WO2008016147A1 - Procédé, système et programme d'authentification de téléphone mobile de type 'browserphone' en fonction de son numéro, serveur d'authentification de téléphone mobile de type 'browserphone', ainsi que procédé, système, serveur et programme - Google Patents

Procédé, système et programme d'authentification de téléphone mobile de type 'browserphone' en fonction de son numéro, serveur d'authentification de téléphone mobile de type 'browserphone', ainsi que procédé, système, serveur et programme Download PDF

Info

Publication number
WO2008016147A1
WO2008016147A1 PCT/JP2007/065291 JP2007065291W WO2008016147A1 WO 2008016147 A1 WO2008016147 A1 WO 2008016147A1 JP 2007065291 W JP2007065291 W JP 2007065291W WO 2008016147 A1 WO2008016147 A1 WO 2008016147A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
telephone number
mobile phone
web page
service
Prior art date
Application number
PCT/JP2007/065291
Other languages
English (en)
Japanese (ja)
Inventor
Haruhiko Fujii
Tetsuya Nakagawa
Keisuke Hata
Original Assignee
Nippon Telegraph And Telephone Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nippon Telegraph And Telephone Corporation filed Critical Nippon Telegraph And Telephone Corporation
Priority to JP2008527808A priority Critical patent/JP4422194B2/ja
Publication of WO2008016147A1 publication Critical patent/WO2008016147A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/38Graded-service arrangements, i.e. some subscribers prevented from establishing certain connections
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/487Arrangements for providing information services, e.g. recorded voice services or time announcements
    • H04M3/493Interactive information services, e.g. directory enquiries ; Arrangements therefor, e.g. interactive voice response [IVR] systems or voice portals
    • H04M3/4938Interactive information services, e.g. directory enquiries ; Arrangements therefor, e.g. interactive voice response [IVR] systems or voice portals comprising a voice browser which renders and interprets, e.g. VoiceXML
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M3/00Automatic or semi-automatic exchanges
    • H04M3/42Systems providing special services or facilities to subscribers
    • H04M3/42025Calling or Called party identification service
    • H04M3/42034Calling party identification service
    • H04M3/42059Making use of the calling party identifier

