ “0 0 1”, the terminal ID, and the terminal adjustment screen are received via the transmission / reception unit 601. Is transmitted to the user terminal 100.
- the application number “01”, the terminal ID, and the encrypted input data are received from the user terminal 100 via the transmission / reception unit 600. Based on the received terminal ID, confirm that the user of the user terminal 100 has already logged in.
- the encryption processing unit 608 outputs the received encrypted input data and the terminal common key to the encryption processing unit 608, and instructs to decrypt the encrypted input data.
- the received input data and the server common key are output to the encryption processing unit 608 to instruct the input data to be encrypted.
- the encrypted input data is received from the encryption processing unit 608.
- control unit 607 sends the application number “001” and the terminal ID received and the encrypted input data received from the encryption processing unit 608 via the transmission / reception unit 601 to the first application. Send to server 200a.
- the application number “001”, the terminal ID, and the terminal settlement screen data for the terminal are received from the application server 200a via the transmission / reception unit 600.
- the received application number “001”, terminal ID and terminal settlement end screen data are transmitted to the user terminal 100.
- the control unit 607 performs password change control in the order of the reception process, the password change instruction, and the result notification.
- the following describes the reception process, the password change instruction, and the result notification process.
- the control unit 607 receives the application number “050”, the terminal ID, and the password change instruction from the user terminal 100 via the transmission / reception unit 601. Next, confirm that the user of the user terminal 100 has already logged in. Next, the passcode change screen data is read from the information storage section 6110, and based on the read passcode change screen data and the login information 632, It generates terminal passcode change screen data for the terminal, and transmits the generated terminal passcode change screen data to the user terminal 100 via the transmission / reception unit 601.
- the application number “0 05”, the terminal ID, the encrypted current password, and the encrypted new password are received from the user terminal 100 via the transmission / reception unit 600.
- the control unit 607 selects the login information 632 including the received terminal ID, and rewrites the processing status of the selected login information 632 to “Password is being changed”.
- the received encrypted current password, encrypted new password, and terminal common key are output to the encryption processing section 608, and decryption of the encrypted current password and the encrypted new password is instructed.
- the generated current passcode and the new passcode are received from the encryption processing unit 608.
- the user ID is read from the rewritten password information 6332, and the presence / absence of password information including the read user ID and the received current password is confirmed on the password table 621. If it is determined that there is no password information including the read user ID and the received current password, the password change screen is transmitted again to the user terminal 100 via the transmission / reception unit 601 and the current password and the new password are transmitted. To re-enter the password. If it is determined that the password information including the read user ID and the received current password exists in the password table 621, then the password change information 652 including the read user ID is converted to the password change table 65. Choose from one. The current password included in the selected password change information 652 is rewritten to the current passcode received from the encryption processing unit 608, and the new password included in the selected password change information is transmitted to the encryption processing unit 608. Rewrite to the new passcode received from.
- control unit 607 changes the password of the first application server 200a to the fourth application server 200d in the procedure described below.
- the control unit 607 sends the authentication unit 603 to the first application server 200 a Instruct mutual authentication.
- the mutual authentication by the authentication unit 603 ends, and the server common key is received from the authentication unit 603 and stored.
- the current password and the new password are extracted from the password change information 652, and the server common key generated by the mutual authentication between the extracted current password, the new password, and the first application server 200a.
- the control unit 607 determines the application number “001” corresponding to the first application server 200a, the terminal ID of the user terminal 100, the extracted user ID, and the received encryption.
- the current password and the encrypted new password are output to the password change unit 606 to instruct the password change.
- the change determination unit 609 receives the application number “001”, the terminal ID, and the change end signal from the change determination unit 609. If the received change end signal indicates “1J change”, it is determined that the change of the passcode of the first application server 200a is successful.
- the received change end signal is determined to be “0”, it is determined that the first application server 200 a path change is unsuccessful, and the second application server 200 b and subsequent paths are changed. Cancel the password change and move the process to password recovery control.
- the mutual authentication, the encryption of the current password and the new password, the instruction of the change of the passcode, and the change end signal are similarly performed.
- the password of the second application server 200 b is changed in the procedure of acquiring the password.
- the password change of the second application server 200 b is successful, the password of the third application server 200 c is similarly changed, and if the password change is unsuccessful, the third application server 200 c and the second 4 Cancel the password change of the application server 200 d and proceed to the password recovery process.
- the change of the passcode of the fourth application server 200d is successful, the following result notification is performed. If the change is not successful, the password recovery process is performed.
- the control unit 607 stores the password in the password table 6 21 stored in the information storage unit 6 10.
- the password information including the user ID output to the password change unit 606 is selected, and the password included in the selected password information is rewritten with the new password.
- the mouth login information 632 including the output user ID is selected, and the password included in the selected mouth login information 632 is rewritten with the new password.
- a completion signal indicating the completion of the password change is generated, the user ID and the name are extracted from the rewritten login information 632, and the completion signal, the user ID and the terminal generated in the change result notifying section 615 are generated. Outputs the ID and instructs the user terminal 100 to report the result.
- control unit 607 performs a password recovery process.
- control unit 607 determines the application server 200 from which the password change has failed, based on the application number received from the change determination unit 609 together with the change end signal “0”. If it is determined that the password change processing of the first application server 200a to the third application server 200c has succeeded and the password change processing of the fourth application server 200d has failed, the third application The password of the application server is restored in the order of server 200c to the first application server 200a. Perform the old process, and then perform the failure notification process.
- the second application server 2 If it is determined that the password change process of the first application server 200 a and the second application server 200 b has succeeded and the password change process of the third application server 200 c has failed, the second application server 2 The password recovery processing of the application server is performed in the order of 0 b to the first application server 200 a, and then the failure notification processing is performed.
- the password recovery of the application server is restored to the first application server 200a. Process, and then a failure notification process.
- any one of the application servers 200 if the password recovery processing of the application server fails, error processing is performed.
- the control unit 607 extracts the current password and the new password from the password change information 652, and performs encryption processing on the extracted current password, the new password, and the server common key of the corresponding application server 200. Output to section 608 to instruct encryption of current password and new password.
- the encrypted current password and the new encrypted password are received from the encryption processing unit 608, and the application number corresponding to the application server 200, the terminal ID of the user terminal 100, and the password change information 6 5 It outputs the user ID included in 2, the received encrypted current password and the encrypted new password to the password change unit 606, and instructs password recovery.
- an application number, a terminal ID, and a recovery end signal are received from the password changing unit 606. If the received recovery end signal is “1” indicating successful password recovery, the received application number and the corresponding application server 2 It is determined that the passcode recovery of “00” is successful, and the passcode recovery or failure notification processing of the next application server 200 is performed.
- the received recovery end signal is “0” indicating failure of password recovery, it is determined that the recovery of the password of the corresponding application server 200 has failed. If it is determined that the recovery of the passcode of the application server 200 has failed, the recovery processing and the failure notification processing of the other application servers 200 are not performed, and the error processing described later is performed.
- the control unit 607 generates a failure signal indicating the failure of the password recovery, selects the mouth gui information 632 including the terminal ID received from the change determination unit 609, and selects the selected mouth gui information.
- the user ID and name are extracted from 632, and the generated failure signal and the extracted user ID and name are output to the change result notifying unit 615 to instruct the result notification.
- the control unit 607 reads the forced termination screen data from the information storage unit 61, and reads the read forced termination screen data and the password.
- the terminal forced termination screen data is generated based on the user ID and the name included in the gui information 632, and the generated terminal forced termination screen data is transmitted to the user terminal via the transmission / reception unit 601. Send to 100.
