WO2008004672A1 - User authenticating method, user authenticating system, user authenticating device and user authenticating program - Google Patents

User authenticating method, user authenticating system, user authenticating device and user authenticating program Download PDF

Info

Publication number
WO2008004672A1
WO2008004672A1 PCT/JP2007/063590 JP2007063590W WO2008004672A1 WO 2008004672 A1 WO2008004672 A1 WO 2008004672A1 JP 2007063590 W JP2007063590 W JP 2007063590W WO 2008004672 A1 WO2008004672 A1 WO 2008004672A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
unique
call
authentication
received
Prior art date
Application number
PCT/JP2007/063590
Other languages
French (fr)
Japanese (ja)
Inventor
Haruhiko Fujii
Tetsuya Nakagawa
Original Assignee
Nippon Telegraph And Telephone Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph And Telephone Corporation filed Critical Nippon Telegraph And Telephone Corporation
Publication of WO2008004672A1 publication Critical patent/WO2008004672A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/42User authentication using separate channels for security data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • H04M3/382Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections using authorisation codes or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/42195Arrangements for calling back a calling subscriber
    • HELECTRICITY
    • H01ELECTRIC ELEMENTS
    • H01LSEMICONDUCTOR DEVICES NOT COVERED BY CLASS H10
    • H01L2224/00Indexing scheme for arrangements for connecting or disconnecting semiconductor or solid-state bodies and methods related thereto as covered by H01L24/00
    • H01L2224/01Means for bonding being attached to, or being formed on, the surface to be connected, e.g. chip-to-package, die-attach, "first-level" interconnects; Manufacturing methods related thereto
    • H01L2224/42Wire connectors; Manufacturing methods related thereto
    • H01L2224/47Structure, shape, material or disposition of the wire connectors after the connecting process
    • H01L2224/49Structure, shape, material or disposition of the wire connectors after the connecting process of a plurality of wire connectors
    • H01L2224/491Disposition
    • H01L2224/4918Disposition being disposed on at least two different sides of the body, e.g. dual array

Definitions

  • the present invention relates to a user authentication method, a user authentication system, a user authentication device, and a user authentication program that use a unique ID, which is unique information of a communication device used by a user, for user authentication.
  • the present invention relates to a user authentication method, a user authentication system, a user authentication device, and a user authentication program that can reduce the number of operations of the machine and thereby reduce the burden on the user.
  • Patent Document 1 a service system that provides a service to a user stores a user ID and a calling number of a mobile phone in association with each other as a user ID correspondence list, acquires the user ID from a user terminal, A technique is disclosed in which when a calling number is acquired, a combination of the acquired user ID and calling number is in the user ID list, and the user is determined as a regular user.
  • Patent Document 1 Patent No. 3497799 Specification
  • Another object of the present invention is to provide a user authentication method, a user authentication system, a user authentication device, and a user authentication program that can reduce the number of operations of a communication device during authentication, thereby reducing the burden on the user.
  • a terminal 8 operated by a user 1 is connected to the service system 4, 5, 6 that is connected to the user 1 via the network 3 and provides the service to the user 1.
  • a unique ID storage unit 11a that stores the unique ID indicating that the user 1 is a legitimate user and that it is difficult to rewrite it by an unauthorized operation.
  • the service system 4 Communication equipment 13 is notified of the incoming call response, and according to the incoming call response, the user 1 who operates the terminal 8 is provided with a service to the terminal 8 on the assumption that the user 1 is a legitimate user.
  • the predetermined number of times when a call is made to the user side communication device 11 is smaller than the number of times the transfer to another user side communication device is started, and by limiting the call to a predetermined number of times. Therefore, it is possible to prevent transfer to an unauthorized user side communication device, and to prevent an unauthorized person who has illegally obtained a user ID from transferring a call to the user side communication device 11 and using the service illegally.
  • the unique ID can be prevented from being tampered with by storing the unique ID in the storage unit, which is difficult to rewrite by an unauthorized operation, and adding an eavesdropping / falsification preventing function to the route.
  • the system can be abused by someone else impersonating someone with relative ease. Can be prevented.
  • an incoming call response can be sent to a system side communication device compatible with any service system, if there is one user side communication device, it is possible to speak to multiple systems. Unlike conventional authentication methods using physical media, there is no need to prepare physical media and readers for each system and terminal.
  • the user side communication device since the user side communication device only responds to incoming calls from the system side communication device, there is no need for the user to enter the calling number. Also, since the number of calls is limited to a predetermined number, it is possible to prevent unauthorized transfer.
  • the terminal 8 is operated with respect to service systems 24, 25, and 26 that are connected to the terminal 8 operated by the user 1 via the network 3 and provide services to the user 1.
  • the user authentication method for authenticating that the user 1 being created is a legitimate user, it has a unique ID storage section 1 la that stores a unique ID indicating that it is a legitimate user that is difficult to rewrite by an unauthorized operation.
  • the call is notified to the user 1 and when the user 1 receives the call, the incoming call response indicates that the call has been received.
  • the user side communication device 11 having the receiving unit l ib is returned, and the correspondence between the user ID, which is information for identifying the user, and the unique ID is provided between the network 12 and the service system 24-26.
  • the user ID correspondence list 51b is stored, and on the basis of the authentication request from the service system 24 to 26, the user side communication device 11 is called and the incoming response transmitted from the user side communication device 11 is received to select the user.
  • the authentication device 51 having the call unit 51d to be authenticated is arranged and the user 1 inputs a user ID to use the service system, for example, 24 from the terminal 8, the authentication unit 24b of the service system 24 specifies the user ID.
  • the authentication unit 51 requests the user to authenticate, and the call unit 51d of the authentication unit 51 searches the user ID correspondence list 51b for the unique ID corresponding to the user ID and When the user-side communication device 11 calls the unique ID a predetermined number of times and returns an incoming call response indicating that the user 1 has received the call, the call unit 51d operates the terminal 8. Iruyu monodentate 1 and notifies that the user is an authorized user to the authentication unit 24b of the service system 24.
  • the unique ID is stored in the storage unit that is difficult to rewrite by an unauthorized operation.
  • an eavesdropping / falsification prevention function to the route, it is possible to prevent falsification of the unique ID, and it is possible to prevent other people from impersonating the person relatively easily like the password method.
  • an incoming response can be sent to an authentication device compatible with any service system, it is possible to log in to multiple systems with a single user-side communication device. Unlike conventional authentication methods using physical media, there is no need to prepare physical media and readers for each system and terminal.
  • the communication device on the user side only responds to incoming calls with the authentication device, there is no need for the user to enter the calling number.
  • the user since the user only responds to the call at the time of authentication, there is an effect that it is possible to reduce the burden on the user in the authentication without having to input the calling number.
  • the number of calls since the number of calls is limited to a predetermined number, it can be prevented from being transferred, and if the user ID is stolen, the call to the user can be transferred to an unauthorized person and the service can be prevented from being used illegally. .
  • FIG. 1 is a diagram showing a configuration of a user authentication system according to the present invention.
  • FIG. 2 is a diagram showing another configuration of the user authentication system according to the present invention.
  • FIG. 3 is a diagram illustrating the configuration of the user authentication system according to the first embodiment.
  • FIG. 4 is a flowchart of a user authentication processing procedure performed by the user authentication system according to the first embodiment.
  • FIG. 5 is a diagram illustrating a configuration of a user authentication system according to the second embodiment.
  • FIG. 6 is a flowchart of a user authentication process performed by the user authentication system according to the second embodiment.
  • FIG. 7 is a block diagram illustrating a hardware configuration of a computer that executes a user authentication program according to the first and second embodiments.
  • FIG. 3 is a diagram illustrating the configuration of the user authentication system according to the first embodiment.
  • 61 is a user
  • 62 and 63 are personal computers (PC) as terminals
  • 64 is a UNIX (registered trademark) workstation (UNIX (registered trademark)) as a terminal
  • 65 is the Internet as a network
  • 66 is File sano as a service system
  • 67 and 68 are web service providing servers as service systems.
  • 71 is a mobile phone as a user-side communication device
  • 72 and 73 are predetermined networks. All wireless networks and public telephone networks, 74 and 75 are modems with a calling number receiving function as system side communication devices (however, the modem 75 is shared by the web service providing servers 67 and 68).
  • the own station number storage unit 71a in the mobile phone 71 is used as the unique ID storage unit, that is, the telephone number (calling number) stored in the own station number storage unit 71a as the unique ID is used.
  • the wireless network 72 and the public telephone network 73 shall have a function to prevent tapping and tampering of communications. It is assumed that the modems 74 and 75 with a calling number receiving function have a function of reading and transferring an incoming telephone number.
  • the file server 66 and the web service providing servers 67 and 68 are provided in the user ID correspondence lists 66b, 67b, 68b, and the mobile phone 71 indicating the correspondence between the user ID and the unique ID (calling number in this case). It is assumed that call units 66d, 67d, and 68d for making a call a predetermined number of times via modems 74 and 75 with a calling number receiving function are provided.
  • the predetermined number of times is a number smaller than the number of times that a call to the mobile phone 71 is transferred to another mobile phone.
  • the call units 66d, 67d, 68d are capable of calling the mobile phone 71 using a fixed call number of each service system. Randomly from among a plurality of call numbers of each service system. It is also possible to call the mobile phone 71 by selecting the calling number. By randomly selecting one of multiple calling numbers and making a call from that number, it becomes difficult to identify the calling number that the service system has, and the possibility of the service system being attacked is reduced. be able to.
  • FIG. 4 is a flowchart of the user authentication process performed by the user authentication system according to the first embodiment.
  • a case where the user 61 accesses the file server 66 on the Internet 65 using the PC 62 will be described as an example.
  • the call unit 66d of the file server 66 searches for the mobile phone number corresponding to the user ID from the user ID correspondence list 66b (step S12), and uses the searched mobile phone number for the mobile phone 71. Is called a predetermined number of times via the modem 74 with a calling number receiving function (step S13).
  • the receiving unit 71b of the mobile phone 71 plays a talkie, and when the character designated by the talkie (here, "1 #") is dialed by the user 61, "1 #" is returned (step S 1 6). Then, the call unit 66d receives the character returned through the modem 74 with the calling number receiving function and disconnects the call (step S17). Then, the call unit 66d determines whether or not the returned character matches “1 #”, and if it matches, gives the login permission to the PC 62 (step S18).
  • the user 61 can authenticate only by returning the character specified by the talkie. This can be done and can reduce the burden on the user 61 in user authentication.
  • the call units 66d, 67d, and 68d use the user ID correspondence lists 66b, 67b, and 68b to acquire the mobile phone numbers corresponding to the user IDs, respectively.
  • the call units 66d, 67d, 68d perform user authentication based on the characters received via the modems with caller ID reception function 74 and 75 and the characters specified in the token. Therefore, the user 61 can authenticate only by returning the character, and the burden on the user can be reduced.
  • each service system performs user authentication
  • user authentication may be performed using an authentication apparatus that receives a user authentication request from the service system and performs user authentication. it can. Therefore, in this second embodiment, the service The case of using an authentication device that accepts user authentication requests from the system and performs user authentication will be described.
  • FIG. 5 is a diagram illustrating the configuration of the user authentication system according to the second embodiment.
  • functional units that play the same functions as those shown in FIG. 3 are given the same reference numerals, and detailed explanations thereof are omitted.
  • this user authentication system has a file server 86 in place of the file server 66 as a service system, and a WEB service in place of the WEB service providing servers 67 and 68 as service systems.
  • Service providing servers 87 and 88 are provided.
  • the user authentication system also includes an authentication server 76 that receives user authentication requests from each service system and performs user authentication.
  • Each service system and the authentication server 76 are connected by a highly secure network such as a VPN.
  • the file server 86 and the web service providing servers 87 and 88 have character transmission units 86c, 87c and 88c and authentication units 86b, 87b and 88b, respectively.
  • the character transmission units 86c, 87c and 88c are When the ID is received, characters are randomly selected from a plurality of characters and sent to the terminal that sent the user ID, and the authentication unit 86b, 87b, 88b specifies the user ID and the character and sends the user authentication to the authentication server 76. And determines whether to provide a service to the user based on the authentication result of the authentication server 76.
  • the authentication server 76 includes a user ID correspondence list 76b and a corner section 76d.
  • the calling unit 76d searches the user ID correspondence list 76b for a mobile phone number corresponding to the user ID, and calls the mobile phone 71 using the searched mobile phone number.
  • a character is returned from the mobile phone 71
  • user authentication is performed based on whether the returned character matches the character specified in the authentication request, and the authentication result is sent to the authentication request source. Notify the service system.
  • a character is randomly selected from a plurality of characters and transmitted to the terminal.
  • a predetermined character string or character such as "1 #" may always be transmitted to the terminal. it can.
  • characters are sent to the terminal that sent the user ID, and the user 61 sends back the characters displayed on the terminal. You can also specify characters and strings. For example, as a talkie, you can say, "This is a bank. If you want to log in, please dial 1 #.”
  • FIG. 6 is a flowchart of a user authentication process performed by the user authentication system according to the second embodiment.
  • a case where the user 61 accesses the file server 86 on the Internet 65 using the PC 62 will be described as an example.
  • the PC 62 transmits the user ID to the file server 86 via the Internet 65 (step S21).
  • the character transmitting unit 86c of the file server 86 randomly selects a character from a plurality of characters and transmits it to the PC 62 (step S22), and the authentication unit 86b sends the authentication server 76 to the authentication server 76.
  • the user authentication request is transmitted by designating the user ID and the character transmitted by the character transmission unit 86c (step S23).
  • the call unit 76d of the authentication server 76 receives the authentication request, the mobile phone number corresponding to the user ID is searched from the user ID correspondence list 76b (step S24).
  • the calling unit 76d calls the cellular phone 71 a predetermined number of times using the retrieved cellular phone number (step S25), and when the user 61 presses the call button, the incoming unit 71b of the cellular phone 71 is called. Returns an incoming call response indicating that the call button is pressed (step S26), and when the call is established, the call unit 76d of the authentication server 76 transmits a talkie (step S27).
  • the receiving unit 71b of the mobile phone 71 plays a talkie, and when the character transmitted to the terminal is dialed by the user 61, the dialed character is returned (step S28). Then, the call unit 76d receives the returned character and disconnects the call (step S29). Yes
  • the call unit 76d determines whether or not the returned character matches the character specified by the file server 86, and if it matches, the call server 76d is an authorized user of the file server 86. Is notified (step S30). Then, the authentication unit 86b of the file server 86 gives a login permission to the PC 62 (step S31).
  • the call unit 76d of the authentication server 76 receives the user authentication request, the user 61 performs authentication only by returning the character by calling the mobile phone 71 and requesting a character return. It is possible to reduce the burden on the user 61 in user authentication.
  • the authentication server 76 accepts the user authentication request from the service system and performs the user authentication, so it is necessary to provide a user authentication function for each service system. It is possible to efficiently construct a user authentication system that can be used with Gaga.
  • the user authentication function of the service providing server and the authentication server has been described as! /, But the user authentication function is a user executed by the service providing server and the authentication server. Realized by an authentication program. Therefore, the hardware configuration of the service providing server that executes the user authentication program and the authentication server will be described.
  • FIG. 7 is a block diagram illustrating a hardware configuration of a computer that executes the user authentication program according to the first and second embodiments, that is, a service providing server and an authentication server.
  • the computer 100 includes a RAM 110, a CPU 120, an HDD 130, a LAN interface 140, an input / output interface 150, and a DVD drive 160.
  • the RAMI 10 is a memory that stores a program, a program execution result, and the like.
  • the CPU 120 is a central processing unit that reads a program from the RAMI 10 and executes it.
  • the HDD 130 is a disk device that stores programs and data
  • the LAN interface 140 is an interface for connecting the computer 100 to another computer via the LAN or the Internet 65.
  • the input / output interface 150 is an interface for connecting an input device such as a mouse and a keyboard and a display device
  • the DVD drive 160 is a device for reading and writing a DVD.
  • the user authentication program 111 executed in the computer 100 is stored in the DVD, read from the DVD by the DVD drive 160, and installed in the computer 100.
  • the user authentication program 111 is stored in a database or the like of another computer system connected via the LAN interface 140, read from these databases, and installed in the computer 100.
  • the installed user authentication program 111 is stored in the HDD 130, read out to the RAMI 10, and executed as the user authentication process 121 by the CPU 120.
  • the power S described for authenticating a user who uses a service system via the Internet is not limited to this.
  • ATM The same applies to other user authentication such as user authentication in Automatic Teller Machine.
  • the user authentication method, the user authentication system, the user authentication device, and the user authentication program according to the present invention are useful when it is desired to specify whether or not the user is authenticated, that is, a legitimate user. Especially suitable when it is important to reduce the burden on the user in user authentication!