Definitions

  • Browser phone authentication method by phone number by phone number
  • browser phone authentication system by phone number
  • browser phone authentication server by phone number
  • service providing method service providing system
  • service providing server by phone number
  • service providing program by phone number
  • the present invention relates to the ability to be a legitimate user who can receive a web service provided on a web page, a browser phone authentication method using a phone number to be authenticated, a browser phone authentication system using a phone number, and a browser phone authentication server. If you are a legitimate user who can download file data provided via a web page, a browser phone authentication program by phone number, a service provision method that provides services to provide the file data, etc.
  • TECHNICAL FIELD The present invention relates to a service providing system, a service providing server, and a service providing program xyz apparatus, an xyz method, and an xyz program.
  • Patent Document 1 Japanese Patent Laid-Open No. 2001-350724.
  • a user ID notified from a PC owned by a user who wants to provide a service and a caller ID notification function by this user operation
  • An authentication method for authenticating whether the user is a legitimate user by determining whether the combination with the phone number of the mobile phone transmitted from the mobile phone equipped with the mobile phone is valid is disclosed.
  • a server operated by a local government or the like accepts an electronic certificate (file data) acquisition request for various certificates such as a resident's card from a user of a mobile phone having a browser function for browsing a web page.
  • an electronic certificate file data
  • Patent Document 1 Japanese Patent Laid-Open No. 2001-350724
  • a user who wants to receive a service provides a PC having a browser function for browsing a WEB page of a server that provides the service, and a mobile phone having a caller ID notification function. This is convenient for users who want to receive various services via the network because it is necessary to provide the user ID required for user authentication and to notify the server by entering the user ID. There was a problem of applying to.
  • a server operated by a local government provides a user with a digital certificate in response to a request to a user of a mobile phone having a browser function for browsing a WEB page. Since it is common for a user to log in after authenticating with the assigned ID and password, there is a problem in that it costs money to assign and manage each user with an ID and password.
  • the present invention has been made to solve the above-described problems of the prior art, and the user needs a plurality of devices in order to receive provision of various services via the network.
  • Authentication using a telephone number a browser phone authentication method using a telephone number, a browser phone authentication system using a telephone number, a browser phone authentication server, and a telephone number.
  • Browser phone authentication program and service providing method, service providing system, and service providing that file data can be easily obtained on the user side and that the administrator side can provide file data at a low management cost.
  • the purpose is to provide servers and service provision programs.
  • the invention according to claim 1 provides a predetermined telephone.
  • WEB provided by a mobile phone user who has a phone function to call the phone number and notify the local phone number as the caller number, and a browser function to browse web pages downloaded from the network.
  • User phone number registration process that pre-registers the mobile phone number of the user who can receive the WEB service, and authentication to authenticate the user when receiving the web page request from the mobile phone user
  • a web page provision process that provides the user with a web page to which the display item associated with the telephone number information consisting of the original telephone number is pasted, and a button operation for designating the display item is received from the user.
  • the caller number notified from the mobile phone that makes a call to the authentication source associated with the display item and the phone number registered in the user phone number registration step match each other.
  • a user authentication process that authenticates whether the user who receives the caller ID is a legitimate user who can receive the WEB service. It is characterized by including the process.
  • the WEB page providing step includes a plurality of own telephones possessed in advance each time a request for the WEB page is received from a user of the mobile phone.
  • the display item associating the telephone number selected from a number based on a predetermined algorithm and the telephone number information including predetermined additional information is pasted on the WEB page and transmitted.
  • the invention according to claim 3 is directed to the above-described invention, in the case where the user corresponding to the caller number is authenticated as a legitimate user by the user authentication step.
  • the service item of the WEB service pasted on the WEB page browsed by the user is displayed.
  • a service-related information generation step for generating service-related information to be associated is further provided.
  • the user authentication step is a predetermined number that is uniquely given to the user in advance after specifying the user who is strong in the caller number. Request the input of the character string, and input the predetermined character string as requested In the case where the caller ID is received, the user who works on the caller number is authenticated as the regular user.
  • the invention according to claim 5 includes a telephone function for calling a predetermined telephone number and notifying its own telephone number as a caller number, and a browser function for browsing a WEB page downloaded from a network.
  • a browser phone authentication system using a phone number for authenticating whether a mobile phone user is a legitimate user who can receive the WEB service provided on the WEB page, and the user of the user who can receive the WEB service.
  • User phone number registration means for registering a mobile phone number in advance, and phone number information that is the authentication source phone number for authenticating the user when the web page request is received from the mobile phone user WEB page providing means for providing the user with the WEB page to which the associated display item is pasted, and the display item
  • the caller number notified from the mobile phone that transmits to the authentication source associated with the display item and registered in the user phone number registration means
  • User authentication means for determining whether or not the telephone number is identical to each other and authenticating whether or not the user who has the caller number is a legitimate user who can receive the WEB service. Characterized by octopus.
  • the WEB page providing means has a plurality of own telephones possessed in advance each time it receives a request for the WEB page from a user of the mobile phone.
  • the display item associating the telephone number selected from a number based on a predetermined algorithm and the telephone number information including predetermined additional information is pasted on the WEB page and transmitted.
  • the user authentication unit when the user authentication unit authenticates that the user associated with the caller number is a legitimate user, When a predetermined button operation by the mobile phone is requested and the predetermined button operation is performed as requested, the service item of the WEB service pasted on the WEB page browsed by the user is displayed. Service related information generating means for generating service related information to be associated is further provided.
  • the user authentication step is a predetermined number that is uniquely given to the user in advance after identifying the user who is strong in the caller number. If the predetermined character string is input as requested, the user who is strong at the caller number is authenticated as the regular user.
  • the invention according to claim 9 has a telephone function for calling a predetermined telephone number and notifying its own telephone number as a calling party number, and a browser function for browsing a WEB page downloaded from a network.
  • a browser phone authentication server that authenticates whether a mobile phone user is a legitimate user who can receive the web service provided on the web page, and the mobile phone of the user who can receive the web service.
  • Phone number information consisting of a user phone number registration means for pre-registering the phone number of the talk, and the authentication source phone number for authenticating the user when receiving the request of the web page from the user power of the mobile phone Web page providing means for providing the user with the WEB page to which the display item associated with is pasted, and a button operation for specifying the display item.
  • the caller number notified from the mobile phone that makes a call to the phone number of the authentication source associated with the display item, and registered in the user phone number registration means A user authentication means for authenticating the caller number and the user's ability to be a legitimate user who can receive the WEB service by determining whether or not the telephone numbers match each other. , Provided.
  • the invention according to claim 10 includes a telephone function for calling a predetermined telephone number and notifying the local telephone number as a caller number, and a browser function for browsing a web page downloaded from a network.
  • a browser phone authentication program using a phone number that causes a computer to execute a method of authenticating whether a mobile phone user is a legitimate user who can receive the WEB service provided on the WEB page, User phone number registration procedure for pre-registering the mobile phone number of a user who can receive the WEB service, and authentication for authenticating the user when the mobile phone user requests the WEB service Phone number information consisting of the original phone number
  • the authentication source associated with the display item when a web page provision procedure for providing the user with the web page to which the associated display item is pasted and a button operation for designating the display item are received from the user.
  • the computer executes a user authentication procedure for authenticating whether the user is a legitimate user who can receive the WEB service.
  • the invention according to claim 11 is a service providing method for providing a service to a legitimate user, wherein the invention according to claim 11 is a legitimate user who can receive the service.
  • the storage step of storing the telephone number of the service in the storage unit, and the telephone number notified from the requester of the service is stored on the storage unit by the storage step and matches the telephone number! / And a service providing process for providing the service.
  • the telephone number notified from the requester of the service does not exist in the telephone number stored in the storage unit by the storing step! In this case, based on the identity verification information! /, The identity verification process for verifying the identity and the telephone number notified from the service provider according to the identity verification result in the identity verification process. And a registration step of registering as the regular user's telephone number.
  • the telephone number notified from the requester of the service is stored in the storage unit by the storage step
  • the service is provided on the condition that a predetermined character string is further input when it matches.
  • the invention according to claim 14 further includes a telephone number providing step of providing a telephone number to the service requester in the above invention, wherein the service providing step is based on the telephone number providing step.
  • the service is provided on the condition that the telephone number notified from the service request source in response to the call operation for the provided telephone number matches the telephone number stored in the storage unit by the storing step.
  • the telephone number providing step includes: It is characterized in that it is provided to the above service requester on the telephone number recorded on the exterior of a paper medium, e-mail, or other article, displayed on a display or monitor, or recorded on an answering machine.
  • the invention according to claim 16 includes a telephone function for making a call to a predetermined telephone number and notifying its own telephone number as a caller telephone number, and a browser for browsing a WEB page displayed via a network. If the mobile phone user with the function is a legitimate user who can download the file data provided via the WEB page, the service providing method for providing the file data, A file data storage step for storing file data in the storage unit in advance, and the mobile phone number of the user is stored in advance in the storage unit in association with the personal information including the name, address and other information of the authorized user.
  • User phone number storage step and when receiving the web page display request from the mobile phone, the user of the mobile phone A web page providing process in which a display item associated with the telephone number information indicating the telephone number of the authentication source that authenticates the user is pasted on the web page, and on the web page provided by the web page providing process
  • a button operation for designating the display item is received from the user, a caller telephone number transmitted from the mobile phone to the authentication source associated with the display item is determined by the user telephone number storage step.
  • the WEB page providing step when the WEB page providing step receives a display request for the WEB page from the mobile phone, the WEB page providing step includes a plurality of phone numbers possessed in advance. A display item associated with the telephone number information consisting of a telephone number selected based on a predetermined algorithm is pasted on the WEB page and provided. [0027] Further, in the invention according to claim 18, in the above invention, in the user authentication step, the caller telephone number transmitted from the mobile phone is stored in the storage unit by the user telephone number storage step.
  • the user is requested to input a predetermined character string uniquely given in advance to the user's mobile phone related to the caller phone number, and the user When the input of the predetermined character string is accepted from the mobile phone, the user associated with the caller telephone number is authenticated as the regular user.
  • the data providing step provides the file data to the user related to the caller number
  • the file data is completely stored. It is characterized by providing information for protecting sex.
  • the caller when it is confirmed by the user authentication step that the caller telephone number does not exist in the mobile phone number, the caller A verification information acquisition step of requesting and acquiring verification information for collating with the information in the file data stored in the storage unit in advance by the file data storage step with respect to the user's mobile phone related to the telephone number; Whether the collation information of the user related to the caller telephone number acquired in the verification information acquisition step is present in the information in the final data stored in the storage unit in advance by the file data storage step. And a user confirmation number confirmation step, wherein the user telephone number storage step is performed before the verification information acquisition step.
  • the sender is associated with the collation information.
  • the telephone number is stored in the storage unit.
  • the invention according to claim 21 includes a telephone function for calling a predetermined telephone number and notifying the local telephone number as a caller telephone number, and a browser for browsing a WEB page displayed via a network.
  • the service providing system provides the file data, File data storage means for storing file data in advance, and the authorized user User phone number storage means for storing the mobile phone number of the user in advance in association with personal information such as name, address and other information power;
  • a display item associated with the telephone number information indicating the telephone number of the authentication source that authenticates the user of the mobile phone is provided on the WEB page.
  • the mobile phone to the authentication source associated with the display item when a button operation for designating the display item on the WEB page provided by the means and the WEB page providing unit is received from a user. It is determined whether or not the caller telephone number transmitted from the mobile telephone number stored in the user telephone number storage means is present, and the caller telephone number is included in the mobile telephone number.
  • Data providing means for providing the file data to the user's mobile phone associated with the caller telephone number when the user is authenticated as the legitimate user. .
  • the invention according to claim 22 includes a telephone function for calling a predetermined telephone number and notifying its own telephone number as a caller telephone number, and a browser function for browsing a web page displayed via a network. If the mobile phone user is a legitimate user who can download the file data provided via the WEB page, the user is a service providing server that provides the file data. File data storage means for storing in advance, and user telephone number storage means for storing the mobile phone number of the user in advance in the storage unit in association with the name, address and other personal information of the legitimate user And authenticating the user of the mobile phone when receiving the display request of the WEB page from the mobile phone.
  • WEB page providing means for pasting and providing a display item associated with telephone number information indicating the authentication source telephone number on the WEB page, and the display item on the WEB page provided by the WEB page providing means
  • the caller telephone number transmitted from the mobile phone to the authentication source associated with the display item is changed by the user telephone number storage means. If the caller telephone number exists in the mobile phone number, the user associated with the caller telephone number is determined. If the user associated with the caller telephone number is authenticated as the authorized user by the user authentication means and the user authentication means for authenticating the user as the authorized user, Data providing means for providing the file data to a mobile phone.
  • the invention according to claim 23 has a telephone function for calling a predetermined telephone number and notifying its own telephone number as a caller telephone number, and a browser function for browsing a web page displayed via a network. If the mobile phone user is a legitimate user who can download the file data provided via the WEB page, the service providing program causes the computer to execute the method of providing the file data.
  • the file data storage procedure for storing the file data in the storage unit in advance and the personal information including the name, address and other information of the authorized user are associated with the user's mobile phone number in advance.
  • Web page provision procedure for pasting and displaying the display item associated with the telephone number information indicating the authentication source telephone number for authenticating the user of the mobile phone on the web page, and the web page provision procedure
  • the caller telephone number transmitted from the mobile phone to the authentication source associated with the display item Is stored in the storage unit by the user phone number storing procedure! /, And whether the caller phone number exists in the mobile phone number is determined.
  • a mobile phone number of a user who can receive a WEB service (various services provided on a WEB page via a network) is registered in advance
  • a display item that associates the telephone number of the authentication source that authenticates the user (for example, the telephone number of the server that is the authentication source is linked to allow the user of the mobile phone to specify when requesting authentication) Web pages with display items, etc.) are displayed on a screen provided on a mobile phone, for example, and when a button operation for specifying display items is received from the user, the Web page is associated with the display item.
  • a mobile phone browser phone
  • the user can receive various services via the network. It is possible to authenticate without requiring a computer for browsing web pages and a mobile phone equipped with a telephone function, and it is possible to realize user authentication that is convenient for the user.
  • a predetermined algorithm an algorithm in which a selection method is set in advance
  • a display item that associates information consisting of the selected phone number and predetermined additional information (for example, subaddress) is pasted on the WEB page and sent, so the information consisting of the phone number and subaddress is sent.
  • a session ID an ID that is valid only within that session
  • the user when the user who is strong in the caller ID is authenticated as a legitimate user, the user is requested to perform a predetermined button operation by the mobile phone (for example, Requesting a button operation to input “#” or a character string consisting of alphanumeric symbols, etc.), and if a predetermined button operation is performed as requested, Generates service-related information linked to the service item (for example, file information for providing an effective service only on the launched web page) and disconnects the phone connection with the mobile phone, so the call is disconnected Even so, by making use of the browser function that returns to the browser screen that is being launched, it is possible to easily provide services to the user while associating the call from the user with the generated file information.
  • a predetermined button operation for example, Requesting a button operation to input “#” or a character string consisting of alphanumeric symbols, etc.
  • a predetermined character string for example, service providing power at the time of user registration
  • the caller ID is used and the user is authenticated as a legitimate user, so the password can be known.
  • the service can be provided only to legitimate users, and it is possible to prevent the service from being used for illegal purposes.
  • the telephone number of the user's mobile phone that can receive the WEB service (various services provided on the WEB page via the network) is registered in advance, and the mobile phone user Display item that associates the phone number of the authentication source that authenticates the user in response to the request (for example, the display item that the phone number of the server that is the authentication source is linked and specified by the mobile phone user when requesting authentication) ) Is pasted to the user, and when the button operation for specifying the display item is accepted from the user, the caller ID notified from the mobile phone and the registered user phone number For example, it is determined whether the user matches the caller ID and authenticates whether the user is a legitimate user who can receive the web service.
  • a mobile phone (browser phone) that has a phone function such as calling the phone number and notifying the caller ID, which is the caller's phone number, and a browser function for browsing web pages downloaded from the network
  • a phone function such as calling the phone number and notifying the caller ID, which is the caller's phone number
  • a browser function for browsing web pages downloaded from the network
  • the user can use multiple devices (e.g., a computer for browsing web pages and a mobile phone with a telephone function).
  • the server that provides the service and the server that authenticates the user are distributed, the server that provides the service User authentication that is convenient for the user while eliminating the burden on the authentication It is possible to realize.
  • the telephone number of a legitimate user who can receive the service is stored, and the telephone number notified from the requester of the service matches the stored telephone number.
  • the user can easily receive the service regardless of the password, etc., and the service provider can use the password or medium used for authentication. It is possible to provide various services (for example, information distribution services and electronic commerce services via a network) without incurring costs due to management.
  • the telephone number is provided to the service requester, and the telephone number is notified when the service requester performs a call operation on the provided telephone number.
  • S since the service is provided on the condition that it matches the stored telephone number, for example, a device having a browser function and a user having a telephone function are provided via the browser function.
  • Phone number (for example, a phone number provided on paper or a phone number displayed on a display, etc.) By being authenticated based on the service, it is possible to receive services easily.
  • file data for example, file data of an electronic certificate such as a resident's card or a family register provided by a local government
  • file data is stored in the storage unit in advance, and via a WEB page.
  • the mobile phone number is stored in advance in the storage unit in association with personal information consisting of the name, address, and other information of a legitimate user who can download the file data provided by the
  • the display item associated with the telephone number information indicating the authentication source telephone number that authenticates the user for example, the telephone number of the server that is the authentication source
  • the caller telephone number transmitted from the mobile phone to the authentication source associated with the display item is stored in the storage unit.
  • the user associated with the caller phone number is authenticated as a legitimate user, and the file data is provided to the user's mobile phone associated with the caller phone number. Therefore, for example, a mobile phone (browser) that has a telephone function such as calling a predetermined telephone number and notifying the local station telephone number as a caller ID, and a browser function for browsing a web page downloaded from the network.
  • the user can easily obtain file data (electronic certificate) such as a resident's card or family register, and the administrator can provide an ID and password for management. It is possible to provide file data at a reduced cost without the need to manage users.
  • a predetermined algorithm an algorithm in which a selection method is preset
  • the display item associated with the telephone number information consisting of the selected telephone number is pasted and provided on the web page, so that the telephone number information can be used as a one-time ID (valid only for that session). It is possible to prevent the Service-to-Self who obtained this information illegally from impersonating a legitimate user.
  • the caller telephone number transmitted from the mobile phone is included in the mobile phone number stored in the storage unit, it is preliminarily given to the user. Requested for input of a predetermined character string (for example, file data providing power and password issued at the time of user registration), and the predetermined character string was input as requested.
  • a predetermined character string for example, file data providing power and password issued at the time of user registration
  • the predetermined character string was input as requested.
  • the file data can be provided only to legitimate users who know the password, and the file can be used for illegal purposes such as stealing personal information. It is possible to prevent data from being used.
  • file data when file data is provided to a user associated with a caller ID, information for protecting the integrity of the file data (for example, a challenge based on PKI) (Public key and private key for adopting response authentication) are provided together, so when using the file data provided by the user, the file data Can be used by preventing forgery and tampering.
  • a challenge based on PKI Public key and private key for adopting response authentication
  • a caller when a button operation for designating a display item on a WEB page is received by a user, a caller is transmitted to the authentication source associated with the display item. Check if the phone number already exists in the mobile phone number stored in the memory, and as a result of the check, the caller phone number does not exist in the stored mobile phone number! /, If it is confirmed, verification information (for example, name and address) is checked against the user associated with the caller's phone number in order to check the information in the file data stored in the storage unit in advance. Whether or not the user verification information related to the acquired caller telephone number exists in the information in the file data stored in advance in the storage unit.
  • the verification information is included in the verification information.
  • the caller's phone number is stored in the storage unit in association with each other. For example, identity verification can be performed using information in the resident card stored as file data, and user registration is simplified. It is possible.
  • FIG. 1 is a diagram for explaining the outline and features of a browser phone authentication system according to a first embodiment.
  • FIG. 2 is a block diagram illustrating a configuration of the browser phone authentication system according to the first embodiment.
  • FIG. 3 is a diagram showing a configuration example of a registered user list.
  • FIG. 4 is a diagram showing a configuration example of text information (HTML source).
  • FIG. 5 is a diagram illustrating a sequence showing a flow of processing by the browser phone authentication system according to the first embodiment.
  • FIG. 6 is a diagram illustrating a computer that executes a user authentication program according to a second embodiment.
  • FIG. 7 is a diagram for explaining the outline and features of the data providing system according to the third embodiment.
  • FIG. 8 is a block diagram illustrating a configuration of a data providing system according to a third embodiment.
  • FIG. 9 is a diagram illustrating a configuration example of registered user data according to the third embodiment.
  • FIG. 10 is a diagram showing a configuration example of generated data.
  • FIG. 11 is a sequence diagram illustrating a flow of data providing processing according to the third embodiment.
  • FIG. 12 is a block diagram illustrating a configuration of a data providing system according to a fourth embodiment.
  • FIG. 13 is a diagram illustrating a configuration example of registered user data according to the fourth embodiment.
  • FIG. 14 is a flowchart showing a flow of identity verification registration processing according to the fourth embodiment.
  • FIG. 15 is a diagram illustrating a computer that executes a data providing program. Explanation of symbols
  • HDD Hard Disk Drive
  • RAM Random Access Memory
  • ROM Read Only Memory
  • CPU and entral Processing Unit
  • FIG. 1 is a diagram for explaining the outline and features of the browser phone authentication system according to the first embodiment.
  • the browser phone authentication system is communicably connected via an access network (a communication network formed by a public telephone network, the Internet, an intranet, or the like).
  • an access network a communication network formed by a public telephone network, the Internet, an intranet, or the like.
  • the user mobile phone has a telephone function for calling a predetermined telephone number and notifying the caller number which is the local telephone number, and a browser function for browsing a WEB page downloaded from the network.
  • the service system is not illustrated in the first embodiment, but a user who requests provision of a WEB service (a predetermined service via a WEB page) receives the WEB service. It consists of a service providing server that authenticates whether it is a legitimate user and provides a web service to the legitimate user, and a modem that reads the caller number sent from the user's mobile phone and transfers it to the service providing server. Is done.
  • the browser phone authentication system includes a telephone function for calling a predetermined telephone number and notifying the local telephone number as a caller number, and a browser for browsing a WEB page downloaded from a network.
  • the main feature is that authentication can be performed without requiring authentication, and user authentication that is convenient for the user can be realized.
  • the service providing server of the service system constituting the browser phone authentication system becomes a display item when receiving a WEB page display request from the user mobile phone.
  • a web page that links phone number information to “(1) Login authentication” is displayed on the screen of the user's mobile phone.
  • the service providing server executes authentication of the user who has notified the caller number. Specifically, the service providing server reads the registered user list in which the telephone numbers of the users who plan to provide the service are registered in advance, and the received caller number and the telephone number in the registered user list are detected. Judgment is made on whether or not they match, and if there is a match, it is authenticated that the user is authorized to provide the service.
  • the service providing server sends voice guidance to the mobile phone of the authenticated user and sends a predetermined button. Request an operation (eg, enter "#" once).
  • the service providing server that has received the signal transmitted by the user mobile phone force pastes it on the WEB page “(2 ) Generate file information related to “transfer” and “remittance” of service items (information valid only on the web page being browsed) Link to the service item and disconnect the telephone connection.
  • the user mobile phone displays the WEB page being started up again.
  • a button operation for designating a service item for example, “money transfer”
  • the user mobile phone transmitted along with it is received.
  • the service providing server that has received the power signal executes a process related to the specified service item (for example, “money transfer”), displays the service completion on the screen of the user's mobile phone, and performs a process that is powerful. Delete the item's file information (eg "Send Money").
  • the browser phone authentication system makes a call to a predetermined phone number and notifies the local phone number as the caller number according to the main features described above.
  • a mobile phone browser
  • a telephone function such as enabling a browser function for browsing web pages downloaded from the network
  • users can receive various services via the network.
  • the user can be authenticated without the need for multiple devices (for example, a computer for browsing web pages and a mobile phone equipped with a telephone function). Authentication can be realized.
  • FIG. 2 is a block diagram illustrating the configuration of the browser phone authentication system according to the first embodiment.
  • FIG. 2 only the processing units necessary for explaining the browser phone authentication system according to the first embodiment are shown, and descriptions of other processing units are omitted.
  • the browser phone authentication system is configured such that a user mobile phone 10 and a service system are communicably connected via an access network.
  • the access network is composed of a network 1 such as the Internet or an intranet and a public telephone network 2 and has a function for preventing eavesdropping and tampering!
  • the user mobile phone 10 has a telephone function such as calling a predetermined telephone number and notifying its own telephone number as a caller number, and a browser function for browsing a web page downloaded from the network. It is configured with.
  • the service system authenticates whether the user who requests the provision of the web service (predetermined service via the web page) is a regular user who can receive the web service.
  • the service providing server 20 that provides WEB services to legitimate users, and the modem 3 that has a function of reading a caller number transmitted from the user mobile phone 10 and transferring it to the service providing server.
  • the service providing server 20 includes a communication control IF unit 21, a storage unit 22, and a control unit 23.
  • the communication control IF unit 21 is a means for controlling communication related to various information exchanged with the user mobile phone 10.
  • the storage unit 22 is a storage unit (storage unit) that stores data and programs necessary for various types of processing by the control unit 23.
  • the storage unit 22a is closely related to the present invention. Is provided.
  • the registered user list 22a includes a user name (eg, B) and a user's mobile phone number (eg, 090- * * * * * — +++++) is stored in association with each other.
  • a user name eg, B
  • a user's mobile phone number eg, 090- * * * * * — +++++
  • the control unit 23 has a control program such as an OS (Operating System), a program that defines various processing procedures, and an internal memory for storing necessary data, and executes various processes based on these programs.
  • a control program such as an OS (Operating System)
  • a program that defines various processing procedures and an internal memory for storing necessary data, and executes various processes based on these programs.
  • a processing unit which is particularly closely related to the present invention, a web page display unit 23a, an authentication processing unit 23b, and a file information generation unit 23c are provided.
  • the WEB page display unit 23 a is a processing unit that displays a WEB page on the screen of the user mobile phone 10 when receiving a display request from the user mobile phone 10.
  • the file information generation unit 23c which will be described later, is instructed to generate telephone number information to be linked to “(1) login authentication”, which is a display item on the WEB page.
  • “(1) login authentication” is a display item on the WEB page.
  • a web page that links this phone number information to “(1) Login authentication” is displayed on the screen of the user mobile phone 10 (see FIG. 1).
  • file information related to “(2) Service item“ transfer ”or“ transfer ”etc.” is received from the file information generation unit 23c, this file information is changed to “(2) Service item“ transfer ”or“ transfer ”. Link to "Remittance” etc.
  • the authentication processing unit 23b is a processing unit that executes an authentication process of the user who has notified the caller ID. Specifically, the authentication processing unit 23b reads the registered user list 22a (see FIG. 3), and whether or not the received caller number matches the telephone number stored in the registered user list 22a. If there is a match, it is authenticated that the user is authorized to provide the service.
  • the authentication processing unit 23b When the authentication processing unit 23b authenticates the user who has notified the caller number as a legitimate user, the authentication processing unit 23b transmits (sends) voice guidance to the user mobile phone 10 of the authenticated user. , Request a predetermined button operation input (for example, input "#" once or input a character string consisting of alphanumeric characters ⁇ IJ). Then, when the user mobile phone 10 receives the button operation input as requested by the user, the authentication processing unit 23b that has received the signal transmitted from the user mobile phone 10 in response to the request is input to the file information generation unit 23c. And instructing the generation of file information and disconnecting the telephone connection with the user mobile phone 10.
  • a predetermined button operation input for example, input "#" once or input a character string consisting of alphanumeric characters ⁇ IJ.
  • the file information generation unit 23c displays the telephone number information for linking to “(1) Login authentication”, which is a display item on the WEB page, and “(2) Service item“ transfer ”and“ transfer ”. Is a processing unit that generates text information that is file information for linking to ".”
  • the file information generation unit 23c receives a command from the WEB page display unit 23a, and among the plurality of telephone numbers managed in advance by the service providing server 20.
  • the telephone number information is generated by adding a sub-address to the telephone number selected based on a predetermined algorithm (algorithm with a selection method set in advance). In other words, the purpose is to have a valid session ID role only for the web page being browsed.
  • the file information generation unit 23c is not limited to the case of generating telephone number information by adding a sub-address to a telephone number selected at random from among the telephone numbers managed in advance.
  • the telephone number information may be generated by adding a sub-address to the number.
  • the file information generation unit 23c receives the command from the authentication processing unit 23b and generates file information (information valid only on the WEB page being browsed).
  • the service providing server 20 can be realized by mounting the above-described functions on an information processing apparatus such as a known personal computer or workstation. wear.
  • FIG. 5 is a sequence showing a flow of processing by the browser phone authentication system according to the first embodiment.
  • user mobile phone 10 transmits a WEB page display request in response to a request from the user (step S501).
  • the service providing server 20 receives the WEB page display request from the user mobile phone 10 or the like, the telephone number information for linking the file information generating unit 23c to the display item “(1) login authentication” on the WEB page.
  • the phone number information is received from the file information generation unit 23c, a web page in which the phone number information is linked to “(1) Login authentication” is displayed on the screen of the user mobile phone 10 (step S502).
  • the user mobile phone 10 When the user mobile phone 10 receives a button operation for designating the display item “(1) mouth authentication” on the WEB page displayed on the screen (step S503), the user mobile phone 10 displays the display item “(1 Phone number information linked to ") Login authentication” (eg "186-03-03-12
  • Step S504 the modem 3 in the system receives the caller ID that is notified from the user mobile phone 10 at the same time as the call. I believe.
  • the modem 3 reads the caller number notified from the user mobile phone 10 and transfers it to the service providing server 20 (step S505).
  • the service providing server 20 receives the caller number transferred from the modem 3.
  • the service providing server 20 performs authentication of the user who has notified the caller number (step S506). Specifically, the service providing server 20 reads the registered user list 22a (see FIG. 3), and checks whether the received caller number matches the telephone number stored in the registered user list 22a. If there is a match, authenticate that the user is authorized to provide the service.
  • the service providing server 20 sends voice guidance to the user mobile phone 10 of the authenticated user. Is transmitted and a predetermined button operation (for example, “#” is input once) is requested (step S507).
  • a button operation for example, “#” is input once
  • the service providing server 20 that receives the signal transmitted from the user mobile phone 10 accordingly , Generate file information (valid information only on the browsing web page) about “(2) Service item“ transfer ”and“ remittance ”etc. to be pasted on the web page (step S509), and the service item And the telephone connection is disconnected (step S510).
  • the user mobile phone 10 displays the WEB page being started up again (step S511).
  • a button operation for designating a service item for example, “money transfer”
  • the user mobile phone 10 transmitted along with the button operation is received.
  • the service providing server 20 that has received the signal from the telephone 10 executes a process related to the specified service item (for example, “money transfer”), displays the service completion on the screen of the user mobile phone 10, and performs the process. Delete the file information (eg "remittance”) of the service item.
  • the telephone number of the user mobile phone 10 that can receive the WEB service is registered in advance, and the user mobile
  • a web page to which a display item (for example, “(1) login authentication”) associated with the telephone number information of the service providing server 20 that authenticates the user is pasted is, for example, mobile From the user's mobile phone 10 that makes a call to the service providing server 20 associated with the display item when a button operation for specifying the display item is received from the user. It is determined whether the notified caller number and the registered user's mobile phone number match each other.
  • a phone function such as calling a specified phone number and notifying the local phone number as the caller number, and a web page downloaded from the network are authenticated.
  • a mobile phone with a browser function for browsing When a user intends to receive provision of various services via a network by using the browser phone, the user can use a plurality of devices (for example, a mobile phone with a computer and a telephone function for browsing a web page) Etc.), it is possible to achieve user authentication that is convenient for the user.
  • a predetermined algorithm an algorithm in which a selection method is set in advance
  • the display item that associates the phone number information consisting of the selected phone number and the specified additional information (for example, subaddress) is pasted on the WEB page and sent, so the phone consisting of the phone number and subaddress It is possible to make the number information function as an effective session ID only on the WEB page that is being launched, and it is possible to prevent the Service-to-Self who obtained this information illegally from impersonating a legitimate user.
  • the user associated with the caller ID when the user associated with the caller ID is authenticated as a legitimate user, the user is requested to input a predetermined button operation by the user mobile phone 10 (for example, a button operation to input “#” or a button operation to input a character string consisting of alphanumeric symbols is requested), and if a predetermined button operation input is performed as requested, the web service service Service-related information linked to the item (for example, file information for providing an effective service only on the web page being started up) is generated, and the telephone connection with the user mobile phone 10 is disconnected.
  • the web service service Service-related information linked to the item for example, file information for providing an effective service only on the web page being started up
  • the call from the user is associated with the generated file information and It is possible to provide a service to the simple.
  • a predetermined character string for example, user registration
  • the user associated with the caller ID is authenticated as a legitimate user. If you want to, It is possible to provide services only to legitimate users who know the password, and to prevent the services from being used for illegal purposes.
  • Each component of the browser phone authentication system shown in FIG. 2 is functionally conceptual and does not necessarily need to be physically configured as illustrated.
  • the specific form of distribution and integration of the browser authentication system is not limited to the one shown in the figure.
  • the service providing server 20 is distributed between a server having only a service providing function and a server having only a user authentication function. All or part of it can be configured by functionally and physically distributing and integrating in arbitrary units according to various loads and usage conditions.
  • the specific form of the distribution / integration of the browser phone authentication system is not limited to the one shown in the figure, and all or part of the authentication processing unit 23b and the file information generation unit 23c are integrated with various loads. It can be configured to be functionally or physically distributed and integrated in arbitrary units according to the usage conditions and the like.
  • each processing function performed by the user mobile phone 10 and the service providing server 20 constituting the browser phone authentication system (the telephone function and browser function of the user mobile phone 10 and the user authentication function of the service providing server 20) All or any part of it can be realized by a CPU and a program that is analyzed and executed by the CPU, or it can be realized as hardware by wired logic.
  • FIG. 6 is a diagram illustrating a computer that executes a user authentication program according to the second embodiment.
  • the computer 30 serving as the service providing server includes a communication control IF unit.
  • the communication control IF unit 31 corresponds to the communication control IF unit 21 shown in FIG.
  • the ROM 34 has a user authentication program that exhibits the same function as the service providing server 20 shown in the first embodiment, that is, as shown in FIG. 6, the WEB page display program 34a, the authentication A processing program 34b and a file information generation program 34c are stored in advance. Note that these programs 34a, 34b, and 34c may be appropriately integrated or distributed in the same manner as each component of the service providing server 20 shown in FIG.
  • the ROM 34 may be a nonvolatile “RAM”.
  • the programs 34a, 34b and 34c are transferred to the WEB as shown in FIG. It functions as a page display process 35a, an authentication process 35b, and a file information generation process 35c.
  • Each process 35a, 35b, and 35c corresponds to the WEB page display unit 23a, the authentication processing unit 23b, and the file information generation unit 23c shown in FIG. 2, respectively.
  • the HDD 32 is provided with a registered user list table 32a.
  • the registered user list table 32a corresponds to the registered user list 22a shown in FIG.
  • the CPU 35 reads the registered user list data 33 a from the registered user list table 32 a and stores it in the RAM 33, and executes user authentication processing based on the registered user list data 33 a stored in the RAM 33.
  • the above-described programs 34a, 34b and 34c are not necessarily stored in the ROM 34 from the beginning.
  • a flexible disk (FD) for example, a flexible disk (FD), a CD-ROM, “Portable physical media” such as MO discs, DVD discs, magneto-optical discs, IC cards, etc., or “fixed physical media” such as HD D installed inside and outside the computer 30, public lines, the Internet
  • Each program is stored in “another computer (or server)” connected to the computer 30 via a LAN, WAN, etc., and the computer 30 reads each program from these and executes the actual fi. Ayo lei.
  • FIG. 7 is a diagram for explaining the outline and features of the data providing system according to the third embodiment.
  • the data providing system includes a telephone function for calling a predetermined telephone number and notifying the local telephone number as a caller telephone number, and a browser for browsing a web page displayed via a network.
  • a telephone function for calling a predetermined telephone number and notifying the local telephone number as a caller telephone number
  • a browser for browsing a web page displayed via a network.
  • User power of mobile phones with functions S the ability to download file data provided via a web page If the user is a legitimate user, the ability to provide file data as an overview
  • the main feature is that file data can be obtained easily, and the administrator can provide file data at a low management cost.
  • the data providing system is an access network (communication formed by a public telephone network, the Internet, an intranet, etc.).
  • the user is provided with a telephone function and a browser function via a network, and is connected to a mobile phone so that the telephone can communicate with the mobile telephone.
  • the data providing system includes a force S (not shown), CTKComputer Telephony Integration), and a data providing server.
  • the data providing server stores file data (for example, electronic certificate file data such as a resident's card or family register provided by the local government) in the storage unit in advance and downloads the file data via the web page.
  • file data for example, electronic certificate file data such as a resident's card or family register provided by the local government
  • the personal information including the name and address obtained at the time of registration reception is associated with the telephone number of the user mobile phone and stored in advance in the storage unit.
  • the data providing system When the data providing system according to the third embodiment receives a WEB page display request from the user mobile phone via the access network, the display items on the WEB page such as "resident's card” and "seal stamp"
  • the display items on the WEB page such as "resident's card” and "seal stamp"
  • one phone number is selected based on a predetermined algorithm (algorithm pre-set for selection) from among a plurality of phone numbers possessed in advance. , Generate a one-time phone number information to link to “(1) Login authentication”, and link the web page that links the one-time phone number information to “(1) login authentication” on the screen of the user's mobile phone Display.
  • the data provision system according to Example 3 is a display item on the WEB page "(
  • the data providing system performs user authentication based on the received caller telephone number. Specifically, it is determined whether or not the received caller telephone number is present in the mobile phone number stored in advance in the storage unit upon accepting the user registration. Is included in the mobile phone number, the user associated with the caller phone number is authenticated as a legitimate user.
  • the data providing system After authenticating the user associated with the caller telephone number as a legitimate user, the data providing system according to the third embodiment performs file data stored in the storage unit (for example, an electronic certificate of a resident card). File data for download on the basis of the data on the web page, and a private key and public key to protect the integrity of the file data. Link to the one-time URL corresponding to the item “Registration Card”. Then, a voice guidance is sent to inform the user that the download is ready, and the telephone connection is disconnected.
  • file data stored in the storage unit for example, an electronic certificate of a resident card.
  • File data for download on the basis of the data on the web page, and a private key and public key to protect the integrity of the file data.
  • a voice guidance is sent to inform the user that the download is ready, and the telephone connection is disconnected.
  • the screen of the user mobile phone After the telephone connection is disconnected, the screen of the user mobile phone automatically transitions to the browser screen on which the WEB page is displayed. For example, when a button operation for specifying “resident card”, which is a display item on the WEB page, is received from the user, the user mobile phone is linked to the “resident card” item! You can automatically access the one-time URL and download the file data, private key, and public key of “resident card” (to receive file data).
  • the data providing system according to the third embodiment can easily obtain file data according to the main features described above, and the administrator side can reduce the management cost. It is possible to provide file data while suppressing.
