WO2011099161A1 - コンテンツ提示型認証システム - Google Patents
コンテンツ提示型認証システム Download PDFInfo
- Publication number
- WO2011099161A1 WO2011099161A1 PCT/JP2010/052185 JP2010052185W WO2011099161A1 WO 2011099161 A1 WO2011099161 A1 WO 2011099161A1 JP 2010052185 W JP2010052185 W JP 2010052185W WO 2011099161 A1 WO2011099161 A1 WO 2011099161A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- content
- user
- authentication
- information
- presentation
- Prior art date
Links
- 238000009795 derivation Methods 0.000 claims abstract description 52
- 238000012795 verification Methods 0.000 claims description 55
- 230000005540 biological transmission Effects 0.000 claims description 24
- 238000000034 method Methods 0.000 claims description 20
- 238000009434 installation Methods 0.000 claims description 4
- 230000006870 function Effects 0.000 description 35
- 239000011159 matrix material Substances 0.000 description 21
- 238000010586 diagram Methods 0.000 description 13
- 238000012545 processing Methods 0.000 description 9
- 230000004044 response Effects 0.000 description 6
- 239000000284 extract Substances 0.000 description 4
- 238000004422 calculation algorithm Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 125000002066 L-histidyl group Chemical group [H]N1C([H])=NC(C([H])([H])[C@](C(=O)[*])([H])N([H])[H])=C1[H] 0.000 description 2
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 241000556720 Manga Species 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/305—Authentication, i.e. establishing the identity or authorisation of security principals by remotely controlling device operation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/02—Marketing; Price estimation or determination; Fundraising
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2151—Time stamp
Definitions
- the present invention relates to a user authentication system, and more specifically, presents a plurality of pattern elements arranged in a predetermined pattern as a presentation pattern to a user who is authenticated, and applies a one-time password derivation rule to the presentation pattern, thereby providing a one-time password.
- the present invention relates to a content presentation type authentication system for performing user authentication and forcibly presenting content to a user at the time of authentication.
- matrix authentication In recent years, a so-called matrix authentication type user authentication system has been developed as a form of a challenge / response system in a user authentication system (see, for example, Patent Document 1).
- matrix authentication a matrix-like presentation pattern in which random numbers are arranged in a predetermined pattern is presented to a user who is to be authenticated, and is applied to pattern elements (numbers of random numbers) included in the presentation pattern.
- the one-time password derivation rule for generating the one-time password is set as the password of the user.
- the server and the client share the same presentation pattern, and the one-time password that is the result of applying the one-time password derivation rule that is the password at the client to the presentation pattern and the one-time password derivation rule that is the password at the server
- the one-time password derivation rule which is a password
- the one-time password derivation rule is the position and order of the elements selected on the matrix, and is easy to memorize as an image. It cannot be specified.
- an offline user authentication system has been developed that allows matrix authentication even when the client is not connected to the server via a network (see Patent Document 2).
- a plurality of pattern element sequences constituting a presentation pattern and a result of applying a one-time password derivation rule to each of the presentation patterns within the offline authentication client are unidirectional by a hash function.
- a plurality of verification codes that have been subjected to a function operation are stored, a presentation pattern is generated by selecting one from the stored pattern element sequence, and the one-way function operation is performed on the input one-time password
- the presentation pattern is displayed on the offline authentication client by having a configuration in which authentication is performed by comparing the one implemented with the corresponding verification code
- the verification code is hashed and stored Because, the client can realize the matrix certification of off-line with a high level of security, such as password leakage does not occur even been analyzed.
- FIG. 21 is a functional block diagram of an offline user authentication system 2100 that enables conventional matrix authentication.
- a user ID 2181 is input by the user of the client 2151 through the user ID input unit 2152 and transmitted to the authentication support server 2101 through the verification data request unit 2153.
- the authentication support server 2101 receives the input user ID 2181 by the verification data request receiving unit 2103, and patterns the pattern element sequence 2190, which is information for generating a plurality of presentation patterns 2210 (FIG. 22) corresponding to the input user ID.
- the verification code generation unit 2106 generates a plurality of verification codes 2193 corresponding to the one-time password derivation rules 2102b corresponding to the user ID 2102a generated by the generation unit 2104 and stored in the respective presentation patterns and the password storage unit 2102.
- These pattern element sequence 2190 and verification code 2193 are transmitted to the client 2151 in advance via the pattern transmission means 2105 and verification code transmission means 2111, and the client 2151 receives the pattern reception means 2154 and It receives them via the validation code receiving means 2162, and stored in the verification data storage unit 2116.
- the pattern selection unit 2163 selects the pattern element sequence 2190 stored in the verification data storage unit 2161 for the user ID input by the user via the user ID input unit 2153, and the pattern display unit 2155 is selected.
- the presentation pattern 2210 is displayed on the client 2151 based on the pattern element sequence 2190, and the input of the one-time password is accepted from the user via the one-time password input means 2156.
- the verification code specifying unit 2164 specifies the verification code 2193 corresponding to the user ID and the selected pattern element sequence and reads it from the verification data storage unit 2161, and the user authentication unit 2165 performs a one-way function operation on the input one-time password. And the verification code 2193 are compared to perform user authentication.
- FIG. 22 is a conceptual diagram of a method for generating a presentation pattern 2210 in a conventional matrix authentication system.
- FIG. 22 shows a pattern element sequence 2190 composed of pattern elements that are one-digit numbers from 0 to 9, and each pattern element included in the pattern element sequence is represented by a pattern composed of four 4 ⁇ 4 matrices.
- the presentation pattern 2210 arranged at the position of the element is illustrated.
- the authentication support server 2101 generates 64 single-digit numbers, which are pattern elements included in the presentation pattern 2210, by a random number generation algorithm, and transmits a pattern element sequence 2190 in which the numbers are arranged to the client 2151.
- the client 2151 receives the pattern element sequence 2190 from the authentication support server 2101 and arranges each pattern element included in the pattern element in order in the shape of a predetermined pattern, here, each element of four 4 ⁇ 4 matrices. Thus, a presentation pattern 2210 is generated and displayed on the screen.
- FIG. 23 is a conceptual diagram of a one-time password input method in the matrix authentication method.
- the user sequentially extracts numbers displayed at predetermined positions on the matrix and inputs them from the one-time password input unit 2156.
- arrows and circles indicated by broken lines indicate that a one-time password based on the presentation pattern 2210 is input from the client keyboard 2300.
- the user can purchase a license for a program for the new authentication system or use the system. Usually it is necessary to pay. Even if a new user authentication system provides higher security, an existing user authentication system can ensure a certain level of security if a program license fee or system usage fee is incurred. Is likely to continue to use. For this reason, even if it is a new user authentication system with high security, it is only used by some users who are active in security enhancement, and it is difficult to spread widely. Therefore, there is a problem that a developer of a new user authentication system cannot sufficiently recover development costs and maintenance costs.
- the present invention has been made in view of the above problems, and has the following characteristics. That is, the present invention presents a plurality of pattern elements arranged in a predetermined pattern as a presentation pattern to a user who is authenticated, and generates a one-time password by applying it to a pattern element at a specific position included in the presentation pattern.
- a content presentation type authentication system which manages a user ID of a user, a password, content data representing each content of a plurality of contents compulsorily presented at the time of user authentication, and each content ID of a plurality of contents, Content to user
- An authentication service providing server that provides additional authentication information, a content presentation type user authentication program and a processor for performing the content presentation type user authentication, and a client connected to the authentication service provision server via a network
- the authentication service providing server includes a user information storage unit that associates and stores a user ID of a user and user attribute information representing the attribute of the user, a user ID of the user, and a one-time password derivation rule for the user Are stored in advance, a password storage unit for storing in advance, pattern specifying information generating means for generating a plurality of pattern specifying
- the content presentation type user authentication in the client is performed by installing the content presentation type user authentication program in the client, whereby the user authentication by the client OS built-in user authentication program is performed.
- An installation program for installing the content presentation type user authentication program on the client operates on the client processor, whereby the content presentation type user authentication program is replaced with the OS built-in authentication program at the time of user authentication in the client.
- An installation unit that changes the setting of the OS to be activated may be realized.
- the content presentation type user authentication program is downloaded from the authentication service providing server to the client, and the authentication service providing server includes the content presentation type user authentication program and the installation program.
- a download request receiving means for receiving a download request for the content presentation type user authentication program and the installation program from the client through the network, and a download request receiving means for receiving a download request from the client.
- the content presentation type user authentication program and the installation program are transmitted to the client through the network.
- Download request transmission means for transmitting a download request for requesting transmission of the content presentation type user authentication program and the installation program to the authentication service providing server through the network
- Program receiving means for receiving the content presentation type user authentication program and the installation program from an authentication service providing server, and a program storage unit for storing the received program can be included.
- the content can be an advertisement.
- the authentication information storage unit of the authentication service providing server further includes a plurality of pieces of authentication information stored in association with each of the plurality of pieces of content data specified for the user ID.
- the content selection means in the client stores content data associated with the authentication information selected for the user authentication in order to forcibly present the content at the time of user authentication. You may make it select.
- the content related information associated with the content ID of the content includes a desired number of times of presentation indicating the number of times that the content is desired to be presented in one user authentication process, and a single user authentication of the content.
- a desired presentation condition including at least one of a desired presentation time indicating a time desired to be presented during processing and continuous presentation availability information indicating whether continuous presentation of the content is permitted; and the target content specifying means further includes the content Based on the desired presentation condition included in the content-related information associated with the content ID, at least the presentation time for the one presentation of the content and the continuous presence / absence information indicating whether or not to continuously present the content
- Content presentation attribute information including any one
- the content presentation attribute information is associated with the content data associated with the content ID and stored in the authentication information storage unit, and the authentication information with content transmitted from the authentication service providing server to the client is the content presentation attribute.
- the content presentation unit may further present content to the user forcibly during user authentication according to the content presentation attribute information.
- the authentication information selection unit of the client is already included in the authentication information with content associated with the user ID of the user who wants to receive authentication stored in the authentication information storage unit of the client.
- the selected authentication information is configured not to be selected, and the authentication with content associated with the user ID of the user who wants to receive authentication stored in the authentication information storage unit of the client by the authentication information selection unit of the client.
- the authentication information request transmission unit of the client sends an authentication information request including the user ID to the authentication service providing server through the network.
- the information request receiving means receives the authentication information request from the client through the network, and the content-added authentication information transmitting means of the authentication service providing server is associated with the user ID included in the received authentication request information.
- the authentication information with content may be received through the network, and the authentication information storage unit with content of the client may be configured to update the authentication information with content with the received authentication information with content.
- the authentication service providing server further includes user information update means for updating information stored in the user information storage unit, and authentication information for updating information stored in the authentication information storage unit.
- An update means and at least one of content information update means for updating information stored in the content information storage unit can be provided.
- the target content data specifying unit of the authentication service providing server associates user attribute information associated with the user ID with the content ID for each of the user IDs at a predetermined timing. Re-specifying a plurality of content IDs satisfying the content presentation target user condition included in the content-related information, and associating each content data of the plurality of content IDs re-specified for each user ID with each user ID
- the authentication information storage unit may be updated.
- the pattern element sequence generation means may be configured to generate a pattern element sequence based on a user ID in addition to the pattern specifying information.
- the user attribute information may include at least one of a user's age and sex.
- the present invention can forcibly present content such as advertisements to the user during user authentication, so that the content provider can bear a certain financial burden. It becomes. For this reason, the user's burden of the program license fee and the system usage fee for using the user authentication system of the present invention which provides an authentication means with high security and convenience called matrix authentication is reduced or made free of charge. The spread of the user authentication system can be promoted, and the development cost and maintenance cost of the user authentication system of the present invention can be sufficiently recovered.
- content is compulsorily presented during processing that must be executed by the user when the computer is started, such as user authentication, so that the user who operates the client for user authentication can reliably view the content. be able to.
- This is particularly effective when the content is an advertisement.
- authentication information and content data can be managed in association with each other in the authentication information with content transmitted to the client, the content presented to the user can be easily grasped. This makes it possible to calculate the content provider's content provision fee clearly and easily.
- a presentation pattern is a pattern in which pattern elements are arranged in a predetermined pattern.
- the predetermined pattern include a matrix arranged so as to form a square as a whole at each of vertical m ⁇ n horizontal positions, and a plurality of such matrices arranged.
- the shape of the figure can be made. In this specification, even when a presentation pattern having a shape other than the typical matrix shape is used, it is called a matrix authentication method.
- As the predetermined pattern a regular shape or an impressive shape is easy to remain in the user's memory, and is therefore preferable because the user can easily memorize a one-time password derivation rule that is a password.
- the one-time password derivation rule that is the password and the one-time password that is the result of applying the one-time password derivation rule to the presentation pattern have a one-to-one correspondence, and automatically when the one-time password is entered One-way will be made. Therefore, even if the presentation pattern is specified from only one one-time password, the one-time password derivation rule cannot be specified.
- a one-digit number from 0 to 9 is used as a pattern element, and each pattern element is arranged in a predetermined pattern composed of four 4 ⁇ 4 matrices.
- the presentation pattern 2210 is assumed. When the screen area is small, such as a mobile phone, it is preferable to use a presentation pattern in which the number of 4 ⁇ 4 matrices is reduced to three.
- the pattern specifying information is information for specifying the presentation pattern 2210.
- Typical pattern specifying information is a pattern element string or a pattern seed value.
- the pattern element string is a pattern element string which is a one-digit number from 0 to 9 as shown in FIG. 22 and is data representing the contents of elements arranged in a predetermined pattern in order to generate the presentation pattern 2210. .
- all pattern elements included in the presentation pattern 2210 are arranged in order.
- the pattern element sequence 2190 does not have to be a single character string in which pattern elements are arranged in order, but means data including information on all pattern elements included in one presentation pattern 2210. It is. Therefore, as long as each pattern element included in the pattern element sequence 2190 is associated with each position in the presentation pattern, the order of the pattern elements included in the pattern element sequence 2190 is arbitrary.
- the pattern element sequence 2190 may be divided into a plurality of data.
- the pattern seed value is information for generating the presentation pattern 2210 according to a predetermined rule.
- a predetermined rule for example, a part of a value obtained by performing a hash function operation on the pattern seed value may be used as a pattern element string.
- the pattern seed value is typically a numerical value within a predetermined range generated by a random number generation algorithm. As long as the pattern seed value is a numerical value within a predetermined range, it may be generated by generation rules other than the random number generation algorithm, for example, by counting up or down every predetermined value from a predetermined initial value. It is also possible to provide higher security by combining the user ID with the generated random number.
- the one-time password derivation rule is a rule for generating the one-time password 2310 by being applied to a pattern element at a specific position included in the presentation pattern 2210, and is data that functions as a user password.
- the rule applied to the pattern element is typically a pattern element at which position is selected in which order.
- the one-time password derivation rule is information on a combination of the position of each selected pattern element included in the presentation pattern 2210 and the order in which each pattern element is selected.
- a fixed password component that is not based on the presentation pattern 2210 can be included in the one-time password.
- the one-time password 2310 is a one-time password that is generated and input when a user who is to be authenticated applies his / her one-time password derivation rule to the presentation pattern 2210.
- FIG. 23 is a conceptual diagram of a one-time password input method in the matrix authentication method.
- the one-time password derivation rule used in FIG. 23 is to select pattern elements at positions in the presentation pattern indicated by circles in order from the left.
- the user generates and inputs “2504” as the one-time password by selecting the pattern elements at the predetermined positions included in the presentation pattern 2210 in a predetermined order according to the one-time password derivation rule.
- the verification code is data for verifying the validity of the input one-time password.
- the verification code performed a one-way function operation on the result of applying the user's own one-time password derivation rule to each of a plurality of presentation patterns that can be displayed on the client based on a plurality of pattern specifying information.
- the verification code is obtained by performing a one-way function operation on the same value as the correct one-time password, which is the result of applying the correct one-time password derivation rule associated with the user who is going to be authenticated to the correct presentation pattern. It is. Accordingly, the verification code is stored in the client in association with the pattern specifying information for specifying the presentation pattern used to generate the verification code.
- a one-way function is a function in which an output value applied to a certain input value can be easily calculated, but it is extremely difficult to obtain the original input value from the output value.
- the hash function refers to a function having a one-way characteristic that is a characteristic of the one-way function, and having a collision resistance that the probability that the output values are the same when the original input values are different is extremely small.
- the hash function normally generates a certain range of output values regardless of the input value.
- the one-way function is a concept that includes a hash function, and the one-way function and the hash function can be used almost in the same way, but when higher collision tolerance is required due to a large range of input values, etc. It is preferable to use a hash function. In the present invention, it is naturally possible to use a hash function instead of a one-way function, but it is also possible to use a one-way function instead of a hash function.
- FIG. 1 shows a system configuration of an embodiment of a content presentation type authentication system according to the present invention.
- the content presentation type authentication system 100 includes an authentication service providing server 110 for providing an authentication service to a user client, and clients 120-1 to 120-N such as a plurality of users' PCs and mobile phones. Is provided.
- the authentication service providing server 110 and the client 120 are connected by a network 130.
- the network may be a Windows domain network operating with a TCP / IP based protocol. In this specification, Windows is described as an example of the OS. However, other OS such as Mac OS (registered trademark), Linux (registered trademark), Unix (registered trademark), and the like may be used. It is.
- the content presentation authentication system 100 may further include a content providing server 140 and a settlement server 150.
- the content providing server 140 provides content information to be provided to the client 120 to the authentication service providing server 110.
- the settlement server 150 is a server for making a settlement online when money is exchanged between the content provider and the authentication service provider due to the provision of the content.
- the content providing server 140 and the settlement server 150 may be connected to the authentication service providing server 110 via the network 130 or may be directly connected via a dedicated line.
- the authentication service providing server 110 includes a CPU 200, a RAM 201, a user interface (I / F) 202, an external / network interface (I / F) 203, and a storage device 204.
- the storage device 204 stores the OS and the user authentication support application in its storage area, and further includes a program storage unit 206 and an information storage unit 207.
- the program storage unit 206 stores a content presentation type user authentication program and an installation program.
- the content presentation type user authentication program is a program for operating the client 120 to cause the client to perform content presentation type user authentication that forcibly presents content to the user during user authentication.
- the installation program is a program for installing the content presentation type user authentication program on the client.
- the information storage unit 207 stores user information regarding each user, a one-time password derivation rule that is a password for each user, content information regarding content to be presented to the user, authentication information necessary for user authentication, and the like.
- the information storage unit 207 may be implemented as a device different from the authentication service providing server 110, or may be implemented as a separate device for each type of information.
- the client 120 includes an external / network interface (I / F) 250, a user interface (I / F) 251, a RAM 252, a CPU 253, and an information storage device 254.
- the storage device 254 stores an OS and a content presentation type user authentication program in the storage area. Further, authentication information necessary for user authentication of each user is stored in the storage area.
- the content presentation type user authentication program is a pre-installation type program preinstalled in the OS
- the authentication service providing server 110 does not need to store the content presentation type user authentication program and the installation program, and the client 120 is installed. There is no need to remember the program.
- FIG. 3 shows a hardware configuration of the authentication service providing server 110 and the client 120 shown in FIG. 2.
- the user authentication support application is operated on the CPU 200 of the authentication service providing server 110 and the content presentation type is executed on the CPU 253 of the client 120.
- the functional block diagram in this embodiment of the authentication service provision server 110 and client 120 in this embodiment implement
- the download request receiving unit 301, the program transmitting unit 302, the authentication information request receiving unit 311 and the authentication information transmitting unit 312 of the authentication service providing server 110 are the CPU 200, RAM 201 and external / network of the authentication service providing server 110.
- the download request receiving unit 301 receives a download request 350 that requests downloading of the authentication program.
- the program transmission unit 302 reads and transmits the installation program and the authentication program 351 from the program storage unit 303 in response to the download request transmission unit 301 receiving the download request.
- the authentication information request unit 311 receives an authentication information request 352 for requesting authentication information for use in user authentication.
- the authentication information transmission unit 312 reads the authentication information 353 from the authentication information storage unit 310 and transmits it to the client 120 in response to the authentication information request unit 311 receiving the authentication information request 352.
- the program storage unit 303, password storage unit 306, user information storage unit 307, content information storage unit 308, and authentication information storage unit 310 are the CPU 200, RAM 201, program storage unit 206, information storage unit 207, and the like of the authentication service providing server 110. It is a functional block realized by cooperating with software such as a user authentication support application.
- the program storage unit 206 stores an authentication program that operates in the client 120 and an installation program for installing the authentication program in the client.
- the password storage unit 306 stores a user ID and a one-time password derivation rule for each user ID in association with each other.
- the user information storage unit 307 stores a user ID and user attribute information for each user ID in association with each other.
- the content information storage unit 308 stores the content ID, the content data of the content ID, and the content related information in association with each other.
- the authentication information storage unit 310 associates authentication information and content data for each user ID with the user ID and stores them as content-added authentication information.
- the authentication information storage unit 310 may store the authentication information with contents in a non-volatile memory such as a hard disk, or may store it in a volatile memory such as a RAM.
- the pattern specifying information generating unit 304, the verification code generating unit 305, and the target content specifying unit 309 are functional blocks realized by the CPU 200 and the RAM 201 of the authentication service providing server 110 cooperating with software such as a user authentication support application. is there.
- the pattern specifying information generating unit 304 generates a plurality of pattern specifying information at a predetermined timing according to a predetermined generation rule.
- the verification code generation unit 305 reads each user ID and the one-time password derivation rule for each user ID from the password storage unit 306, and for each of the presented patterns specified by each of the generated plurality of pattern specifying information.
- a verification code obtained by performing a one-way function operation on the result of applying the one-time password derivation rule for each user ID is generated and output to the authentication information storage unit 310 together with the pattern specifying information.
- the target content specifying unit 309 specifies the content ID to be forcibly presented to each user based on the user attribute information and the content related information, and outputs the content ID to the authentication information storage unit 310.
- the download request unit 321, program reception unit 322, user ID input unit 324, authentication information request transmission unit 325, authentication information reception unit 330, pattern display unit 334, one-time password input unit 335, and content presentation unit 337 of the client 120 include: This is a functional block realized by the external / network interface 250, the user interface 251, the RAM 252 and the CPU 253 of the client 120 cooperating with software such as an authentication program.
- the download request means 321 transmits a download request 350 for requesting downloading of the authentication program.
- the program receiving unit 322 receives the installation program and the authentication program 351.
- the user ID input unit 324 receives an input of the user ID of the user and outputs it to the authentication information request transmission unit 325, the authentication information selection unit 332, and the content selection unit 336.
- the authentication information request transmission means 325 transmits an authentication information request 352 for requesting authentication information for use in user authentication.
- the authentication information receiving unit 330 receives the authentication information 353.
- the pattern display unit 334 displays a presentation pattern based on the pattern element sequence generated by the pattern element sequence generation unit 333.
- the one-time password input unit 335 accepts an input of a one-time password from the user based on the presentation pattern displayed by the pattern display unit 334.
- the content presentation unit 337 is for forcibly presenting the content to the user based on a predetermined number of content data selected by the content selection unit 336.
- the program storage unit 323 and the authentication information storage unit 331 are functional blocks realized when the RAM 252, the CPU 253, the information storage unit 256, and the like of the client 120 cooperate with software such as an authentication program.
- the program storage unit 323 stores the authentication program received by the program receiving unit 322.
- the authentication information storage unit 331 stores the content-added authentication information 353 received by the authentication information receiving unit 330.
- the authentication information selection unit 332, the pattern element sequence generation unit 333, the content selection unit 336, and the user authentication unit 338 are functional blocks realized by the RAM 252 and the CPU 253 of the client 120 and the like cooperating with software such as an authentication program. .
- the authentication information selection means 332 selects one authentication information for the user ID output from the user ID input means 324 and outputs it to the pattern element string generation means 333 and the user authentication means 338.
- the pattern element sequence generation unit 333 generates a pattern element sequence based on the pattern specifying information included in the authentication information received from the authentication information selection unit 332 and outputs the pattern element sequence to the pattern display unit 334.
- the content selection unit 336 selects and reads out a predetermined number of content data for the user ID received from the user ID input unit 324 from the authentication information storage unit 331, and outputs it to the content presentation unit 337.
- the user authentication unit 338 compares the one-time function input to the one-time password input by the one-time password input unit 335 with the verification code included in the authentication information received from the authentication information selection unit 332; It authenticates the user when they are equal.
- FIG. 4 schematically shows the entire processing in an embodiment of the content presentation type authentication system according to the present invention.
- user information and password information for user authentication are registered in the authentication service providing server 110 in the user registration stage (S401). Further, in the content registration stage (S402), the content information is registered in the authentication service providing server 110.