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

In order to reduce necessary operations that a user is required to do for a user authentication by means of his or her own communication device, when call units (4d, 5d, 6d) receive user ID, the call units acquire inherent ID corresponding to the user ID by means of user ID corresponding lists (4b, 5b, 6b), respectively, and call user side communication devices (11) corresponding to the user ID by way of system side communication devices (13, 14, 15) by means of the acquired inherent ID. When incoming call units (11b) of user side communication devices (11) return incoming acknowledgement in accordance with a response to the incoming call bya user (1), the call units (4d,5d, 6d) receive the incoming acknowledgement by way of the system side communicating devices (13, 14, 15) to carry out the user authentication.

Description

明 細 書  Specification
ユーザ認証方法、ユーザ認証システム、ユーザ認証装置及びユーザ認 証プログラム  User authentication method, user authentication system, user authentication device, and user authentication program
技術分野  Technical field
[0001] この発明は、ユーザが使用する通信機の固有情報である固有 IDをユーザ認証に 用いるユーザ認証方法、ユーザ認証システム、ユーザ認証装置及びユーザ認証プロ グラムに関し、特に、認証の際の通信機の操作回数を減らし、もってユーザの負担を 低減することができるユーザ認証方法、ユーザ認証システム、ユーザ認証装置及び ユーザ認証プログラムに関するものである。  TECHNICAL FIELD [0001] The present invention relates to a user authentication method, a user authentication system, a user authentication device, and a user authentication program that use a unique ID, which is unique information of a communication device used by a user, for user authentication. The present invention relates to a user authentication method, a user authentication system, a user authentication device, and a user authentication program that can reduce the number of operations of the machine and thereby reduce the burden on the user.
背景技術  Background art
[0002] 従来から、携帯電話の発呼番号など通信機の固有 IDをユーザ認証に用いる技術 が開発されている。例えば、特許文献 1には、ユーザにサービスを提供するサービス システムがユーザ IDと携帯電話の発呼番号を対応させてユーザ ID対応リストとして 記憶し、ユーザ端末からユーザ IDを取得し、携帯電話から発呼番号を取得すると、 取得したユーザ IDと発呼番号の組み合わせがユーザ IDリストにある場合に正規のュ 一ザと判定する技術が開示されている。  [0002] Conventionally, a technique for using a unique ID of a communication device such as a calling number of a mobile phone for user authentication has been developed. For example, in Patent Document 1, a service system that provides a service to a user stores a user ID and a calling number of a mobile phone in association with each other as a user ID correspondence list, acquires the user ID from a user terminal, A technique is disclosed in which when a calling number is acquired, a combination of the acquired user ID and calling number is in the user ID list, and the user is determined as a regular user.
[0003] 特許文献 1:特許第 3497799号明細書  [0003] Patent Document 1: Patent No. 3497799 Specification
発明の開示  Disclosure of the invention
発明が解決しょうとする課題  Problems to be solved by the invention
[0004] しかしながら、力、かる従来技術には、ユーザがサービスシステムを利用するごとにサ 一ビスシステムに発呼するための電話番号を入力する必要があり、ユーザの負担が 大きく、また、誤入力が発生するなどの問題がある。 [0004] However, in the related art, it is necessary to input a telephone number for making a call to the service system each time the user uses the service system. There are problems such as input.
[0005] この発明は、上述した従来技術による問題点を解消するためになされたものであり[0005] The present invention has been made to solve the above-described problems caused by the prior art.
、認証の際の通信機の操作回数を減らし、もってユーザの負担を低減することができ るユーザ認証方法、ユーザ認証システム、ユーザ認証装置及びユーザ認証プロダラ ムを提供することを目的とする。 Another object of the present invention is to provide a user authentication method, a user authentication system, a user authentication device, and a user authentication program that can reduce the number of operations of a communication device during authentication, thereby reducing the burden on the user.
課題を解決するための手段 [0006] 以下、前記目的を達成するための構成について説明する。すなわち、図 1に示すよ うに、ユーザ 1が操作する端末 8とネットワーク 3を介して接続され、ユーザ 1にサービ スを提供するサービスシステム 4, 5, 6に対し、該端末 8を操作しているユーザ 1が正 規のユーザであることを認証するユーザ認証方法にぉレ、て、正規のユーザであること を示す固有 IDを不正な操作では書き換え困難に記憶する固有 ID記憶部 11aを有し 、サービスシステム側から盗聴 ·改竄防止機能を備えた所定のネットワーク 12を介し てコールを受信するとユーザ 1に着信を通知し、ユーザ 1が着信を受けると着信が受 けられたことを示す着信応答を返信する着信部 l ibを有するユーザ側通信機 11を 用意し、ネットワーク 12とサービスシステム 4〜6との間に、ユーザ側通信機 11にコー ルするとともにユーザ側通信機 11から返送される着信応答を受信し、サービスシステ ム 4〜6に転送するシステム側通信機 13, 14, 15を配置するとともに、サービスシス テム 4, 5, 6に、ユーザ自身を特定する情報であるユーザ IDと固有 IDとの対応関係 を示すユーザ ID対応リスト 4b, 5b, 6bを記憶させておき、ユーザ 1が、端末 8からサ 一ビスシステム、例えば 4を利用するためにユーザ IDを入力すると、サービスシステ ム 4のコール部 4dがユーザ IDに対応する固有 IDをユーザ ID対応リスト 4bから検索し てシステム側通信機 13にネットワーク 12を介してユーザ側通信機 11の固有 IDに所 定の回数だけコールさせ、コールを受けたユーザ側通信機 11がネットワーク 12を介 してシステム側通信機 13にユーザ 1がコールを受けたことを示す着信応答を返信す ると、サービスシステム 4は、システム側通信機 13より着信応答を通知され、該着信応 答によって、端末 8を操作しているユーザ 1が正規のユーザであるとして該端末 8にサ 一ビスを提供することを特徴とする。なお、ユーザ側通信機 11へコールする際の所 定の回数とは、他のユーザ側通信機への転送が開始される回数より小さい回数であ り、コールを所定の回数に制限することによって、不正なユーザ側通信機への転送を 防ぎ、不正にユーザ IDを入手した不正者がユーザ側通信機 11へのコールを転送し てサービスを不正利用することを防ぐことができる。 Means for solving the problem [0006] A configuration for achieving the object will be described below. That is, as shown in FIG. 1, a terminal 8 operated by a user 1 is connected to the service system 4, 5, 6 that is connected to the user 1 via the network 3 and provides the service to the user 1. There is a unique ID storage unit 11a that stores the unique ID indicating that the user 1 is a legitimate user and that it is difficult to rewrite it by an unauthorized operation. However, when a call is received from the service system via a predetermined network 12 having an eavesdropping / tampering prevention function, the user 1 is notified of the incoming call, and when the user 1 receives the incoming call, the incoming call indicating that the incoming call has been received Prepare the user side communication device 11 having the receiving unit l ib to send back the response, and call the user side communication device 11 between the network 12 and the service systems 4 to 6 and return it from the user side communication device 11 System-side communication devices 13, 14, and 15 that receive incoming call responses and forward them to service systems 4 to 6, and user IDs that identify the users themselves in service systems 4, 5, and 6 User ID correspondence lists 4b, 5b, and 6b indicating the correspondence between IDs and unique IDs are stored, and when user 1 inputs a user ID from terminal 8 to use a service system, for example, 4, service The call part 4d of the system 4 searches the user ID correspondence list 4b for a unique ID corresponding to the user ID, and sends the system side communication device 13 via the network 12 to the unique ID of the user side communication device 11 a predetermined number of times. When the user side communication device 11 that receives the call returns the incoming call response indicating that the user 1 has received the call to the system side communication device 13 via the network 12, the service system 4 Communication equipment 13 is notified of the incoming call response, and according to the incoming call response, the user 1 who operates the terminal 8 is provided with a service to the terminal 8 on the assumption that the user 1 is a legitimate user. Note that the predetermined number of times when a call is made to the user side communication device 11 is smaller than the number of times the transfer to another user side communication device is started, and by limiting the call to a predetermined number of times. Therefore, it is possible to prevent transfer to an unauthorized user side communication device, and to prevent an unauthorized person who has illegally obtained a user ID from transferring a call to the user side communication device 11 and using the service illegally.
[0007] 前記構成によれば、不正な操作では書き換え困難な記憶部に固有 IDを記憶させ、 かつ経路に盗聴 ·改竄防止機能を足すことにより、固有 IDの改竄を防ぐことができ、 パスワード方式のように、他人が比較的容易に本人になりすましてシステムが悪用さ れることを防止できる。また、任意のサービスシステムに対応したシステム側通信機へ 着信応答を送信できることから、ユーザ側通信機が一台あれば、複数のシステムに口 グィンすることができる。従来の物理媒体による認証方式のように、システム毎、端末 毎に物理媒体やその読み取り機を用意する必要がない。また、ユーザ側通信機はシ ステム側通信機からのコールに着信応答するだけなので、ユーザが発信番号を入力 する必要がない。また、コールの回数を所定の回数に制限するので、不正な転送を 防ぐこと力 Sできる。 [0007] According to the above configuration, the unique ID can be prevented from being tampered with by storing the unique ID in the storage unit, which is difficult to rewrite by an unauthorized operation, and adding an eavesdropping / falsification preventing function to the route. The system can be abused by someone else impersonating someone with relative ease. Can be prevented. In addition, since an incoming call response can be sent to a system side communication device compatible with any service system, if there is one user side communication device, it is possible to speak to multiple systems. Unlike conventional authentication methods using physical media, there is no need to prepare physical media and readers for each system and terminal. In addition, since the user side communication device only responds to incoming calls from the system side communication device, there is no need for the user to enter the calling number. Also, since the number of calls is limited to a predetermined number, it is possible to prevent unauthorized transfer.