  • FIG. 8 is a block diagram illustrating the configuration of the data providing system according to the third embodiment. In this figure, only the configuration (processing function unit, etc.) necessary for realizing the data providing system according to Example 1 is described, and other configurations are described! Is omitted!
  • the data providing system is a user mobile phone 10 having a telephone function and a browser function via an access network composed of a network 1 and a public telephone network 2. Connected to and telephone and communicable.
  • This data providing system is composed of a CTI (Computer Telephony Integration) 50 and a data providing server 60.
  • CTI Computer Telephony Integration
  • the CTI 50 links the processing related to the telephone connection received from the user mobile phone 10 with the processing related to the network access request received from the user mobile phone 10. It is a processing part.
  • the modem 50a in the CTI 50 transfers the caller telephone number transmitted from the user mobile phone 10 to the authentication processing unit 63c of the data providing server 60 described later. Further, it accepts a request from the authentication processing unit 63c of the data providing server 60, which will be described later, sends a voice guidance notifying the user that the download is ready, and disconnects the telephone connection with the user mobile phone 10.
  • the data providing server 60 includes a communication control I / F unit 61, a storage unit 62, and a control unit 63.
  • the communication control I / F unit 61 controls communication related to various information exchanged with the user mobile phone 10 via the network 1.
  • the storage unit 62 is a storage unit that stores data and programs necessary for various processes by the control unit 63. Particularly, the storage unit 62 is closely related to the present invention, and includes a registered user data storage unit 62a and a proof. A document data storage unit 62b is provided.
  • the registered user data storage unit 62a is a storage unit that stores various types of information related to registered users when receiving registration of a user who desires to download file data via a WEB page.
  • the mobile phone number of the user mobile phone 10 is stored in association with personal information including a user name and an address.
  • personal information for example, date of birth or permanent address
  • other information for example, date of birth or permanent address
  • the certificate data storage unit 62b is a storage unit that stores in advance file data of an electronic certificate such as a resident's card, a seal certificate, and a family register provided by a local government.
  • the control unit 63 has a control program such as an OS (Operating System), a program that defines various processing procedures, and an internal memory for storing necessary data, and executes various processes based on these programs.
  • the processing unit which is particularly closely related to the present invention, includes a web page providing unit 63a, a data generation unit 63b, and an authentication processing unit 63c.
  • the WEB page providing unit 63 a is a processing unit that provides the WEB page to the user mobile phone 10. More specifically, when a web page display request is received from the user mobile phone 10 via the network 1, the data generation unit 63b is requested to generate a one-time URL and one-time telephone number information. Then, the one-time URL and the one-time telephone number information are received from the data generation unit 63b. For example, a web page in which the one-time telephone number information is linked to the display item “(1) Login authentication” on the web page is displayed. To be displayed on the screen of the user's mobile phone.
  • the web page providing unit 63a accepts the authentication processing unit 63c, the file data for download, the private key and the public key for protecting the integrity of the file data, and receives them on the web page.
  • the data generation unit 63b is a processing unit that generates a one-time URL and one-time telephone number information. Specifically, when a request is received from the WEB page providing unit 63a, for example, as shown in FIG. 10, it is linked to a display item on the WEB page such as “resident card” or “seal stamp”.
  • One-time URL of HTML Hyper Text Markup
  • the data generation unit 63b uses a one-time ID (an ID that is valid only within the session). This is not limited to generating one-time URLs and one-time phone number information that function in the same way, and URLs and phone number information that can be used repeatedly may be generated.
  • the authentication processing unit 63c is a processing unit that performs user authentication and the like based on the received caller telephone number. Specifically, when a button operation for specifying “(1) Login authentication”, which is a display item on the WEB page, is received from the user, the phone number linked to “(1) Login authentication” is automatically set. Whether the caller telephone number received via the CTI50 modem 50a from the user mobile phone 10 that makes a call to the mobile phone number is among the mobile phone numbers stored in advance in the registered user data storage unit 62a upon accepting user registration. Judge whether or not.
  • the caller telephone number is among the mobile phone numbers stored in advance in the registered user data storage unit 62a
  • the user associated with the caller telephone number is authenticated as a legitimate user.
  • the identity confirmation registration process described in the following embodiment is executed.
  • the authentication processing unit 63c After authenticating the user associated with the caller telephone number as a legitimate user, the authentication processing unit 63c uses the file data stored in the certificate data storage unit 62b (for example, the electronic certificate of the resident card). Can be used to generate file data for download, and to protect the integrity of the file data, any method such as PKI-based challenge 'and' response authentication can be employed. Request the web page provider 63a to generate a private key and public key and link to the one-time URL corresponding to the display item on the web page (for example, the “resident card” item).
  • the web page provider 63a to generate a private key and public key and link to the one-time URL corresponding to the display item on the web page (for example, the “resident card” item).
  • the authentication processing unit 63c is not limited to adopting a challenge-and-response authentication method based on PKI, but adopts an arbitrary method such as challenge-and-response authentication based on a shared secret password.
  • the authentication processing unit 63c sends a voice guidance notifying the user that the download preparation is complete, and requests the CTI 50 to disconnect the telephone connection with the user mobile phone 10.
  • the authentication processing unit 63c further associates the generated download file data, secret key, and public key with each piece of information stored in the registered user data storage unit 62a. It is also possible to store the file data for download, the secret key, and the public key that have been stored and link to the stored file data for download when there is a request for downloading the file data again.
  • the screen of the user mobile phone 10 After the telephone connection is disconnected, the screen of the user mobile phone 10 automatically transitions to the browser screen on which the WEB page is displayed. For example, when a button operation for specifying “resident card”, which is a display item on the WEB page, is received from the user, the user mobile phone 10 is linked to the “resident card” item! /, You can automatically access the one-time URL to download file data, private key, and public key of “resident's card” (get file data provided).
  • the data providing server 60 can also be realized by mounting the above-described functions of the WEB page providing unit 63a, the data generating unit 63b, and the authentication processing unit 63c on a known personal computer or workstation. .
  • FIG. 11 is a sequence diagram illustrating the flow of the data providing process according to the third embodiment.
  • user mobile phone 10 receives a request from the user, and transmits a web page display request to data providing server 60 (step S1101).
  • the WEB page providing unit 63a of the data providing server 60 Upon receiving the WEB page display request from the user mobile phone 10 via the network 1, the WEB page providing unit 63a of the data providing server 60 generates the one-time URL and the one-time telephone number information to the data generating unit 63b. Request
  • the data generating unit 63b of the data providing server 60 Upon receiving a request from the WEB page providing unit 63a of the data providing server 60, the data generating unit 63b of the data providing server 60 generates a one-time URL and one-time telephone number information (step S1102). More specifically, for example, as shown in Fig. 10, HTML (Hyper Text Markup Language) is a one-time URL for linking to resident cards, seal stamps, etc., which are display items on the WEB page. A phone number is generated based on a predetermined algorithm (an algorithm in which the selection method is set in advance) from among a plurality of phone numbers possessed in advance, and “(1) Login authentication” is selected. Generate one-time phone number information for linking in HTML format and WEB Output to page providing unit 63a.
  • HTML Hyper Text Markup Language
  • the one-time URL and the one-time telephone number information are received from the data generating unit 63b, and the WEB page providing unit 63a of the data providing server 60 is, for example, a display item “(1 A web page in which the one-time phone number information is linked to “login authentication” is provided and displayed on the screen of the user mobile phone (step S 1103).
  • step S1104 When a button operation specifying “(1) login authentication”, which is a display item on the WEB page, is received from the user (step S1104), the user mobile phone 10 changes to the “(1) login authentication”. Calls are automatically made to the linked phone numbers! (Step S 1105).
  • the modem 50a installed in the CTI 50 transfers the caller telephone number transmitted from the user mobile phone 10 to the authentication processing unit 63c of the data providing server 60 (step S1106).
  • the authentication processing unit 63c of the data providing server 60 performs user authentication based on the received caller telephone number (step S1107). Specifically, a user who automatically makes a call to the phone number linked to “(1) Login authentication”, which is a display item on the WEB page, makes a call received from the mobile phone 10 via the CTI50 modem 50a. The user telephone number is accepted, and it is determined whether or not it exists in the mobile phone number stored in advance in the registered user data storage unit 62a. If the result of the determination is that the caller telephone number is among the mobile phone numbers stored in advance in the registered user data storage unit 62a (Yes at step S1107), the user associated with the caller telephone number is designated as a legitimate user.
  • the authentication processing unit 63c of the data providing server 60 uses the file data stored in the certificate data storage unit 62b ( For example, the file data for download is generated based on the electronic certificate data of the resident card (step S1108), and a private key and a public key for protecting the integrity of the file data are generated.
  • the Web page providing unit 63a of the data providing server 60 is requested to link to a one-time URL corresponding to a display item on the WEB page (for example, “resident card” item). The user is then notified that the download is ready.
  • C TI50 is requested to disconnect the telephone connection with the user mobile phone 10.
  • CTI50 Upon receiving the request from authentication processing unit 63c, CTI50 issues a voice guidance notifying the user that the download is ready (step S1110), and disconnects the telephone connection with user mobile phone 10. (Step S1111).
  • the screen of the user mobile phone 10 automatically transitions to the browser screen, and the WEB page is redisplayed (step S1112). For example, when a button operation for designating “resident's card”, which is a display item on the web page, is received from the user (step S 1113), the user mobile phone 10 is linked to the “resident card” item. ! /, You can automatically access the one-time URL and download the file data, private key and public key of “resident card” (to receive file data).
  • file data (for example, electronic certificate file data such as a resident's card or family register provided by the local government) is stored in the certificate data storage unit 62b in advance
  • a mobile phone number associated with personal information consisting of the name, address and other information of a legitimate user who can download the file data provided via the WEB page (for example, the date of birth or permanent address) is stored in the registered user data storage unit 62a in advance, and when a web page display request is received from the user, a telephone number indicating the telephone number of the data providing system that is the authentication source for authenticating the user
  • a display item with associated information for example, “(1) Login authentication”
  • the caller telephone number transmitted from the user mobile phone 10 to the authentication source associated with the display item is stored in the registered user data storage unit 62a. If it is determined whether or not the caller phone number exists in the mobile phone number, if the caller phone number exists in the mobile phone number, the user associated with the caller phone number is authenticated as a legitimate user and the call is made. File data is provided to the user's mobile phone 10 related to the caller's phone number.
  • a call function such as calling a predetermined phone number and notifying the local phone number as the caller's number, and downloading from the network Shi
  • file data electronic certificate
  • the administrator can easily provide file data at a reduced cost without the need to manage users who are given IDs and passwords.
  • a predetermined algorithm an algorithm in which a selection method is set in advance
  • the display item associated with the telephone number information consisting of the selected telephone number is pasted on the WEB page and provided. It is possible to function as a valid ID) and prevent a Service-to-Self who obtained this information illegally from impersonating a legitimate user.
  • file data when file data is provided to the user associated with the caller ID, information for protecting the integrity of the file data (for example, a public key is a secret key).
  • a public key is a secret key.
  • the data providing system 60 when the caller telephone number received from the user mobile phone 10 does not exist in the mobile phone number stored in advance, A confirmation registration process may be executed. Therefore, in the following fourth embodiment, the configuration and processing of the data providing system according to the fourth embodiment will be described in order, and finally the effects of the fourth embodiment will be described.
  • FIG. 12 is a block diagram illustrating the configuration of the data providing system according to the fourth embodiment.
  • the data providing system includes a communication control I / F unit 71 of the data providing server 70, a certificate data storage unit 72b of the storage unit 72, and a web page of the control unit 73 shown in FIG.
  • the providing unit 73a and the data generating unit 73b have the same configuration (processing function) as the data providing server 60 according to the third embodiment shown in FIG. 8 (processing function), the registered user data storage unit 72a of the storage unit 72, The authentication processing unit 73c of the control unit 73 and the CTI 50 are different from the third embodiment.
  • the authentication processing unit 73c confirms the identity if the caller telephone number S received from the user mobile phone 10 does not exist in the mobile phone number stored in advance in the registered user data storage unit 72a. Execute the registration process.
  • the authentication processing unit 73c does not exist in the mobile phone number stored in advance in the caller telephone number S received from the user mobile phone 10 and the registered user data storage unit 72a.
  • collation information for example, personal information such as name and address
  • collation information for example, personal information such as name and address
  • the authentication processing unit 73c instructs the CTI 50 to extract the verification information from the user mobile phone 10 based on the call response to the talkie, and analyze and acquire the response content by voice recognition.
  • the CTI 50 outputs the acquired collation information to the authentication processing unit 73c.
  • the authentication processing unit 73c that has received the verification information from the CTI 50 checks whether or not the acquired verification information exists in the certificate data storage unit 72b. As a result of the confirmation, if the obtained verification information exists in the certificate data storage unit 72b, it is confirmed that the user associated with the caller telephone number is the person himself, for example, as shown in FIG. As described above, the caller telephone number received from the user mobile phone 10 is registered in the registered user data storage unit 72a in association with the acquired collation information (for example, the user name “ji”). On the other hand, if the acquired verification information does not exist in the certificate data storage unit 72b, for example, a voice guidance indicating that the authentication has not been completed normally is transmitted, and the CTI 50 is disconnected so as to disconnect the call connection. Request.
  • the authentication processing unit 73c is not limited to the case where the above-described identity confirmation registration process is executed, and any operator who makes a call with the user of the user mobile phone 10 and If the user is the person himself / herself, it may be registered by checking the information in the file data stored in the certificate data storage unit 32b.
  • the authentication processing unit 73c After registration in the storage unit 72a, the authentication processing unit 73c performs the same processing as described in the third embodiment with the file data stored in the certificate data storage unit 72b (for example, the electronic certificate of the resident card).
  • Secrets that can generate file data for download based on data, and can employ any method such as PKI-based challenge and response authentication to protect the integrity of the file data
  • a key and a public key are generated, and the web page providing unit 73a is requested to link to a one-time URL corresponding to a display item on the web page (for example, “resident card” item).
  • the authentication processing unit 73c transmits a voice guidance notifying the user that the download preparation has been completed and disconnects the telephone connection with the user mobile phone 10. Request to CTI50.
  • FIG. 14 is a flowchart illustrating the flow of identity verification registration processing according to the fourth embodiment.
  • the authentication processing unit 73c performs identity verification registration processing when the caller telephone number received from the user mobile phone 10 does not exist among the mobile phone numbers stored in advance in the registered user data storage unit 72a. Execute.
  • the authentication processing unit 73c when the caller telephone number received from the user mobile phone 10 does not exist in the mobile phone number stored in advance in the registered user data storage unit 72a, Requests the user associated with the caller telephone number for verification information (for example, personal information such as name and address) to collate with the information in the file data stored in the certificate data storage unit 72b in advance. (Step S1401).
  • verification information for example, personal information such as name and address
  • the authentication processing unit 73c instructs the CTI 50 to extract the verification information from the user mobile phone 10 based on the call response to the talkie, and analyze and acquire the response content by voice recognition.
  • the CTI 50 outputs the acquired collation information to the authentication processing unit 73c.
  • the authentication processing unit 73c that has received the verification information from the CTI 50 checks whether or not the acquired verification information exists in the certificate data storage unit 72b (step S1402). As a result of the confirmation, if the acquired verification information exists in the certificate data storage unit 72b (Yes at step S1402), it is confirmed that the user associated with the caller telephone number is the person himself / herself, for example For example, as illustrated in FIG. 13, the caller telephone number received from the user mobile phone 10 is registered in the registered user data storage unit 72 a in association with the acquired collation information (for example, the user name “ji”). (Step S1403).
  • the authentication processing unit 73c After confirming that the user associated with the caller telephone number is the user and performing registration in the registered user data storage unit 72a, the authentication processing unit 73c is the same as described in the third embodiment.
  • file data for download is generated based on the file data stored in the certificate data storage unit 72b (for example, electronic certificate data of the resident card) (see step S1108 in FIG. 11), and the file
  • a private key and a public key that can adopt any method such as challenge-and-response authentication based on PKI are generated and displayed on the web page (for example, WEB page provision section 73a is requested to link to the one-time URL corresponding to the “resident card” item.
  • a call is transmitted from a mobile phone to an authentication source associated with the display item.
  • verification information for example, personal information such as name and address
  • the caller telephone number is recorded in the registered user data storage unit 72a in association with the verification information. Therefore, for example, identity verification can be performed using information in a resident card stored as file data, and user registration can be performed easily.
  • the caller telephone number transmitted from the user mobile phone 10 exists in the mobile phone number stored in the registered user data storage unit 62a, the user of the user mobile phone 10 If the password is entered as requested, the user associated with the caller telephone number may be authenticated as a legitimate user! /, .
  • Each component of the data providing server 60 and the data providing server 70 shown in FIG. 8 and FIG. 12 is functionally conceptual and does not necessarily need to be physically configured as illustrated. That is, the specific form of the distribution / integration of the data providing server 60 and the data providing server 70 is not limited to the illustrated one.
  • the data generating unit 63b and the authentication processing unit 63c are integrated, and the data generating unit 73b
  • all or part of the authentication processing unit 73c may be integrated and functionally or physically distributed and integrated in arbitrary units according to various loads and usage conditions.
  • each processing function performed by the data providing server 60 and the data providing server 70 (the data providing processing function and the identity confirmation registration processing function, see FIGS. 11 and 14) is all or any part of the processing functions. It can be realized by a CPU and a program that is analyzed and executed by the CPU, or can be realized as hardware by means of yard logic.
  • the computer 80 as the data providing server includes a communication control I / F unit.
  • the communication control I / F unit 81 corresponds to the communication control I / F unit 61 shown in FIG.
  • the ROM 84 stores a data providing program that exhibits the same function as the data providing server 60 shown in the third embodiment, that is, as shown in FIG.
  • the generation program 84b and the authentication processing program 84c are stored in advance. Note that these programs 84a, 84b, and 84c may be appropriately integrated or distributed as in the case of each component of the data providing server 60 shown in FIG.
  • the ROM 84 may be a nonvolatile “RAM”.
  • the HDD 82 is provided with a registered user data table 82a and a certificate data table 82b.
  • These registered user data table 82a and certificate data table 82b correspond to the registered user data storage unit 62a and the certificate data storage unit 62b shown in FIG. 8, respectively.
  • the CPU 85 reads the registered user data 83a and the certificate data 83b from the registered user data table 82a and the certificate data table 82b, stores them in the RAM 83, and stores the registered user data 83a and the certificate data stored in the RAM 83. Data provision processing is executed based on 83b.
  • the above-mentioned programs 84a, 84b, and 84c are not necessarily stored in the ROM 84 from the beginning.
  • a flexible disk FD
  • CD-ROM Compact Disc
  • Portable physical media such as MO discs, DVD discs, magneto-optical discs, IC cards, etc.
  • fixed physical media such as HD D installed inside and outside the computer 80, as well as public lines and the Internet
  • Each program is stored in “another computer (or server)” connected to the computer 80 via a LAN, WAN, etc., and the computer 80 reads each program from these and executes the actual fi. Ayo lei.
  • the data providing method (see FIG. 11 and the like) performed between the user mobile phone 10 which is a mobile phone with a browser function and the data providing server is described.
  • 1S The present invention is not limited to this.
  • the present invention can also be provided in the same manner when the user has a device having a browser function and a device having only a telephone function.
  • a user who has a personal computer with a browser function and a mobile phone with only a telephone function for example, writes it on the exterior of a paper medium, e-mail, or other article, or displays or monitors
  • the phone number provided by the service provider is dialed and displayed on the answering machine or recorded on the answering machine, and authentication is performed based on the telephone number notified with the dialing operation. In this way, the user can easily receive the service.
  • the mobile phone number used by the user is used as information for authenticating the authorized user who can receive the file data.
  • the present invention is not limited to this.
  • a solid identification number of a mobile phone may be used.
  • the present invention is not limited to this.
  • the present invention can be similarly applied to an information distribution service or an electronic commerce service via a network.
  • the user authentication method, the browser phone authentication system, the server device, and the user authentication program according to the present invention call a predetermined telephone number and notify the local telephone number as a caller number, and Useful when authenticating that a mobile phone user with a browser function that browses the web page downloaded from the network is a legitimate user who can receive the web service provided on the web page.
  • the user can be authenticated without requiring a plurality of devices, thereby realizing user authentication that is convenient for the user. Suitable.
  • the service providing method, service providing system, service providing server, and service providing program according to the present invention include, for example, a telephone function for calling a predetermined telephone number and notifying the local telephone number as a caller telephone number, If the user of a mobile phone equipped with a browser function is a legitimate user who can download the file data provided via the web page This is useful when providing services that provide the file data. In particular, the user is suitable for receiving services easily regardless of the password, etc. Various services (for example, information via a network) without incurring the cost of media management Suitable for a child provides trust services and e-commerce services).