- error screen data is read out from the information storage unit 6110, an error screen 331 is generated from the read error screen data and the user ID included in the login information 632, and the generated error screen3 is generated.
- 3 1 is displayed on the display section 6 13 to notify the operator of the occurrence of an error.
- FIG. 18 shows an example of the error screen 331 displayed here.
- the control unit 607 is provided from the user terminal 100 via the transmitting / receiving unit 601. Receive application number “05”, terminal ID and logout notification. Upon receiving the logout notification, the terminal ID and the logout notification are transmitted to the first application server 200a to the fourth application server 200d via the transmission / reception unit 601. Next, the login information 632 including the received terminal ID is deleted from the login table 631.
- the change result notification unit 615 receives a completion signal, a user ID, a terminal ID, and a result notification instruction from the control unit 607.
- control unit 607 receives a failure signal, a user ID, a name, and a result notification instruction from the control unit 607.
- the change result notifying section 615 Upon receiving the completion signal, the user ID, the terminal ID, and the instruction of the result notification, the change result notifying section 615 reads the change completion screen data from the information storage section 610, and reads the changed completion screen data and Based on the received user ID and name, terminal change completion screen data is generated, and the generated terminal change completion screen data is transmitted to the user terminal 100.
- the change result notification unit 615 Upon receiving the failure signal, the user ID, the terminal ID, and the result notification instruction, the change result notification unit 615 reads the change failure screen data from the information storage unit 610, and reads the update failure screen data and Based on the received user ID and name, terminal change failure screen data is generated, and the generated terminal change failure screen data is transmitted to the user terminal 100 via the transmission / reception unit 601.
- the authentication unit 603 performs mutual authentication with an external device connected to the Internet 20 according to an instruction from the control unit 607, and generates a common key.
- the external devices are the user terminal 100 and the application server 200.
- the external device shares the terminal common key with the user terminal 100. Share the server common key with each application server.
- the encryption processing unit 608 encrypts various information according to an instruction from the control unit 607. Performs decryption.
- the control unit 607. receives the encrypted password and the terminal common key, the encrypted input data and the terminal common key, or the encrypted current password, the encrypted new password and the terminal common key from the control unit 607. . Applying the decryption algorithm D1 to the encrypted password, encrypted input data, encrypted current password, and encrypted new pass code received using the received terminal common key to generate a pass code L, generated pass ⁇ Is output to the control unit 607.
- a current password and an encrypted new password are generated, and the generated encrypted password, encrypted input data, encrypted current password and encrypted new password are output to the control unit 607.
- the processing by the user terminal 100 will be described with reference to the flowcharts shown in FIGS. Although not specifically illustrated, in the following operation, when transmitting and receiving various information between devices, the application number of the application server 200 or the management server 600 that executes processing and the user terminal A terminal ID of 100 is transmitted and received along with various information.
- the user terminal 100 accepts the button operation of the user (step S101), and upon receiving the button operation indicating the electronic application, moves the process to step S102.
- step S101 accepts the button operation of the user
- step S102 moves the process to step S102.
- step S100 When a button operation indicating other processing is received, other processing is performed (step S100).
- the user terminal 100 performs mutual authentication with the management server 600 and shares a terminal common key (step S102).
- the management server 600 The mouth login screen data is read out (step S103), and the read mouth login screen data is transmitted to the user terminal 100 (step S104).
- the user terminal 100 receives the login screen data from the management server 600, generates a login screen 151 from the received login screen data, and displays it on the monitor (step S105).
- the input of the user ID and the passcode by the user is received (step S107), and the received passcode is encrypted using the terminal common key to generate an encrypted password (step S107). 1 0 8).
- the user ID and the generated encryption passcode are transmitted to the management server 600 via the Internet 20 (step S109).
- the management server 600 receives the user ID and the encrypted password via the Internet 20, decrypts the received encrypted password using the terminal common key, and generates a password (Step S). 1 1 1).
- the presence / absence of password information including the received user ID and password in the password table 621 is checked (step S112), and the password information including the received user ID and password exists. If not, it is determined that the authentication has failed (NO in step S113), and the process is restarted from step S103. If there is passcode information including the received user ID and passcode, it is determined that the authentication has succeeded (YES in step S113), and the received user ID and password information including the passcode are received.
- login information 632 is generated, added to the login table 631, and written (step S115).
- the menu screen data is read from the information storage unit 6110, and the menu screen data for the terminal is obtained based on the read menu screen data and the mouth gui information 632 added to the mouth guitable 631. Is generated (step S116), and the generated terminal menu screen data is transmitted to the user terminal 100 via the Internet 20 (step S117).
- the user terminal 100 receives the terminal menu screen data via the Internet 20, generates a menu screen 161 from the received terminal menu screen data, and displays the menu screen 161 on the monitor (step S1). twenty one ). Next, use The user's selection of the menu is accepted (step S122).
- step S122 When the password change is selected by the user's button operation (step S122), the process proceeds to the password change process (step S127).
- step S122 When the user selects the travel expense settlement (step S122), the abbreviated number "00 1" is read (step S123).
- step S122 When the vacation application is selected by the user (step S122), the application number “002” is read (step S124).
- step S124 When the user selects the conference room reservation (step S122), the application number "003” is read (step S125).
- step S122 When the user selects employee purchase (step S122), the application number "004" is read (step S126).
- step S: the management server 600 receives the application number and the service start request from the user terminal 100 via the Internet 20.
- the login information 632 including the terminal ID received together with the start request is selected, and it is confirmed whether or not the processing status included in the selected login information 632 is “normal” (step S 13 1). If it is determined that the message is not "normal” (NO in step S131), a wait message is read from the information storage unit 61 (step S146), and the read wait message is sent to the Internet. (Step S147) The user terminal 100 receives the wait message from the management server 600 and displays the received wait message (step S147). Step S148) If it is determined that the processing status of the selected login information 632 is "normal” (YES in step S131), then the received application number is determined (step S1).
- step S132 if the application number is determined to be “002” (002 in step S132), communication with the second application server 200b is started, and if the application number is determined to be “003” (step S132).
- step S1 32 00 3 starts communication with the third application server 200c. If it is determined that the application number is ⁇ 004 ”(004 in Step S 1.32), the fourth application server 200c is started. — Communication with the host 200d is started (step S135).
- step S132 When it is determined that the application number is "00 1" (001 in step S132), communication with the first application server 200a is started. First, the management server 600 performs mutual authentication with the first application server 200a and shares a server common key (step S136).
- Step S139 the user ID and the password included in the selected login information 632 are read (step S139), and the read password is encrypted using the server common key to generate an encrypted password.
- Step S 14 1) 0 Send the received service start request, application number “00 1” and the user ID read out, and the generated encryption password to the first application server 200 a (Step S 142) .
- the first application server 200a receives the service start request, the application number “00 1”, the user ID and the encrypted password from the management server 600 via the Internet 20, and uses the server common key. Then, the received encrypted password is decrypted and a password is generated (step S151). In the password table 221, it is checked whether there is password information including the received user ID and the generated password (Step S152), and the password information including the received user ID and the generated password exists. Otherwise, it is determined that the authentication has failed (NO in step S153), indicating that the password stored in the management server 600 does not match the password stored in the first application server 200a. The password error signal and the received user ID are transmitted to the management server 600 via the Internet 20 (step S166).