[0008] また、図 2に示すように、ユーザ 1が操作する端末 8とネットワーク 3を介して接続され 、ユーザ 1にサービスを提供するサービスシステム 24, 25, 26に対し、該端末 8を操 作しているユーザ 1が正規のユーザであることを認証するユーザ認証方法において、 正規のユーザであることを示す固有 IDを不正な操作では書き換え困難に記憶する 固有 ID記憶部 1 laを有し、サービスシステム側から盗聴 ·改竄防止機能を備えた所 定のネットワーク 12を介してコールを受信するとユーザ 1に着信を通知し、ユーザ 1が 着信を受けると着信が受けられたことを示す着信応答を返信する着信部 l ibを有す るユーザ側通信機 11を用意し、ネットワーク 12とサービスシステム 24〜26との間に、 ユーザ自身を特定する情報であるユーザ IDと固有 IDとの対応関係を示すユーザ ID 対応リスト 51bを記憶し、サービスシステム 24〜26からの認証要求に基づいて、ユー ザ側通信機 11にコールするとともにユーザ側通信機 11から送信される着信応答を 受信してユーザを認証するコール部 51dを有する認証装置 51を配置し、ユーザ 1が 、端末 8からサービスシステム、例えば 24を利用するためにユーザ IDを入力すると、 サービスシステム 24の認証部 24bがユーザ IDを指定して認証装置 51にユーザの認 証を依頼し、認証装置 51のコール部 51dは、ユーザ IDに対応する固有 IDをユーザ I D対応リスト 51bから検索し、ネットワーク 12を介してユーザ側通信機 11の固有 IDに 所定の回数だけコールし、ユーザ側通信機 11がコールに対してユーザ 1がコールを 受けたことを示す着信応答を返信すると、コール部 51dは、端末 8を操作しているュ 一ザ 1が正規のユーザであることをサービスシステム 24の認証部 24bに通知すること を特徴とする。  Also, as shown in FIG. 2, the terminal 8 is operated with respect to service systems 24, 25, and 26 that are connected to the terminal 8 operated by the user 1 via the network 3 and provide services to the user 1. In the user authentication method for authenticating that the user 1 being created is a legitimate user, it has a unique ID storage section 1 la that stores a unique ID indicating that it is a legitimate user that is difficult to rewrite by an unauthorized operation. When a call is received from the service system via the specified network 12 equipped with an eavesdropping / tampering prevention function, the call is notified to the user 1 and when the user 1 receives the call, the incoming call response indicates that the call has been received. The user side communication device 11 having the receiving unit l ib is returned, and the correspondence between the user ID, which is information for identifying the user, and the unique ID is provided between the network 12 and the service system 24-26. The The user ID correspondence list 51b is stored, and on the basis of the authentication request from the service system 24 to 26, the user side communication device 11 is called and the incoming response transmitted from the user side communication device 11 is received to select the user. When the authentication device 51 having the call unit 51d to be authenticated is arranged and the user 1 inputs a user ID to use the service system, for example, 24 from the terminal 8, the authentication unit 24b of the service system 24 specifies the user ID. The authentication unit 51 requests the user to authenticate, and the call unit 51d of the authentication unit 51 searches the user ID correspondence list 51b for the unique ID corresponding to the user ID and When the user-side communication device 11 calls the unique ID a predetermined number of times and returns an incoming call response indicating that the user 1 has received the call, the call unit 51d operates the terminal 8. Iruyu monodentate 1 and notifies that the user is an authorized user to the authentication unit 24b of the service system 24.
[0009] 前記構成によれば、不正な操作では書き換え困難な記憶部に固有 IDを記憶させ、 かつ経路に盗聴 ·改竄防止機能を足すことにより、固有 IDの改竄を防ぐことができ、 パスワード方式のように、他人が比較的容易に本人になりすましてシステムが悪用さ れることを防止できる。また、任意のサービスシステムに対応した認証装置へ着信応 答を送信できることから、ユーザ側通信機が一台あれば、複数のシステムにログイン すること力 Sできる。従来の物理媒体による認証方式のように、システム毎、端末毎に物 理媒体やその読み取り機を用意する必要がない。また、ユーザ側通信機は認証装置 力、らのコールに着信応答するだけなので、ユーザが発信番号を入力する必要がない[0009] According to the configuration, the unique ID is stored in the storage unit that is difficult to rewrite by an unauthorized operation, In addition, by adding an eavesdropping / falsification prevention function to the route, it is possible to prevent falsification of the unique ID, and it is possible to prevent other people from impersonating the person relatively easily like the password method. In addition, since an incoming response can be sent to an authentication device compatible with any service system, it is possible to log in to multiple systems with a single user-side communication device. Unlike conventional authentication methods using physical media, there is no need to prepare physical media and readers for each system and terminal. In addition, since the communication device on the user side only responds to incoming calls with the authentication device, there is no need for the user to enter the calling number.
。また、コールの回数を所定の回数に制限するので、不正な転送を防ぐことができる . In addition, since the number of calls is limited to a predetermined number, unauthorized transfers can be prevented.
発明の効果 The invention's effect
[0010] 力、かる発明によれば、認証の際にユーザはコールに応答するだけなので、発信番 号を入力する必要がなぐ認証におけるユーザの負担を低減することができるという 効果を奏する。また、コールの回数を所定の回数に制限するので、転送を防ぎ、ユー ザ IDが盗まれた場合にユーザへのコールが不正者に転送されサービスが不正利用 されることを防ぐこと力 Sできる。  [0010] According to the present invention, since the user only responds to the call at the time of authentication, there is an effect that it is possible to reduce the burden on the user in the authentication without having to input the calling number. In addition, since the number of calls is limited to a predetermined number, it can be prevented from being transferred, and if the user ID is stolen, the call to the user can be transferred to an unauthorized person and the service can be prevented from being used illegally. .
図面の簡単な説明  Brief Description of Drawings
[0011] [図 1]図 1は、本発明に係るユーザ認証システムの構成を示す図である。  FIG. 1 is a diagram showing a configuration of a user authentication system according to the present invention.
[図 2]図 2は、本発明に係るユーザ認証システムの他の構成を示す図である。  FIG. 2 is a diagram showing another configuration of the user authentication system according to the present invention.
[図 3]図 3は、本実施例 1に係るユーザ認証システムの構成を示す図である。  FIG. 3 is a diagram illustrating the configuration of the user authentication system according to the first embodiment.
[図 4]図 4は、本実施例 1に係るユーザ認証システムによるユーザ認証処理の処理手 順を示すフローチャートである。  FIG. 4 is a flowchart of a user authentication processing procedure performed by the user authentication system according to the first embodiment.
[図 5]図 5は、本実施例 2に係るユーザ認証システムの構成を示す図である。  FIG. 5 is a diagram illustrating a configuration of a user authentication system according to the second embodiment.
[図 6]図 6は、本実施例 2に係るユーザ認証システムによるユーザ認証処理の処理手 順を示すフローチャートである。  FIG. 6 is a flowchart of a user authentication process performed by the user authentication system according to the second embodiment.
[図 7]図 7は、本実施例 1及び 2に係るユーザ認証プログラムを実行するコンピュータ のハードウェア構成を示すブロック図である。  FIG. 7 is a block diagram illustrating a hardware configuration of a computer that executes a user authentication program according to the first and second embodiments.
符号の説明  Explanation of symbols
[0012] 1 , 61 ユーザ 2, 7, 8 端末 [0012] 1, 61 users 2, 7, 8 terminals
3, 12 ネットワーク  3, 12 network
4〜6, 24〜26 サービスシステム  4-6, 24-26 service system
4b〜6b ユーザ ID対応リスト  4b-6b User ID correspondence list
4d〜6d コーノレ部  4d ~ 6d corner section
11 ユーザ側通信機 11 User side communication device
11a 固有 ID記憶部 11a Unique ID storage
l i 着信部 l i Call receiver
13-15 システム側通信機  13-15 Communication device on system side
24b〜26b 認、証咅^  24b-26b recognition, voucher ^
51 認証装置  51 Authentication device
51b ユーザ ID対応リスト  51b User ID correspondence list
51d コーノレ |5  51d Cornole | 5
62, 63 PC (パーソナルコンピュータ)  62, 63 PC (personal computer)
64 UNIX (登録商標)(UNIX (登録商標)ワークステーション) 64 UNIX (UNIX® workstation)
65 インターネット 65 Internet
66 ファイルサーバ  66 File server
66b〜68b ユーザ ID対応リスト 66b to 68b User ID list
6d~68d コーノレ部 6d ~ 68d Corner section
7, 68 WEBサービス提供サーバ  7, 68 Web service providing server
71 携帯電話  71 mobile phone
71a 自局番号記憶部 71a Local number storage
1b 着信部 1b Incoming part
2 無線網 2 Wireless network
3 公衆電話網 3 Public telephone network
4, 75 発信番号受信機能付モデム 4, 75 Modem with receiving number receiving function
6 認証サーバ 6 Authentication server
6b ユーザ ID対応リスト 76d コーノレ部 6b User ID list 76d Cornoré Club
86 フアイノレサーバ  86 Huinore Server
86b〜88b 認証部  86b to 88b Authentication section
86c〜88c 文字送信部  86c ~ 88c Character transmitter
87, 88 WEBサービス提供サーバ  87, 88 WEB service providing server
100 コンピュータ  100 computers
110 RAM  110 RAM
111 ユーザ認証プログラム  111 User authentication program
120 CPU  120 CPU
121 ユーザ認証プロセス  121 User authentication process
130 HDD  130 HDD
140 LANインタフェース  140 LAN interface
150 入出力インタフェース  150 I / O interface
160 DVDドライブ  160 DVD drive
