WO2006018892A1 - Systeme d’authentification telephonique empechant la mystification meme lorsque des informations personnelles sont divulguees - Google Patents

Systeme d’authentification telephonique empechant la mystification meme lorsque des informations personnelles sont divulguees Download PDF

Info

Publication number
WO2006018892A1
WO2006018892A1 PCT/JP2004/011977 JP2004011977W WO2006018892A1 WO 2006018892 A1 WO2006018892 A1 WO 2006018892A1 JP 2004011977 W JP2004011977 W JP 2004011977W WO 2006018892 A1 WO2006018892 A1 WO 2006018892A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
telephone
input information
authentication
authentication system
Prior art date
Application number
PCT/JP2004/011977
Other languages
English (en)
Japanese (ja)
Inventor
Yoshiaki Kosaka
Original Assignee
Yoshiaki Kosaka
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yoshiaki Kosaka filed Critical Yoshiaki Kosaka
Priority to JP2006531138A priority Critical patent/JPWO2006018892A1/ja
Priority to PCT/JP2004/011977 priority patent/WO2006018892A1/fr
Publication of WO2006018892A1 publication Critical patent/WO2006018892A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/0024Services and arrangements where telephone services are combined with data services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M7/00Arrangements for interconnection between switching centres
    • H04M7/006Networks other than PSTN/ISDN providing telephone service, e.g. Voice over Internet Protocol (VoIP), including next generation networks with a packet-switched transport layer
    • H04M7/0078Security; Fraud detection; Fraud prevention
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/487Arrangements for providing information services, e.g. recorded voice services or time announcements
    • H04M3/493Interactive information services, e.g. directory enquiries ; Arrangements therefor, e.g. interactive voice response [IVR] systems or voice portals