- authentication information with content generation step (S403) authentication information with content is generated for each user ID based on the registered user information, password information, and content information.
- the authentication information with content acquisition step (S404) the authentication information with content is transmitted from the authentication service providing server 110 to the client 120.
- the content presentation type user authentication stage (S405) content is forcibly presented to the user and user authentication is performed based on the authentication information with content for the user ID to be authenticated.
- the authentication information with content reacquisition step (S406) it is confirmed whether or not all authentication information stored in the client 120 for the authenticated user ID is selected, and when all the authentication information is used, The client 120 acquires the authentication information with contents from the authentication service providing server 110 again.
- FIG. 5 shows a flowchart of the user registration stage.
- the user authentication is logon authentication to the Windows (registered trademark) of the client 120, but may be other user authentication such as logon authentication to another OS or logon authentication to a company network.
- a user who desires to use the content presentation type user authentication service transmits a download request from the client 120 to the authentication service providing server 110 by the download request transmission unit 321 in order to download the content presentation type user authentication program (S501).
- transmission of a download request from the client 120 is assumed to be access to a Web page provided by the authentication service providing server 110 for program download.
- the authentication service providing server 110 requests the client to transmit user attribute information representing user attributes such as age and gender (S503).
- a user attribute information request is transmitted by requesting the user to input user attribute information (age and gender) representing the user's attribute on the download Web page prior to downloading.
- the client 120 receives the user attribute information request (S504)
- the user transmits user attribute information from the client 120 (S505).
- the user inputs these pieces of information on a Web page from a user interface such as a keyboard and transmits them to the authentication service providing server 110.
- the authentication service providing server 110 adds the registration date of the information to the received user attribute information, assigns a user ID, and stores it in the user information storage unit 307.
- the user information storage unit 307 stores a user ID and user attribute information in association with each other in the form shown in FIG.
- the user attribute information may include a date of birth, a living area, a hobby, or the like, or may not include an age, sex, and registration date.
- the authentication service providing server 110 reads the content presentation type user authentication program and the installation program from the program storage unit 303 by the program transmission unit 302 and transmits them to the client 120 (S508).
- the client 120 installs the content presentation type user authentication program by executing the installation program received by the program receiving means 322 (S509).
- installation means that an authentication program is stored in the program storage unit 323 of the client 120 and the content presentation type user authentication program is started instead of user authentication by a logon authentication program incorporated in the client's Windows. In this way, the setting of Windows is changed.
- a content presentation type user authentication program is created as a DLL file for Windows.
- a DLL file named “SmxGina.dll” is created.
- the Windows logon authentication screen program is designated as key data named “GinaDLL” in the registry location shown below.
- HKEY_LOCAL_MACHINE ⁇ SOFTWARE ⁇ Microsoft ⁇ Windows NT ⁇ CurrentVersion ⁇ Winlogon
- the Windows built-in logon authentication module is a DLL file “msgina.dll”, which is set in the key data named “GinaDLL” described above.
- the logon authentication module “SmxGinaDLL” for executing the authentication method according to the present invention is called at the time of logon authentication.
- the content presentation type user authentication program and the installation program may be an integrated program. Further, when the user first downloads the installation program and starts the downloaded installation program, the installation program may cause the client 120 to download the content presentation type user authentication program.
- a storage medium such as a CD or a DVD that stores the content presentation type user authentication program and the installation program may be sent to the user by mail or the like, and the user may use this storage medium to install to the client.
- the content presentation type user authentication program may be a logon authentication program incorporated in advance in Windows.
- the user attribute information may be registered by accessing the user attribute information registration Web page of the authentication service providing server 110 independently of the download procedure of the content presentation type user authentication program.
- the user attribute information may be sent from the user to the authentication service provider by mail or the like, and based on this, the authentication service provider may input the authentication service provider server 110 via the user interface.
- the user who is to be authenticated registers a one-time password derivation rule, which is a password, in the authentication service providing server 110.
- a screen for inputting a user ID for registering a one-time password derivation rule is displayed.
- the user inputs the user ID via the user ID input means 324 and transmits the user ID to the authentication service providing server 110 (S510).
- the authentication service providing server 110 checks whether or not the user ID is stored in the user information storage unit 307 (S511). If already stored, the authentication service providing server 110 transmits the pattern specifying information for two times to the client 120 for password registration (S512). If not registered, the authentication service providing server 110 transmits an NG message, and the client 120 displays that an unregistered user ID has been input, and again displays an input screen for inputting the user ID. Display (not shown).
- the client 120 When the client 120 receives the pattern specifying information for two times (S513), the client 120 displays the presentation pattern twice based on the information, and the user displays the presentation pattern according to the one-time password derivation rule that the user intends to register. The pattern elements included in the are selected, and the one-time password is input twice (S515). The client 120 transmits the input two-time one-time password to the authentication service providing server 110 (S516).
- the authentication service providing server 110 receives two one-time passwords (S515). Then, the authentication service providing server 110 specifies the one-time password derivation rule of the user based on the transmitted pattern specifying information for two times and the received one-time password, and associates the user with the user ID of the user for authentication.
- the password is stored in the password storage unit 306 in the service providing server 110 (S516). In the present embodiment, the password storage unit 306 stores the user ID and the one-time password derivation rule in association with each other in the form shown in FIG.
- the authentication service providing server transmits an OK message indicating that the password registration has been normally performed to the client (not shown). Upon receiving this OK message, the client 120 displays the registered one-time password derivation rule on the display of the client 120 and allows the user to confirm the one-time password derivation rule (not shown), and ends the user registration. To do.
- the one-time password derivation rule can be specified by presenting the second presentation pattern. It is. If the one-time password derivation rule cannot be specified by presenting the two presentation patterns, the authentication service providing server 110 transmits new pattern specifying information to the client 120 until the one-time password derivation rule can be specified. The client repeatedly transmits a one-time password based on the new pattern specifying information (not shown).
- the pattern specifying information transmitted from the authentication service providing server 110 is twice, but may be transmitted once, or may be transmitted three times or more at a time.
- FIG. 8 shows a flowchart of the content data registration stage.
- the content providing server 140 transmits a content upload request to the authentication service providing server 110 (S801).
- the content is advertisements, service information such as product support information, and music and movies for promotion of music and movies. It can also be news, novels, movies, photos, television programs, anime, music, games, manga, and the like.
- the transmission of the upload request from the content providing server 140 is an access to a Web page provided by the authentication service providing server 110 for content upload.
- the authentication service providing server 110 transmits a content information request (S803).
- the authentication service providing server 110 transmits a content information request by requesting input of content information on this Web page.
- the content information includes the name of the content provider that provides the content, content data representing the content, and content-related information.
- the content related information includes content presentation target user conditions.
- the content presentation target user condition may be the gender (male or female) and age (for example, teens to 20s) that the content provider desires to present the content.
- the content related information may include other information corresponding to the content.
- the content providing server 140 transmits the content information by inputting and transmitting the content information on the Web page (S805).
- the authentication service providing server 110 Upon receiving the content information (S806), the authentication service providing server 110 assigns a content ID and a content provider ID to the content information and stores them in the content information storage unit 308 (S807).
- the content information storage unit 308 stores the content ID, the content provider ID, and the content related information in association with each other in the form shown in FIG.
- the payment server 150 online payment between the authentication service provider and the content provider can be performed.
- the content provider pays an authentication fee to the authentication service provider based on the number of user IDs that distributed the advertisement, the total number of advertisements presented to the user, and the like. Do.
- the authentication service providing server 110 or the content providing server 140 that requests payment can access the payment server 150 at a predetermined timing to make a payment request for making the payment described above.
- the content providing server 140 can specify the payment target by the content provider ID.
- FIG. 10 shows a flowchart of the authentication information generation step with content. This step may be performed simultaneously for a plurality of or all user IDs, or may be performed for one user ID.
- This stage is started at a predetermined timing.
- the predetermined timing is typically a timing specified by an authentication information update unit described later when a new user ID is registered, or when the authentication service providing server 110 receives an authentication information request from a client 120 described later. It is.
- the pattern specifying information generating unit 304 generates a plurality of pattern specifying information according to a predetermined generation rule (S1001).
- the predetermined generation rule is typically to generate a 64-digit random number as a pattern element string or pattern seed value and use it as pattern specifying information.
- the verification code generation unit 305 reads each user ID and the one-time password derivation rule for each user ID from the password storage unit 306 (S1002). Then, the verification code generation unit 305 applied the one-time password derivation rule for each user ID to each of the presentation patterns specified by a predetermined rule based on each of the generated plurality of pattern specifying information. A verification code that is obtained by performing a one-way function operation on the result is generated (S1003).
- the predetermined rule for specifying the presentation pattern based on the pattern specifying information is typically four patterns elements included in the pattern element sequence. It is arranged at the position of each element of a pattern consisting of a 4 ⁇ 4 matrix.
- the pattern specifying information is a pattern seed value
- a pattern element sequence is generated based on the pattern seed value and is arranged at the position of each element of a pattern composed of four 4 ⁇ 4 matrices.
- the presentation pattern is specified by For example, an encryption operation using a numeric string as a pattern seed value as a kind of initial value is performed to generate a bit string having a predetermined bit length.
- the predetermined bit length is 256 bits, which is an amount of information sufficient to generate a presentation pattern 2190 composed of 64 numbers.
- a hash function operation it is only necessary that it is practically impossible to obtain the original numeric string from the operation result, and a hash function operation, a common key encryption operation, and the like can be used.
- SHA256 is used as a hash function and the predetermined numeric string is encrypted
- a 256-bit bit string can be generated.
- AES is used as a common key encryption operation
- a key is generated from the predetermined numeric string, and when a 256-bit numeric string appropriately set in advance is encrypted with the key, a 256-bit bit string 384 is generated. can do.
- a 256-bit bit string is converted into a 77-digit decimal number, and a 64-digit number is extracted therefrom to form a pattern element string. Extraction of 64-digit numbers can use any operation such as deletion of unnecessary upper bit strings, deletion of unnecessary lower bit strings, and division.
- the presentation pattern is specified by a predetermined rule based on the pattern seed value, even if the pattern seed value is stolen by eavesdropping or the like, the presentation pattern can be specified if the predetermined rule is not known. Can not. Therefore, even if the one-time password input based on the presentation pattern is stolen, the password derivation rule cannot be specified, so that high security can be provided.
- the presentation pattern can be specified by combining the user ID with the pattern seed value.
- it is a pattern element sequence uniquely determined for a combination of a user ID and a pattern seed value, and it is extremely difficult to estimate the original input user ID and pattern seed value from only the pattern element sequence. Generate something.
- the combination of the user ID and the pattern seed value is used as a kind of initial value, and the presentation pattern is specified by the same method as that based on the above-described pattern seed value alone.
- the user ID and the pattern seed value expressed in hexadecimal can be combined using any operation such as combining, addition, subtraction, exclusive OR, etc. .
- the target content specifying unit 309 performs processing for specifying the content to be forcibly presented to each user based on the user attribute information and the content related information. That is, the target content specifying unit 309 reads the user ID and user attribute information from the user information storage unit 307 and reads the content ID, content data, and content related information from the content information storage unit 308 (S1004). Then, for each user ID, the target content specifying unit 309 has a plurality of content IDs that satisfy the content presentation target user condition in which the user attribute information associated with the user ID is included in the content related information associated with the content ID. Is identified.
- the content presentation target user condition is a purchaser of the paid content, and the user attribute information indicates whether the purchaser is the paid content purchaser. Information may be added. In this way, the content can be presented only to the user who the content provider desires to present.
- the authentication information storage unit 310 Based on the pattern identification information and verification code received from the verification code generation unit 305 and the plurality of identified content IDs received from the target content identification unit 309, the authentication information storage unit 310 performs the following processing for each user ID.
- a plurality of authentication information for each user ID and content data of a plurality of specified content IDs are stored (S1006).
- information including a plurality of authentication information and a plurality of content data is referred to as content-added authentication information.
- Each authentication information includes pattern specifying information and a verification code generated based on the pattern specifying information and the one-time password derivation rule.
- the authentication information storage unit 310 stores authentication information and content data including pattern specifying information and a verification code in association with a user ID in the form shown in FIG.
- the authentication information storage unit 310 can generate authentication information with contents and store it in advance.
- the authentication information with contents may be stored in a non-volatile memory such as a hard disk, or may be stored in a volatile memory such as a RAM. If authentication information with contents is generated and stored in advance, it becomes possible to provide such information at a minimum server load in response to an authentication information request from a client.
- the content-added authentication information generation step for the user ID that has transmitted the authentication information request is started and stored temporarily for transmission to the client 120. You may do it.
- the authentication information with contents is preferably stored in a volatile memory such as a RAM. In this way, the capacity of the storage unit such as a hard disk can be reduced.
- FIG. 12 shows a flowchart of the authentication information acquisition step with contents.
- the client 120 acquires authentication information with contents including a plurality of authentication information and a plurality of contents data from the authentication service providing server 110 prior to user authentication.
- the client 120 can perform user authentication a plurality of times by using a plurality of authentication information included in the acquired authentication information with contents.
- user authentication can be performed a plurality of times as many times as the number of authentication information included in the already acquired authentication information with contents.
- this stage will be described in detail.
- a user who wants to receive authentication transmits an authentication information request for requesting authentication information to the authentication service providing server 110 by the authentication information request transmitting means 325 of the client 120 (S1201).
- the authentication information request includes the user ID of the user who is going to be authenticated.
- the authentication information request is transmitted by accessing a Web page provided by the authentication service providing server 110 for acquiring authentication information, and inputting the user ID on this Web page via the user ID input means 324. This is done by requesting authentication information.
- the authentication service providing server 110 receives the authentication information request including the input user ID transmitted from the client 120 by the authentication information request receiving unit 311 and extracts the user ID from the authentication information request (S1202).
- the authentication service providing server 110 reads, from the authentication information storage unit 310, the authentication information transmitting unit 312 from the authentication information storage unit 310 by reading authentication information with contents including a plurality of authentication information and a plurality of content data associated with the extracted user ID. And transmitted to the client 120 (S1203).
- the authentication information with content transmitted by the authentication information transmitting unit 312 may include all authentication information and content data stored in the authentication information storage unit 310 in association with the user ID, or a part of them. Also good.
- the authentication information receiving means 330 receives the content-added authentication information
- the client 120 associates it with the input user ID and stores it in the authentication information storage unit 331 of the client 120.
- the authentication information storage unit 331 of the client 120 stores the authentication information with contents in the form described in FIG.
- the content-added authentication information corresponding to the input user ID is stored in the client 120, and user authentication can be executed based on the information. Since the authentication information with contents is stored on the client 120, it is not necessary to be connected to the server at the time of user authentication, and in that state, multiple times corresponding to the number of authentication information included in the stored authentication information with contents. User authentication is possible.
- FIG. 13 shows a flowchart of the content presentation type user authentication stage.
- the user ID input unit 324 of the client 120 receives an input of a user ID from the user (S1301).
- the Windows logon authentication screen A1400 shown in FIG. 14 is displayed on the display to prompt the user to input a user ID, and the user inputs his / her user ID in the user name field on the logon authentication screen A. .
- When logging on to a Windows domain network enter the domain network name of the logon destination in the logon destination field.
- the authentication information selection unit 332 of the client 120 selects and reads one authentication information from a plurality of authentication information in the authentication information storage unit 331 associated with the input user ID according to a predetermined rule (S1302). .
- the selected authentication information is used for authentication of the user among the plurality of stored authentication information until the authentication information is newly acquired and stored from the authentication service providing server 110 next time. Those already selected to do are not selected. By doing in this way, a different presentation pattern can be displayed for every user authentication, and a brute force attack can be eliminated, so that security can be further improved. For example, when 100 pieces of authentication information are stored, user authentication can be performed 100 times continuously until new authentication information is acquired. When there is less authentication information not selected, a warning to that effect is displayed. Once all authentication information has been selected, no further new user authentication is possible.
- the content selection unit 336 selects the content data so that all the stored content data is selected when all the stored authentication information is selected.
- the content-added authentication information includes content data three times as many as the authentication information, and the content selection unit 336 selects three content data for each authentication.
- the content is presented by displaying a logon authentication screen B1402 including a presentation pattern 1403 after requesting user authentication by entering the user ID in the user name field on the Windows logon authentication screen A1400. Before doing so, three contents are displayed on the contents presentation screen 1401 for 5 seconds each. By doing in this way, since the user is viewing the display for user authentication, the user can be surely viewed the content.
- the pattern element string generation unit 333 of the client 120 generates a pattern element string based on the pattern specifying information included in the selected authentication information, and the pattern display unit 334 generates each pattern element of the pattern element string generated.
- the image of the presentation pattern 1403 arranged at the position of each element of the pattern composed of four 4 ⁇ 4 matrices is generated and displayed (S1304).
- the presentation pattern can be specified based on the pattern specifying information according to the predetermined rule described above with reference to the verification code generation unit 305.
- a logon authentication screen B 1402 including a presentation pattern 1403 is displayed on the screen of the client 120.
- the pattern element sequence generation unit 333 reads the pattern element sequence from the authentication information and outputs it as it is to the pattern display unit 334.
- the user who intends to receive authentication selects one of the pattern elements displayed at a specific position of the presentation pattern 1403 displayed on the screen of the client 120 by the one-time password input means 335 in order,
- the one-time password as a result of applying the one-time password derivation rule to the presentation pattern 1403 is input to the client 120 (S1305).
- the user authentication unit 338 of the client 120 compares the one-time password input by the one-time password input unit 335 with the verification code included in the selected authentication information (S1306). If they are equal, the user authentication of the user is successful. If they are not equal, the presentation pattern may be displayed again based on the pattern specifying information to prompt the user to re-enter the one-time password (S1304, S1305).
- Authentication information for a presentation pattern to be displayed again may be selected again or reused. Moreover, you may return to S1301 in order to prompt the user to input the user ID again.
- the one-way function calculation applied to the one-time password at the client is the same as the position-direction function calculation applied when the verification code included in the authentication information is generated at the authentication service providing server.
- Presentation of the content may be performed at a predetermined position on the screen while displaying the logon authentication screen A1400 and the logon authentication screen B1402, or may be performed after successful logon authentication. Since some time during which computer operation cannot be performed due to processing such as computer startup after successful login authentication occurs, content can be forcibly presented without burdening the user if the content is presented to the user at that time. it can. When the content is a music piece, the output may be continued while the logon authentication process is performed.
- the user who operates the client for user authentication always views the content. Since the presented content is appropriately specified for each user based on the content presentation target user condition, the user can view the content that interests him / herself. Further, when the content is an advertisement, it is ensured that the advertisement is viewed by an appropriate user, so that the advertisement can be effectively performed.
- the plurality of pieces of authentication information included in the content-added authentication information is used only once and the authentication information used once is not used. This is because by displaying different presentation patterns using different authentication information each time for user authentication, it is possible to eliminate brute force attacks and provide higher security. Accordingly, when the authentication information used once is not used, when the authentication information included in the authentication information with contents acquired by the client 120 is used or when a predetermined number is used, the client 120 is used. Re-acquires new authentication information with contents in order to acquire new authentication information. In addition, when a certain period of time has elapsed since the authentication information with content was previously acquired, the content included in the authentication information with content may be old information. Even in such a case, it is preferable to reacquire new authentication information with contents.
- FIG. 15 shows a flowchart of the authentication information reacquisition stage with contents. Whether or not all authentication information associated with the authenticated user ID and stored in the authentication information storage unit 331 of the client 120 has been selected for authentication of the user ID after successful user authentication. Is confirmed (S1501).
- the authentication information request transmission unit 325 of the client 120 transmits an authentication information request for the user ID again (S1502).
- an authentication information acquisition Web page provided by the authentication service providing server 110 is accessed, and a screen prompting to reacquire new authentication information is displayed on the display of the client 120.
- the user accesses a Web page for acquiring authentication information and inputs his or her user ID on this Web page to request authentication information.
- the authentication service providing server 110 Upon receiving this authentication information request by the authentication information request transmitting unit 311, the authentication service providing server 110 extracts the user ID included in the authentication request (S 1503). Then, the authentication information transmitting unit 312 reads out the authentication information with contents associated with the user ID from the authentication information storage unit 310, and retransmits it to the client 120 via the network 130 (S1504).
- the authentication information included in the authentication information with contents to be retransmitted is different from the authentication information that it has already been transmitted. This is because, as described above, by using different authentication information, different presentation patterns can be displayed and brute force attacks can be eliminated, so that security can be further improved.
- the client 120 receives the re-transmitted content-added authentication information by the authentication information receiving unit 330 and stores it in the authentication information storage unit 331 in association with the user ID, thereby updating the content-added authentication information (S1505). .
- the content-added authentication information reacquisition step described here may be performed at another timing such as before user authentication starts.
- the authentication service providing server 110 may include means for updating information stored in the user information storage unit 307, the content information storage unit 308, and the authentication information storage unit 310 at a predetermined timing.
- the user information update unit updates the age of the user information in the user information storage unit 307 that has passed one year or more from the registration date and time of the user information once a year according to the elapsed year from the registration date and time.
- the content information update unit deletes the content stored in the content information storage unit 308 when a certain period has passed since registration.
- the authentication information update unit operates the pattern specifying information generation unit at a predetermined timing, and stores new authentication information with content based on the latest information in the user information storage unit 307 and the content information storage unit 308.
- the predetermined timing is typically at regular intervals, when a new user is registered, or when each piece of information is updated by the user information updating unit or the content information updating unit. Also, the timing at which the information stored in the user information storage unit 307, the password information storage unit 306, and the content information storage unit 308 is updated may be used.
- FIG. 16 is a diagram showing the hardware configuration of the authentication service providing server 110 and the client 120 shown in FIG. 2.
- the user authentication support application is operated on the CPU 200 of the authentication service providing server 110 and the content presentation type is executed on the CPU 253 of the client 120.
- the functional block diagram in this embodiment of the authentication service provision server 110 and client 120 in this embodiment implement
- the target content specifying unit 1601 of the target content server 110 is a functional block realized by the CPU 200 and the RAM 201 of the authentication service providing server 110 cooperating with software such as a user authentication support application. Based on the information, a plurality of content IDs forcibly presented to each user and their content presentation attribute information are specified for each predetermined number used in one user authentication, and are output to the authentication information storage unit 1602 Is.
- the authentication information storage unit 1602 is a functional block realized when the CPU 200, the RAM 201, the program storage unit 206, the information storage unit 207, and the like of the authentication service providing server 110 cooperate with software such as a user authentication support application.
- the authentication information storage unit 1602 may store the authentication information with contents in a nonvolatile memory such as a hard disk, or may store it in a volatile memory such as a RAM.
- the authentication information storage unit 1603 of the client 120 is a functional block realized when the RAM 252 and the CPUs 253 and 256 of the client 120 cooperate with software such as an authentication program.
- the authentication information storage unit 1603 stores the authentication information with contents 1607 received by the authentication information receiving unit 330.
- the authentication information storage unit 1603 may store the authentication information with contents in a non-volatile memory such as a hard disk or temporarily store it in a volatile memory such as a RAM.
- the authentication information selection unit 1604 is a functional block realized by the RAM 252 and the CPU 253 of the client 120 cooperating with software such as an authentication program, and one content regarding the user ID received from the user ID input unit 324.
- Authentication information is selected by selecting and reading the attached authentication information pack, and the authentication information included in the content-attached authentication information pack is output to the pattern element sequence generation means 333 and the user authentication means 338, and the content-added authentication information pack Is output to the content selection means 1605.
- the content selection unit 1605 is a functional block realized by the RAM 252 and the CPU 253 of the client 120 cooperating with software such as an authentication program, and is included in the authentication information pack with content received from the authentication information selection unit 1604. By extracting the content data and the content presentation attribute information, the content data associated with the selected authentication information is selected and output to the content presentation unit 1606.
- the content presentation unit 1606 is a functional block realized by the external / network interface 250, the user interface 251, the RAM 252, the CPU 253, and the like of the client 120 cooperating with software such as an authentication program, and is received from the content selection unit 1605.
- the content is forcibly presented to the user based on the content data and the content presentation attribute information.
- the content related information associated with the content ID further includes a desired presentation condition for the content associated with the content ID.
- Desired presentation conditions include a desired number of presentations indicating the number of times the content is desired to be presented in one user authentication process, a desired presentation time indicating the time in which the content is desired to be presented in one user authentication process, and continuous presentation of the content. Information indicating whether or not to perform continuous presentation is included. Therefore, in the content registration stage (FIG. 8), these desired presentation conditions are also included in the content related information and transmitted from the content providing server 140 to the authentication service providing server 110 (S805). The information is stored in the information storage unit 308 in association with the content ID (S807).
- FIG. 17 shows a flowchart of the content-added authentication information generation stage in the second embodiment.
- the target content identification unit 1601 identifies, for each user ID, a plurality of content IDs that satisfy the content presentation target user condition included in the content related information in which the user attribute information associated with the user ID is associated with the content ID. (S1005). Then, the content IDs specified for each user ID are arranged according to a predetermined rule in the order of presentation to the user (S1700). Then, a plurality of content IDs presented in one user authentication are grouped as a set of first content packs, and temporarily stored as a first target content table in which user IDs and grouped content IDs are associated with each other.
- the identified content IDs are randomly arranged, but the authentication service providing server 110 includes the presentation priority in the content related information and arranges the presentation priority in the order of higher presentation priority. You may arrange them.
- the authentication service providing server 110 includes the presentation priority in the content related information and arranges the presentation priority in the order of higher presentation priority. You may arrange them.
- the first target content pack table is stored in the form shown in FIG.
- the target content specifying unit 1601 rearranges the content IDs in the first target content table so as to satisfy the desired presentation condition included in the content-related information associated with each content ID, and assigns the content ID to each content ID.
- Content presentation attribute information indicating a method of presenting each content is generated in accordance with the desired presentation condition included in the related content related information.
- a plurality of content IDs presented in one user authentication and their content presentation attribute information are grouped as a second content pack, and the second target content is associated with the plurality of second content packs with the user ID.
- the data is temporarily stored in the RAM 201 as a table.
- the second target content table is stored in the form of a table shown in FIG. 18B (S1702).
- the first content pack (1) including three content IDs in the order of memory addresses.
- a first target content table is created by grouping into (R).
- continuous content data can be represented by one content data.
- one content data and one content presentation attribute information are included in one content pack as in the second content pack (S) of FIG. It becomes one by one.
- the authentication information storage unit 1602 sequentially reads out the second content pack in the second target content table one by one for each user ID, and associates the content ID in the second content pack with the content ID.
- the content data is replaced with the content information and stored as authentication information with content in association with each of the plurality of authentication information (S1703).
- the content-added authentication information includes a plurality of content-added authentication information packs.
- the authentication information pack with content includes one authentication information, a plurality of content data associated with the authentication information, and content presentation attribute information associated with the content data.
- the authentication information includes pattern specifying information and a verification code obtained based on the pattern specifying information.
- the content-added authentication information is stored in the form shown in FIG.
- the plurality of authentication information and the plurality of content data are each associated with the user ID, but the authentication information and the content data are not directly associated with each other.
- content data corresponding to the content ID is directly associated with each authentication information and stored.
- the content data and the content presentation attribute information may be individually associated with the authentication information, or a plurality of content data and their content presentation attribute information may be grouped to associate each group with the authentication information.
- the client 120 selects authentication information to be used for user authentication, the client 120 presents content data associated with the authentication information to the user.
- content data is associated with authentication information in this way, the client 120 can easily select content data to be presented, so that the computational processing resources of the client 120 can be used effectively.
- the authentication information storage unit 1602 may store the authentication information with content in advance, or temporarily generate and transmit it in response to the authentication information request. It may be memorized.
- the authentication service providing server 110 receives an authentication information request including a user ID from the client 120 (S1202)
- the authentication service providing server 110 is associated with the user ID included in the received authentication information request.
- the content-added authentication information including the authentication information, content data, and content presentation attribute information is transmitted to the client 120 (S1203).
- the client 120 receives the authentication information with contents and stores it in the authentication information storage unit 331 (S1204).
- FIG. 20 shows a flowchart of the content presentation type user authentication stage in the second embodiment.
- the client receives an input of a user ID to be authenticated (S1301), and the authentication information selection unit 1604 is selected from a plurality of authentication information associated with the input user ID.
- One authentication information is selected according to a predetermined rule (S1302).
- the authentication information selection unit 1604 selects authentication information included in the content-added authentication information by selecting and reading one content-added authentication information pack.
- the predetermined rule for selecting authentication information is to select in order of memory addresses.
- the content selection unit 1605 extracts a plurality of content data included in the content-added authentication information pack received from the authentication information selection unit 1604 and content presentation attribute information thereof, thereby associating the content associated with the selected authentication information. And the selected content data and content presentation attribute information are provided to the content presentation means 1606.
- the authentication information selection unit 1604 and the content selection unit 1605 may operate as an integrated functional block.
- the content presentation unit 1606 forcibly presents the content to the user based on the given content data (S2001). Further, the content presentation unit 1606 determines the content presentation time and whether or not to continuously present the content according to the content presentation attribute information associated with each content data.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Development Economics (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Game Theory and Decision Science (AREA)
- Entrepreneurship & Innovation (AREA)
- Computing Systems (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Economics (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
前記コンテンツ提示型ユーザ認証プログラムをクライアントにインストールするためのインストールプログラムが前記クライアントのプロセッサで動作することにより、前記クライアントにおけるユーザ認証時に前記OS組込認証プログラムに代えて前記コンテンツ提示型ユーザ認証プログラムを起動させるようにOSの設定を変更するインストール手段が実現されてもよい。
提示パターンとは、パターン要素を所定パターンに配列したものである。所定パターンとしては、縦m個×横n個のそれぞれの位置に全体が方形を形成するように配置したマトリクス、そのようなマトリクスを複数並べたもの、などが典型的であるが、その他に任意の図形の形状とすることができる。本明細書では、そのような典型的なマトリクス形状以外の形状の提示パターンを使用した場合も、マトリクス認証方式と呼ぶことにする。所定パターンとしては、規則的な形状や印象的な形状が、ユーザの記憶に残りやすく、従ってユーザがパスワードであるワンタイムパスワード導出ルールを記憶しやすいために好適である。
パターン特定情報は、提示パターン2210を特定するための情報である。典型的なパターン特定情報はパターン要素列またはパターンシード値である。
ワンタイムパスワード導出ルールは、提示パターン2210に含まれる特定の位置のパターン要素に対して適用することによりワンタイムパスワード2310を生成するためのルールであり、ユーザのパスワードとして機能するデータである。パターン要素に対して適用するルールとは、典型的には、どの位置のパターン要素をどの順番で選択するのかということである。この場合、ワンタイムパスワード導出ルールは、提示パターン2210に含まれる選択されるパターン要素のそれぞれの位置と、当該それぞれのパターン要素が選択される順番との組み合わせの情報である。また、提示パターン2210に基づかない固定パスワード成分をワンタイムパスワードに含めることもできる。
ワンタイムパスワード2310は、認証を受けようとするユーザが提示パターン2210に対して自己のワンタイムパスワード導出ルールを適用することによって生成・入力される使い捨てのパスワードである。図23は、マトリクス認証方式におけるワンタイムパスワード入力方法の概念図である。図23において使用されているワンタイムパスワード導出ルールは、円で記した提示パターンにおける位置のパターン要素を左から順番に選択することとする。ユーザは、このワンタイムパスワード導出ルールに従って、提示パターン2210に含まれる所定の位置のパターン要素の選択を所定の順番で実施することによって、ワンタイムパスワードとして「2504」を生成・入力する。
検証コードは、入力されたワンタイムパスワードの正当性を検証するためのデータである。検証コードは、クライアントにおいて複数のパターン特定情報に基づいて表示することが可能な複数の提示パターンのそれぞれに対してユーザが自己のワンタイムパスワード導出ルールを適用した結果に一方向関数演算を実施したものである。すなわち、検証コードは、認証を受けようとするユーザに関連付けられた正しいワンタイムパスワード導出ルールが正しい提示パターンに適用された結果である正しいワンタイムパスワードと同じ値に一方向関数演算を実施したものである。従って、検証コードは、その検証コードを生成するために用いられた提示パターンを特定するためのパターン特定情報と関連付けられて、クライアントに記憶される。クライアントにおけるユーザ認証時には、提示された提示パターンに基づいて入力されたワンタイムパスワードに検証コードの生成時に使用したものと同じ一方向関数演算を実施した値と、提示パターンに対応する検証コードとを比較することによって、ワンタイムパスワードの正当性が検証される。ここで、検証コードをハッシュ化していないものとしても、当然にワンタイムパスワードの正当性を検証することはできる。しかし、そのような検証コードは正しいワンタイムパスワードと等しいものであるため、クライアントPCが悪意の第三者に解析された場合には、提示パターンと正しいワンタイムパスワードのペアが複数知られることになってしまい、パスワードであるワンタイムパスワード導出ルールが特定されてしまうという問題がある。検証コードをハッシュ化したものとすることによって、検証コードからは正しいワンタイムパスワードを特定することができなくなるので、クライアントPCが悪意の第三者に解析されたとしても、パスワードであるワンタイムパスワード導出ルールが漏洩することはない。
一方向関数とは、ある入力値に適用した出力値は簡単に計算できるが、その出力値からは元の入力値を求めることは極めて困難な関数のことをいう。ハッシュ関数とは、一方向関数の特徴である一方向性を有し、さらに、元の入力値が異なる場合に出力値が同一になる確率が極めて小さいという衝突耐性を有する関数をいう。ハッシュ関数は、通常、入力値にかかわらず一定範囲の出力値を生成する。一方向関数はハッシュ関数を含む概念であり、一方向関数とハッシュ関数はほぼ同様に使用することができるが、入力値の範囲が大きいなどの理由で、より高い衝突耐性が必要とされる場合には、ハッシュ関数を使用すると好適である。本発明においては、一方向関数に代えてハッシュ関数を使用することは当然に可能であるが、ハッシュ関数に代えて一方向関数を使用することも可能である。
図1は、本発明におけるコンテンツ提示型認証システムの一実施形態のシステム構成を示している。本実施形態におけるコンテンツ提示型認証システム100は、認証サービスをユーザのクライアントに提供するための認証サービス提供サーバ110と、複数のユーザのPC、携帯電話等であるクライアント120-1~120-Nとを備える。認証サービス提供サーバ110とクライアント120とは、ネットワーク130によって接続される。ネットワークはTCP/IPベースのプロトコルで動作するWindowsのドメインネットワークとすることができる。なお、本明細書ではOSとしてWindowsを例示して説明しているが、他のOS、例えば、Mac OS(登録商標)、Linux(登録商標)、Unix(登録商標)などを使用することも可能である。コンテンツ提示型認証システム100はさらに、コンテンツ提供サーバ140及び決済サーバ150とを備えてもよい。コンテンツ提供サーバ140は、クライアント120に提供するためのコンテンツ情報を認証サービス提供サーバ110へ提供する。決済サーバ150は、コンテンツの提供に起因してコンテンツ提供者と認証サービス提供者との間の金銭の授受が生じる場合に、オンラインにて決済するためのサーバである。コンテンツ提供サーバ140及び決済サーバ150は、認証サービス提供サーバ110にネットワーク130によって接続されてもよいし、専用線により直接接続されてもよい。
次に、図2を用いて、コンテンツ提示型認証システム100における認証サービス提供サーバ110及びクライアント120のハードウェア構成を説明する。図1に示されたものと同じものは、図2においても同じ参照番号を用いて記載する。
次に、本発明の第1の実施形態に係るコンテンツ提示型認証システム100の機能ブロックを説明する。図3は、図2に示された認証サービス提供サーバ110及びクライアント120のハードウェア構成において、認証サービス提供サーバ110のCPU200上でユーザ認証支援アプリケーションを動作させ、クライアント120のCPU253上でコンテンツ提示型認証プログラムを動作させることにより実現される本実施形態における認証サービス提供サーバ110及びクライアント120の本実施形態における機能ブロック図を示す。
次に、本発明の第1の実施形態に係るコンテンツ提示型認証システム100の動作を説明する。図4は、本発明に係るコンテンツ提示型認証システムの一実施形態における処理全体を概略的に示す。本実施形態における処理は、まず、ユーザ登録段階(S401)において、ユーザ情報、ユーザ認証用のパスワード情報を認証サービス提供サーバ110に登録する。さらに、コンテンツ登録段階(S402)において、コンテンツ情報を認証サービス提供サーバ110に登録する。次に、コンテンツ付認証情報生成段階(S403)において、登録されたユーザ情報、パスワード情報、及びコンテンツ情報に基づいて、各ユーザIDに対してコンテンツ付認証情報を生成する。そして、コンテンツ付認証情報取得段階(S404)において、コンテンツ付認証情報が認証サービス提供サーバ110からクライアント120へ送信される。そして、コンテンツ提示型ユーザ認証段階(S405)において、認証を受けようとするユーザIDについてのコンテンツ付認証情報に基づいて、強制的にユーザにコンテンツを提示するとともにユーザ認証を行う。さらに、コンテンツ付認証情報再取得段階(S406)において、この認証されたユーザIDについてのクライアント120に記憶された認証情報がすべて選択されたか否か確認し、すべての認証情報が使用された場合、クライアント120は認証サービス提供サーバ110からコンテンツ付認証情報を再度取得する。以下、これらの段階を詳細に説明する。
図5にユーザ登録段階のフローチャートを示す。本実施形態においてユーザ認証は、クライアント120のWindows(登録商標)へのログオン認証とするが、他のOSへのログオン認証、企業のネットワークへのログオン認証等の他のユーザ認証であってもよい。まず、コンテンツ提示型ユーザ認証サービスの使用を希望するユーザは、コンテンツ提示型ユーザ認証プログラムをダウンロードするために、ダウンロード要求送信手段321によってクライアント120から認証サービス提供サーバ110へダウンロード要求を送信する(S501)。本実施形態において、クライアント120からのダウンロード要求の送信は、プログラムダウンロード用に認証サービス提供サーバ110が提供するWebページへのアクセスとする。認証サービス提供サーバ110は、ダウンロード要求受信手段301によりダウンロード要求を受信すると(S502)、年齢及び性別等のユーザの属性を表わすユーザ属性情報の送信をクライアントに要求する(S503)。本実施形態においては、ダウンロード用Webページにおいて、ダウンロードに先立って、ユーザの属性を表わすユーザ属性情報(年齢及び性別)の入力をユーザに要求することにより、ユーザ属性情報要求の送信を行う。クライアント120がユーザ属性情報要求を受信すると(S504)、ユーザは、クライアント120からユーザ属性情報を送信する(S505)。本実施形態においては、ユーザは、キーボード等のユーザインターフェースからこれらの情報をWebページにおいて入力して、認証サービス提供サーバ110へ送信する。認証サービス提供サーバ110は、受信したユーザ属性情報に当該情報の登録年月日を追加するとともに、ユーザIDを割り当てて、ユーザ情報記憶部307に記憶する。本実施形態において、ユーザ情報記憶部307は、図6に示す形態でユーザIDとユーザ属性情報とを関連付けて記憶する。ユーザ属性情報は、生年月日、居住エリア、趣味等を含んでもよいし、年齢、性別及び登録年月日を含まなくともよい。
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Windows組み込みのログオン認証のモジュールは「msgina.dll」というDLLファイルであり、それが前述した「GinaDLL」という名前のキーのデータに設定されている。当該キーのデータを「SmxGina.dll」に書き換えると、本発明に係る認証方法を実施するログオン認証モジュール「SmxGinaDLL」がログオン認証時に呼び出されることになる。
図8にコンテンツデータ登録段階のフローチャートを示す。まず、コンテンツ提供サーバ140が、コンテンツアップロード要求を認証サービス提供サーバ110に送信する(S801)。典型的には、コンテンツは広告、製品サポート情報等のサービス情報及び楽曲や映画のプロモーション用の楽曲や動画等である。また、ニュース、小説、映画、写真、テレビ番組、アニメ、楽曲、ゲーム及びマンガ等とすることもできる。本実施形態においては、このコンテンツ提供サーバ140からのアップロード要求の送信は、コンテンツアップロード用に認証サービス提供サーバ110が提供するWebページへのアクセスとする。認証サービス提供サーバ110は、コンテンツアップロード要求を受信すると(S802)、コンテンツ情報要求を送信する(S803)。本実施形態においては、認証サービス提供サーバ110は、このWebページにおいて、コンテンツ情報の入力を要求することより、コンテンツ情報要求の送信が行われる。コンテンツ情報は、コンテンツを提供するコンテンツ提供者の名称、コンテンツの内容を表わすコンテンツデータ及びコンテンツ関連情報を含む。コンテンツ関連情報は、コンテンツ提示対象ユーザ条件を含む。コンテンツ提示対象ユーザ条件は、コンテンツ提供者がコンテンツを提示したいと希望する性別(男性又は女性)、年代(たとえば、10代~20代)とすることができる。コンテンツ関連情報は、コンテンツの内容に応じたその他の情報を含んでもよい。コンテンツ提供サーバ140は、Webページにおいて、コンテンツ情報を入力して送信することにより、コンテンツ情報の送信を実行する(S805)。認証サービス提供サーバ110は、コンテンツ情報を受信すると(S806)、コンテンツ情報にコンテンツID及びコンテンツ提供者IDを割り当て、コンテンツ情報記憶部308に記憶する(S807)。コンテンツ情報記憶部308は、図9に示す形態で、コンテンツID、コンテンツ提供者ID、及びコンテンツ関連情報を関連付けて記憶する。
図10にコンテンツ付認証情報生成段階のフローチャートを示す。本段階は、複数またはすべてのユーザIDに対して同時に行ってもよいし、一つのユーザIDに対して行ってもよい。本段階は所定のタイミングにおいて開始される。所定のタイミングは、典型的には、新たなユーザIDが登録されたとき、後述するクライアント120から認証情報要求を認証サービス提供サーバ110が受信したとき、後述する認証情報更新手段によって指定されたタイミングである。まず、パターン特定情報発生手段304が、パターン特定情報を所定の発生規則により複数発生させる(S1001)。所定の発生規則は、典型的には、パターン要素列またはパターンシード値として64桁の乱数を発生させて、それをパターン特定情報とすることである。検証コード生成手段305は、各ユーザID及び各ユーザIDのワンタイムパスワード導出ルールをパスワード記憶部306から読み出す(S1002)。そして、検証コード生成手段305は、発生させられた複数のパターン特定情報のそれぞれに基づいて所定の規則によって特定される提示パターンのそれぞれに対して、各ユーザIDのワンタイムパスワード導出ルールを適用した結果に一方向関数演算を実施したものである検証コードを生成する(S1003)。
図12にコンテンツ付認証情報取得段階のフローチャートを示す。本段階において、クライアント120は、ユーザ認証に先立って、複数の認証情報及び複数のコンテンツデータを含むコンテンツ付認証情報を認証サービス提供サーバ110から取得する。クライアント120は、この取得したコンテンツ付認証情報に含まれる複数の認証情報を用いて複数回のユーザ認証を行うことが可能となる。これにより、クライアント120がサーバと接続されていないオフライン状態の場合であっても、すでに取得したコンテンツ付認証情報に含まれる認証情報の数だけの複数回のユーザ認証を行うことができる。以下、本段階について詳細に説明する。
図13にコンテンツ提示型ユーザ認証段階のフローチャートを示す。まず、クライアント120のユーザID入力手段324により、ユーザからユーザIDの入力を受け付ける(S1301)。本実施形態においては、図14に示すWindowsのログオン認証画面A1400をディスプレイに表示することによりユーザIDの入力を促し、ユーザはこのログオン認証画面Aにおいて、ユーザー名フィールドに自己のユーザIDを入力する。Windowsのドメインネットワークへのログオンである場合には、ログオン先フィールドにログオン先のドメインネットワーク名を入力する。
コンテンツ付認証情報に含まれる複数の認証情報は、それぞれ一度だけ使用し、一度使用された認証情報は使用しないことが好ましい。ユーザ認証に際しては毎回異なる認証情報を使用して異なる提示パターンを表示させることにより、総当り攻撃を排除し、より高いセキュリティを提供することができるからである。したがって、一度使用された認証情報を使用しない構成とした場合、クライアント120において取得したコンテンツ付認証情報に含まれる認証情報がすべて使用された場合、または、所定数使用された場合等に、クライアント120は、新たな認証情報を取得するため、新たなコンテンツ付認証情報を再取得する。また、コンテンツ付認証情報を以前に取得してから一定時間経過しているような場合には、コンテンツ付認証情報に含まれるコンテンツが古い情報となっている場合が考えられる。このような場合においても、新たなコンテンツ付認証情報を再取得することが好ましい。
認証サービス提供サーバ110におけるユーザ情報記憶部307、コンテンツ情報記憶部308及び認証情報記憶部310に記憶された情報を所定のタイミングで更新する手段を有してもよい。例えば、ユーザ情報更新手段は、1年に1回、ユーザ情報の登録日時から1年以上経過しているユーザ情報記憶部307におけるユーザ情報の年齢を登録日時からの経過年に応じて更新する。コンテンツ情報更新手段は、コンテンツ情報記憶部308に記憶されたコンテンツが登録から一定期間経過した場合には削除する。また、認証情報更新手段は、所定のタイミングでパターン特定情報発生手段を動作させ、ユーザ情報記憶部307及びコンテンツ情報記憶部308の最新の情報に基づいて、新たなコンテンツ付認証情報を認証情報記憶部310に記憶させる。所定のタイミングは、典型的には、一定間隔ごとや、新たなユーザが登録されたときや、ユーザ情報更新手段やコンテンツ情報更新手段によってそれぞれの情報が更新されたときである。また、ユーザ情報記憶部307、パスワード情報記憶部306及びコンテンツ情報記憶部308に記憶された情報が更新されたタイミングとしてもよい。
次に、本発明に係る第2の実施形態に係るコンテンツ提示型ユーザ認証システムの説明を、第1の実施形態に係るコンテンツ提示型ユーザ認証システムとの相違点を中心に説明する。第1の実施形態と同様の構成及び同様のステップについては、同じ番号により参照する。図16は、図2に示された認証サービス提供サーバ110及びクライアント120のハードウェア構成において、認証サービス提供サーバ110のCPU200上でユーザ認証支援アプリケーションを動作させ、クライアント120のCPU253上でコンテンツ提示型認証プログラムを動作させることにより実現される本実施形態における認証サービス提供サーバ110及びクライアント120の本実施形態における機能ブロック図を示す。
110 認証サービス提供サーバ
120 クライアント
130 ネットワーク
140 コンテンツ提供サーバ
150 決済サーバ
200 CPU
201 RAM
202 ユーザインターフェース
203 外部/ネットワークインターフェース
204 記憶装置
206 プログラム記憶部
207 情報記憶部
250 外部/ネットワークインターフェース
251 ユーザインターフェース
252 RAM
253 CPU
254 記憶装置
256 情報記憶部
301 ダウンロード要求受信手段
302 プログラム送信手段
303 プログラム記憶部
304 パターン特定情報発生手段
305 検証コード生成手段
306 パスワード記憶部
307 ユーザ情報記憶部
308 コンテンツ情報記憶部
309 対象コンテンツ特定手段
310 認証情報記憶部
311 認証情報要求受信手段
312 認証情報送信手段
321 ダウンロード要求送信手段
322 プログラム受信手段
324 ユーザID入力手段
325 認証情報要求送信手段
330 認証情報受信手段
331 認証情報記憶部
332 認証情報選択手段
333 パターン要素列生成手段
334 パターン表示手段
335 ワンタイムパスワード入力手段
336 コンテンツ選択手段
337 コンテンツ提示手段
338 ユーザ認証手段
1400 ログオン認証画面A
1401 コンテンツ提示画面
1402 ログオン認証画面B
1403 提示パターン
1601 対象コンテンツ特定手段
1602 認証情報記憶部
1604 認証情報選択手段
1605 コンテンツ選択手段
1606 コンテンツ提示手段
1801 提示用メモリ
1802 提示用メモリ
1803 提示用メモリ
2100 オフラインユーザ認証システム
2101 オフライン認証支援サーバ
2102a ユーザID
2102b ワンタイムパスワード導出ルール
2151 オフライン認証クライアント
2152 ユーザID入力手段
2156 ワンタイムパスワード入力手段
2165 ユーザ認証手段
2181 ユーザID
2190 パターン要素列
2193 検証コード
2210 提示パターン
2300 キーボード
2310 ワンタイムパスワード
Claims (11)
- 所定パターンに配列した複数のパターン要素を認証を受けるユーザに提示パターンとして提示し、当該提示パターンに含まれる特定の位置のパターン要素に対して適用することによりワンタイムパスワードを生成するためのワンタイムパスワード導出ルールを当該ユーザのパスワードとして使用してユーザ認証を行わせるとともに、前記ユーザ認証に際してユーザに強制的にコンテンツを提示するコンテンツ提示型ユーザ認証を前記クライアントに行わせるためのコンテンツ提示型認証システムであって、
ユーザのユーザID、パスワード、ユーザ認証時に強制的に提示される複数のコンテンツのそれぞれの内容を表わすコンテンツデータ、及び複数のコンテンツのそれぞれのコンテンツIDを管理し、ユーザにコンテンツ付認証情報を提供する認証サービス提供サーバと、
前記コンテンツ提示型ユーザ認証を行わせるためのコンテンツ提示型ユーザ認証プログラム及びプロセッサを有し、前記認証サービス提供サーバとネットワークで接続されるクライアントと、を有し、
前記認証サービス提供サーバは、
ユーザのユーザIDと当該ユーザの属性を表わすユーザ属性情報とを関連付けて予め記憶するユーザ情報記憶部と、
ユーザのユーザIDと当該ユーザのワンタイムパスワード導出ルールとを関連付けて予め記憶するパスワード記憶部と、
前記提示パターンを特定するためのパターン特定情報を所定の発生規則により複数発生するパターン特定情報発生手段と、
前記パターン特定情報発生手段で発生させられた複数の前記パターン特定情報のそれぞれに基づいて特定される前記提示パターンのそれぞれに対して、ユーザIDに関連付けられた前記ワンタイムパスワード導出ルールを適用した結果に一方向関数演算を実施したものである検証コードを生成する検証コード生成手段と、
ユーザ認証時に強制的に提示されるコンテンツのそれぞれに対して、コンテンツのコンテンツID、当該コンテンツの内容を表わすコンテンツデータ、及び当該コンテンツを提示する対象となるユーザの条件を示すコンテンツ提示対象ユーザ条件を含むコンテンツ関連情報を関連付けて記憶するコンテンツ情報記憶部と、
ユーザIDのそれぞれに対して、ユーザIDに関連付けられたユーザ属性情報がコンテンツIDに関連付けられたコンテンツ関連情報に含まれるコンテンツ提示対象ユーザ条件を満たす複数のコンテンツIDを特定する対象コンテンツ特定手段と、
各ユーザIDに関連して生成された検証コードと当該検証コードを生成するために用いられたパターン特定情報とを含む複数の認証情報、及び、各ユーザIDのために特定された複数のコンテンツIDのそれぞれのコンテンツデータを各ユーザIDに関連付けて記憶する認証情報記憶部と、
認証を受けようとするユーザのユーザIDを含む認証情報要求を前記クライアントから前記ネットワークを通じて受信する認証情報要求受信手段と、
前記受信したユーザIDに関連付けられて記憶された複数の認証情報及び複数のコンテンツデータを含む前記コンテンツ付認証情報を前記クライアントに送信するコンテンツ付認証情報送信手段と、
を有し、
前記クライアントにおいて、
ユーザ認証の際に前記コンテンツ提示型ユーザ認証プログラムが前記プロセッサで動作することにより、
ユーザからユーザIDの入力を受け付けるユーザID入力手段と、
入力された前記ユーザIDを含む認証情報要求を前記認証サービス提供サーバに前記ネットワークを通じて送信する認証情報要求送信手段と、
前記ユーザIDに関連付けられて前記認証サービス提供サーバから送信されたコンテンツ付認証情報を前記ネットワークを通じて受信するコンテンツ付認証情報受信手段と、
受信したコンテンツ付認証情報を前記ユーザIDに関連付けて記憶する認証情報記憶手段と、
前記ユーザIDに関連付けられた前記コンテンツ付認証情報に含まれる複数の認証情報から1つの認証情報を選択する認証情報選択手段と、
前記選択された認証情報に含まれるパターン特定情報に基づいて、パターン要素列を生成するパターン要素列生成手段と、
前記パターン要素列に基づいて、提示パターンを生成し、それを画面に表示させるパターン表示手段と、
前記ユーザから、前記提示パターンに含まれるパターン要素に前記ワンタイムパスワード導出ルールを適用した結果であるワンタイムパスワードの入力を受け付けるワンタイムパスワード入力手段と、
入力された前記ワンタイムパスワードに前記一方向関数演算を実施したものと前記選択された認証情報に含まれる検証コードとを比較し、それらが等しい場合に前記ユーザの認証を成功させるユーザ認証手段と、
前記コンテンツ付認証情報に含まれる複数のコンテンツデータから所定の規則にしたがってユーザ認証時に強制的に提示するコンテンツデータを選択するコンテンツ選択手段と、
当該選択されたコンテンツデータに基づいて、ユーザ認証の際に強制的にコンテンツをユーザに提示するコンテンツ提示手段と、
が実現されることを特徴とするコンテンツ提示型認証システム。 - 請求項1に記載のコンテンツ提示型認証システムにおいて、
前記クライアントにおけるコンテンツ提示型ユーザ認証は、前記クライアントに前記コンテンツ提示型ユーザ認証プログラムをインストールすることにより、クライアントのOS組込ユーザ認証プログラムによるユーザ認証に代えて、実行されるものであり、
前記コンテンツ提示型ユーザ認証プログラムをクライアントにインストールするためのインストールプログラムが前記クライアントのプロセッサで動作することにより、前記クライアントにおけるユーザ認証時に前記OS組込認証プログラムに代えて前記コンテンツ提示型ユーザ認証プログラムを起動させるようにOSの設定を変更するインストール手段が実現されることを特徴とするコンテンツ提示型認証システム。 - 請求項2に記載のコンテンツ提示型認証システムにおいて、
前記コンテンツ提示型ユーザ認証プログラムは前記認証サービス提供サーバから前記クライアントにダウンロードされるものであり、
前記認証サービス提供サーバは、
コンテンツ提示型ユーザ認証プログラム及び前記インストールプログラムを記憶するプログラム記憶部と、
前記コンテンツ提示型ユーザ認証プログラム及び前記インストールプログラムのダウンロード要求を前記クライアントから前記ネットワークを通じて受信するダウンロード要求受信手段と、
ダウンロード要求受信手段において前記クライアントからダウンロード要求を受信すると、当該クライアントに前記コンテンツ提示型ユーザ認証プログラム及び前記インストールプログラムを前記ネットワークを通じて送信するプログラム送信手段と、
を有し、
前記クライアントは、
前記コンテンツ提示型ユーザ認証プログラム及び前記インストールプログラムの送信を要求するダウンロード要求を前記ネットワークを通じて前記認証サービス提供サーバへ送信するダウンロード要求送信手段と、
前記認証サービス提供サーバから前記コンテンツ提示型ユーザ認証プログラム及び前記インストールプログラムを受信するプログラム受信手段と、
受信したプログラムを記憶するプログラム記憶部とを含むことを特徴とするコンテンツ提示型認証システム。 - 請求項1から3のいずれか1項に記載のコンテンツ提示型認証システムにおいて、
前記コンテンツは広告であることを特徴とするコンテンツ提示型認証システム。 - 請求項1から4のいずれか1項に記載のコンテンツ提示型認証システムにおいて、
前記認証サービス提供サーバの認証情報記憶部はさらに、ユーザIDに対して特定された複数のコンテンツデータの各々を当該ユーザIDに関連付けて記憶された複数の認証情報のいずれかに関連付けて記憶し、
前記クライアントにおけるコンテンツ選択手段は、ユーザ認証の際に強制的にコンテンツを提示するために、当該ユーザ認証のために選択された認証情報に関連付けられたコンテンツデータを選択することを特徴とするコンテンツ提示型認証システム。 - 請求項1から5のいずれか1項に記載のコンテンツ提示型認証システムにおいて、
前記コンテンツのコンテンツIDに関連付けられたコンテンツ関連情報は、当該コンテンツを一回のユーザ認証処理に際して提示したい回数を示す希望提示回数、当該コンテンツを一回のユーザ認証処理に際して提示したい時間を示す希望提示時間及び当該コンテンツの連続提示を許容するか否かを示す連続提示可否情報の少なくとも1つを含む希望提示条件を含み、
前記対象コンテンツ特定手段はさらに、
前記コンテンツのコンテンツIDに関連付けられたコンテンツ関連情報に含まれる希望提示条件に基づいて、当該コンテンツの一回の提示における提示時間、及び当該コンテンツを連続提示するか否かを示す連続有無情報のうちの少なくともいずれか1つを含むコンテンツ提示属性情報を作成し、当該コンテンツIDに関連付けられるコンテンツデータに当該コンテンツ提示属性情報を関連付けて前記認証情報記憶部に記憶し、
認証サービス提供サーバから前記クライアントへ送信されるコンテンツ付認証情報は前記コンテンツ提示属性情報を含み、
前記コンテンツ提示手段はさらに、
前記前記コンテンツ提示属性情報にしたがって、ユーザ認証の際に強制的にコンテンツをユーザに提示することを特徴とするコンテンツ提示型認証システム。 - 請求項1から6のいずれか1項に記載のコンテンツ提示型認証システムにおいて、
前記クライアントの認証情報選択手段は、当該クライアントの認証情報記憶手段に記憶された認証を受けようとするユーザのユーザIDに関連付けられたコンテンツ付認証情報に含まれるすでに選択された認証情報は選択しないように構成され、
前記クライアントの認証情報選択手段によって、当該クライアントの認証情報記憶手段に記憶された認証を受けようとするユーザのユーザIDに関連付けられたコンテンツ付認証情報に含まれるすべての認証情報が当該ユーザの認証のために選択されると、
前記クライアントの前記認証情報要求送信手段は、前記ネットワークを通じて当該ユーザIDを含む認証情報要求を前記認証サービス提供サーバに送信し、
前記認証サービス提供サーバの認証情報要求受信手段は、当該認証情報要求を前記クライアントから前記ネットワークを通じて受信し、
前記認証サービス提供サーバの前記コンテンツ付認証情報送信手段は、前記受信した認証要求情報に含まれるユーザIDに関連付けられた新たなコンテンツ付認証情報を前記クライアントに送信し、
前記クライアントのコンテンツ付認証情報受信手段が、前記コンテンツ付認証サービス提供サーバから送信された前記認証情報要求に含まれたユーザIDに関連付けられたコンテンツ付認証情報を前記ネットワークを通じて受信し、
前記クライアントのコンテンツ付認証情報記憶部が、前記受信したコンテンツ付認証情報によって、コンテンツ付認証情報を更新するように構成されていることを特徴とするコンテンツ提示型認証システム。 - 請求項1から7のいずれか1項に記載のコンテンツ提示型認証システムにおいて、
前記認証サービス提供サーバはさらに、前記ユーザ情報記憶部に記憶された情報を更新するユーザ情報更新手段、前記認証情報記憶部に記憶された情報を更新する認証情報更新手段及び前記コンテンツ情報記憶部に記憶された情報を更新するコンテンツ情報更新手段の少なくとも一つを有することを特徴とするコンテンツ提示型認証システム。 - 請求項1から8のいずれか1項に記載のコンテンツ提示型認証システムにおいて、
前記認証サービス提供サーバの対象コンテンツデータ特定手段は、所定のタイミングで前記ユーザIDのそれぞれに対して、ユーザIDに関連付けられたユーザ属性情報がコンテンツIDに関連付けられたコンテンツ関連情報に含まれるコンテンツ提示対象ユーザ条件を満たす複数のコンテンツIDを再特定し、
各ユーザIDのために再特定された複数のコンテンツIDのそれぞれのコンテンツデータを各ユーザIDに関連付けて前記認証情報記憶部を更新するように構成されていることを特徴とするコンテンツ提示型認証システム。 - 請求項1から9のいずれか1項に記載のコンテンツ提示型認証システムにおいて、
前記パターン要素列生成手段は、前記パターン特定情報に加えて、ユーザIDにさらに基づいてパターン要素列を生成することを特徴とするコンテンツ提示型認証システム。 - 請求項1から10のいずれか1項に記載のコンテンツ提示型認証システムにおいて、
前記ユーザ属性情報はユーザの年齢及び性別のうちの少なくとも1つを含むことを特徴とするコンテンツ提示型認証システム。
Priority Applications (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
SG2012060182A SG183313A1 (en) | 2010-02-15 | 2010-02-15 | Content presentation-type authentication system |
CN201080066108.0A CN102834831B (zh) | 2010-02-15 | 2010-02-15 | 内容提示型认证系统 |
PCT/JP2010/052185 WO2011099161A1 (ja) | 2010-02-15 | 2010-02-15 | コンテンツ提示型認証システム |
JP2010541603A JP4654329B1 (ja) | 2010-02-15 | 2010-02-15 | コンテンツ提示型認証システム |
US12/982,263 US8209746B2 (en) | 2010-02-15 | 2010-12-30 | Content presentation-type authentication system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2010/052185 WO2011099161A1 (ja) | 2010-02-15 | 2010-02-15 | コンテンツ提示型認証システム |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US12/982,263 Continuation US8209746B2 (en) | 2010-02-15 | 2010-12-30 | Content presentation-type authentication system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2011099161A1 true WO2011099161A1 (ja) | 2011-08-18 |
Family
ID=43952752
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/052185 WO2011099161A1 (ja) | 2010-02-15 | 2010-02-15 | コンテンツ提示型認証システム |
Country Status (5)
Country | Link |
---|---|
US (1) | US8209746B2 (ja) |
JP (1) | JP4654329B1 (ja) |
CN (1) | CN102834831B (ja) |
SG (1) | SG183313A1 (ja) |
WO (1) | WO2011099161A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019505941A (ja) * | 2016-01-29 | 2019-02-28 | ダーリアン マジック イメージ テクノロジー カンパニー リミテッド | ワンタイム動的位置認証方法及びシステム並びにワンタイム動的パスワード変更方法 |
US10659452B2 (en) | 2016-01-29 | 2020-05-19 | Dalian Magic Image Technology Co., Ltd. | Dynamic graphical password-based network registration method and system |
Families Citing this family (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110320813A1 (en) * | 2009-03-10 | 2011-12-29 | Junko Suginaka | Network system and authentication method thereof |
KR101516096B1 (ko) * | 2010-08-31 | 2015-04-29 | 히데하루 오가와 | 통신 장치, 리마인더 장치 및 정보 기록 매체 |
CN102804200B (zh) * | 2010-10-05 | 2015-04-01 | 株式会社希爱思异 | 双因素用户认证系统及其方法 |
CN102804201B (zh) | 2010-10-05 | 2016-01-20 | 株式会社希爱思异 | 离线双因素用户认证系统、其方法及其程序 |
GB201109311D0 (en) * | 2011-06-03 | 2011-07-20 | Avimir Ip Ltd | Method and computer program for providing authentication to control access to a computer system |
WO2013020219A1 (en) * | 2011-08-10 | 2013-02-14 | Silas Gregory Robert | System and method for relevant business networking based in controlled relevancy groups, responsibilities and measured performance. |