- the management server 600 receives the password error signal and the user ID from the first application server 200a, generates terminal forced termination screen data (step S167), and generates the generated terminal forced termination screen data. Is transmitted to the user terminal 100 (step S168). Next, the management server 600 generates an error screen 331 (step S169), displays the generated error screen on the display unit 613, and notifies the operator of the occurrence of a password mismatch (step S169). Step S1 7 1).
- the user terminal 100 receives terminal forced termination screen data from the management server 600 via the Internet 20 and generates a forced termination screen 32 1 from the received terminal forced termination screen data.
- the generated forced termination screen 321 is displayed on the monitor (step S172), and the processing ends.
- the first application server 200 a determines that the authentication is successful (YES in step S 153). Based on the passcode information 223 and the terminal ID received along with the service start request, the login information 232 is generated, and the generated login information 232 is added to the application login table 231 and written. S 1 54).
- the first akerisa paper 200a generates terminal adjustment screen data (step S155), and transmits the generated terminal adjustment screen data to the management server 600 (step S156).
- the management server 600 receives the terminal adjustment screen data from the first application server 200a via the Internet 20, and transmits the received terminal adjustment screen data to the user terminal 100 (step S 1 58).
- the user terminal 100 receives the payment screen for the terminal from the management server 600 via the Internet 20, generates the payment screen 17 1 from the received payment screen data for the terminal, and displays it on the monitor. (Step S159). Next, data input by the user is received (step S1661), and the received input data is encrypted using the terminal common key to generate encrypted input data (step S166). Next, the generated encrypted input data is transmitted to the management server 600 (step S176).
- the management server 600 receives the encrypted input data from the user terminal 100 via the Internet 20 (step S177), and decrypts the received encrypted input data using the terminal common key. Then, input data is generated (step S177). Next, using the server common key, the generated input data is encrypted to generate encrypted input data (step S 179), and the generated encryption data is generated.
- the first input application server 200a step S18
- the first application server 200a receives the encrypted input data via the Internet 20, decrypts the received encrypted input data using the server common key, and generates the input data (Step S182) ). Next, travel expense settlement processing is performed based on the generated input data (step S183). When the travel expense settlement processing is completed, the first application server 200a generates terminal settlement end screen data (step S184), and transmits the generated terminal settlement end screen data to the management server 600 (step S184). S 186).
- the management server 600 receives the terminal settlement end screen data from the first application server 200a via the Internet 20, and transmits the received terminal settlement end screen data to the user terminal 100 ( Step S 1 88).
- the user terminal 100 receives the terminal payment end screen data from the management server 600 via the Internet 20, generates the payment end screen 181 from the received terminal payment end screen data, and displays it on the monitor. Step S 19 1).
- a button operation by the user is accepted (step S 19
- Step S192 Upon receiving the press of the logout button 183 (Step S192), the user terminal 100 transmits a logout notification indicating the logout to the management server 600 (Step S193).
- the management server 600 receives the log notification from the user terminal 100 via the Internet 20, and transmits the received log notification to the first application server 200a (step S194).
- the login information 632 including the terminal ID received as the login notification is selected, and the selected login information 632 is deleted from the login table 631 (step S195).
- a log notification is similarly transmitted to the second application server 200b to the third application server 200d.
- the first application server 200a is a management server via the Internet 20.
- the log notification is received from the packet 600.
- the login information including the terminal ID received together with the login notification is searched, and if the login information 232 including the received terminal ID exists, the login information 232 is transmitted to the application login table 23 1 (Step S196).
- the second application server 200b to the fourth application server 200d if there is mouth login information including the received terminal ID in the application mouth login table stored therein, it is deleted.
- the user terminal 100 reads out the application number “005” (step S).
- the management server 600 receives the application number “05” and the password change instruction via the Internet 20. Upon receiving the password change instruction, terminal password change screen data is generated (step S302), and the generated terminal password change screen data is transmitted to the user terminal 100 (step S303).
- the user terminal 100 receives the terminal password change screen data from the management server 600 via the Internet 20, generates a password change screen 191 from the received terminal password change screen data, and generates the password change screen 191 on the monitor. It is displayed (step S304). Next, the input of the current password and the new password by the user is accepted (step S306). By using the terminal common key, the received current passcode and the new password are encrypted, and an encrypted current password and an encrypted new passcode are generated (step S307). Next, the generated encrypted current password and the encrypted new password are transmitted to the management server 600 (step S308).
- the management server 600 is connected to the user terminal 10 via the Internet 20. From 0, the encrypted current passcode and the encrypted new password are received. Based on the terminal IDs received with the current password and the new encrypted password, the login information 632 in the login table 63 1 is selected based on the terminal ID received, and the processing status of the selected login information 632 is displayed as the password. Is being changed "(step S309).
- step S311 the received encrypted current password and the encrypted new password are decrypted to generate the current password and the new password.
- the user ID included in the rewritten login information 632 is read (step S312), and the presence / absence of password information including the read user ID and the generated current passcode in the password table 621 is determined. Confirm (step S3 13).
- step S316 If the password information including the read user ID and the generated current password does not exist in the password table 621, it is determined that the authentication has failed (NO in step S316), and step S302 is performed. Return to and send the terminal password change screen data again.
- the password change information 652 including the read user ID and the generated current password is selected from the password change table 651 (step S3 17), and the current password included in the selected password change information 652 is selected.
- the new passcode is rewritten with the current passcode and the new passcode that generated the new passcode and the new passcode (step S3188).
- step S319 the password change processing of the first application server 200a is performed (step S319), and when this is completed normally, the password change processing of the second application server 200b is performed (step S32).
- step S364 the password recovery process shown in FIG.
- step S322 the password change of the third application server 200c is changed (step S322), and the If not, the process moves to step S363 in FIG. If the password change of the third application server 200c ends normally, the password change of the fourth application server 200d is performed (step S323). If the password change does not end normally, the process proceeds to step S362 in FIG. If the password change of the fourth application server 200d has not been completed normally, the process moves to step S361 in FIG.
- the management server 600 selects the password information including the user ID transmitted from the password table 621, and selects the selected password information. Rewrite the password contained in the file with the new password. Further, the user selects the login information 632 including the user ID transmitted from the login table 631, and rewrites the password included in the selected login information 632 with the new password (step S326).
- terminal change completion screen data is generated (step S327), and the generated terminal change completion screen data is transmitted to the user terminal 100 (step S328). (Step S329).
- the user terminal 100 receives the terminal change completion screen data from the management server 600 via the Internet 20, generates the change completion screen 301 from the received terminal change completion screen data, and generates the generated change completion.
- the screen 301 is displayed on the monitor (step S331).
- step S332 when a button operation by the user is received (step S332), and a press of the menu button 302 is received, the process returns to step S121 and the menu screen is displayed.
- the management server 600 receives a log notification from the user terminal 100 via the Internet 20.
- the received logout notification is transmitted to the first and second server 200a to the fourth application server 200d (step S336).
- the login information 632 is selected, and the selected login information 632 is deleted (step S334).
- the application server 200 receives the logout notification from the management server 600, searches for the login information including the terminal ID received together with the login notification in the login login table 231, and receives the login information. If there is mouth login information including the mouth login information including the terminal ID, the mouth login information is deleted (step S337).
- the management server 600 performs mutual authentication with the application server 200 to generate a server common key (step S341).
- the user ID, the current password, and the new password are extracted from the password change information 652 rewritten in step S318, and the extracted current password and the new password are encrypted and encrypted using the server common key.
- a current password and an encrypted new password are generated (step S342).
- the extracted user ID, the generated encrypted current password, and the new encrypted password are transmitted to the application server 200, and an instruction to change the password is issued (step S343).