発明を実施するための最良の形態  BEST MODE FOR CARRYING OUT THE INVENTION
[0013] 以下に添付図面を参照して、この発明に係るユーザ認証方法、ユーザ認証システ ム、ユーザ認証装置及びユーザ認証プログラムの好適な実施例を詳細に説明する。 実施例 1では、サービスシステム自身がユーザを認証する場合について説明し、実 施例 2では、サービスシステムが認証装置にユーザ認証を依頼する場合につ!/、て説 明する。 Exemplary embodiments of a user authentication method, a user authentication system, a user authentication device, and a user authentication program according to the present invention will be described below in detail with reference to the accompanying drawings. In the first embodiment, the case where the service system itself authenticates the user will be described. In the second embodiment, the case where the service system requests user authentication from the authentication apparatus will be described.
実施例 1  Example 1
[0014] まず、本実施例 1に係るユーザ認証システムの構成について説明する。図 3は、本 実施例 1に係るユーザ認証システムの構成を示す図である。図中、 61はユーザ、 62 , 63は端末としてのパーソナルコンピュータ(PC)、 64は端末としての UNIX (登録商 標)ワークステーション(UNIX (登録商標))、 65はネットワークとしてのインターネット 、 66はサービスシステムとしてのファイルサーノ 、 67, 68はサービスシステムとしての WEBサービス提供サーバである。  First, the configuration of the user authentication system according to the first embodiment will be described. FIG. 3 is a diagram illustrating the configuration of the user authentication system according to the first embodiment. In the figure, 61 is a user, 62 and 63 are personal computers (PC) as terminals, 64 is a UNIX (registered trademark) workstation (UNIX (registered trademark)) as a terminal, 65 is the Internet as a network, 66 is File sano as a service system, 67 and 68 are web service providing servers as service systems.
[0015] また、 71はユーザ側通信機としての携帯電話、 72及び 73は所定のネットワークとし ての無線網及び公衆電話網、 74, 75はシステム側通信機としての発信番号受信機 能付モデムである(但し、モデム 75は WEBサービス提供サーバ 67, 68で共有され ている。)。 [0015] In addition, 71 is a mobile phone as a user-side communication device, and 72 and 73 are predetermined networks. All wireless networks and public telephone networks, 74 and 75 are modems with a calling number receiving function as system side communication devices (however, the modem 75 is shared by the web service providing servers 67 and 68).
[0016] ここでは、携帯電話 71内の自局番号記憶部 71aを固有 ID記憶部として使用、すな わち固有 IDとして自局番号記憶部 71aに格納された電話番号 (発呼番号)を用いる ものとする。また、無線網 72及び公衆電話網 73は通信の盗聴 ·改竄を防止する機能 を持つものとする。発信番号受信機能付モデム 74, 75は、着信した電話番号を読み 取り、転送する機能を備えているものとする。  Here, the own station number storage unit 71a in the mobile phone 71 is used as the unique ID storage unit, that is, the telephone number (calling number) stored in the own station number storage unit 71a as the unique ID is used. Shall be used. The wireless network 72 and the public telephone network 73 shall have a function to prevent tapping and tampering of communications. It is assumed that the modems 74 and 75 with a calling number receiving function have a function of reading and transferring an incoming telephone number.
[0017] また、ファイルサーバ 66及び WEBサービス提供サーバ 67, 68はユーザ IDと固有 I D (ここでは発呼番号)との対応関係を示すユーザ ID対応リスト 66b, 67b, 68b、携 帯電話 71に発信番号受信機能付モデム 74, 75を介して所定の回数だけコールを 行うコール部 66d, 67d, 68dを備えているものとする。ここで、所定の回数とは、携帯 電話 71へのコールに対して他の携帯電話への転送が開始される回数より小さい回 数である。  [0017] In addition, the file server 66 and the web service providing servers 67 and 68 are provided in the user ID correspondence lists 66b, 67b, 68b, and the mobile phone 71 indicating the correspondence between the user ID and the unique ID (calling number in this case). It is assumed that call units 66d, 67d, and 68d for making a call a predetermined number of times via modems 74 and 75 with a calling number receiving function are provided. Here, the predetermined number of times is a number smaller than the number of times that a call to the mobile phone 71 is transferred to another mobile phone.
[0018] また、ここでは、コール部 66d, 67d, 68dは、各サービスシステムが有する固定の 発信番号を用いて携帯電話 71にコールする力 各サービスシステムが有する複数の 発信番号の中からランダムに発信番号を選択して携帯電話 71にコールするようにす ることもできる。複数の発信番号の中からランダムに一つ選び出し、その番号からコ ールすることによって、サービスシステムが有する発信番号を特定することが困難とな り、サービスシステムが攻撃を受ける可能性を低減することができる。  [0018] Also, here, the call units 66d, 67d, 68d are capable of calling the mobile phone 71 using a fixed call number of each service system. Randomly from among a plurality of call numbers of each service system. It is also possible to call the mobile phone 71 by selecting the calling number. By randomly selecting one of multiple calling numbers and making a call from that number, it becomes difficult to identify the calling number that the service system has, and the possibility of the service system being attacked is reduced. be able to.
[0019] これらのコール部 66d, 67d, 68dは、ユーザ 61が通話ボタンを押して呼が確立す ると、トーキーとして「こちらは〇〇銀行です。ログインされたい場合は、 1 #をダイァ ルして下さい。」を流す。そして、コール部 66d, 67d, 68dは、携帯電話 71から文字 が返信されると、「1 #」と一致するか否かを判定し、一致する場合にはユーザ 61を正 規のユーザと判定する。  [0019] These call parts 66d, 67d, and 68d, when the user 61 presses the call button and the call is established, the talk key is "This is a bank. If you want to log in, dial 1 #. Please flow. " When the characters are returned from the mobile phone 71, the call units 66d, 67d, and 68d determine whether or not “1 #” matches, and if they match, the user 61 is determined as a regular user. To do.
[0020] なお、ここでは、トーキーで「1 #」を指定することとした力 他の文字や文字列を指 定することもできる。また、ここでは、「文字」は、「記号」や「数字」を含むものとする。  [0020] It should be noted that, here, it is also possible to specify other characters and character strings by specifying “1 #” with the talk key. Here, “character” includes “symbol” and “number”.
[0021] また、トーキーとして「こちらは〇〇銀行です。通話ボタンが押されましたので、ログ インが許可となります。通話はお切りください」と流すこともできる。この場合、コール 部 66d, 67d, 68dは、携帯電話 71の通話ボタンが押されたことを示す着信応答を受 信すると、ユーザ 61を正規のユーザと判定する。また、ユーザ 61は、通話ボタンを押 すだけでログインが許可される。 [0021] As a talkie, “This is a bank. Inn is permitted. Please hang up the call. " In this case, when the call units 66d, 67d, and 68d receive an incoming call response indicating that the call button of the mobile phone 71 has been pressed, the call units 66d, 67d, and 68d determine that the user 61 is a legitimate user. Also, the user 61 is permitted to log in only by pressing the call button.
[0022] あるいは、ユーザ IDを送信してきた端末に文字や文字列を送信し、ユーザ 61に端 末に表示された文字や文字列を返信させるようにすることもできる。この場合、トーキ 一としては、例えば、「こちらは〇〇銀行です。ログインされたい場合には、画面に表 示された文字をダイアルしてください。」と流す。  Alternatively, it is also possible to send a character or character string to the terminal that has transmitted the user ID and cause the user 61 to return the character or character string displayed on the terminal. In this case, as one of the talkies, for example, “This is OO bank. If you want to log in, please dial the characters displayed on the screen.”
[0023] これらのコール部 66d, 67d, 68d力 携帯電話 71にコールし、携帯電話 71から返 信される文字を用いて認証することによって、ユーザ 61は指定された文字をダイアル するだけで認証を行うことができる。また、これらのコール部 66d, 67d, 68d力 S、携帯 電話 71が返信する文字を用いて認証を行うことによって、サービスシステムの攻撃者 がユーザ IDを不正に盗み出し、発信者番号を偽造できる場合にも、返信する文字を 特定することができないため、サービスシステムが攻撃を受ける可能性をなくすことが できる。  [0023] These call parts 66d, 67d, and 68d force By calling the mobile phone 71 and authenticating using the characters returned from the mobile phone 71, the user 61 simply authenticates the specified characters by dialing. It can be performed. In addition, by authenticating using these call parts 66d, 67d, 68d force S, and characters returned by the mobile phone 71, an attacker of the service system can illegally steal the user ID and forge the caller ID In addition, since it is not possible to identify the character to be returned, the possibility of the service system being attacked can be eliminated.
[0024] 次に、本実施例 1に係るユーザ認証システムによるユーザ認証処理の処理手順に ついて説明する。図 4は、本実施例 1に係るユーザ認証システムによるユーザ認証処 理の処理手順を示すフローチャートである。なお、ここでは、ユーザ 61が、 PC62を 利用してインターネット 65上のファイルサーバ 66へアクセスする場合を例にとって説 明する。  Next, a processing procedure of user authentication processing by the user authentication system according to the first embodiment will be described. FIG. 4 is a flowchart of the user authentication process performed by the user authentication system according to the first embodiment. Here, a case where the user 61 accesses the file server 66 on the Internet 65 using the PC 62 will be described as an example.
[0025] 同図に示すように、このユーザ認証処理では、ユーザ 61が PC62にユーザ IDを入 力すると、 PC62は、インターネット 65を通じて、ユーザ IDをファイルサーバ 66に送 信する(ステップ Sl l)。  As shown in the figure, in this user authentication process, when the user 61 inputs a user ID to the PC 62, the PC 62 sends the user ID to the file server 66 through the Internet 65 (step Sl l). .
[0026] そして、ファイルサーバ 66のコール部 66dは、ユーザ ID対応リスト 66bからユーザ I Dに対応する携帯電話番号を検索し (ステップ S 12)、検索した携帯電話番号を用レ、 て携帯電話 71に発信番号受信機能付モデム 74を介して所定の回数だけコールす る(ステップ S 13)。  [0026] Then, the call unit 66d of the file server 66 searches for the mobile phone number corresponding to the user ID from the user ID correspondence list 66b (step S12), and uses the searched mobile phone number for the mobile phone 71. Is called a predetermined number of times via the modem 74 with a calling number receiving function (step S13).
[0027] そして、ユーザ 61が通話ボタンを押下すると、携帯電話 71の着信部 71bが通話ボ タンの押下を示す着信応答を返信し (ステップ S14)、呼が確立すると、ファイルサー ノ 66のコール部 66dはトーキーを送信する(ステップ S15)。 [0027] Then, when the user 61 presses the call button, the incoming call unit 71b of the mobile phone 71 is moved to the call button. An incoming call response indicating that the button is pressed is returned (step S14). When the call is established, the call unit 66d of the file sensor 66 transmits a talkie (step S15).
[0028] そして、携帯電話 71の着信部 71bがトーキーを流し、トーキーで指定された文字( ここでは「1 #」)がユーザ 61によってダイアルされると「1 #」を返信する(ステップ S 1 6)。すると、コール部 66dは、発信番号受信機能付モデム 74を介して返信された文 字を受け取り、コールを切断する(ステップ S17)。そして、コール部 66dは、返信され た文字が「1 #」と一致するか否かを判定し、一致する場合には、 PC62に対してログ イン許可を与える(ステップ S 18)。  [0028] Then, the receiving unit 71b of the mobile phone 71 plays a talkie, and when the character designated by the talkie (here, "1 #") is dialed by the user 61, "1 #" is returned (step S 1 6). Then, the call unit 66d receives the character returned through the modem 74 with the calling number receiving function and disconnects the call (step S17). Then, the call unit 66d determines whether or not the returned character matches “1 #”, and if it matches, gives the login permission to the PC 62 (step S18).
[0029] このように、ファイルサーバ 66のコール部 66dが携帯電話 71に発信番号受信機能 付モデム 74を介してコールすることによって、ユーザ 61はトーキーで指定された文字 を返信するだけで認証を行うことができ、ユーザ認証におけるユーザ 61の負担を軽 減すること力 Sでさる。  [0029] In this manner, when the call unit 66d of the file server 66 calls the mobile phone 71 via the modem 74 with the caller ID reception function, the user 61 can authenticate only by returning the character specified by the talkie. This can be done and can reduce the burden on the user 61 in user authentication.
[0030] 上述してきたように、本実施例 1では、コール部 66d, 67d, 68dがそれぞれユーザ I D対応リスト 66b, 67b, 68bを用いてユーザ IDに対応する携帯電話番号を取得し、 取得した携帯電話番号を用いてユーザ IDに対応する携帯電話 71に発信番号受信 機能付モデム 74, 75を介してコールしてトーキーを流し、携帯電話 71の着信部 71b がユーザ 61の指示に基づいてトーキーで指定された文字を返信すると、コール部 66 d, 67d, 68dが発信番号受信機能付モデム 74、 75を介して受け取った文字とトーキ 一で指定した文字に基づいてユーザ認証を行うこととしたので、ユーザ 61は文字を 返信するだけで認証を行うことができ、ユーザの負担を低減することができる。  [0030] As described above, in the first embodiment, the call units 66d, 67d, and 68d use the user ID correspondence lists 66b, 67b, and 68b to acquire the mobile phone numbers corresponding to the user IDs, respectively. Call the cellular phone 71 corresponding to the user ID using the cellular phone number via the modems 74 and 75 with a calling number reception function to cause the talkie to flow. When the characters specified in the above are sent back, the call units 66d, 67d, 68d perform user authentication based on the characters received via the modems with caller ID reception function 74 and 75 and the characters specified in the token. Therefore, the user 61 can authenticate only by returning the character, and the burden on the user can be reduced.
[0031] また、本実施例 1では、携帯電話 71へコールする際にコールを所定の回数に制限 することによって、不正な携帯電話への転送を防ぎ、不正にユーザ IDを入手した不 正者が携帯電話 71へのコールを転送してサービスの不正利用を行うことを防ぐこと ができる。  [0031] In the first embodiment, when a call is made to the mobile phone 71, by restricting the call to a predetermined number of times, transfer to an unauthorized mobile phone is prevented, and an unauthorized person who obtained a user ID illegally. Can prevent unauthorized use of the service by transferring a call to mobile phone 71.
実施例 2  Example 2
[0032] ところで、上記実施例 1では、各サービスシステムがユーザ認証を行う場合につい て説明したが、サービスシステムからユーザ認証要求を受け付けてユーザ認証を行う 認証装置を用いてユーザ認証を行うこともできる。そこで、本実施例 2では、サービス システムからユーザ認証要求を受け付けてユーザ認証を行う認証装置を用いる場合 について説明する。 In the first embodiment, the case where each service system performs user authentication has been described. However, user authentication may be performed using an authentication apparatus that receives a user authentication request from the service system and performs user authentication. it can. Therefore, in this second embodiment, the service The case of using an authentication device that accepts user authentication requests from the system and performs user authentication will be described.
[0033] まず、本実施例 2に係るユーザ認証システムの構成について説明する。図 5は、本 実施例 2に係るユーザ認証システムの構成を示す図である。なお、ここでは説明の便 宜上、図 3に示した各部と同様の役割を果たす機能部については同一符号を付すこ ととしてその詳細な説明を省略する。  First, the configuration of the user authentication system according to the second embodiment will be described. FIG. 5 is a diagram illustrating the configuration of the user authentication system according to the second embodiment. Here, for convenience of explanation, functional units that play the same functions as those shown in FIG. 3 are given the same reference numerals, and detailed explanations thereof are omitted.
[0034] 図 5に示すように、このユーザ認証システムは、サービスシステムとしてのファイルサ ーバ 66に代えてファイルサーバ 86を有し、サービスシステムとしての WEBサービス 提供サーバ 67, 68に代えて WEBサービス提供サーバ 87, 88を有する。また、この ユーザ認証システムは、各サービスシステム力、らユーザ認証要求を受け付けてユー ザ認証を行う認証サーバ 76を有する。なお、各サービスシステムと認証サーバ 76と の間は VPNなど安全性の高いネットワークで接続される。  As shown in FIG. 5, this user authentication system has a file server 86 in place of the file server 66 as a service system, and a WEB service in place of the WEB service providing servers 67 and 68 as service systems. Service providing servers 87 and 88 are provided. The user authentication system also includes an authentication server 76 that receives user authentication requests from each service system and performs user authentication. Each service system and the authentication server 76 are connected by a highly secure network such as a VPN.
[0035] ファイルサーバ 86、 WEBサービス提供サーバ 87, 88は、それぞれ文字送信部 86 c , 87c , 88c及び認証部 86b, 87b, 88bを有し、文字送信部 86c , 87c , 88cはュ 一ザ IDを受信すると複数の文字からランダムに文字を選択してユーザ IDを送信した 端末に送信し、認証部 86b, 87b, 88bは、ユーザ ID及び文字を指定してユーザ認 証を認証サーバ 76に依頼し、認証サーバ 76の認証結果に基づいてユーザにサー ビスを提供するか否かを決定する。  [0035] The file server 86 and the web service providing servers 87 and 88 have character transmission units 86c, 87c and 88c and authentication units 86b, 87b and 88b, respectively. The character transmission units 86c, 87c and 88c are When the ID is received, characters are randomly selected from a plurality of characters and sent to the terminal that sent the user ID, and the authentication unit 86b, 87b, 88b specifies the user ID and the character and sends the user authentication to the authentication server 76. And determines whether to provide a service to the user based on the authentication result of the authentication server 76.
[0036] 認証サーバ 76は、ユーザ ID対応リスト 76bと、コーノレ部 76dとを有する。コール部 7 6dは、サービスシステムから認証依頼を受信すると、ユーザ IDに対応する携帯電話 番号をユーザ ID対応リスト 76bから検索し、検索した携帯電話番号を用いて携帯電 話 71にコールする。そして、携帯電話 71から文字が返信されると、返信された文字と 認証依頼で指定された文字が一致するか否かに基づ!/、てユーザ認証を行い、認証 結果を認証の依頼元のサービスシステムに通知する。  [0036] The authentication server 76 includes a user ID correspondence list 76b and a corner section 76d. When receiving the authentication request from the service system, the calling unit 76d searches the user ID correspondence list 76b for a mobile phone number corresponding to the user ID, and calls the mobile phone 71 using the searched mobile phone number. When a character is returned from the mobile phone 71, user authentication is performed based on whether the returned character matches the character specified in the authentication request, and the authentication result is sent to the authentication request source. Notify the service system.
[0037] なお、ここでは、複数の文字からランダムに文字を選択して端末に送信することとし たが、常に「1 #」など所定の文字列や文字を端末に送信するようにすることもできる。 また、ここでは、ユーザ IDを送信してきた端末に文字を送信し、ユーザ 61が端末に 表示された文字を返信することとしたが、端末に文字を送信することなぐトーキーで 文字や文字列を指定することもできる。例えば、トーキーとして「こちらは〇〇銀行で す。ログインされたい場合は、 1 #をダイアルして下さい。」と流すこともできる。 [0037] In this example, a character is randomly selected from a plurality of characters and transmitted to the terminal. However, a predetermined character string or character such as "1 #" may always be transmitted to the terminal. it can. Also, here, characters are sent to the terminal that sent the user ID, and the user 61 sends back the characters displayed on the terminal. You can also specify characters and strings. For example, as a talkie, you can say, "This is a bank. If you want to log in, please dial 1 #."
[0038] あるいは、トーキーとして「こちらは〇〇銀行です。通話ボタンが押されましたので、 ログインが許可となります。通話はお切りください」と流すこともできる。この場合、コー ル部 76dは、携帯電話 71の通話ボタンが押されたことを示す着信応答が返信される と、ユーザ 61を正規のユーザと判定する。また、ユーザ 61は、通話ボタンを押した後 に通話を切断するだけでログインが許可される。  [0038] Or, as a talkie, you can say "This is a bank. The call button has been pressed, so login is allowed. Please hang up." In this case, when an incoming call response indicating that the call button of the cellular phone 71 is pressed is returned, the call unit 76d determines that the user 61 is a legitimate user. Further, the user 61 is permitted to log in only by disconnecting the call after pressing the call button.
[0039] 次に、本実施例 2に係るユーザ認証システムによるユーザ認証処理の処理手順に ついて説明する。図 6は、本実施例 2に係るユーザ認証システムによるユーザ認証処 理の処理手順を示すフローチャートである。なお、ここでは、ユーザ 61が、 PC62を 利用してインターネット 65上のファイルサーバ 86へアクセスする場合を例にとって説 明する。  Next, a processing procedure of user authentication processing by the user authentication system according to the second embodiment will be described. FIG. 6 is a flowchart of a user authentication process performed by the user authentication system according to the second embodiment. Here, a case where the user 61 accesses the file server 86 on the Internet 65 using the PC 62 will be described as an example.
[0040] 同図に示すように、このユーザ認証処理では、ユーザ 61が PC62にユーザ IDを入 力すると、 PC62は、インターネット 65を通じて、ユーザ IDをファイルサーバ 86に送 信する(ステップ S21)。  As shown in the figure, in this user authentication process, when the user 61 inputs a user ID to the PC 62, the PC 62 transmits the user ID to the file server 86 via the Internet 65 (step S21).
[0041] そして、ファイルサーバ 86の文字送信部 86cは、ユーザ IDを受信すると、複数の文 字からランダムに文字を選択して PC62に送信し (ステップ S22)、認証部 86bが認証 サーバ 76にユーザ IDと文字送信部 86cが送信した文字を指定してユーザ認証要求 を送信する(ステップ S23)。そして、認証サーバ 76のコール部 76dが認証要求を受 け取ると、ユーザ ID対応リスト 76bからユーザ IDに対応する携帯電話番号を検索す る(ステップ S24)。  [0041] Upon receiving the user ID, the character transmitting unit 86c of the file server 86 randomly selects a character from a plurality of characters and transmits it to the PC 62 (step S22), and the authentication unit 86b sends the authentication server 76 to the authentication server 76. The user authentication request is transmitted by designating the user ID and the character transmitted by the character transmission unit 86c (step S23). When the call unit 76d of the authentication server 76 receives the authentication request, the mobile phone number corresponding to the user ID is searched from the user ID correspondence list 76b (step S24).
[0042] そして、コール部 76dは、検索した携帯電話番号を用いて携帯電話 71に所定の回 数だけコールし (ステップ S25)、ユーザ 61が通話ボタンを押下すると、携帯電話 71 の着信部 71bが通話ボタンの押下を示す着信応答を返信し (ステップ S26)、呼が確 立すると、認証サーバ 76のコール部 76dはトーキーを送信する(ステップ S27)。  [0042] Then, the calling unit 76d calls the cellular phone 71 a predetermined number of times using the retrieved cellular phone number (step S25), and when the user 61 presses the call button, the incoming unit 71b of the cellular phone 71 is called. Returns an incoming call response indicating that the call button is pressed (step S26), and when the call is established, the call unit 76d of the authentication server 76 transmits a talkie (step S27).
[0043] そして、携帯電話 71の着信部 71bがトーキーを流し、端末に送信された文字がュ 一ザ 61によってダイアルされるとダイアルされた文字を返信する(ステップ S28)。す ると、コール部 76dは、返信された文字を受け取り、コールを切断する(ステップ S29) 〇 [0043] Then, the receiving unit 71b of the mobile phone 71 plays a talkie, and when the character transmitted to the terminal is dialed by the user 61, the dialed character is returned (step S28). Then, the call unit 76d receives the returned character and disconnects the call (step S29). Yes
[0044] そして、コール部 76dは、返信された文字がファイルサーバ 86が指定した文字と一 致するか否かを判定し、一致する場合には、ファイルサーバ 86に正規のユーザであ ることを通知する(ステップ S30)。そして、ファイルサーバ 86の認証部 86bが PC62 に対してログイン許可を与える(ステップ S31)。  [0044] Then, the call unit 76d determines whether or not the returned character matches the character specified by the file server 86, and if it matches, the call server 76d is an authorized user of the file server 86. Is notified (step S30). Then, the authentication unit 86b of the file server 86 gives a login permission to the PC 62 (step S31).
[0045] このように、認証サーバ 76のコール部 76dがユーザ認証要求を受信すると携帯電 話 71にコールして文字の返信を要求することによって、ユーザ 61は文字を返信する だけで認証を行うことができ、ユーザ認証におけるユーザ 61の負担を軽減することが できる。  [0045] As described above, when the call unit 76d of the authentication server 76 receives the user authentication request, the user 61 performs authentication only by returning the character by calling the mobile phone 71 and requesting a character return. It is possible to reduce the burden on the user 61 in user authentication.
[0046] 上述してきたように、本実施例 2では、認証サーバ 76がサービスシステムからユー ザ認証要求を受け付けてユーザ認証を行うこととしたので、サービスシステムごとにュ 一ザ認証機能を設ける必要がなぐユーザ認証システムを効率良く構築することがで きる。  [0046] As described above, in the second embodiment, the authentication server 76 accepts the user authentication request from the service system and performs the user authentication, so it is necessary to provide a user authentication function for each service system. It is possible to efficiently construct a user authentication system that can be used with Gaga.
[0047] なお、本実施例 1及び 2では、サービス提供サーバ及び認証サーバのユーザ認証 機能につ!/、て説明したが、かかるユーザ認証機能は、サービス提供サーバ及び認証 サーバで実行されるユーザ認証プログラムによって実現される。そこで、このユーザ 認証プログラムを実行するサービス提供サーバ及び認証サーバのハードウェア構成 について説明する。  In the first and second embodiments, the user authentication function of the service providing server and the authentication server has been described as! /, But the user authentication function is a user executed by the service providing server and the authentication server. Realized by an authentication program. Therefore, the hardware configuration of the service providing server that executes the user authentication program and the authentication server will be described.
[0048] 図 7は、本実施例 1及び 2に係るユーザ認証プログラムを実行するコンピュータ、す なわちサービス提供サーバ及び認証サーバのハードウェア構成を示すブロック図で ある。同図に示すように、このコンピュータ 100は、 RAM110と、 CPU120と、 HDD 130と、 LANインタフェース 140と、入出力インタフェース 150と、 DVDドライブ 160と を有する。  FIG. 7 is a block diagram illustrating a hardware configuration of a computer that executes the user authentication program according to the first and second embodiments, that is, a service providing server and an authentication server. As shown in the figure, the computer 100 includes a RAM 110, a CPU 120, an HDD 130, a LAN interface 140, an input / output interface 150, and a DVD drive 160.
[0049] RAMI 10は、プログラムやプログラムの実行途中結果などを記憶するメモリであり、 CPU120は、 RAMI 10からプログラムを読み出して実行する中央処理装置である。  The RAMI 10 is a memory that stores a program, a program execution result, and the like. The CPU 120 is a central processing unit that reads a program from the RAMI 10 and executes it.
[0050] HDD130は、プログラムやデータを格納するディスク装置であり、 LANインタフエ ース 140は、コンピュータ 100を LANやインターネット 65経由で他のコンピュータに 接続するためのインタフェースである。 [0051] 入出力インタフェース 150は、マウスやキーボードなどの入力装置及び表示装置を 接続するためのインタフェースであり、 DVDドライブ 160は、 DVDの読み書きを行う 装置である。 [0050] The HDD 130 is a disk device that stores programs and data, and the LAN interface 140 is an interface for connecting the computer 100 to another computer via the LAN or the Internet 65. [0051] The input / output interface 150 is an interface for connecting an input device such as a mouse and a keyboard and a display device, and the DVD drive 160 is a device for reading and writing a DVD.
[0052] そして、このコンピュータ 100において実行されるユーザ認証プログラム 111は、 D VDに記憶され、 DVDドライブ 160によって DVDから読み出されてコンピュータ 100 にインストールされる。  [0052] The user authentication program 111 executed in the computer 100 is stored in the DVD, read from the DVD by the DVD drive 160, and installed in the computer 100.
[0053] あるいは、このユーザ認証プログラム 111は、 LANインタフェース 140を介して接続 された他のコンピュータシステムのデータベースなどに記憶され、これらのデータべ ースから読み出されてコンピュータ 100にインストールされる。  Alternatively, the user authentication program 111 is stored in a database or the like of another computer system connected via the LAN interface 140, read from these databases, and installed in the computer 100.
[0054] そして、インストールされたユーザ認証プログラム 111は、 HDD130に記憶され、 R AMI 10に読み出されて CPU120によってユーザ認証プロセス 121として実行され  [0054] Then, the installed user authentication program 111 is stored in the HDD 130, read out to the RAMI 10, and executed as the user authentication process 121 by the CPU 120.
[0055] なお、本実施例 1及び 2では、インターネットを介してサービスシステムを利用するュ 一ザを認証する場合について説明した力 S、本発明はこれに限定されるものではなぐ 例えば、 ATM(Automatic Teller Machine)におけるユーザ認証など他のユーザ認証 にも同様に適用することができる。 [0055] In the first and second embodiments, the power S described for authenticating a user who uses a service system via the Internet, the present invention is not limited to this. For example, ATM ( The same applies to other user authentication such as user authentication in Automatic Teller Machine.
産業上の利用可能性  Industrial applicability
[0056] 以上のように、本発明に係るユーザ認証方法、ユーザ認証システム、ユーザ認証装 置及びユーザ認証プログラムは、ユーザ認証すなわち正規のユーザであるか否かを 特定したい場合に有用であり、特に、ユーザ認証において利用者の負担を低減する ことが重要である場合に適して!/、る。  [0056] As described above, the user authentication method, the user authentication system, the user authentication device, and the user authentication program according to the present invention are useful when it is desired to specify whether or not the user is authenticated, that is, a legitimate user. Especially suitable when it is important to reduce the burden on the user in user authentication!

Claims

請求の範囲 The scope of the claims
[1] ユーザが使用する通信機の固有情報である固有 IDを認証に用いるユーザ認証装 置によるユーザ認証方法であって、  [1] A user authentication method using a user authentication device that uses a unique ID, which is unique information of a communication device used by a user, for authentication.
ユーザを特定する情報であるユーザ IDを取得するユーザ ID取得工程と、 ユーザ IDと固有 IDとの対応関係を示すユーザ IDリストから前記ユーザ ID取得ェ 程により取得されたユーザ IDに対応する固有 IDを検索する固有 ID検索工程と、 前記固有 ID検索工程により検索された固有 IDの通信機へ所定の回数だけコール を行うコール工程と、  A unique ID corresponding to the user ID obtained by the user ID obtaining process from the user ID obtaining process for obtaining the user ID, which is information for identifying the user, and the user ID list indicating the correspondence between the user ID and the unique ID. A unique ID search process that searches for a unique ID, a call process that makes a call a predetermined number of times to the communication device having the unique ID searched by the unique ID search process,
前記コール工程により行われたコールをユーザが受けたことを示す着信応答を通 信機から受け取ると前記ユーザ ID取得工程によりユーザ IDが取得されたユーザを 正規のユーザであると判定するユーザ判定工程と、  A user determination step of determining that a user whose user ID has been acquired by the user ID acquisition step is a legitimate user when receiving an incoming call response indicating that the user has received a call made by the call step. When,
を含んだことを特徴とするユーザ認証方法。  A user authentication method comprising:
[2] 前記ユーザ判定工程は、前記コール工程により行われたコールをユーザが受けた ことを示す着信応答を通信機から受け取ると所定の文字の返信をユーザに要求する トーキーを通信機に送信し、通信機から流されたトーキーを聞いたユーザが入力した 文字を通信機から受け取ると該受け取った文字が前記所定の文字と一致するか否か を判定し、一致する場合には、前記ユーザ ID取得工程によりユーザ IDが取得された ユーザを正規のユーザであると判定することを特徴とする請求項 1に記載のユーザ認 証方法。 [2] When the user determination step receives an incoming response indicating that the user has received the call made in the call step from the communication device, the user determination step transmits a talk key requesting the user to return a predetermined character to the communication device. When the character inputted by the user who heard the talkie sent from the communication device is received from the communication device, it is determined whether or not the received character matches the predetermined character. 2. The user authentication method according to claim 1, wherein the user whose user ID has been acquired in the acquisition step is determined to be a regular user.
[3] 前記通信機は電話であり、前記固有 IDは電話番号であることを特徴とする請求項 1 または 2に記載のユーザ認証方法。  3. The user authentication method according to claim 1, wherein the communication device is a telephone and the unique ID is a telephone number.
[4] ユーザが使用する通信機の固有情報である固有 IDをユーザ認証に用いるユーザ 認証装置によるユーザ認証方法であって、 [4] A user authentication method by a user authentication device that uses a unique ID, which is unique information of a communication device used by a user, for user authentication,
ユーザを特定する情報であるユーザ IDとともにユーザ認証要求をユーザ認証を必 要とする装置から受信するユーザ認証要求受信工程と、  A user authentication request receiving step for receiving a user authentication request together with a user ID, which is information for identifying a user, from a device that requires user authentication;
ユーザ IDと固有 IDとの対応関係を示すユーザ IDリストから前記ユーザ認証要求受 信工程により受信されたユーザ IDに対応する固有 IDを検索する固有 ID検索工程と 前記固有 ID検索工程により検索された固有 IDの通信機へ所定の回数だけコール を行うコール工程と、 A unique ID search step of searching for a unique ID corresponding to the user ID received by the user authentication request receiving step from a user ID list indicating a correspondence relationship between the user ID and the unique ID; A call process for making a predetermined number of calls to the communication device having the unique ID searched in the unique ID search process;
前記コール工程により行われたコールをユーザが受けたことを示す着信応答を通 信機から受け取ると、前記ユーザ認証要求受信工程によりユーザ IDが受信されたュ 一ザが正規のユーザであることを前記ユーザ認証を必要とする装置に通知するユー ザ判定工程と、  When an incoming response indicating that the user has received a call made by the call process is received from the transmitter, the user whose user ID is received by the user authentication request receiving process is confirmed to be a legitimate user. A user determination step of notifying a device requiring user authentication;
を含んだことを特徴とするユーザ認証方法。  A user authentication method comprising:
[5] ユーザが使用する通信機及び該通信機の固有情報である固有 IDを認証に用いる サービスシステムから構成されるユーザ認証システムであって、 [5] A user authentication system comprising a communication device used by a user and a service system that uses a unique ID, which is unique information of the communication device, for authentication,
前記サービスシステムは、  The service system includes:
ユーザを特定する情報であるユーザ IDと固有 IDとの対応関係を示すユーザ IDリス トを記憶するユーザ IDリスト記憶手段と、  A user ID list storage means for storing a user ID list indicating a correspondence relationship between a user ID, which is information for identifying a user, and a unique ID;
ユーザ IDを取得するユーザ ID取得手段と、  A user ID acquisition means for acquiring a user ID;
前記ユーザ IDリスト記憶手段から前記ユーザ ID取得手段により取得されたユーザ I Dに対応する固有 IDを検索する固有 ID検索手段と、  Unique ID search means for searching for a unique ID corresponding to the user ID acquired by the user ID acquisition means from the user ID list storage means;
前記固有 ID検索手段により検索された固有 IDの通信機へ所定の回数だけコール を行うコール手段と、  Call means for making a predetermined number of calls to the communication device having the unique ID searched by the unique ID search means;
前記コール手段により行われたコールをユーザが受けたことを示す着信応答を通 信機から受け取ると前記ユーザ ID取得手段によりユーザ IDが取得されたユーザを 正規のユーザであると判定するユーザ判定手段と、 を備え、  User determination means for determining that a user whose user ID has been acquired by the user ID acquisition means is a legitimate user when receiving an incoming response indicating that the user has received a call made by the call means from the transmitter And
前記通信機は、  The communication device is
前記コール手段により行われたコールを受信し、該受信したコールをユーザが受け るとユーザがコールを受けたことを示す着信応答を返信する着信手段を備えたことを 特徴とするユーザ認証システム。  A user authentication system comprising: an incoming means for receiving a call made by the call means and returning an incoming call response indicating that the user has received the call when the user receives the received call.
[6] ユーザが使用する通信機とユーザにサービスを提供するサービスシステムと該サー ビスシステムからのユーザ認証要求に基づいて前記通信機の固有情報である固有 I Dを用いてユーザ認証を行う認証装置とから構成されるユーザ認証システムであって 前記認証装置は、 [6] A communication device used by a user, a service system that provides a service to the user, and an authentication device that performs user authentication using a unique ID that is unique information of the communication device based on a user authentication request from the service system A user authentication system consisting of The authentication device
ユーザを特定する情報であるユーザ IDと固有 IDとの対応関係を示すユーザ IDリス トを記憶するユーザ IDリスト記憶手段と、  A user ID list storage means for storing a user ID list indicating a correspondence relationship between a user ID, which is information for identifying a user, and a unique ID;
ユーザ IDとともにユーザ認証要求を前記サービスシステムから受信するユーザ認 証要求受信手段と、  User authentication request receiving means for receiving a user authentication request together with a user ID from the service system;
前記ユーザ IDリスト記憶手段から前記ユーザ認証要求受信手段により受信された ユーザ IDに対応する固有 IDを検索する固有 ID検索手段と、  Unique ID search means for searching for a unique ID corresponding to the user ID received by the user authentication request receiving means from the user ID list storage means;
前記固有 ID検索手段により検索された固有 IDの通信機へ所定の回数だけコール を行うコール手段と、  Call means for making a predetermined number of calls to the communication device having the unique ID searched by the unique ID search means;
前記コール手段により行われたコールをユーザが受けたことを示す着信応答を通 信機から受け取ると前記ユーザ認証要求受信手段によりユーザ IDが受信されたュ 一ザが正規のユーザであることを前記サービスシステムに通知するユーザ判定手段 と、  When an incoming response indicating that the user has received a call made by the call means is received from the transmitter, the user whose user ID is received by the user authentication request receiving means is determined to be a legitimate user. User judgment means for notifying the service system;
を備え、  With
前記通信機は、  The communication device is
前記コール手段により行われたコールを受信し、該受信したコールをユーザが受け るとユーザがコールを受けたことを示す着信応答を返信する着信手段を備えたことを 特徴とするユーザ認証システム。  A user authentication system comprising: an incoming means for receiving a call made by the call means and returning an incoming call response indicating that the user has received the call when the user receives the received call.
ユーザが使用する通信機の固有情報である固有 IDを認証に用いるユーザ認証装 置であって、  A user authentication device that uses a unique ID, which is unique information of a communication device used by a user, for authentication.
ユーザを特定する情報であるユーザ IDと固有 IDとの対応関係を示すユーザ IDリス トを記憶するユーザ IDリスト記憶手段と、  A user ID list storage means for storing a user ID list indicating a correspondence relationship between a user ID, which is information for identifying a user, and a unique ID;
ユーザ IDを取得するユーザ ID取得手段と、  A user ID acquisition means for acquiring a user ID;
前記ユーザ IDリスト記憶手段から前記ユーザ ID取得手段により取得されたユーザ I Dに対応する固有 IDを検索する固有 ID検索手段と、  Unique ID search means for searching for a unique ID corresponding to the user ID acquired by the user ID acquisition means from the user ID list storage means;
前記固有 ID検索手段により検索された固有 IDの通信機へ所定の回数だけコール を行うコール手段と、 前記コール手段により行われたコールをユーザが受けたことを示す着信応答を通 信機から受け取ると前記ユーザ ID取得手段によりユーザ IDが取得されたユーザを 正規のユーザであると判定するユーザ判定手段と、 Call means for making a predetermined number of calls to the communication device having the unique ID searched by the unique ID search means; User determination means for determining that a user whose user ID has been acquired by the user ID acquisition means is a legitimate user when receiving an incoming response indicating that the user has received a call made by the call means from the transmitter When,
を備えたことを特徴とするユーザ認証装置。  A user authentication device comprising:
[8] ユーザが使用する通信機の固有情報である固有 IDをユーザ認証に用いるユーザ 認証装置であって、 [8] A user authentication device that uses a unique ID, which is unique information of a communication device used by a user, for user authentication,
ユーザを特定する情報であるユーザ IDと固有 IDとの対応関係を示すユーザ IDリス トを記憶するユーザ IDリスト記憶手段と、  A user ID list storage means for storing a user ID list indicating a correspondence relationship between a user ID, which is information for identifying a user, and a unique ID;
ユーザ IDとともにユーザ認証要求をユーザ認証を必要とする装置から受信するュ 一ザ認証要求受信手段と、  A user authentication request receiving means for receiving a user authentication request together with a user ID from a device requiring user authentication;
前記ユーザ IDリスト記憶手段から前記ユーザ認証要求受信手段により受信された ユーザ IDに対応する固有 IDを検索する固有 ID検索手段と、  Unique ID search means for searching for a unique ID corresponding to the user ID received by the user authentication request receiving means from the user ID list storage means;
前記固有 ID検索手段により検索された固有 IDの通信機へ所定の回数だけコール を行うコール手段と、  Call means for making a predetermined number of calls to the communication device having the unique ID searched by the unique ID search means;
前記コール手段により行われたコールをユーザが受けたことを示す着信応答を通 信機から受け取ると前記ユーザ認証要求受信手段によりユーザ IDが受信されたュ 一ザが正規のユーザであることを前記ユーザ認証を必要とする装置に通知するユー ザ判定手段と、  When an incoming response indicating that the user has received a call made by the call means is received from the transmitter, the user whose user ID is received by the user authentication request receiving means is determined to be a legitimate user. User determination means for notifying a device that requires user authentication;
を備えたことを特徴とするユーザ認証装置。  A user authentication device comprising:
[9] ユーザが使用する通信機の固有情報である固有 IDを認証に用いるユーザ認証プ ログラムであって、 [9] A user authentication program that uses a unique ID, which is unique information of a communication device used by a user, for authentication.
ユーザを特定する情報であるユーザ IDを取得するユーザ ID取得手順と、 ユーザ IDと固有 IDとの対応関係を示すユーザ IDリストから前記ユーザ ID取得手 順により取得されたユーザ IDに対応する固有 IDを検索する固有 ID検索手順と、 前記固有 ID検索手順により検索された固有 IDの通信機へ所定の回数コールを行 うコール手順と、  User ID acquisition procedure for acquiring a user ID, which is information for identifying a user, and a unique ID corresponding to the user ID acquired by the user ID acquisition procedure from the user ID list indicating the correspondence between the user ID and the unique ID A unique ID search procedure for searching for, a call procedure for making a predetermined number of calls to a communication device having a unique ID searched by the unique ID search procedure,
前記コール手順により行われたコールをユーザが受けたことを示す着信応答を通 信機から受け取ると前記ユーザ ID取得手順によりユーザ IDが取得されたユーザを 正規のユーザであると判定するユーザ判定手順と、 When an incoming response indicating that the user has received a call made by the call procedure is received from the transmitter, the user whose user ID has been acquired by the user ID acquisition procedure is determined. A user determination procedure for determining that the user is a legitimate user;
をコンピュータに実行させることを特徴とするユーザ認証プログラム。  A user authentication program that causes a computer to execute.
ユーザが使用する通信機の固有情報である固有 IDをユーザ認証に用いるユーザ 認証プログラムであって、  A user authentication program that uses a unique ID, which is unique information of a communication device used by a user, for user authentication,
ユーザを特定する情報であるユーザ IDとともにユーザ認証要求をユーザ認証を必 要とする装置から受信するユーザ認証要求受信手順と、  A user authentication request receiving procedure for receiving a user authentication request from a device that requires user authentication together with a user ID that is information for identifying the user;
ユーザ IDと固有 IDとの対応関係を示すユーザ IDリストから前記ユーザ認証要求受 信手順により受信されたユーザ IDに対応する固有 IDを検索する固有 ID検索手順と 前記固有 ID検索手順により検索された固有 IDの通信機へ所定の回数だけコール を行うコール手順と、  A unique ID search procedure for searching for a unique ID corresponding to the user ID received by the user authentication request receiving procedure from a user ID list indicating a correspondence relationship between the user ID and the unique ID, and the unique ID search procedure. A call procedure for making a call a specific number of times to a communication device with a unique ID,
前記コール手順により行われたコールをユーザが受けたことを示す着信応答を通 信機から受け取ると前記ユーザ認証要求受信手順によりユーザ IDが受信されたュ 一ザが正規のユーザであることを前記ユーザ認証を必要とする装置に通知するユー ザ判定手順と、  When an incoming call response indicating that the user has received a call made by the call procedure is received from the transmitter, the user whose user ID is received by the user authentication request reception procedure is determined to be a legitimate user. A user determination procedure for notifying a device that requires user authentication;
をコンピュータに実行させることを特徴とするユーザ認証プログラム。  A user authentication program that causes a computer to execute.
PCT/JP2007/063590 2006-07-07 2007-07-06 User authenticating method, user authenticating system, user authenticating device and user authenticating program WO2008004672A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2006188490A JP4813273B2 (en) 2006-07-07 2006-07-07 User authentication method, user authentication system, user authentication apparatus, and user authentication program
JP2006-188490 2006-07-07

Publications (1)

Publication Number Publication Date
WO2008004672A1 true WO2008004672A1 (en) 2008-01-10

Family

ID=38894638

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/063590 WO2008004672A1 (en) 2006-07-07 2007-07-06 User authenticating method, user authenticating system, user authenticating device and user authenticating program

Country Status (2)

Country Link
JP (1) JP4813273B2 (en)
WO (1) WO2008004672A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020250397A1 (en) * 2019-06-13 2020-12-17 株式会社ヴァンガード Server device, data processing system, data processing method, and program

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2020140619A (en) * 2019-03-01 2020-09-03 Necプラットフォームズ株式会社 User authentication system, telephone exchange device, user authentication method, and user authentication program
WO2023079625A1 (en) * 2021-11-04 2023-05-11 サステナブル・セキュリティー株式会社 Authentication system, authentication method, and program

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH03179863A (en) * 1989-09-04 1991-08-05 Hitachi Ltd Method and equipment for automatic transaction
JPH10198636A (en) * 1997-01-13 1998-07-31 Nri & Ncc Co Ltd System and method for personal authentication
EP1288765A1 (en) * 2001-09-04 2003-03-05 Telefonaktiebolaget L M Ericsson (Publ) Universal authentication mechanism
JP2004501460A (en) * 2000-06-22 2004-01-15 アイシーエル インビア オサケイティオ ユルキネン User authentication and use approval device for the security system
JP2006033780A (en) * 2004-07-16 2006-02-02 Third Networks Kk Network authentication system using identification by calling-back

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7133662B2 (en) * 2001-05-24 2006-11-07 International Business Machines Corporation Methods and apparatus for restricting access of a user using a cellular telephone

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH03179863A (en) * 1989-09-04 1991-08-05 Hitachi Ltd Method and equipment for automatic transaction
JPH10198636A (en) * 1997-01-13 1998-07-31 Nri & Ncc Co Ltd System and method for personal authentication
JP2004501460A (en) * 2000-06-22 2004-01-15 アイシーエル インビア オサケイティオ ユルキネン User authentication and use approval device for the security system
EP1288765A1 (en) * 2001-09-04 2003-03-05 Telefonaktiebolaget L M Ericsson (Publ) Universal authentication mechanism
JP2006033780A (en) * 2004-07-16 2006-02-02 Third Networks Kk Network authentication system using identification by calling-back

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020250397A1 (en) * 2019-06-13 2020-12-17 株式会社ヴァンガード Server device, data processing system, data processing method, and program

Also Published As

Publication number Publication date
JP4813273B2 (en) 2011-11-09
JP2008015933A (en) 2008-01-24

Similar Documents

Publication Publication Date Title
JP4301997B2 (en) Authentication method for information appliances using mobile phones
KR101630913B1 (en) A method, device and system for verifying communication sessions
JP3956130B2 (en) Authentication device, authentication system, authentication method, program, and recording medium
JP2002215582A (en) Method and device for authentication
JP2001045562A (en) User authentication method, user authentication system and recording medium
JP4813272B2 (en) User authentication method, user authentication system, user authentication apparatus, and user authentication program
JP2010049420A (en) Apparatus, method, program and system for processing information
US8635454B2 (en) Authentication systems and methods using a packet telephony device
JP2002229951A (en) Person identification system
JP2006268729A (en) Terminal and management device for ubiquitous communication system
US20100310061A1 (en) Account number security system with communication system
JP4813273B2 (en) User authentication method, user authentication system, user authentication apparatus, and user authentication program
JP2001350724A (en) User authentication system
JP2011215940A (en) Authentication device, authentication system, authentication program, and authentication method for personal authentication using cellular phone
JP2004185454A (en) User authentication method
WO2015151251A1 (en) Network service providing device, network service providing method, and program
JP2007058742A (en) Home-based operator authentication program and home-based operator authentication terminal program
JPH1127750A (en) Access authentication method, connection controller and communication system
GB2470209A (en) Enabling a feature of an application during a communication event by receiving a certificate.
WO2006018892A1 (en) Telephone authentication system preventing spoofing even when personal information is leaked
JP2001282998A (en) Service system
JP4139947B2 (en) Security system
JP2004133747A (en) Authentication system and authentication method
JP2006079293A (en) Method for certifying electronic name card, its system, device for certifying electronic name card, and terminal device
KR100585371B1 (en) Processing method of phonebanking and mobilebanking and system therefor

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07790465

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07790465

Country of ref document: EP

Kind code of ref document: A1