Definitions

  • Telephone authentication system that prevents spoofing even if personal information is leaked
  • the present invention relates to means and a system for authenticating a user who has accessed via a network by a user terminal.
  • a typical authentication method there is an authentication method using a user ID and a password, but with this method, the user ID and password are stolen and wiretapped directly from a user to a third party. In this case, it is possible to easily impersonate, and it is possible to easily browse user registration information. In addition, if the user ID or password of a user who uses Internet banking is stolen, the account balance can be easily transferred. In addition, if a user's credit card is registered using an Internet auction site or Internet shopping mall, etc., if the user ID and password are stolen, the user can easily purchase the product using the registered credit card. It will be possible. Some services are used as a preventive measure by issuing two or more passwords, but they still make no sense after being stolen.
  • the risk of leakage of personal information may increase in proportion to the amount of information.
  • a third party misuses another person's credit card, early detection is difficult because it takes several weeks and months for the cardholder to notice. Therefore, even if a log of the IP address etc. of the user terminal access destination is kept and tracked, it is easy to escape the abused user.
  • a service provider that distributes digital contents products cannot be collected, so they are subject to impersonation. It is difficult to determine impersonation as well as the power of service providers that specialize only in credit card payments.
  • the personal information mentioned above refers to personal information such as a person's name, telephone number, address, credit card information, gender, age, user ID, password, fingerprint, and voiceprint.
  • Patent Document 1 JP 2002-258974 A
  • Patent Document 1 Japanese Unexamined Patent Application Publication No. 2004-13274
  • An object of the present invention is to reduce personal information required for authentication by an Internet service provider, for example, to prevent impersonation even if personal information is leaked to a third party.
  • the user telephone number is based on a telephone number input from the user terminal, a telephone number acquired by a data storage device, a telephone number received from a server via a network, or the like.
  • the interactive voice response device can obtain a telephone number from the server, and has a function of making a call to a user's telephone without depending on a communication line such as a general telephone line, a cellular phone line, and an Internet telephone line. It is characterized by having a function of reproducing automatic voice, a function of acquiring input information input from a push button or dial of a telephone, and a function of transmitting the acquired input information to a server.
  • the interactive voice response device calls the user in response to a request from the server.
  • the user receives the incoming call and inputs the number indicated by the automatic voice from the push button or dial.
  • the server verifies that the returned input information is equal to the requested value.
  • Authenticate user if equivalent To do. If they are not the same, the accessing user may be impersonating, so respond by tracing the network path of the accessing user terminal or issuing a warning on the spot.
  • a call is made based on the user telephone number input from the user terminal, and the user is confirmed by an input from a push button or dial. Even if personal information such as credit card information, user ID and password is leaked, and impersonation is performed, it is not possible to impersonate because it requires input from the push button or dial of the telephone. In addition, it eliminates the need for extra personal information that was previously entered to prevent impersonation when making a credit card payment, which is effective in reducing the risk of leaking personal information. Since telephones are assumed to be already held by most users, there is an advantage that user authentication can be easily performed without requiring a special device.
  • FIG. 1 is a block diagram showing the configuration of a communication system to which the authentication means of the present invention is applied when logging into Internet banking.
  • a user terminal 10 includes an information processing apparatus that can connect to the Internet, such as a personal computer, a PDA, or a mobile phone terminal, and is connected to the Internet 20.
  • Internet banking 30 includes a WWW server 31, a data storage device 32, and an interactive voice response device 50.
  • the WWW server 31, the data storage device 32, and the interactive voice device 50 may be configured by a single server device or a plurality of server devices.
  • the user terminal 10 has a browser function for browsing a Web page provided by the WWW server 31 on the Internet.
  • the telephone 80 is a fixed telephone or a mobile telephone used by the user, and is connected to the telephone line 70 by wire or wireless. Where The terminal 10 and the telephone 80 may be the same.
  • the telephone line can be any line that can make calls, such as a general telephone line, a mobile phone line, and an Internet telephone line.
  • In the data storage device 32 information relating to the user is correctly stored in advance.
  • the interactive voice device 50 has a function of making a call to a telephone number designated by a request of the WWW server, and can play an automatic voice after the user answers the telephone. Alternatively, it has a function and a device that obtains input information input from a dial and returns the input information to a WWW server.
  • FIG. 2 is a sequence diagram for explaining the operation of the present embodiment.
  • the browser accesses the WWW server 31 via the Internet 20 (Sl).
  • the WWW server 31 presents a web page of a form for requesting a user ID as user identification information to the user terminal 10 (S2).
  • the user ID is entered into the form by the user and transmitted to the stomach W server 31 (S3).
  • the WWW server 31 requests the user's telephone number from the user ID from the user information stored in the data storage device 32 (S4), and acquires the telephone number (S5). At this time, if the user information of the corresponding user ID does not exist, a message is displayed and the user ID is prompted again. (Return to S2)
  • the WWW server 31 transmits the telephone number to the interactive voice response device 50 and requests the user to make a call (S6). Upon receiving the request, the interactive voice response device 50 calls the received telephone number (S7). Meanwhile, the interactive voice response device 50 waits for a user response. (S8)
  • the user receives a telephone call from the user telephone 80 (S9), and waits for an automatic voice from the interactive voice response device 50.
  • the pressed dial number is received by the interactive voice response device 50.
  • the interactive voice response device 50 plays an automatic voice such as “Thank you for your help” and ends the call.