US8650627B2 (en) * | 2011-12-28 | 2014-02-11 | Tata Consultancy Services Ltd. | Computer implemented system and method for providing challenge-response solutions to authenticate a user |
US20130182576A1 (en) * | 2012-01-13 | 2013-07-18 | Qualcomm Incorporated | Context-aware mobile computing for automatic environment detection and re-establishment |
JP5998849B2 (ja) * | 2012-01-18 | 2016-09-28 | 株式会社リコー | 電子機器、情報処理システム、情報管理装置、情報処理方法、及び情報処理プログラム |
US9648490B2 (en) | 2012-03-01 | 2017-05-09 | Qualcomm Incorporated | Context-aware mobile computing for automatic environment detection and re-establishment |
US9524746B2 (en) * | 2012-03-20 | 2016-12-20 | Panasonic Corporation | Server device, playback device and content distribution system |
SG194267A1 (en) * | 2012-05-03 | 2013-11-29 | C3S Pte Ltd | Method and system for protecting a password during an authentication process |
US8875252B2 (en) | 2012-06-07 | 2014-10-28 | Wells Fargo Bank, N.A. | Dynamic authentication in alternate operating environment |
US8694791B1 (en) | 2012-10-15 | 2014-04-08 | Google Inc. | Transitioning between access states of a computing device |
US9129100B2 (en) * | 2012-12-13 | 2015-09-08 | Huawei Technologies Co., Ltd. | Verification code generation and verification method and apparatus |
US9749321B2 (en) * | 2013-01-22 | 2017-08-29 | Prolifiq Software Inc. | System for multi-point publication syndication |
EP3828742B1 (en) * | 2013-05-23 | 2024-02-14 | Passlogy Co., Ltd. | User authentication method, system for implementing the same, and information communication terminal used in the same |
US20150007292A1 (en) * | 2013-07-01 | 2015-01-01 | International Business Machines Corporation | User authentication utilizing patterns |
CN103763101B (zh) * | 2013-10-18 | 2017-08-25 | 北京奇虎科技有限公司 | 一种用户登录验证的方法、装置及系统 |
WO2016038665A1 (ja) | 2014-09-08 | 2016-03-17 | パスロジ株式会社 | 認証システム、ならびに、リマインダ端末 |
JP6566644B2 (ja) * | 2015-01-20 | 2019-08-28 | Line株式会社 | 認証サーバ装置、プログラム、認証方法及び認証システム |
CN104639563A (zh) * | 2015-03-02 | 2015-05-20 | 利诚服装集团股份有限公司 | 一种数据安全处理方法及装置 |
JP2016170721A (ja) * | 2015-03-13 | 2016-09-23 | 株式会社リコー | 画像処理装置、認証方法及び認証プログラム |
US9569606B2 (en) | 2015-06-08 | 2017-02-14 | International Business Machines Corporation | Verification of a pattern based passcode |
CN105100845A (zh) * | 2015-08-18 | 2015-11-25 | 京东方科技集团股份有限公司 | 一种电视节目播放方法及装置 |
CN106656913A (zh) * | 2015-10-28 | 2017-05-10 | 珠海金山办公软件有限公司 | 一种数字验证码的生成方法及装置 |
JP6703890B2 (ja) * | 2016-04-27 | 2020-06-03 | シャープ株式会社 | コンテンツ配信装置、コンテンツ配信システム及びプログラム |
US10235532B2 (en) * | 2016-09-23 | 2019-03-19 | Harman International Industries, Incorporated | Device access control |
US10122706B2 (en) * | 2016-10-27 | 2018-11-06 | Ca, Inc. | Authenticating identity for password changes |
US11068567B2 (en) * | 2017-06-04 | 2021-07-20 | Harsha Ramalingam | Self-owned authentication and identity framework |
JP7143603B2 (ja) * | 2018-03-22 | 2022-09-29 | 富士フイルムビジネスイノベーション株式会社 | 情報処理システム、情報処理装置及びプログラム |
US11853102B2 (en) | 2018-12-25 | 2023-12-26 | Passlogy Co., Ltd. | Remote control system, remote control method, and non-transitory information recording medium |
JP2021124808A (ja) | 2020-02-03 | 2021-08-30 | 富士フイルムビジネスイノベーション株式会社 | 情報処理装置及び情報処理プログラム |
CN112788021B (zh) * | 2020-12-31 | 2023-02-03 | 深圳市福森环境科技有限公司 | 一种身份验证方法基于云数据的数字化城市管理数据共享系统 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001265810A (ja) * | 2000-03-17 | 2001-09-28 | Nippon Telegraph & Telephone West Corp | 属性別広告提示方法および装置 |
JP2001306520A (ja) * | 2000-04-27 | 2001-11-02 | Hideji Ogawa | 広告表示可能なサービス提供システム、セキュアプロバイダ装置、サービス提供装置、セキュアプロバイダ方法、サービス提供方法、ならびに、情報記録媒体 |
JP2004227108A (ja) * | 2003-01-20 | 2004-08-12 | Katsuyoshi Nagashima | 広告付き番組配信サーバ及びネットワーク広告登録方法 |
JP2007178625A (ja) * | 2005-12-27 | 2007-07-12 | Security Electronics Kk | ネットワーク広告表示システム |
JP2007272364A (ja) * | 2006-03-30 | 2007-10-18 | Cse:Kk | オフラインユーザ認証システム、その方法、およびそのプログラム |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DK1475721T3 (da) | 2002-02-13 | 2013-05-27 | Passlogy Co Ltd | Brugerautentificeringsfremgangsmåde og brugerautentificeringssystem |
US7849323B2 (en) * | 2005-11-09 | 2010-12-07 | Emc Corporation | Password presentation for multimedia devices |
JP3939736B1 (ja) * | 2006-03-27 | 2007-07-04 | 株式会社シー・エス・イー | ユーザ認証システム、およびその方法 |
CN101132404A (zh) * | 2007-09-14 | 2008-02-27 | 腾讯科技(深圳)有限公司 | 一种网页内容分级显示系统及方法 |
-
2010
- 2010-02-15 CN CN201080066108.0A patent/CN102834831B/zh active Active
- 2010-02-15 JP JP2010541603A patent/JP4654329B1/ja active Active
- 2010-02-15 SG SG2012060182A patent/SG183313A1/en unknown
- 2010-02-15 WO PCT/JP2010/052185 patent/WO2011099161A1/ja active Application Filing
- 2010-12-30 US US12/982,263 patent/US8209746B2/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001265810A (ja) * | 2000-03-17 | 2001-09-28 | Nippon Telegraph & Telephone West Corp | 属性別広告提示方法および装置 |
JP2001306520A (ja) * | 2000-04-27 | 2001-11-02 | Hideji Ogawa | 広告表示可能なサービス提供システム、セキュアプロバイダ装置、サービス提供装置、セキュアプロバイダ方法、サービス提供方法、ならびに、情報記録媒体 |
JP2004227108A (ja) * | 2003-01-20 | 2004-08-12 | Katsuyoshi Nagashima | 広告付き番組配信サーバ及びネットワーク広告登録方法 |
JP2007178625A (ja) * | 2005-12-27 | 2007-07-12 | Security Electronics Kk | ネットワーク広告表示システム |
JP2007272364A (ja) * | 2006-03-30 | 2007-10-18 | Cse:Kk | オフラインユーザ認証システム、その方法、およびそのプログラム |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2019505941A (ja) * | 2016-01-29 | 2019-02-28 | ダーリアン マジック イメージ テクノロジー カンパニー リミテッド | ワンタイム動的位置認証方法及びシステム並びにワンタイム動的パスワード変更方法 |
US10659452B2 (en) | 2016-01-29 | 2020-05-19 | Dalian Magic Image Technology Co., Ltd. | Dynamic graphical password-based network registration method and system |
US11233786B2 (en) | 2016-01-29 | 2022-01-25 | Dalian Magic Image Technology Co., Ltd. | One-time dynamic positioning authentication method and system and password alteration method |
Also Published As
Publication number | Publication date |
---|---|
CN102834831B (zh) | 2015-07-29 |
US8209746B2 (en) | 2012-06-26 |
US20110202981A1 (en) | 2011-08-18 |
JP4654329B1 (ja) | 2011-03-16 |
CN102834831A (zh) | 2012-12-19 |
SG183313A1 (en) | 2012-09-27 |
JPWO2011099161A1 (ja) | 2013-06-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4654329B1 (ja) | コンテンツ提示型認証システム | |
US11178121B2 (en) | Secure software updates | |
JP3939736B1 (ja) | ユーザ認証システム、およびその方法 | |
EP2657871B1 (en) | Secure configuration of mobile application | |
KR100786551B1 (ko) | 복수 개의 방식에 의한 일회용 비밀번호의 사용자 등록,인증 방법 및 그러한 방법을 수행하는 프로그램이 기록된컴퓨터 판독 가능 기록 매체 | |
US9148415B2 (en) | Method and system for accessing e-book data | |
US10425404B2 (en) | Authentication system, reminder terminal, and information recording medium | |
CN110574350B (zh) | 执行优先生成第二因素认证的方法和系统 | |
US9331995B2 (en) | Secure configuration of mobile application | |
JP2007272364A (ja) | オフラインユーザ認証システム、その方法、およびそのプログラム | |
JPWO2019239591A1 (ja) | 認証システム、認証方法、アプリケーション提供装置、認証装置、及び認証用プログラム | |
US9998288B2 (en) | Management of secret data items used for server authentication | |
US20080172750A1 (en) | Self validation of user authentication requests | |
US10218505B1 (en) | Server based settings for client software with asymmetric signing | |
KR102026279B1 (ko) | 애플리케이션을 관리하는 방법 | |
US20150074415A1 (en) | Image Verification By An Electronic Device | |
JP5480122B2 (ja) | コンテンツ提示型認証システム | |
US20150333909A1 (en) | Information processing system and information processing method | |
JPWO2017029708A1 (ja) | 個人認証システム | |
EP3855325A1 (en) | User authentication system, user authentication server, and user authentication method | |
JP7200776B2 (ja) | 情報処理システム及びプログラム | |
JP5156064B2 (ja) | 個人特定id管理システム | |
JP2009003700A (ja) | アプリケーション所定処理許可プログラム | |
JP2007065789A (ja) | 認証システム及び方法 | |
JP6364957B2 (ja) | 情報処理システム、情報処理方法、及びプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 201080066108.0 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010541603 Country of ref document: JP |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10845755 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 7894/CHENP/2012 Country of ref document: IN |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10845755 Country of ref document: EP Kind code of ref document: A1 |