- the time counter for measuring the elapsed time after transmitting the password change instruction is set to 0, and the measurement of the elapsed time is started (step S344).
- the application server 200 receives the user ID, the encrypted current password, and the encrypted new password from the management server 600 via the Internet 20, and is instructed to encrypt. By using the server common key, the received encrypted current password and the encrypted new password are decrypted to generate the current password and the new password (step S345).
- the password information 223 including the received user ID is selected in the password table 221 and the password included in the selected password information 223 is selected.
- Rewrite the password with the new password step S 346). If it is determined that the password rewriting is successful (YES in step S347), an end signal “1” is generated (step S349). If it is determined that the rewriting of the pass code has failed (NO in step S347), an end signal “0” is generated (step S348). .
- the generated end signal is transmitted to the management server 600 via the Internet 20 (step S351).
- the management server 600 determines the received end signal (step S356), and when the management server 600 determines that the end signal is “1”, the application server 200 End password change of.
- step S356 If it is determined that the end signal is “0” (“0” in step S356), the process proceeds to the password recovery process (step S359).
- step S355 If the end signal has not been received from the application server 200 (NO in step S355), the value of the time counter is compared with the maximum wait time (step S358), and the time counter exceeds the maximum wait time. If not (NO in step S358), the process returns to step S355, and the processing in steps S355 to S358 is performed until an end signal is received from the application server 200 or the time counter exceeds the maximum wait time. repeat.
- step S358 If it is determined that the time counter has exceeded the maximum waiting time (YES in step S358), it is determined that the password change of the application server 200 has failed, and a password recovery process is performed (step S359).
- step S319 in FIG. 28 the password recovery processing is started from step S364.
- step S321 the password recovery process is started from step S363
- step S362 the password recovery process is started from step S362.
- step S361 the process of restoring the passcode is started from step S361.
- the management server 600 recovers the password of the third application server 200c (step S361), and if this ends normally, recovers the password of the second application server 200b (step S362). If the step S362 is completed normally, the password of the first application server 200a is restored (step S363).
- step S364 When step S364 is completed normally, the management server 600 generates terminal change failure screen data based on the change failure screen and the login information 632 (step S364), and generates the generated terminal change failure.
- the screen data is transmitted to the user terminal 100 (step S366).
- the user terminal 100 receives the terminal change failure screen data from the management server 600 via the Internet 20, and generates the change failure screen 3 1 1 from the received terminal change failure screen data. Then, the generated change failure screen 3 1 1 is displayed on the monitor (step S367). Next, when the button operation of the user is received (step S368) and the selection of the menu button 312 is received, the process proceeds to step S121.
- the management server 600 receives the logout notification from the user terminal 100 via the Internet 20, selects the login information 632 based on the terminal ID received along with the logout notification, and stores the selected login information 632. It is deleted (step S372).
- the received logout notification is transmitted to the ablissor paper 200.
- the application server 200 receives the logout notification from the management server 600 via the Internet 20 and transmits the login information including the terminal ID received with the logout notification to the application login table. If the search is performed in the pull 231 and there is login information including the terminal ID, the corresponding login information is deleted.
- the management server 600 sets the number counter for counting the number of times of transmission of the passcode recovery instruction to 0 (step S380).
- the user ID, the current password, and the new password included in the password change information 652 are read, and the read current password and the new password are encrypted using the server common key, and the encrypted current password is encrypted.
- a new password and an encrypted new password are generated (step S381).
- the read user ID, the generated encrypted current password and the new encrypted password are transmitted to the application server 2 • 0 to instruct the password recovery (step S382).
- the time counter for measuring the elapsed time after transmitting the password recovery instruction is set to 0, and the measurement of the elapsed time is started (step S383).
- the application server 200 receives the user ID, the encrypted current password, and the encrypted new password from the management server 600 via the Internet 20, and receives a password recovery instruction.
- the encrypted current password and the received password are decrypted using the server common key, and the current password and the new password are generated (step S384).
- password information including the user ID received on the password table 221 and the generated new password is selected, and the password of the selected password information is rewritten with the current password (step S385).
- step S386 If the password has been successfully rewritten (YES in step S386), an end notification “1” is generated (step S387). If the password rewriting fails (N ⁇ in step S386), an end signal “0” is generated (step S388). Next, the generated end signal is transmitted to the management server 600 (step S389).
- the management server 600 determines the received end signal (step S392), and If it is determined to be “1”, the password recovery of the application server 200 ends normally with this.
- step S392 If it is determined that the end signal is "0" (step S392), the process proceeds to step S396.
- step S394 If the end signal has not been received from the application server 200 (NO in step S391), the value of the timer count is compared with the maximum waiting time (step S394), and the time counter determines the maximum waiting time. If it is determined that the time has not exceeded (NO in step S394), the process returns to step S391, and returns to step S391 to step S391 until the end signal is received from the application server 200 or the time counter exceeds the maximum waiting time. Step S394 is repeated.
- step S394 If it is determined that the time counter has exceeded the maximum waiting time (YE S in step S394), 1 is added to the count of the count (step S396), and then the value of the count counter is compared with the limit count ( If the number of times has not exceeded the limit (step S397) (NO in step S397), the process proceeds to step S382.
- step S397 If it is determined that the number of times exceeds the limit (YES in step S397), it is determined that the password recovery has failed, terminal forced termination screen data is generated (step S398), and the generated terminal forced termination screen is generated. The data is transmitted to the user terminal 100 (step S399).
- an error screen 331 is generated (step S402), and the generated error screen is displayed on the display unit 613 (step S403).
- the user terminal 100 receives the terminal forced termination screen data from the management server 600 via the Internet 20.
- the forced termination screen 321 is generated from the received terminal forced termination screen data, displayed on the monitor (step S401), and the processing is terminated. (6) Mutual authentication processing
- the device A reads the public key certificate Cert-A (step S201) and transmits the read public key certificate Cert-A to the device B (step S202).
- the device B that has received the public key certificate C ert—A uses the public key PK—C ⁇ of the certificate authority, and uses the public key certificate C ert—A to receive the signature data S ig— CA
- the signature verification algorithm V is applied to the signature to verify the signature (step S203).
- the signature verification algorithm V is an algorithm for verifying the signature data generated by the signature generation algorithm S. If the result of the signature verification fails (NO in step S204), the process ends.
- step S204 If the result of the signature verification is successful (YE S in step S204), the device B reads the CRL (step S205), and reads the ID number ID—A received in the public key certificate Cert_A. It is determined whether or not it has been registered in the CRL (step S206). If it is determined that it has been registered (YES in step S206), the process ends.
- step S206 If it is determined that the device has not been registered (NO in step S206), device B The public key certificate Cert-B is read (step S207), and the read public key certificate Cert-B is transmitted to the device A.
- Step S209 If the result of the signature verification fails (NO in step S210), the process ends.
- step S210 If the result of the signature verification is successful (YE S in step S210), the device A reads the CRL (step S211), and receives the ID number included in the public key certificate Cert—B. It is determined whether ID-B is registered in the read CRL (step S212). If it is determined that the information has been registered (YES in step S212), the processing ends. If it is determined that it has not been registered (NO in step S212), the processing is continued.
- the device B generates a random number Cha—B (step S213), and transmits the generated random number Cha—B to the device A (step S214).
- the device A receives the random number Cha—B, performs a signature generation algorithm S on the received random number Cha_B using the secret key SK—A of the device A, and generates signature data Sig—A. (Step S215), the generated signature data Sig-A is transmitted to the device B (Step S216).