  • the interactive voice response device 50 transmits the received input information to the WWW server 31 (S12).
  • the WWW server 31 receives the transmitted input information and confirms the number (S13). If the number is ⁇ , access is permitted, and the user is redirected to the page that notifies the login completion and authentication is completed. (S14)
  • the user terminal 10 redirects to the page showing the warning text and displays the access log. save. (S15) By tracking the IP address of the user terminal 10 and the network route, it is possible to immediately find the access destination of the criminal and deny access. In addition, a real user can immediately know that their user ID has been used by a third party.
  • FIG. 3 shows a digital content sales service provider 60, a credit card payment service provider.
  • 1 is a block diagram showing a configuration of a digital content sales system including a service provider 90 and a telephone authentication service provider 100 to which an authentication means of the present invention is applied.
  • the digital content sales service provider 60 sells digital content such as software, music, and video as products on the Internet.
  • the digital content sales service provider 60 outsources payment processing to a credit card payment service provider 90 that specializes in credit card payments.
  • the telephone authentication service provider 100 implements the present invention and calls the user via the telephone line 70 at the request of the credit card payment service provider 90, and the input entered from the push button or dial of the user telephone 80. Service to return information to credit card payment service provider 90.
  • FIG. 4 is a sequence diagram for explaining the operation of this embodiment.
  • the user terminal 10 accesses the WWW server 61 of the digital content sales service provider 60 via the Internet 20 by using a browser to request product information (S21).
  • the stomach W server 61 presents a web page displaying product information to the user terminal 10 (S22).
  • the user terminal 10 selects a product to be purchased and transmits it to the WWW server 61 (S23).
  • the WWW server 61 redirects the user terminal 10 to the payment page displayed from the WWW server 91 of the credit card payment service provider 90 in order to perform settlement (S24).
  • the WWW server 91 presents to the user terminal 10 a Web page of a form for obtaining credit card information and a telephone number as settlement information (S25).
  • the credit card information and the telephone number are entered by the user into the form and transmitted to the WWW server 91 (S26).
  • the WWW server 91 compares the user's credit card information stored in the data storage device 92 with the telephone number, and if the information is correct, the interactive voice response is sent via the WWW server 101 of the telephone authentication service provider 100.
  • the telephone number is transmitted to the device 50, and a request is made to call the user (S27).
  • the interactive voice response device 50 calls the received telephone number (S28). Meanwhile, the interactive voice response device 50 waits for a user response. (S29)
  • the user telephone 80 receives a telephone call from the interactive voice response device 50 (S9).
  • the user receives the call and waits for automatic voice from the interactive voice response device 50.
  • the following automatic voice flows from the interactive voice response device 50 (S31). "Thank you for using this credit card. Enter 1 to allow credit card payment, 2 to cancel, or 3 push button if you are unfamiliar with access. In this case, security can be further strengthened by using a credit card number, date of birth, etc. as input information for permitting credit card payment. Here it is 1.
  • the pressed dial number is received by the interactive voice response device 50.
  • the interactive voice response device 50 plays an automatic voice such as “Thank you for your help” and ends the call.
  • the input information from the user is transmitted to the WWW server 91 in the credit card payment service provider 90 via the interactive voice response device 50WWW server 101 (S33).
  • the WWW server 91 receives the input information and confirms the number (S34). If the number is 1, the credit card payment is established, and the payment result is transmitted to the WWW server 61 of the digital content sales service provider 60 (S35). Receiving the settlement result, the WWW server 61 saves the purchase information in the data storage medium 62, and permits the user terminal 10 to start downloading digital content that is the product selected by the user (S37).
  • the login is canceled and the user terminal 10 is redirected to a page indicating that the credit card payment is rejected, and the process is terminated.
  • the user who requested the credit card settlement may be impersonating a third party. Therefore, impersonation can be discovered before digital content is downloaded. In addition, real credit card holders themselves can immediately know that their credit card has been used by a third party.
  • authentication can be performed without installing a special device such as a card reader on each user terminal.
  • a special device such as a card reader
  • this authentication means, even if credit card information is given to a third party, it cannot be impersonated.
  • early detection of users who tried to impersonate At the same time, it is possible to notify a user who has illegally used a credit card. This can be expected to reduce unauthorized use of credit cards.
  • the above-described authentication means does not require a special device, can prevent impersonation, and enables early detection of a third party who has attempted impersonation.
  • the embodiment of the present invention has been described in detail with reference to the drawings, the specific configuration is not limited to the above-described embodiment, and includes a design within a range not departing from the gist of the present invention.
  • the present invention is not limited to the above-described example, and can also be used as an authentication means in a system that does not necessarily have to listen to personal information such as restaurants and facility reservations.
  • it can be used as an authentication method for confirmation by allowing the delivery order system such as pizza delivery to input the address and telephone number.
  • Authentication means at login on the Internet authentication means at the time of payment using a credit card
  • authentication means at the time of payment using a credit card and authentication means in the case where personal information such as a restaurant or facility reservation system is not required, home delivery order, It can also be used as an authentication means in the system.
  • FIG. 1 is an explanatory diagram showing a method for implementing a telephone authentication system. (Example 1)
  • FIG. 2 is an explanatory diagram showing a method for implementing the telephone authentication system. (Example 1)
  • FIG. 3 is an explanatory diagram showing a method for implementing the telephone authentication system. (Example 2)
  • FIG. 4 is an explanatory diagram showing a method for implementing the telephone authentication system. (Example 2)