Landscapes

  • Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Lorsque le téléphone portable d'un utilisateur reçoit une commande par pression de touche spécifiant un article de page web affiché à l'écran par l'utilisateur, le téléphone appelle automatiquement le numéro de téléphone lié à l'article affiché. Un modem du système du service reçoit le numéro de l'appelant envoyé simultanément lors de l'appel de l'utilisateur du portable. Le modem lit le numéro de l'appelant envoyé du portable et le transfère à un serveur de prestation de service. Ce serveur reçoit le numéro transféré du modem. Le même serveur, situé dans le système de service, lit une liste d'utilisateurs abonnés dans laquelle les numéros de téléphone des utilisateurs auxquels des services sont fournis sont inscrits à l'avance, et détermine s'il existe dans cette liste un numéro qui correspond au numéro reçu de l'appelant. Si ce numéro existe, l'utilisateur est authentifié comme l'abonné autorisé à recevoir un service.
PCT/JP2007/065291 2006-08-03 2007-08-03 Procédé, système et programme d'authentification de téléphone mobile de type 'browserphone' en fonction de son numéro, serveur d'authentification de téléphone mobile de type 'browserphone', ainsi que procédé, système, serveur et programme WO2008016147A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2008527808A JP4422194B2 (ja) 2006-08-03 2007-08-03 電話番号によるブラウザフォン認証方式、電話番号によるブラウザフォン認証システム、ブラウザフォン認証サーバ、電話番号によるブラウザフォン認証プログラム、サービス提供方法、サービス提供システム、サービス提供サーバおよびサービス提供プログラム

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
JP2006-212320 2006-08-03
JP2006212320 2006-08-03
JP2006308215 2006-11-14
JP2006-308215 2006-11-14

Publications (1)

Publication Number Publication Date
WO2008016147A1 true WO2008016147A1 (fr) 2008-02-07

Family

ID=38997320

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2007/065291 WO2008016147A1 (fr) 2006-08-03 2007-08-03 Procédé, système et programme d'authentification de téléphone mobile de type 'browserphone' en fonction de son numéro, serveur d'authentification de téléphone mobile de type 'browserphone', ainsi que procédé, système, serveur et programme

Country Status (2)

Country Link
JP (1) JP4422194B2 (fr)
WO (1) WO2008016147A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015184716A (ja) * 2014-03-20 2015-10-22 ソフトバンク株式会社 認証装置及びプログラム
JP6446107B1 (ja) * 2017-09-29 2018-12-26 楽天株式会社 情報処理装置、情報処理方法及び情報処理プログラム
JP2019176479A (ja) * 2019-04-18 2019-10-10 ヴィップコン ベー.フェー. 音声及び/又はデータ交換用モバイル機器及びサーバ

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002111897A (ja) * 2000-09-29 2002-04-12 Canon Inc ネットワークシステム、その制御方法およびネットワークシステムにおけるユーザの登録方法
JP2003009243A (ja) * 2001-06-22 2003-01-10 Sumitomo Heavy Ind Ltd 認証装置及び方法、ネットワークシステム、コンピュータプログラム
JP2003179699A (ja) * 2001-12-12 2003-06-27 Matsushita Electric Ind Co Ltd ネットワーク家電遠隔操作システム、その方法及び認証システム
JP2005056299A (ja) * 2003-08-07 2005-03-03 Yafoo Japan Corp Wwwサービスにおける本人認証方法、本人認証システム、コンピュータプログラム、プログラム格納媒体
JP2005182212A (ja) * 2003-12-16 2005-07-07 Sumitomo Mitsui Card Co Ltd 情報処理方法、情報処理システム、プログラムおよび記録媒体

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002111897A (ja) * 2000-09-29 2002-04-12 Canon Inc ネットワークシステム、その制御方法およびネットワークシステムにおけるユーザの登録方法
JP2003009243A (ja) * 2001-06-22 2003-01-10 Sumitomo Heavy Ind Ltd 認証装置及び方法、ネットワークシステム、コンピュータプログラム
JP2003179699A (ja) * 2001-12-12 2003-06-27 Matsushita Electric Ind Co Ltd ネットワーク家電遠隔操作システム、その方法及び認証システム
JP2005056299A (ja) * 2003-08-07 2005-03-03 Yafoo Japan Corp Wwwサービスにおける本人認証方法、本人認証システム、コンピュータプログラム、プログラム格納媒体
JP2005182212A (ja) * 2003-12-16 2005-07-07 Sumitomo Mitsui Card Co Ltd 情報処理方法、情報処理システム、プログラムおよび記録媒体

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2015184716A (ja) * 2014-03-20 2015-10-22 ソフトバンク株式会社 認証装置及びプログラム
JP6446107B1 (ja) * 2017-09-29 2018-12-26 楽天株式会社 情報処理装置、情報処理方法及び情報処理プログラム
JP2019068229A (ja) * 2017-09-29 2019-04-25 楽天株式会社 情報処理装置、情報処理方法及び情報処理プログラム
JP2019176479A (ja) * 2019-04-18 2019-10-10 ヴィップコン ベー.フェー. 音声及び/又はデータ交換用モバイル機器及びサーバ

Also Published As

Publication number Publication date
JP4422194B2 (ja) 2010-02-24
JPWO2008016147A1 (ja) 2009-12-24

Similar Documents

Publication Publication Date Title
US6789193B1 (en) Method and system for authenticating a network user
TWI242962B (en) Method and apparatus for serving content from a semi-trusted server
CN100531155C (zh) 用于在基于因特网协议的语音(voip)通信中注册和自动检索数字证书的方法和系统
CN103380592B (zh) 用于个人认证的方法、服务器以及系统
US8302175B2 (en) Method and system for electronic reauthentication of a communication party
JP2002215582A (ja) 認証方法及び装置
JP2006525563A (ja) ユーザとウェッブ・サイトの認証方法及び装置
CN107113613B (zh) 服务器、移动终端、网络实名认证系统及方法
JP2015526784A (ja) 問い合わせ型トランザクションによる強化された2chk認証セキュリティ
US20120303830A1 (en) Data processing device and data processing method
CN103220259A (zh) Oauth API的使用、调用方法、设备及系统
CN104702580B (zh) 多通讯渠道认证授权平台系统和方法
CN107835079A (zh) 一种基于数字证书的二维码认证方法和设备
CN106845986A (zh) 一种数字证书的签章方法及系统
JP5495194B2 (ja) アカウント発行システム、アカウントサーバ、サービスサーバおよびアカウント発行方法
US6904524B1 (en) Method and apparatus for providing human readable signature with digital signature
US20090077382A1 (en) Method for the preparation of a chip card for electronic signature services
US11627142B2 (en) E-code multi-imprints
CN113411324B (zh) 基于cas与第三方服务器实现登录认证的方法和系统
WO2008016147A1 (fr) Procédé, système et programme d'authentification de téléphone mobile de type 'browserphone' en fonction de son numéro, serveur d'authentification de téléphone mobile de type 'browserphone', ainsi que procédé, système, serveur et programme
CN106357669B (zh) 一种Web系统登录方法及登录辅助系统
JP2007058781A (ja) 身分証明システム,方法,ユーザ携帯端末,身分証明書管理サーバおよびプログラム
CN105743859B (zh) 一种轻应用认证的方法、装置及系统
JP2004295761A (ja) 端末装置及び情報処理装置
JP4350685B2 (ja) 携帯端末装置および属性情報交換システム

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 07791964

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2008527808

Country of ref document: JP

NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 07791964

Country of ref document: EP

Kind code of ref document: A1