- the device B uses the public key PK—A of the device A that is received in the public key certificate C ert—A and sends the received signature data S ig—A to:
- the signature is verified by applying the signature verification algorithm V (step S2177). If it is determined that the result of the signature verification is unsuccessful (NO in step S2188), the process ends. If it is determined that the result of the signature verification is successful (YES in step S218), the process is continued.
- the device A generates a random number Cha—A (step S219), and transmits the generated random number Cha—A to the device A (step S220).
- the device B receives the random number Cha—A, uses the secret key SK—B of the device B, performs a signature generation algorithm S on the received random number Cha—A, and performs signature decoding.
- One night Sig—B is generated (step S221), and the generated signature data Sig—B is transmitted to device A (step S222).
- the device A Upon receiving the signature data Sig-B, the device A uses the public key PK-B of the device B received in the public key certificate Cert-B to generate the received signature data Sig-B.
- the current password “ozy 1 2” of the user with the user ID “maeda” is changed to the new password “nwy 56”.
- the current password and the new password are securely secured by secret communication using the terminal common key or the server common key. Although they are transmitted and received, in the following description, for the sake of simplicity, the description of the encryption and decryption processing is omitted.
- Each application server 200 before the change stores the password ⁇ ozy12J corresponding to the user ID “ma eda” as shown in FIG. 37 (a).
- the management server 600 transmits terminal password change screen data to the user terminal 100 in response to a password change instruction from the user terminal 100.
- the user terminal 100 receives the terminal password change screen data, generates and displays the password change screen 191 from the received terminal password change screen data.
- the user inputs the current pass password ozy 1 2 J and the new pass password ⁇ wy 56 J, and sends the accepted current pass password ozy 1 2 and the new password nwy 56 to the management server 600. Send.
- the management server 600 receives the current passcode “ozy12” and the new password “nwy56” from the user terminal 100. Next, the current passcode “ozy1 2” and the new passcode “nwy56” received to the first application server 200a are transmitted to instruct the password change.
- the first application server 200a rewrites the current password “ozy 12” stored therein to a new password “nwy 56” and transmits an end signal “1”. ⁇
- the management server 600 When receiving the end signal “1” from the first application server 200a indicating that the change of the passcode has been normally completed, the management server 600 similarly sends the current password “ozyl 2” to the second application server 200b. ”And the new passcode“ n wy 56 ”to instruct the change of the passcode, and receive the end signal“ 1 ”.
- the first application server 200a and the second application server 200b store the new password “nwy 56” as shown in FIG. 37b, and the third application server 200c and the fourth application server 200b. 200 d stores the current password ⁇ zy 1 2 J.
- the management server 600 sends the third path to the third application server 200 c with the current path code 0 zy 12 J and the new path code nwy 56 J to instruct the third application server 200 c to change the path code.
- the third application server 2000c fails to change the password, and transmits an end signal “0” to the management server 600.
- the management server 600 Upon receiving an end signal “0” from the third application server 200 c indicating that the password change has failed, the management server 600 sends the current path code to the second application server 200 b. 1 2 J and the new pass card “nwy 56 J” are sent to instruct recovery of the password. The management server 600 succeeds in recovering the password from the second application server 200 b. An end signal “1” indicating that the operation has been completed is received. Next, a password recovery instruction is similarly given to the first application server 200a, and an end signal "1" is received from the first application server 200a. This is the end of password recovery. At this time, each application server stores the current password “o zyl 2” as shown in FIG. 37 (c).
- FIG. 37 (d) shows the password stored in each application server when the password change of the third application server 200c and the fourth application server 200d is successful.
- the management server 600 receives a password change instruction from the user terminal 100.
- the management server 600 safely receives the current passcode and the new password from the user terminal 100 by secret communication using the terminal secret key.
- the current password and the new password are securely transmitted to the first application server 200a to instruct the change of the password. If the password change of the first application server 200a is successful, similarly, the password change is instructed in the order of the second application server 200a to the fourth application server 200d.
- the password change fails in any of the first application server 200a to the fourth application server 200d, the current password and the new password are sent to the application server whose password change has already been completed. To instruct the recovery of the password. In this way, even if one of the plurality of application servers fails to change the password, the passwords of the plurality of application servers can be unified.
- the password change system uses a user terminal 100, an internal user terminal 15 (160 ⁇ ⁇ ⁇ , the first application server 200a, the second application server 200b, and the third application server 200c. , The fourth application server 200d, the management server 600b, and the router 800.
- the second application server 200b to the fourth application server 200d and the management server 600b are connected to the bus 31,
- the internal user terminals 150, 160, and the management server 600b are connected to a bus 32 to form a bus-type LAN.
- the management server 600b is connected to the Internet via a router 800 having a firewall function.
- Application server 200 b to 4th application server The server 200d and the internal user terminals 150, 160... ′ Constitute a LAN in the same building, for example.
- the user terminal 100 and the first application server 200 are connected to the Internet 20.
- the management server 600b and the first application server 200a to the fourth application server 200d store a user ID of a valid user and a password in advance in association with each other.
- the first application server 200a to the fourth application server 200d provide services such as travel expense settlement, vacation application, meeting room reservation, and employee purchase.
- the user uses these services via the Internet 20 and the management server 600b using the user terminal 100. Also, these services can also be used via the buses 31 and 32 using the terminals 150, 160...
- the user terminal 100 or the internal user terminals 150, 160,... Transmits the user's user ID and password to the management server 600b.
- the management server 600b and the first application server 200a to the fourth application server 200d verify the user ID and password transmitted from the user terminal 100 or the internal user terminals 150, 160,.
- the management server 600b also receives a password change instruction, a current password, and a new password from the user terminal 100 or the internal user terminals 150, 160,.
- the management server 600b sequentially transmits the received new password to the first application server 200a to the fourth application server 200d, and instructs to change the password.
- the management server 600b has already completed the change of the password. Send the current password to the current application server and instruct the application server to change the password back to the current password.
- the specific configuration and operation of the first application server 200a to the fourth application server 200d are the same as those of the first application server 200a to the fourth application server 200d of the first embodiment, and thus description thereof is omitted. .
- the management server 600b includes a transmission / reception unit 601b, an authentication unit 603, a password change unit 606, a control unit 607, an encryption processing unit 608, a password recovery unit 614, and a change determination unit. 609, a change result notification section 6 15, an information storage section 6 10, an input section 6 12 and a display section 6 13.
- the transmission / reception unit 601b is connected to the paths 31, 32 and the path 35.
- the transmitting and receiving unit 60 lb transmits and receives information between the second application server 200 b to the fourth application server 200 d and a part of the management server 600 b via the bus 31, and transmits and receives information via the bus 32.
- Information is transmitted and received between the internal user terminals 150, 160, and each unit in the management server 600b. Further, information is transmitted and received between the user terminal 100 and the first application server 2a via the bus 35, the router 20 and the internet 20 and the respective components in the management server 600b. Do.
- the transmission / reception unit 601b selects the bus 31 and communicates with the internal user terminals 150, 160,.
- the bus 32 is selected.
- the path 35 is selected.
- the operation and the configuration of the information storage unit 610 are the same as those of the first embodiment described with reference to FIG.
- the router 800 has a firewall function, and passes or blocks various kinds of information transmitted from an external device connected to the Internet 20 to each device in the LAN. Specifically, it is determined whether or not the source and destination IP address / port numbers included in the bucket received via the Internet satisfy predetermined conditions. If the conditions are met, pass the packet; otherwise, delete the received bucket. Such a method is generally called packet filtering. Also, this firewall function is an example, and another method may be used. As described above, in the present embodiment, the firewall function of the router 800 allows the devices connected to the management server 600 b and the LAN to be attacked by an unauthorized external device connected to the Internet 20. Can be defended.
- the password change system includes user terminals 170, 180,..., A first application server 200a to a fourth application server 200, and a management server 600c.
- the first application server 200a to the fourth application server 200d and the management server 600c are connected to the path 33 and form a bus-type LAN.
- the user terminals 170, 180, and the management server 600c are connected to the node 34 to form a bus-type LAN.
- the buses 33 and 34 are specifically coaxial cables with terminators at both ends.
- the first application server 200a to the fourth application server 200d provide services such as travel expense settlement, vacation application, meeting room reservation, and employee purchase.
- the user uses a service provided by the first application server 200 to the fourth application server 200d via the management server 600c using one of the user terminals 170, 180,. .
- the user terminal 170 used by the user transmits the user's user ID and passcode to the management server 600c.
- the management server 600c and the first application server 200a to the fourth application server 200d verify the user ID and the password, authenticate that the user of the user terminal 100 is a valid user, Each application server 200 provides a service provided by each application server. Also, the management server 600c receives an instruction to change the password from the user terminal 170, and receives the current password and the new password from the user terminal 100. The management server 600c sequentially transmits the received new passcode to the first application server 200a to the fourth application server 200d, and instructs to change the password.
- the management server 600c has already changed the password. Sends the current passcode to the terminated application server and instructs to change the passcode to the current passcode.
- the specific configuration and operation of the first application server 200a to the fourth application server 200d are the same as those of the first application server 200a to the fourth application server 200d of the first embodiment, and therefore, the description is omitted. I do.
- the specific configuration and operation of the user terminals 170, 180,... are the same as those of the user terminal 100 of the first embodiment, and thus description thereof is omitted.
- the management server 600c includes a transmission / reception unit 601c, an authentication unit 603, a password change unit 606, a control unit 607, an encryption processing unit 608, a password recovery unit 614, and a change determination. It comprises a unit 609, a change result notification unit 615, an information storage unit 610, an input unit 612, and a display unit 613.
- the transmission / reception unit 601c transmits / receives information between the first application server 200a to the fourth application server 200d and each unit in the management server 600c via the bus 33. Information is transmitted and received between the user terminals 170, 180,... And each unit inside the management server 600c via the bus 34.
- the transmission / reception unit 601c selects the bus 33 and communicates with the user terminals 170, 180 Selects bus 34 for sending and receiving information.
- the specific operation of the transmitting / receiving section 601 c is the same as that of the transmitting / receiving section 601 of the first embodiment.
- the specific operations of the input unit 612 and the display unit 613, and the configuration of the information storage unit 610 are the same as those of the management server 600 of the first embodiment, and thus description thereof is omitted.
- the application server 200 is connected to the user terminals 170 and 180 via the management server 600c.
- the management server 600c discovers the use of illegal services by malicious users, and becomes cheerful.
- the authentication unit 603 it is also possible to omit the mutual authentication by. This makes it possible to more quickly perform the service providing process and the password change process described above.
- the password change process is started by receiving the password change request from the user terminal or the internal user terminal.
- the password is transmitted from the management server 600 to the user. You may be prompted to change your password.
- the management server 600 previously stores the longest usage period of the password.
- the IP address of the user terminal used mainly by the user is stored in association with the user ID of the user.
- the pass table 6 21 b is stored.
- the password table 6 21 b is composed of a plurality of pieces of password information 6 22 b, 6 23 b, 6 24 b-.
- Each passgate information includes the user ID, name, passcode and renewal date.
- the user ID, name, and password are the same as the user ID, name, and password included in the password table 621 of the above-described embodiment, and thus description thereof is omitted.
- the update date indicates the latest date on which the password included in the password information was changed.
- the password included in the password information 6 2 2b is May 10, 2000. Indicates that it has been changed to “ozyl 2”.
- the management server 600 periodically checks the change date included in each passcode information, and provides a user terminal that has been stored in advance for a user who has not changed the passcode beyond the maximum usage period. Sends a message notifying that the password has expired, and prompts the user to change the password.
- a user who has not changed his / her password after the maximum usage period may be forced to change his / her password when trying to use various services.
- the management server 600 when the management server 600 receives the user ID and the encrypted password from the user terminal, the management server 600 first stores the password in the password table 621-2b. Select the passcode information 6 2 2b including the user ID received in. Read out the change date included in the selected password information 6 2 2 b. The readout update date is added with the longest usage period (for example, 30 days) to calculate the change expiration date “20.00.6.9”, and the calculated change expiration date “20.00.6.9” and the current To the date of. If the management server 600 determines that the current date has exceeded the change period “20.00.6.9”, the management server 600 transmits terminal password change screen data to the user terminal, and the password If no change is made, the service may not be used.
- the longest usage period for example, 30 days
- the management server 600 simultaneously transmits a user ID, an encrypted current password, an encrypted new password, and a password change instruction to each application server 200.
- each application server 200 It may be inquired whether or not the password can be changed in advance, and only when all the application servers 200 can change the password, it may be instructed to change the password.
- the management server 600 first transmits the user ID, the encrypted current passcode, and the encrypted new password to the first application server 200a, and can change the password. Inquire whether or not.
- the first application server 200a receives the user ID, the encrypted current password, and the encrypted new password from the management server 600, and upon receiving an inquiry as to whether the password can be changed, the password change is performed. Generates a response signal indicating whether or not it is possible. If the password change is rewritable, a response signal “1” is generated. If the password cannot be rewritten due to a hard disk failure, a response signal “0” is generated, and the generated response signal is sent to the management server 600. Send. '
- the management server receives the response signal from the first application server 200a, and if the received response signal is "1", the user ID and the encryption are similarly performed on the second application server 200b.
- the current password and the encrypted new password are transmitted, and whether or not the password can be changed is inquired.
- the response signal “1” is received, the same inquiry is made to the next application server 200.
- the management server 600 instructs all the application servers 200 to change the password.
- Each application server 200 receives an instruction for changing the password from the management server 600, decrypts the encrypted current passcode and the encrypted new passcode that have been received in advance, and returns the current passcode. And a new password, select the password information including the received user ID and the generated current password, and replace the password included in the selected password information with the generated new password.
- the management server 600 transmits terminal change completion screen data to the user terminal, and notifies that the change of the passcode has been normally completed. If a response signal “0” is received from any of the application servers 200 during an inquiry as to whether or not the change of the passcode is possible, the change of the passcode of the corresponding application server 200 is impossible. It notifies all the application servers 200 that have already inquired of the password change that the password change has been stopped.
- terminal change failure screen data is sent to the user terminal to notify that the password change has failed.
- the password change system may include a dedicated line for changing the password.
- management server 600 and each application server 200 are directly connected by a dedicated line.
- information is transmitted and received via the buses 33 and 34 as described in the third embodiment.
- the management server 600 stores the processing status of each application server 200, and the execution of the password change may be stopped accordingly. .
- the management server 600 stores a routing table 641b instead of the routing table 641.
- the routing table 641 b is composed of a plurality of pieces of route information 642 b and 643 b.
- Each route information consists of application number, host name, IP address, port number and processing status. Is done.
- the application number, host name, IP address, and port number are the same as the application number, host name, IP address, and port number that fit in the routing table 641, described above. Omitted.
- the processing status indicates the processing status of the application server 200 indicated by the application number.
- the processing status “normal” indicates that the application server 200 indicated by the application number is performing a normal service providing process.
- the processing status “under maintenance” indicates that the application server 200 indicated by the application number is under maintenance, and the management server 600 corresponds to the processing status “under maintenance”. It is determined that the application server 200 cannot change the password.
- the management server 600 periodically transmits a monitoring signal to each application server 200.
- Each application server 200 receives the monitoring signal from the management server 600 and returns a response signal “normal” if its processing state is normal. If the processing status is under maintenance, a response signal “Maintenance” is returned.
- the management server 600 receives the response signal from each application server 200 and, based on the received response status, the processing status of the stored routing tables 64 1 b of each application server 200. Is rewritten.
- the management server 600 checks the processing status of the routing table 64 1 b, and all application servers 20 If it is determined that the processing status of “0” is “normal”, the password change processing described above is started.
- each of the abri servers 200 may voluntarily report its own processing status to the management server 600.
- each application server 200 may store the current path table and the new path table.
- the management server 600 transmits the user ID, the encrypted current password, and the encrypted new password in order from the first application server 200a to the fourth application server 200d, and changes the password. Instruct.
- Each application server 200 receives the user ID, the encrypted current password and the encrypted new password, decrypts the received encrypted current password and the encrypted new password, and includes the user ID and the current password.
- the passcode information is selected, and the passcode included in the selected passcode information is rewritten with the new passcode. If the rewriting is successful, send an end signal “1” to the management server. Next, the current passcode is stored in association with the rewritten password information.
- the management server 600 receives the end signal from the application server 200, and if the received end signal is “1”, the management server 600 sends the user ID and the encrypted current pass code to the next application server 200. Send the encrypted new password.
- the application server 200 Upon receiving the password recovery instruction, the application server 200 rewrites the password of the rewritten passcode information to the stored current passcode.
- the pass password may be changed to the initial pass password.
- the initial passcode is the password initially assigned to the user by the administrator of the password change system, and is communicated to the user by e-mail, writing, or the like.
- a simple character string 4 such as “0 00 0” or the same character string as the user ID can be cited.
- the management server 600 previously stores the initial passcode of each user.
- a password forget button is also provided on the login screen 15 1, and the user selects the forget password button if the user forgets the passcode.
- the user terminal detects that the password forget button has been pressed, the user terminal notifies the management server 600 that the password has been forgotten.
- the management server 600 Upon receiving the password forget notification from the user terminal, the management server 600 starts the password change process as described above. At this time, instead of the new password entered by the user, the initial password is transmitted to each absorber 200 to instruct the password change.
- the user terminal is notified that the password has been changed to the initial password.
- the devices and systems of the present invention can be used for business, continuously and repeatedly in an industry that provides various services to users via a network.
- the respective devices, convenience programs, and recording media that constitute the present invention can be manufactured and sold in the electric appliance manufacturing industry in a business-wise manner, continuously and repeatedly.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/552,374 US20060271789A1 (en) | 2003-04-10 | 2004-04-12 | Password change system |
EP04726900A EP1612692A1 (en) | 2003-04-10 | 2004-04-12 | Password change system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003106420 | 2003-04-10 | ||
JP2003-106420 | 2003-04-10 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2004090738A1 true WO2004090738A1 (ja) | 2004-10-21 |
Family
ID=33156915
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2004/005205 WO2004090738A1 (ja) | 2003-04-10 | 2004-04-12 | パスワード変更システム |
Country Status (4)
Country | Link |
---|---|
US (1) | US20060271789A1 (ja) |
EP (1) | EP1612692A1 (ja) |
CN (1) | CN1802637A (ja) |
WO (1) | WO2004090738A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100458811C (zh) * | 2005-04-07 | 2009-02-04 | 国际商业机器公司 | 利用故障回复改变口令的方法和装置 |
Families Citing this family (39)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7373516B2 (en) * | 2004-08-19 | 2008-05-13 | International Business Machines Corporation | Systems and methods of securing resources through passwords |
US7594120B2 (en) * | 2004-08-27 | 2009-09-22 | Research In Motion Limited | User-defined passwords having associated unique version data to assist user recall of the password |
JP4800068B2 (ja) * | 2006-02-23 | 2011-10-26 | 富士通株式会社 | パスワード管理装置、パスワード管理方法、パスワード管理プログラム |
US8887133B2 (en) * | 2006-04-28 | 2014-11-11 | Bmc Software, Inc. | Bi-directional communication between change management tool and implementation tools |
US20080104411A1 (en) * | 2006-09-29 | 2008-05-01 | Agrawal Pankaj O | Methods and apparatus for changing passwords in a distributed communication system |
US7788708B2 (en) * | 2006-10-02 | 2010-08-31 | Presenceid, Inc. | Systems and methods for delegating information technology authorization to at least one other person |
US10181055B2 (en) * | 2007-09-27 | 2019-01-15 | Clevx, Llc | Data security system with encryption |
US10783232B2 (en) | 2007-09-27 | 2020-09-22 | Clevx, Llc | Management system for self-encrypting managed devices with embedded wireless user authentication |
US10778417B2 (en) | 2007-09-27 | 2020-09-15 | Clevx, Llc | Self-encrypting module with embedded wireless user authentication |
US11190936B2 (en) * | 2007-09-27 | 2021-11-30 | Clevx, Llc | Wireless authentication system |
US9177317B2 (en) * | 2007-09-28 | 2015-11-03 | Bank Of America Corporation | System and method for consumer protection |
US7522723B1 (en) * | 2008-05-29 | 2009-04-21 | Cheman Shaik | Password self encryption method and system and encryption by keys generated from personal secret information |
US8060920B2 (en) * | 2008-06-20 | 2011-11-15 | Microsoft Corporation | Generating and changing credentials of a service account |