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)

Abstract

Il est possible de diminuer les informations personnelles demandées pour une authentification, d’empêcher la mystification même lorsque des informations personnelles sont divulguées à une troisième personne, et de trouver immédiatement un utilisateur qui a eu l’intention de mystifier sans demander la fixation d’un dispositif spécial à un terminal d’utilisateur. Ainsi, il est possible de mettre à disposition un système d’authentification très fiable en utilisant un dispositif téléphonique. Un terminal d’utilisateur demande une authentification à un serveur WWW par l’intermédiaire de l’Internet. Selon la demande de serveur WWW, un dispositif de réponse audio interactif appelle un téléphone d’utilisateur. L’utilisateur reçoit l’appel téléphonique et entre le numéro indiqué par un audio automatique en appuyant sur des boutons ou en composant le numéro. Les informations d’entrée entrées à partir du téléphone d’utilisateur sont acquises et renvoyées au serveur WWW. Le serveur corrèle les informations entrées renvoyées avec la valeur demandée. Lorsqu’elles sont équivalentes, l’utilisateur est authentifié. Sinon, il existe une possibilité que l’utilisateur qui a fait une tentative d’accès effectue une mystification et une alarme est émise.
PCT/JP2004/011977 2004-08-20 2004-08-20 Systeme d’authentification telephonique empechant la mystification meme lorsque des informations personnelles sont divulguees WO2006018892A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2006531138A JPWO2006018892A1 (ja) 2004-08-20 2004-08-20 個人情報が漏えいしても成りすましを防げる電話認証システム
PCT/JP2004/011977 WO2006018892A1 (fr) 2004-08-20 2004-08-20 Systeme d’authentification telephonique empechant la mystification meme lorsque des informations personnelles sont divulguees

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2004/011977 WO2006018892A1 (fr) 2004-08-20 2004-08-20 Systeme d’authentification telephonique empechant la mystification meme lorsque des informations personnelles sont divulguees

Publications (1)

Publication Number Publication Date
WO2006018892A1 true WO2006018892A1 (fr) 2006-02-23

Family

ID=35907289

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2004/011977 WO2006018892A1 (fr) 2004-08-20 2004-08-20 Systeme d’authentification telephonique empechant la mystification meme lorsque des informations personnelles sont divulguees

Country Status (2)

Country Link
JP (1) JPWO2006018892A1 (fr)
WO (1) WO2006018892A1 (fr)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5655246B2 (ja) * 2009-12-15 2015-01-21 BizMobile株式会社 モバイル認証代行システム及びモバイル認証代行方法
US8953480B2 (en) 2010-02-05 2015-02-10 Telefonaktiebolgaet L M Ericsson (Publ) Method and arrangement in a wireless communication system
JP2018026090A (ja) * 2016-08-08 2018-02-15 株式会社Isao 認証のためのシステム、方法、プログラム、及びプログラムを記録した記録媒体
WO2018030421A1 (fr) * 2016-08-08 2018-02-15 株式会社Isao Système d'authentification, procédé, programme et support d'enregistrement sur lequel un programme est enregistré
JP6488434B1 (ja) * 2018-08-06 2019-03-20 藤光樹脂株式会社 認証対象発行装置、認証対象発行システム、認証対象発行方法、及びプログラム

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002261940A (ja) * 2001-02-28 2002-09-13 Daiwa Securities Group Inc 音声応答装置、音声応答システム、音声応答方法およびそのプログラム、ならびにこのプログラムを記録した記録媒体
JP2004013273A (ja) * 2002-06-04 2004-01-15 Ntt Comware Corp ユーザ認証システム、ユーザ認証方法、ユーザ認証プログラムおよび記録媒体
JP2004038912A (ja) * 2002-07-04 2004-02-05 Masao Asada ユーザ認証システム