WO2010039487A2 (en) * | 2008-09-23 | 2010-04-08 | Peer 1 | Password management systems and methods |
US8387118B2 (en) * | 2009-12-02 | 2013-02-26 | At&T Mobility Ii, Llc | System and method for monitoring usage of a user device |
CN107633168B (zh) * | 2011-09-30 | 2020-12-11 | 英特尔公司 | 自动化密码管理 |
US9648011B1 (en) * | 2012-02-10 | 2017-05-09 | Protegrity Corporation | Tokenization-driven password generation |
JP6074848B2 (ja) * | 2012-03-09 | 2017-02-08 | パナソニックIpマネジメント株式会社 | 情報記録装置、記録メディア、情報記録システム |
JP5664876B2 (ja) * | 2012-03-21 | 2015-02-04 | コニカミノルタ株式会社 | 画像形成装置、同装置の動作制御方法及びプログラム |
US8869280B2 (en) * | 2012-05-02 | 2014-10-21 | Yahoo! Inc. | Method and system for automatic detection of eavesdropping of an account based on identifiers and conditions |
CN103259689B (zh) * | 2013-06-08 | 2016-03-16 | 山东瑞宁信息技术有限公司 | 一种对设备进行密码变更以及发生故障后密码恢复的方法 |
JP6201835B2 (ja) * | 2014-03-14 | 2017-09-27 | ソニー株式会社 | 情報処理装置、情報処理方法及びコンピュータプログラム |
JP5690030B1 (ja) * | 2014-04-30 | 2015-03-25 | 楽天株式会社 | 情報処理装置、情報処理方法、プログラム及び記録媒体 |
JP5999664B2 (ja) * | 2014-07-25 | 2016-09-28 | インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Machines Corporation | ハイパーリンクを設定可能なファイルを表示する装置、方法およびプログラム |
US10594486B1 (en) * | 2015-06-30 | 2020-03-17 | EMC IP Holding Company LLC | Password identification system and method |
JP6249006B2 (ja) | 2015-10-15 | 2017-12-20 | コニカミノルタ株式会社 | セキュリティ情報更新システム、情報処理装置、セキュリティ情報更新方法およびセキュリティ情報更新プログラム |
JP6237743B2 (ja) | 2015-10-22 | 2017-11-29 | コニカミノルタ株式会社 | セキュリティ情報更新システム、情報処理装置、セキュリティ情報更新方法およびセキュリティ情報更新プログラム |
WO2017117081A1 (en) * | 2015-12-29 | 2017-07-06 | Beyondtrust Software, Inc. | Systems and methods for agent-based passwork updates |
JP6633228B2 (ja) * | 2016-01-04 | 2020-01-22 | クレブエックス エルエルシーClevx,Llc | 暗号を伴うデータセキュリティシステム |
JP6758603B2 (ja) * | 2016-08-24 | 2020-09-23 | 富士ゼロックス株式会社 | 情報処理装置、画像形成装置及びプログラム |
CN107526962B (zh) * | 2016-09-28 | 2019-12-20 | 腾讯科技(深圳)有限公司 | 对更改密码操作的控制方法和装置 |
CN106570392A (zh) * | 2016-10-21 | 2017-04-19 | 杭州平民软件有限公司 | 一种定期修改密码的方法 |
KR102391746B1 (ko) * | 2016-11-03 | 2022-04-28 | 인터디지탈 패튼 홀딩스, 인크 | 웨이크 업 라디오를 위한 효율적인 절전 방법 |
US10462152B2 (en) | 2016-11-15 | 2019-10-29 | Microsoft Technology Licensing, Llc | Systems and methods for managing credentials used to authenticate access in data processing systems |
US10977361B2 (en) | 2017-05-16 | 2021-04-13 | Beyondtrust Software, Inc. | Systems and methods for controlling privileged operations |
JP6777024B2 (ja) * | 2017-06-21 | 2020-10-28 | 京セラドキュメントソリューションズ株式会社 | 画像形成装置 |
US10757095B1 (en) * | 2018-06-07 | 2020-08-25 | Sprint Communications Company L.P. | Unix password replication to a set of computers |
GB2584018B (en) | 2019-04-26 | 2022-04-13 | Beyondtrust Software Inc | Root-level application selective configuration |
CN111405006B (zh) * | 2020-03-06 | 2022-07-12 | 北京奇艺世纪科技有限公司 | 一种远程登录失败的处理方法、装置及远程登录系统 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0916502A (ja) * | 1995-06-30 | 1997-01-17 | Fujitsu Ltd | クライアントの受付方法 |
JP2001043189A (ja) * | 1999-07-27 | 2001-02-16 | Pfu Ltd | ネットワーク認証システムの制御方法およびその記録媒体 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5832211A (en) * | 1995-11-13 | 1998-11-03 | International Business Machines Corporation | Propagating plain-text passwords from a main registry to a plurality of foreign registries |
JP3430896B2 (ja) * | 1998-01-13 | 2003-07-28 | 日本電気株式会社 | パスワード更新装置及び記録媒体 |
US7260838B2 (en) * | 2000-12-18 | 2007-08-21 | International Business Machines Corporation | Incorporating password change policy into a single sign-on environment |
-
2004
- 2004-04-12 CN CN200480016011.3A patent/CN1802637A/zh active Pending
- 2004-04-12 US US10/552,374 patent/US20060271789A1/en not_active Abandoned
- 2004-04-12 EP EP04726900A patent/EP1612692A1/en not_active Withdrawn
- 2004-04-12 WO PCT/JP2004/005205 patent/WO2004090738A1/ja active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0916502A (ja) * | 1995-06-30 | 1997-01-17 | Fujitsu Ltd | クライアントの受付方法 |
JP2001043189A (ja) * | 1999-07-27 | 2001-02-16 | Pfu Ltd | ネットワーク認証システムの制御方法およびその記録媒体 |
Non-Patent Citations (4)
Title |
---|
BERTEIN P.A. ET AL.: "Transaction shori system nyumon", 23 March 1998, NIKKEI BUSINESS PUBLICATIONS INC. PAGE:13-16, 256-279, XP002986765 * |
IIZAWA A. ET AL.: "Database omoshiro koza", 30 April 1993, KYORITSU SHUPPAN CO. LTD., pages: 189 - 210, XP002986764 * |
NOBUKUNI H. ET AL.: "Web to mail de seikyu joho o shokai dekiru web billing", NTT GIJUTSU JOURNAL, 1 November 2001 (2001-11-01), pages 94 - 97, XP002986767 * |
TANENBAUM A.S.: "OS no kiso to oyo", 30 November 1995, KABUSHIKI KAISHA TOPPAN, pages: 460 - 462, XP002986766 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100458811C (zh) * | 2005-04-07 | 2009-02-04 | 国际商业机器公司 | 利用故障回复改变口令的方法和装置 |
Also Published As
Publication number | Publication date |
---|---|
US20060271789A1 (en) | 2006-11-30 |
CN1802637A (zh) | 2006-07-12 |
EP1612692A1 (en) | 2006-01-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2004090738A1 (ja) | パスワード変更システム | |
JP4671783B2 (ja) | 通信システム | |
JP4016019B2 (ja) | 許可されたリモート・アクセスをターゲット・システムに対して行うための装置、システム、および方法 | |
US20140298037A1 (en) | Method, apparatus, and system for securely transmitting data | |
US7734910B2 (en) | Managed device, management system, method for controlling a managed device and medium | |
WO2016107333A1 (zh) | 一种在线激活移动终端令牌的设备和系统的工作方法 | |
US8458455B2 (en) | Techniques for handling SSL certificate expiration and renewal | |
US20070106894A1 (en) | Communication device, communication system and authentication method | |
US20070192601A1 (en) | System and method for user identification and authentication | |
US20070234059A1 (en) | Communication device and medium for the same | |
JP4758095B2 (ja) | 証明書無効化装置、通信装置、証明書無効化システム、プログラム及び記録媒体 | |
JP6609788B1 (ja) | 情報通信機器、情報通信機器用認証プログラム及び認証方法 | |
US7451307B2 (en) | Communication apparatus, communication system, communication apparatus control method and implementation program thereof | |
JP2001186122A (ja) | 認証システム及び認証方法 | |
JP2005124097A (ja) | ルート証明書配布システム、ルート証明書配布方法、コンピュータ実行可能なルート証明書配布プログラム、サーバ装置及びクライアント装置 | |
CN111901303A (zh) | 设备认证方法和装置、存储介质及电子装置 | |
CN112053477B (zh) | 智能门锁的控制系统、方法、装置及可读存储介质 | |
KR100559958B1 (ko) | 이동통신 단말기간의 인증도구 중계 서비스 시스템 및 방법 | |
JP2005348164A (ja) | クライアント端末、ゲートウエイ装置、及びこれらを備えたネットワークシステム | |
US20220167156A1 (en) | Communication system | |
JP4725070B2 (ja) | 正規コンテンツ確認方法、コンテンツ送受信システム、送信機、および受信機 | |
JP2019220934A (ja) | 情報処理装置、その制御方法とそのプログラム | |
JP2004326763A (ja) | パスワード変更システム | |
WO2017029708A1 (ja) | 個人認証システム | |
CN112738103B (zh) | 信息校验方法、装置及电子设备 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2004726900 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20048160113 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 2004726900 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006271789 Country of ref document: US Ref document number: 10552374 Country of ref document: US |
|
WWP | Wipo information: published in national office |
Ref document number: 10552374 Country of ref document: US |