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002261940A (ja) * 2001-02-28 2002-09-13 Daiwa Securities Group Inc 音声応答装置、音声応答システム、音声応答方法およびそのプログラム、ならびにこのプログラムを記録した記録媒体
JP2004013273A (ja) * 2002-06-04 2004-01-15 Ntt Comware Corp ユーザ認証システム、ユーザ認証方法、ユーザ認証プログラムおよび記録媒体
JP2004038912A (ja) * 2002-07-04 2004-02-05 Masao Asada ユーザ認証システム

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5655246B2 (ja) * 2009-12-15 2015-01-21 BizMobile株式会社 モバイル認証代行システム及びモバイル認証代行方法
US8953480B2 (en) 2010-02-05 2015-02-10 Telefonaktiebolgaet L M Ericsson (Publ) Method and arrangement in a wireless communication system
US9871619B2 (en) 2010-02-05 2018-01-16 Telefonaktiebolaget Lm Ericsson (Publ) Method and arrangement in a wireless communication system
JP2018026090A (ja) * 2016-08-08 2018-02-15 株式会社Isao 認証のためのシステム、方法、プログラム、及びプログラムを記録した記録媒体
WO2018030421A1 (fr) * 2016-08-08 2018-02-15 株式会社Isao Système d'authentification, procédé, programme et support d'enregistrement sur lequel un programme est enregistré
US10659461B2 (en) 2016-08-08 2020-05-19 Isao Corporation System, method, and recording medium storing program for authentication
JP6488434B1 (ja) * 2018-08-06 2019-03-20 藤光樹脂株式会社 認証対象発行装置、認証対象発行システム、認証対象発行方法、及びプログラム
WO2020031245A1 (fr) * 2018-08-06 2020-02-13 藤光樹脂株式会社 Dispositif d'émission d'objet d'authentification, système d'émission d'objet d'authentification, procédé d'émission d'objet d'authentification et programme

Also Published As

Publication number Publication date
JPWO2006018892A1 (ja) 2008-05-01

Similar Documents

Publication Publication Date Title
KR100412510B1 (ko) 이종 통신망을 이용한 인스턴트 로그인 사용자 인증 및결제 방법과 그 시스템
JP4551056B2 (ja) 被セキュリティシステムのユーザ認証と利用承認装置
US7287270B2 (en) User authentication method in network
EP1249141B1 (fr) Procede d'authentification utilisant un telephone cellulaire sur internet
US9699183B2 (en) Mutual authentication of a user and service provider
KR101630913B1 (ko) 통신 세션을 검증하기 위한 방법, 디바이스 및 시스템
JP3479634B2 (ja) 本人認証方法および本人認証システム
US20060089887A1 (en) Information service providing method
US20100042847A1 (en) Method for authentication using one-time identification information and system
CA3050566C (fr) Authentification d'utilisateur de centre de contact
KR100960114B1 (ko) 통합 인증 서비스 방법 및 시스템
WO2010050406A1 (fr) Système de fourniture de service
US20020143708A1 (en) System and method for conducting secure on-line transactions using a credit card
WO2006018892A1 (fr) Systeme d’authentification telephonique empechant la mystification meme lorsque des informations personnelles sont divulguees
JP2005056299A (ja) Wwwサービスにおける本人認証方法、本人認証システム、コンピュータプログラム、プログラム格納媒体
KR20020041354A (ko) 회원전화번호인증식 인터넷 사이트 로그인 서비스 방법 및시스템
JP7216441B2 (ja) ワンタイムパスワードシステム
KR20020045355A (ko) 무선 전자 상거래 사용자 인증 방법
KR20070076575A (ko) 고객 인증처리 방법
RU2256216C2 (ru) Система оплаты услуг в телекоммуникационной сети
KR20070077481A (ko) 고객 인증 중계처리 서버
TW201909603A (zh) 管理一或多個運算裝置的通訊之系統、裝置和方法
KR20060112167A (ko) 고객 인증중계 방법 및 시스템과 이를 위한 서버와기록매체
JP2003030472A (ja) 携帯電話による会員制ショッピングシステム
KR20020048047A (ko) 이동통신 단말기를 이용한 성인 인증 및 실명 확인을 위한운영 방법 및 그 시스템.

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 2006531138

Country of ref document: JP

AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase