WO2015166913A9 - サーバシステム、通信システム、通信端末装置、プログラム、記録媒体及び通信方法 - Google Patents
サーバシステム、通信システム、通信端末装置、プログラム、記録媒体及び通信方法 Download PDFInfo
- Publication number
- WO2015166913A9 WO2015166913A9 PCT/JP2015/062704 JP2015062704W WO2015166913A9 WO 2015166913 A9 WO2015166913 A9 WO 2015166913A9 JP 2015062704 W JP2015062704 W JP 2015062704W WO 2015166913 A9 WO2015166913 A9 WO 2015166913A9
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- user
- input
- communication terminal
- terminal device
- server system
- Prior art date
Links
- 238000004891 communication Methods 0.000 title claims abstract description 159
- 238000000034 method Methods 0.000 title claims description 62
- 238000012545 processing Methods 0.000 claims description 54
- 230000008569 process Effects 0.000 claims description 44
- 238000009826 distribution Methods 0.000 claims description 19
- 238000000605 extraction Methods 0.000 claims description 17
- 238000012937 correction Methods 0.000 claims description 15
- 239000000284 extract Substances 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 6
- 230000015654 memory Effects 0.000 claims description 6
- 230000004044 response Effects 0.000 claims description 4
- 238000013461 design Methods 0.000 claims 2
- 239000011159 matrix material Substances 0.000 abstract description 10
- 238000007726 management method Methods 0.000 description 49
- 238000013523 data management Methods 0.000 description 12
- 238000012986 modification Methods 0.000 description 10
- 230000004048 modification Effects 0.000 description 10
- 238000003860 storage Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 238000012546 transfer Methods 0.000 description 8
- 238000012790 confirmation Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000005401 electroluminescence Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 239000000203 mixture Substances 0.000 description 2
- KQRXEQGYUDDPNW-QXRSSOOUSA-N (e)-but-2-enedioic acid;(2s,4r,5r,8r,9s,10s,11r,12r)-5-ethyl-9-[(2r,4r,5s,6s)-5-hydroxy-4-methoxy-4,6-dimethyloxan-2-yl]oxy-11-[(2s,3r,4s,6r)-3-hydroxy-6-methyl-4-[methyl(propan-2-yl)amino]oxan-2-yl]oxy-4-methoxy-2,4,8,10,12,14-hexamethyl-6,15-dioxabicycl Chemical compound OC(=O)\C=C\C(O)=O.O([C@@H]1[C@@H](C)C(=O)O[C@@H]([C@@](C(=O)[C@@H](C)C2=C(C)C[C@](O2)(C)[C@H](O[C@H]2[C@@H]([C@H](C[C@@H](C)O2)N(C)C(C)C)O)[C@H]1C)(C)OC)CC)[C@H]1C[C@@](C)(OC)[C@@H](O)[C@H](C)O1.O([C@@H]1[C@@H](C)C(=O)O[C@@H]([C@@](C(=O)[C@@H](C)C2=C(C)C[C@](O2)(C)[C@H](O[C@H]2[C@@H]([C@H](C[C@@H](C)O2)N(C)C(C)C)O)[C@H]1C)(C)OC)CC)[C@H]1C[C@@](C)(OC)[C@@H](O)[C@H](C)O1 KQRXEQGYUDDPNW-QXRSSOOUSA-N 0.000 description 1
- FUHMZYWBSHTEDZ-UHFFFAOYSA-M bispyribac-sodium Chemical compound [Na+].COC1=CC(OC)=NC(OC=2C(=C(OC=3N=C(OC)C=C(OC)N=3)C=CC=2)C([O-])=O)=N1 FUHMZYWBSHTEDZ-UHFFFAOYSA-M 0.000 description 1
- 230000007423 decrease Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 239000004973 liquid crystal related substance Substances 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000002250 progressing effect Effects 0.000 description 1
- ADTDNFFHPRZSOT-PVFUSPOPSA-N ram-330 Chemical compound C([C@H]1N(CC2)C)C3=CC=C(OC)C(OC)=C3[C@]32[C@@]1(O)CC[C@@H](OC(=O)OCC)C3 ADTDNFFHPRZSOT-PVFUSPOPSA-N 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000007704 transition Effects 0.000 description 1
- 210000003462 vein Anatomy 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/409—Device specific authentication in transaction processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/50—Information retrieval; Database structures therefor; File system structures therefor of still image data
- G06F16/58—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
- G06F16/5866—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using information manually generated, e.g. tags, keywords, comments, manually generated location and time information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/36—User authentication by graphic or iconic representation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/32—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
- G06Q20/322—Aspects of commerce using mobile devices [M-devices]
- G06Q20/3223—Realising banking transactions through M-devices
-
- G—PHYSICS
- G09—EDUCATION; CRYPTOGRAPHY; DISPLAY; ADVERTISING; SEALS
- G09C—CIPHERING OR DECIPHERING APPARATUS FOR CRYPTOGRAPHIC OR OTHER PURPOSES INVOLVING THE NEED FOR SECRECY
- G09C1/00—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system
- G09C1/02—Apparatus or methods whereby a given sequence of signs, e.g. an intelligible text, is transformed into an unintelligible sequence of signs by transposing the signs or groups of signs or by replacing them by others according to a predetermined system by using a ciphering code in chart form
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/107—License processing; Key processing
- G06F21/1078—Logging; Metering
Definitions
- a cryptographic token issued by a financial institution is generated in addition to a system that performs user authentication using a unique random number table for each user issued by a financial institution.
- a system for authenticating a user using a one-time password has been put into practical use.
- the present invention has been made to solve the above-described problems, and an object of the present invention is to provide a server system or the like that can improve security at the time of providing various services and prevent unauthorized use. .
- the server system of the present invention Receiving means for receiving data from a communication terminal device connected via a network; Table data predetermined for each user of the communication terminal device, corresponding to input target characters input at the communication terminal device and shapes assigned in advance to each of the input target characters Control means for controlling recording means in which attached table data is recorded in association with identification information for identifying the user; A data specifying means for specifying table data corresponding to the user when a given request designating the user is received from the communication terminal device by the receiving means; Extraction means for extracting the figure corresponding to the input target character to be specified by the user based on the specified table data; Generate input data that is associated with each of the extracted shapes and includes sign information used when the corresponding shape is displayed on the corresponding communication terminal device, and the generated input data is A distribution means for distributing to the communication terminal device; An acquisition means for acquiring, from the communication terminal device, the sign information corresponding to the shape input by a user when the shape is displayed on the communication terminal device based on the distributed
- the server system of the present invention uses a figure when inputting the input target character by the user, it is specified by account information (account number or remittance amount), authentication information (login information) or other user.
- account information account number or remittance amount
- authentication information login information
- the information to be specified can be specified without directly inputting the information to be input by an input device such as a keyboard.
- the server system inputs all of the information described in a random number table or the like issued to the user in advance at the phishing site at once, such as information related to security caused by user's carelessness (for example, Password) leakage and transfer of information to a third party who logs in illegally can be prevented.
- information related to security caused by user's carelessness for example, Password
- the server system of the present invention uses sign information such as a display position of a figure for data communication between the communication terminal device and the server system, and does not use a character to be input or a figure that identifies it. It is possible to prevent information that should be specified by the user between the communication terminal device and the server system from being stolen or tampered with by a third party.
- the server system of the present invention can effectively prevent unauthorized login and man-in-the-middle attacks by third parties to services provided to users.
- the server system of the present invention can prevent leakage of information related to security, unauthorized use, and man-in-the-middle attacks, and can improve security when providing various services such as Internet bank services.
- the communication terminal device of the present invention A communication terminal device that is connected to a server system that executes various processes via a network, and that provides various services to a user while exchanging data with the server system.
- Table data predetermined for each user, a part of the table data in which the input target character input by the user and the figure assigned in advance to each of the input target character are associated with each other,
- An acquisition means for acquiring from the server system together with control information for controlling at least a display position for displaying each figure on the display means; Accepting means for accepting a user input operation according to an image displayed based on the acquired table data;
- a specifying means for specifying a display position corresponding to the figure designated by the user in response to the input operation; Transmitting means for transmitting information indicating a display position corresponding to the identified figure to the server system; It has the composition provided with.
- the communication terminal device of the present invention uses a figure when the user inputs an input target character, so that it is specified by account information (account number or remittance amount), authentication information (login information), or other user.
- account information account number or remittance amount
- authentication information login information
- the information to be specified can be specified without directly inputting the information to be input by an input device such as a keyboard.
- the server system inputs all of the information described in a random number table or the like issued to the user in advance at the phishing site at once, such as information related to security caused by user's carelessness (for example, Password) leakage and transfer of information to a third party who logs in illegally can be prevented.
- information related to security caused by user's carelessness for example, Password
- the server system of the present invention uses sign information such as a display position of a figure for data communication between the communication terminal device and the server system, and does not use a character to be input or a figure that identifies it. It is possible to prevent information that should be specified by the user between the communication terminal device and the server system from being stolen or tampered with by a third party.
- the server system of the present invention can effectively prevent unauthorized login and man-in-the-middle attacks by third parties to services provided to users.
- the server system of the present invention can prevent leakage of information related to security, unauthorized use, and man-in-the-middle attacks, and can improve security when providing various services such as Internet bank services.
- the storage medium of the present invention provides: When a user uses a communication terminal device to access a server system that provides various services, a memory is formed so that a figure for specifying an input target character input by the user in the server system is visible.
- a medium A plurality of different input target characters in one row or one column; A plurality of different shapes for each input target character; Has a table formed by a plurality of rows and a plurality of columns arranged, Each figure has a configuration that cannot be converted by a character code used at the time of user's operation input based on an input device used for inputting predetermined information by the user.
- the storage medium of the present invention is, for example, a symbol (such as a still image including a photograph, a moving image, or a handwritten character) that cannot directly estimate the input target character (for example, a figure, a pattern, or a figure) Since a random number table is formed in which a character code that is not convertible by a character code used at the time of a user's operation input based on an input device used for inputting predetermined information by a user is formed, input target characters Can be specified without using the input target character.
- a symbol such as a still image including a photograph, a moving image, or a handwritten character
- the input target character for example, a figure, a pattern, or a figure
- the storage medium according to the present invention can provide information related to security (for example, passwords) caused by user's carelessness, such as inputting all the information described in a random number table issued to the user in advance at the phishing site. ) Leakage and the transfer of information to a third party who logs in illegally.
- security for example, passwords
- the storage medium of the present invention can use sign information such as a display position of a figure for data communication between the communication terminal device and the server system without using an input target character or a figure for specifying the character. Therefore, it is possible to prevent information that should be specified by the user between the communication terminal device and the server system from being stolen or falsified by a third party.
- the storage medium of the present invention can effectively prevent unauthorized login and man-in-the-middle attacks by third parties to services provided to users.
- the storage medium of the present invention can prevent security information leakage, unauthorized use, and man-in-the-middle attacks, and can improve security when providing various services such as Internet bank services.
- the server system and the like according to the present invention can prevent leakage of information related to security, illegal use, and man-in-the-middle attacks, and can improve security when providing various services such as Internet bank services.
- FIG. 1 is a system configuration diagram showing a system configuration in an embodiment of a network system according to the present invention. It is a figure for demonstrating the technique of the illegal attack which has been a problem conventionally. It is a figure which shows an example of the random number table
- a communication terminal device used by a user that is, an account opener who receives a bank service (hereinafter referred to as “Internet bank service”) via the Internet
- Internet bank service a bank service
- a server system that is, a server system program, a communication terminal device, a communication terminal program, a storage medium according to the present invention
- FIG. 1 is a diagram showing a system configuration of the network system 1 of the present embodiment
- FIG. 2 is a diagram for explaining an attack by a malicious third party that has conventionally occurred in the Internet bank service. .
- the network system 1 of the present embodiment has a configuration for individually providing Internet bank services to each user, and can prevent leakage of information related to security, unauthorized use, and man-in-the-middle attacks.
- a given random number table RMT the input target characters necessary for executing various processes in the Internet bank service such as information on the remittance destination such as the account and the remittance bank or the amount of remittance are specified, This is a system that can improve the security of Internet bank services.
- the network system 1 of the present embodiment is managed and operated by a plurality of communication terminal devices 10 owned by each user and each financial institution, and the communication terminal device 10 via the network 20. And a plurality of financial institution server devices 30 that execute remittance processing for remittance to a third party account and other settlement processing.
- the network system 1 uses, as a given random number table RMT, numerals, alphabets, hiragana, katakana, kanji, and other input target characters (for example, an input device such as a keyboard) to be specified by a specific user. Characters that can generally be input by the user) and the shapes (ie, still images, moving images, or handwritten characters including photographs) that cannot be directly estimated from the input target character (ie, by the user)
- the random number table RMT in which the character code used when inputting the user's operation based on the input device used for inputting predetermined information is associated with the random number table RMT, the Internet bank service described above is used. It is possible to improve security. .
- the financial institution A for withdrawal
- the financial institution B for deposit
- the remittance instruction from the terminal device based on the user's instruction.
- the following types of attacks and scams are rampant, and damage such as illegal remittance and wire fraud frequently occur.
- Type 1 ([1] in FIG. 2)
- a terminal device such as a personal computer used by the user is infected with malware such as a key logger by some method, and input information such as a password (hereinafter also referred to as “PW”) input by the user is fraudulent.
- PW a password
- Type to do In this case, illegally logged in to the server device of financial institution A (for withdrawal) using an illegally exploited password, etc., impersonating a legitimate user, instructing remittance, a malicious third party account, etc. Unauthorized remittance processing is executed for unauthorized remittance to the server device of the financial institution C (unauthorized remittance destination).
- Type 2 ([2] in FIG. 2)
- a malicious third party uses a random number generator, etc., to carry out an attack that sends all combinations of numbers and English letters to the server device of financial institution A (for withdrawals). The type that takes over your account.
- the server device of the financial institution A (for withdrawal) pretends to be a legitimate user and sends a remittance instruction to the server device of the financial institution C (illegal remittance destination) such as a malicious third party account. Execute unauthorized money transfer processing to send money illegally.
- Type 3 ([3] in FIG. 2) A man-in-the-middle attack type in which information transmitted from a user terminal device to a server device of a financial institution is falsified on the network, and the deposit destination, amount, etc. are changed to deposit to a deposit destination different from the original deposit destination.
- a remittance instruction is issued from a terminal device to a financial institution A (for withdrawal) server device to a financial institution B (for withdrawal) server device based on a user instruction
- the transmission instruction is analyzed.
- the instruction is tampered with an instruction to transmit the instruction to the server device of the financial institution C (illegal remittance destination), and the illegal remittance processing to the illegal remittance destination is executed.
- the remittance result from the server device (for deposit) is disguised, and notification is made of the completion of remittance from the server device of financial institution A (for withdrawal).
- Type 3 ([4] in FIG. 2)
- the URL of a site different from the original service providing site (that is, a phishing site) is transmitted to the user's terminal device by e-mail or the like, and the user is guided to the phishing site, and a password, a random number table, etc. on the phishing site
- a phishing type that inputs various types of information and scams them ([4] in FIG. 2).
- a method using a client certificate (A) A method using a client certificate, (B) Using a cryptographic token that generates a one-time password, (C) Specific methods (subscriber number, manufacturing number, etc.) in the user's terminal device and a method of authenticating with biometric information such as fingerprints and veins.
- the client certificate is easily hijacked, it is not an effective attack prevention means, and the certificate type differs depending on the country, so it cannot be used for international commercial transactions.
- a cryptographic token when used, a large amount of cost is required for manufacturing a dedicated device for the cryptographic token.
- the unique information of the user's terminal device may be extracted by malware, it is often impossible to ensure effectiveness as a method for preventing attacks.
- biometric information is used, the spread of such devices due to the high cost due to the introduction of these devices, the decline in convenience such as the inability to easily input information, or the difficulty in obtaining accurate ecological information Is not progressing.
- a random number table (a table in which numbers are randomly arranged in a matrix) is separately issued for each user by a financial institution.
- a method of performing identity verification by performing input using a random number table RMT is also issued.
- the content of information transmitted from the user to the financial institution is expressed by a character code that can be specified by another general terminal device such as an ASCII code. Therefore, a malicious third party can easily specify a character string expressed by transmitted / received information, and it is difficult to prevent a man-in-the-middle attack that falsifies and disguises information during communication.
- the network system 1 of the present embodiment is (1) Random number table RMT issued for each user in advance in a financial institution, and input target characters such as numbers and alphabets as illustrated in FIG. 3 and the input target characters such as symbols, photos, figures, or patterns And a random number table RMT in which a figure that cannot be directly estimated is associated with (2) Random number table data in which a random number table RMT for each user is converted into data and a user ID for identifying the corresponding user are associated and managed, (3) Data for displaying a plurality of figures including a figure corresponding to the input target character to a corresponding user based on random number table data corresponding to each user when the user uses the Internet bank service.
- the input target character to be specified is communicated as the sign information by using the random number table RMT as described above, and the input target character cannot be specified by a third party during the communication.
- the financial institution server device 30 has a configuration capable of specifying an input target character to be specified by each user.
- the communication terminal device 10 is a communication terminal device such as a personal computer (PC) or a smartphone used by a user, and is connected to the network 20 directly or via the base station BS, and is a financial institution. Data communication with the server device 30 is performed.
- PC personal computer
- the server device 30 Data communication with the server device 30 is performed.
- the communication terminal apparatus 10 acquires resource data described in a markup language such as XML (extensible Markup Language) based on the URL in accordance with an input operation by a user or the like, and based on the resource data, It has a browsing function for image display and data communication.
- a markup language such as XML (extensible Markup Language)
- the communication terminal device 10 uses the browsing function to log in to the financial institution server device 30 at the time of using the Internet bank service, obtains input data, and indicates the sign in the figure input based on the random number table RMT. Information is transmitted to the financial institution server device 30.
- the financial institution server device 30 is a computer system managed and operated by each financial institution, has various databases (hereinafter referred to as “DB”), and executes various processes for providing an Internet bank service. To do.
- DB databases
- the financial institution server device 30 of the present embodiment (A) At the time of providing the Internet bank service, the input data is generated based on the random number table data corresponding to the random number table RMT issued for each user while specifying the user in cooperation with the communication terminal device 10. An input data distribution process for distributing the generated input data to the communication terminal device 10; (B) Input target character specification for receiving sign information input by the user based on the input data and random number table RMT transmitted from the communication terminal device 10 and specifying the input target character based on the received sign information Processing, (C) a service process for executing a predetermined Internet bank service based on the specified input target character; It is possible to execute the configuration.
- the financial institution server device 30 of the present embodiment (1) Random number table data predetermined for each user of the communication terminal device 10, and an input target character input by the communication terminal device 10 and a shape assigned in advance to each of the input target characters And the random number table data in association with each other, controls a database recorded in association with identification information (ie, user ID) for identifying the user, (2) When a given request (for example, a request for payment processing) specifying a user is received from the communication terminal device 10, the random number table data corresponding to the user is specified, (3) Based on the specified random number table data, extract a figure corresponding to the input target character to be specified by the user, (4) Generate input data including sign information associated with each extracted figure and used when the corresponding figure is displayed on the corresponding communication terminal device 10, and the generated input data Is distributed to the communication terminal device 10, (5) When a figure is displayed on the communication terminal apparatus 10 based on the distributed input data, the sign information corresponding to the figure input by the user is acquired from the communication terminal apparatus 10; (6) Based on the acquired
- the network system 1 is caused by the carelessness of the user, such as inputting all of the information described in the random number table RMT issued to the user in advance at the phishing site. It is possible to prevent leakage of information related to security (for example, password) and transfer of information to a third party who logs in illegally.
- security for example, password
- the network system 1 can effectively prevent unauthorized logins and man-in-the-middle attacks by third parties to services provided to users.
- the network system 1 of the present embodiment can prevent leakage of information related to security, unauthorized use, and man-in-the-middle attacks, and can improve security when providing various services such as Internet bank services. .
- the input data includes (1) Image data for selecting each figure in the communication terminal device 10; (2) position information indicating a display position when the image data is displayed on the communication terminal device 10, and (3) Display control data for displaying image data of each shape at each display position is included.
- the plurality of shapes to be selected by the user used when generating the input data include all the shapes corresponding to the input target characters that may be input.
- the description a case where all the shapes corresponding to the input target characters that may be input are included in the shapes used when generating the input data will be described.
- the generated input data does not include image data corresponding to the target input character, it should be specified by performing a predetermined process such as reissuing the input data.
- Image data having a number of (N + 1) figures may be used for the number N of input target characters.
- the sign information is described using display position information when displayed on the communication terminal device 10 in each shape.
- each shape is accompanied by, for example, a matrix in the communication terminal device 10.
- it may be information for specifying each figure selected by the user, such as information on row numbers and column numbers.
- FIG. 3 is a diagram illustrating an example of a random number table RMT used in the present embodiment.
- the input character to be input by the user is input to the financial institution server device 30.
- a plurality of different input target characters and different shapes for each input target character arranged in one row or one column. It has a table formed by rows and a plurality of columns, and each shape has a shape that cannot be converted by a character code used at the time of user operation input based on an input device used to input predetermined information by the user. is doing.
- the random number table RMT of the present embodiment includes a plurality of lines (ie, 6 lines) in which numbers “0” to “9” are arranged in a line as input target characters in the first line.
- Random number table that is, a 6-by-10 matrix random number table RMT having different shapes (ie, 10 symbols, figures, or pictures) assigned to each number as an input target character. 1), and the arrangement of the shapes is different for each row.
- the random number table RMT of this embodiment is printed on the back side of a cash card (made of plastic) issued to the user by a financial institution, or provided to the user, or printed on a dedicated PIN card (made of plastic or paper). Provided to the user.
- the random number table RMT may provide a personal identification card electronically.
- the personal identification card may be configured with electronic paper and configured to be visible with electronic ink, or may be configured to be displayed with a personal computer or a smartphone.
- the cost for issuing the random number table RMT can be suppressed, so that the spread of the random number table RMT can be promoted.
- FIG. 3 illustrates the case where the input target character is configured by a figure that cannot be estimated during data communication.
- the figure cannot be estimated uniquely by a general input device, As described above, for example, it may be a still image such as a photograph, or may be a figure formed by handwritten characters previously described by the user.
- the numbers 0 to 9 and English letters A to Z are entered in the application form at a predetermined timing, such as when an account is opened or when a password is issued.
- the figure of the random number table RMT may be constructed using the entered characters.
- the random number table RMT of the present embodiment when numbers are used as input target characters, it is necessary to describe at least “0” to “9” in the first line, as well as letters, hiragana, katakana, and kanji. Or other character input, it is necessary to describe “A” to “Z” or the character to be input in the first line.
- any character is used as an input target character, different shapes may be arranged in each row, and each shape may be arranged in association with each character so that the arrangement of the shapes is different in a plurality of rows. Necessary.
- the input target character is arranged in the first row of the random number table RMT. However, in the present embodiment, it may be arranged in the last row of the random number table RMT. You may make it arrange
- different shapes are arranged in each row and each column, and each shape is associated with each character so that the arrangement of the shapes is different in a plurality of rows or columns. It is necessary to arrange.
- FIG. 4 is a block diagram illustrating a configuration of the communication terminal device 10 according to the present embodiment.
- the communication terminal device 10 includes a network communication unit 110, a recording unit 120, a display control unit 130, a display unit 140, an operation unit 150, a terminal management control unit 160, and the like. And an application execution unit 170.
- the network communication unit 110 is connected to the network 20 via the base station BS or directly, and exchanges various data with the financial institution server device 30 via the network 20.
- the recording unit 120 is configured by, for example, a hard disk drive (hereinafter abbreviated as “HDD”) or a nonvolatile flash memory such as a NAND type or a NOR type.
- HDD hard disk drive
- nonvolatile flash memory such as a NAND type or a NOR type.
- the recording unit 120 includes an application recording unit 121 and a buffer 122, and a browser for realizing a browsing function is recorded in the application recording unit 121.
- the display control unit 130 generates display data necessary for display on the display unit 140, and outputs the generated display data to the display unit 140.
- the display data for displaying the image data corresponding to each figure on the display unit 140 is generated while associating with the input target character string. And supplied to the display unit 140.
- the display unit 140 is configured by, for example, a panel of a liquid crystal element or an organic EL (Electro Luminescence) element, and displays a predetermined image based on display data generated by the display control unit 130.
- a panel of a liquid crystal element or an organic EL (Electro Luminescence) element displays a predetermined image based on display data generated by the display control unit 130.
- the operation unit 150 includes various keys such as various confirmation buttons, a mouse, a pointing device, and a numeric keypad, and a touch panel.
- the operation unit 150 is used for a user to input various information and select a figure based on input data. It has become. For example, the operation unit 150 is used when selecting one figure from a plurality of figures displayed based on the input data. When the specific display position is touched, the operation unit 150 displays the touched position. The position information of the formed figure is provided to the application execution unit 170.
- the terminal management control unit 160 is mainly composed of a central processing unit (CPU) and includes various input / output ports such as a key input port and a display control port, and executes various applications recorded in the recording unit 120. By doing so, the overall functions of the communication terminal apparatus 10 are controlled in a comprehensive manner.
- CPU central processing unit
- the application execution unit 170 is configured by a CPU that is the same as or independent of the terminal management control unit 160, and executes various applications recorded in the application recording unit 121 under the control of the terminal management control unit 160, thereby providing an Internet bank service. Execute the process to receive the service.
- FIG. 5 is a diagram illustrating an example of functional blocks of the financial institution server device 30 according to the present embodiment.
- FIGS. 6 to 9 illustrate user management DBs 331 provided in the financial institution server device 30 according to the present embodiment. It is a figure which shows an example of the data recorded on random number table data management DB332, financial institution management DB333, and account management DB334.
- the financial institution server device 30 of the present embodiment includes a communication control unit 310 that is communicatively connected to the network 20, a ROM / RAM 320 that functions as various memories, and a record in which various DBs are constructed.
- the above units are connected to each other by a bus B. ing.
- the communication control unit 310 is a predetermined network interface, and establishes a communication channel with the communication terminal device 10 via the network 20 to exchange various data.
- ROM / RAM 320 various programs necessary for driving the financial institution server device 30 are recorded.
- the ROM / RAM 320 is used as a work area when various processes are executed.
- the recording device 330 is configured by, for example, an HDD (Hard Disc Drive) or an SSD (Solid State Drive).
- the recording device 330 includes at least a user management DB 331, a random number table data management DB 332, a financial institution management DB 333, and an account management DB 334.
- the recording apparatus 330 of the present embodiment constitutes, for example, a “recording unit” of the present invention.
- the user management DB 331 is a database in which various information for managing a user who has opened an account with a corresponding financial institution is registered as data. For example, as shown in FIG. 6, user attribute information is recorded in the user management DB 331 in association with the user ID corresponding to each user.
- user attribute information (1) Name of the corresponding user, (2) Address, (3) Account name and (4) First password (login password) And used to manage user logins to Internet bank services.
- the account name may be an account number or a customer number, or the same as the user ID.
- the random number table data management DB 332 is a database for managing random number table data corresponding to the random number table RMT issued in advance to each user. For example, in the random number table data management DB 332, as shown in FIG. 7, the user ID corresponding to each user and the random number table data indicating the contents of the random number table RMT issued to the user are recorded in association with each other. Is done.
- FIG. 7 shows a state in which random number table data “DATA001” to “DATA004” are recorded in association with “user001” to “user004”.
- the random number table data recorded in the random number table data management DB 332 includes, as illustrated in FIG. 3, the input target characters included in the random number table RMT and the shape assigned to each input target character in the communication terminal device 10.
- the data structure is arranged in the same matrix format as the image data for displaying icons and the random number table RMT.
- the image data may be configured in a data format such as JPEG (Joint Photographic Experts Group).
- JPEG Joint Photographic Experts Group
- the image data of the figure is composed of moving images
- the image is displayed in the communication terminal device 10 so that the figure gradually emerges by configuring the image data in a format such as GIF, for example.
- a format such as GIF, for example.
- it may be configured in a data format that realizes a display method in which the shapes are sequentially displayed and displayed after a predetermined time has elapsed.
- the issued random number table RMT also needs to be provided by electronic paper or a mobile terminal device that can reproduce a moving image.
- the payment destination information (financial institution, branch payment destination account number, holder) related to the payment destination registered in advance by the user is assigned to the input target character, or a predetermined fixed sentence or fixed format is input If the character is assigned to the target character, the payment destination information or the predetermined fixed sentence is also registered in association with the input target character.
- the financial institution management DB 333 is a database in which information for managing each financial institution is recorded as data. For example, in the financial institution management DB 333, as shown in FIG. 8, it is associated with a financial institution code for identifying each financial institution, (1) Financial institution name of the financial institution, (2) Branch name of each branch operated by the financial institution, (3) The branch code of the branch, and (4) Address of the branch, Is recorded.
- one financial institution code is assigned to each financial institution, while the branch code is uniquely assigned to each financial institution.
- other codes such as a bank code such as a SWIFT code, a country name, a location code, and a branch code may be included.
- the account management DB 334 is a database in which data corresponding to information for managing an account opened by each user is recorded. For example, in the account management DB 334, as shown in FIG. (1) User ID of each user, and (2) Account information, Are recorded in association with each other.
- account information includes (2A) Account number of the corresponding account, (2B) Name of the bank and branch where the corresponding account was established, (2C) Account balance of the corresponding account, and (2D) Information indicating a registered transfer destination, These information are used to manage the user's account.
- the registered transfer information can be used as the deposit information.
- the server management control unit 340 is mainly configured by a central processing unit (CPU), and performs integrated control of each unit of the financial institution server device 30 by executing a program.
- CPU central processing unit
- the data processing unit 350 includes a CPU that is the same as or different from the server management control unit 340. By executing an application under the control of the server management control unit 340, remittance processing from the communication terminal device 10 to a predetermined account, and the like.
- the Internet bank service is provided in the settlement process, input data distribution processing for distributing input data to the communication terminal device 10 and transmission from the communication terminal device 10 according to input based on the input data and the random number table RMT
- An input target character specifying process for specifying an input target character based on the designated sign information and a service process for executing a predetermined Internet bank service based on the specified input target character are executed.
- the data processing unit 350 is linked with the communication control unit 310 and the recording device 330, and includes a management control unit 351 that records and updates data in each DB and manages other Internet bank services, and an Internet bank service.
- the random number table data of the corresponding user is specified, and the shape extraction unit 352 that extracts a part of the figure from the specified random number table data, and the input data distribution process are executed based on the extracted figure
- a settlement processing unit 355 that executes
- the management control unit 351 of the present embodiment constitutes the “control unit” of the present invention
- the shape extraction unit 352 configures the “specification unit” and the “extraction unit” of the present invention.
- the input data generation / distribution unit 353 of the present embodiment constitutes “distribution means” of the present invention
- the specific processing unit 354 constitutes “acquisition means” of the present invention.
- the settlement processing unit 355 of the present embodiment constitutes the “processing means” of the present invention.
- the management control unit 351 manages reading and writing of data with respect to each DB. Further, the management control unit 351 generates random number table data based on a random number table RMT previously acquired by a scanner or the like (not shown) or manually, and records it in the random number table data management DB 332 in association with the corresponding user ID.
- the method for generating random number table data in the management control unit 351 is arbitrary.
- the shapes included in the random number table RMT are separated and associated with the input target characters, and the shapes are arranged in a matrix.
- random number table data corresponding to the random number table RMT illustrated in FIG. 3 may be generated.
- the management control unit 351 distributes data corresponding to the login page of the Internet bank service to the corresponding communication terminal device 10 in response to an execution request of the Internet bank service from the communication terminal device 10, and Based on the account name and first password (password) entered by the user based on the user attribute information, user authentication is executed.
- the management control unit 351 is linked with the communication terminal device 10 and, based on the user's operation, except for a specific bank service such as payment processing, various types of balance inquiry or loan application, etc. Performs processing related to Internet bank services.
- the figure extraction unit 352 searches the random number table data management DB 332 based on the user ID at the time of login under the control of the management control unit 351, The corresponding random number table data is read from the random number table data management DB 332. Then, the shape extraction unit 352 extracts, for example, image data corresponding to a plurality of shapes belonging to two randomly selected rows from the read random number table data.
- the figure extracting unit 352 uses the B line and E as the figure for specifying the input target character from the read random number table data.
- Each image data corresponding to each figure arranged on the line is extracted.
- the input data generation / distribution unit 353 is a management control unit when a processing request in a specific bank service such as a settlement process is received, and when the image extraction unit 352 reads a plurality of image data. Under the control of 351, the generation and distribution of input data are executed in conjunction with the communication control unit 310.
- the input data generation / distribution unit 353 generates input data based on the image data of each figure extracted by the figure extraction unit 352, and uses the generated input data for the corresponding communication terminal device 10. Deliver to.
- the input data generation / distribution unit 353 determines the position information (that is, the sign information) indicating the display position of each identified figure while identifying the display position of the extracted image data of each figure.
- Image data, position information indicating the display position of each figure, display control data for displaying the image data of each figure at each display position, and instruction data for instructing the user to input Input data is generated, and the generated input data is distributed to the corresponding communication terminal device 10.
- the input data generation / distribution unit 353 sets the rightmost B row and the second column to the display position of the next column. Display position for displaying each figure on the communication terminal device 10 in a row and at random (for example, displaying image data of each figure on the screen of the communication terminal device 10 so that the figure of B rows and 5 columns is displayed) Pixel coordinates for determining the center of the image data (x, y)). Then, the input data generation / distribution unit 353 generates input data having position information indicating the determined display position of each figure.
- the input data generation / distribution unit 353 determines a display position for displaying each figure on the communication terminal device 10 in a row and at random based on the column display for displaying the E row.
- instruction data for instructing a figure to be selected by the user for example, a character string (text, for example, “Please select a figure corresponding to the character you want to input from the Bth line of the random number table RMT”) ) Data.
- a character string text, for example, “Please select a figure corresponding to the character you want to input from the Bth line of the random number table RMT”
- the specific processing unit 354 corresponds to the position information acquired when the figure is input by the user based on the input data in the communication terminal device 10 (that is, the figure input based on the input data and the random number table RMT).
- the sign information is received, the received position information, the corresponding random number table data, and the information used to generate the input data by the figure extracting unit 352, the random number table RMT when the figure is extracted.
- extraction information information indicating a line
- the image data of each shape arranged in the B row is read out, and the image in the B row and the second column is displayed on the rightmost side.
- the specific processing unit 354 selects the input target character “2” corresponding to “B row 2nd column” as the input target character. Identify.
- the specific process part 354 specifies according to the order which input several input object character, for example. That is, when specifying the two-digit input target character, the specifying processing unit 354 corresponds to the first specified input target character to the upper digit and the next specified input target character to the lower digit. Let me identify.
- the settlement processing unit 355 determines predetermined information such as a deposit destination account and a deposit amount according to the specified input target character, and executes a settlement process based on the determined information.
- the settlement processing unit 355 identifies the deposit destination financial institution according to the identified input target character, and subtracts the balance corresponding to the deposit amount from the corresponding user account information, and is identified as the deposit destination account. Execute payment processing to send the deposit amount.
- FIG. 10 is a flowchart showing a flow of processing executed in the network system 1 of the present embodiment
- FIG. 11 is a login page when logging in to the Internet bank service in the network system 1 of the present embodiment. It is a figure which shows an example.
- FIG. 12 is a diagram showing an example of an input screen when the user inputs various information based on the input data in the network system 1 of the present embodiment
- FIG. 13 shows the network system 1 of the present embodiment. It is a figure which shows an example of the confirmation screen displayed after a user inputs various information based on the data for input.
- the DBs 331 to 334 of the financial institution server device 30 are assumed to store the information of FIGS. 6 to 9 in advance, and the communication terminal device 10 has, for example, a predetermined login shown in FIG. It is assumed that the user is in a state of waiting for the user to input an instruction to perform the Internet bank service to the operation unit 150 while displaying the screen display.
- step Sa101 when the application execution unit 170 detects an account name, a first password, and an input operation for selecting the “login” button via the operation unit 150 (step Sa101), In accordance with the application recorded in the recording unit 121, a login request including the input account name and the first password is transmitted to the financial institution server device 30, and a transition is made to a reception standby state (step Sa102).
- the management control unit 351 when the communication control unit 310 receives the login request transmitted from the communication terminal device 10 (step Sa301), the management control unit 351 includes the account name and the first number included in the login request.
- the user management DB 331 is searched based on the one password, the user ID is specified, and user authentication is executed (step Sa302).
- the management control unit 351 executes various net bank services for the corresponding user to the corresponding communication terminal device 10 via the communication control unit 310 when the user authentication is appropriately executed and login is executed.
- Data corresponding to the Web page (hereinafter referred to as “user page”) to be transmitted to the corresponding communication terminal device 10 and shifts to a reception standby state (step Sa303).
- step Sa302 if the login cannot be performed properly, the management control unit 351 transmits a message to that effect to the corresponding communication terminal device 10 and ends this operation. If the communication terminal apparatus 10 receives that the login is not properly performed, the communication terminal apparatus 10 returns to the process of step Sa101. Furthermore, when the management control unit 351 receives a logout instruction from the communication terminal device 10 during the login state, the management control unit 351 ends the operation regardless of each process of the operation.
- step Sa103 when the network communication unit 110 receives user page data (step Sa103), the application execution unit 170 displays an image of the user page on the display unit 140 in conjunction with the display control unit 130. Display and wait for operation input of a settlement process for executing remittance to a third party account (step Sa104).
- the application execution unit 170 When the application execution unit 170 detects a logout instruction via the operation unit 150 during the login state, the application execution unit 170 transmits the logout instruction to the financial institution server device 30 regardless of each process of the operation, and performs this operation. Terminate.
- step Sa105 when the application execution unit 170 detects a settlement processing execution instruction via the operation unit 150 (step Sa105), the application execution unit 170 transmits the settlement processing execution request to the financial institution server device 30, and shifts to a reception standby state. (Step Sa106).
- step Sa311 when the management control unit 351 receives an execution request for executing a settlement process (step Sa311), a user corresponding to the figure extraction unit 352 (that is, a logged-in user). Random number table data corresponding to the user who has requested payment processing is read out from the random number table data management DB 332 and acquired (step Sa312).
- the figure extraction unit 352 randomly extracts a plurality of figures belonging to an arbitrary column in order to select a plurality of input target characters from the read random number table data (step Sa313).
- the input data generation / distribution unit 353 reads the image data corresponding to the figure extracted from the random number table data management DB 332, specifies the display position of the extracted image data of each figure, and Position information (that is, sign information) indicating the display position is determined (step Sa314).
- the input data generation / distribution unit 353 displays the read image data of each figure, position information (label information) indicating the display position of each figure, and the image data of each figure at each display position.
- Input data including display control data and instruction data for instructing the user to input is generated, and the generated input data is distributed to the corresponding communication terminal device 10 (step Sa315).
- FIG. (1) The name of the financial institution to which you are (2) Deposit amount, (3) Branch name of the depositee, (4) Pull box for selecting account type (normal, current etc.), and (5) data for displaying on the communication terminal device 10 a text box for inputting a predetermined number of digits (for example, the first 5 digits) from the beginning of the account number of the deposit destination; (6) A character string such as “Please select the figure corresponding to (lower 2 digits) from line B” in order to select the input target character (for example, the last 2 digits of the account number) to be entered by the figure. And image data corresponding to the figure of the B line, and (7) A character string such as “Please select a figure corresponding to the last digit from the E line” and image data corresponding to the figure of the E line, Generate input data including.
- each text box may be replaced by a pull-down box.
- step Sa111 when the network communication unit 110 receives the input data distributed from the financial institution server device 30 (step Sa111), the application execution unit 170 performs a diagram based on the received input data. 13 is displayed (hereinafter also referred to as “account information input screen”) (step Sa112).
- the application execution unit 170 obtains a part of the inputted remittance amount, remittance bank name, branch name, account type, and account number according to the account information input screen in conjunction with the operation unit 150.
- input account information including the position information of the figure for specifying the other part of the account number input in comparison with the corresponding random number table RMT (that is, the input target character) is acquired (step Sa113).
- the application execution unit 170 of the present embodiment detects the position of the figure corresponding to the last two digits of the seat number as information for specifying the input target character by the figure, the position of the detected figure is displayed.
- the position information to be indicated is specified.
- the application execution unit 170 displays the position information indicating the eighth position from the left toward the paper surface of the image data as the position information of the figure of the upper digit. And the position information of the fifth from the left toward the paper surface of the image data is specified as the position information of the figure of the lower digit.
- the application execution unit 170 displays input account information including position information as sign information on the display unit 140 (step Sa114), transmits the input account information to the financial institution server device 30, and indicates a remittance result. Waiting for reception of information (step Sa115).
- the application execution unit 170 works in conjunction with the display control unit 130, for example, as shown in FIG. 14, the information (bank service specific information) acquired in step Sa113 including the position information as the sign information is displayed on the display unit 140. indicate. However, after acquiring the bank service specifying information, the application execution unit 170 works with the financial institution server device 30 and displays the bank service specifying information when an account is confirmed in the financial institution server device 30. 140 may be displayed.
- the specific processing unit 354 includes the position information included in the received input account information. Then, based on the input data distributed to the corresponding user and the random number table data of the user, an input target character corresponding to the figure selected by the user is specified (step Sa322).
- the identification processing unit 354 combines the last two digits specified based on the position information with the first five digits of the account number input by the user on the input screen. Determine the destination account number consisting of 7 digits.
- the settlement processing unit 355 executes a settlement process for performing a remittance process based on the input target character specified in step Sa310 and each information included in the received input account information (step Sa323). Specifically, the settlement processing unit 355 performs remittance processing based on the specified remittance destination account number and the name of the financial institution and branch name of the remittance included in the input account information.
- the financial institution server device 30 as the remittance destination sets an amount equivalent to the remittance amount in the balance of the account information corresponding to the deposit destination account in the account management DB. In addition, it notifies the remittance source financial institution server device 30 that the remittance has been properly executed.
- the payment processing unit 355 transmits the payment result information indicating the result of the payment to the corresponding communication terminal device 10 (step Sa324), and ends this operation.
- the management control unit 351 transmits the settlement result information after receiving a notification from the financial institution server device 30 that is the remittance destination. In addition, the management control unit 351 does not end the operation after transmitting the settlement result information, maintains the login state after the end of the settlement process, and waits for an input operation from the corresponding communication terminal device 10. Good.
- step Sa 121 when the application execution unit 170 receives the payment result information via the network communication unit 110 (step Sa 121), the payment result received in conjunction with the display control unit 130 is displayed on the display unit 140. This is displayed (step Sa122), and this operation is terminated.
- the application execution unit 170 may maintain the login state after displaying the settlement result information, and may proceed to the processing of step Sa104.
- the network system 1 is caused by the carelessness of the user, such as inputting all of the information described in the random number table RMT or the like issued to the user in advance at the phishing site. It is possible to prevent leakage of information related to security (for example, password) and transfer of information to a third party who logs in illegally.
- security for example, password
- the network system 1 of the present embodiment can effectively prevent unauthorized login and man-in-the-middle attacks by a third party to services provided to the user.
- the network system 1 of the present embodiment can prevent leakage of information related to security, unauthorized use, and man-in-the-middle attacks, and can improve security when providing various services such as Internet bank services.
- Modification 1 In the above embodiment, a part of the account number of the deposit destination is input based on the input data. However, a part of the financial institution name, the deposit amount, etc. may be input based on the input data. Good.
- the communication terminal device 10 transmits only the account name, and the financial institution server device 30 specifies a user ID and random number table data according to the transmitted account name, and is used for password input.
- the input data may be generated, and the generated input data may be distributed to the communication terminal device 10.
- the financial institution server device 30 distributes the input data for one character to the communication terminal device 10, and the communication terminal device 10 transmits the selected sign information based on the input data to the financial institution server. Characters may be identified sequentially by repeatedly executing the procedure of transmitting to the device 30.
- a credit card may be registered in services such as an online store.
- the input data and the random number table RMT are used as in the present embodiment. It is possible to effectively prevent the credit card number and the security code from leaking and to realize the safe use of the credit card.
- each DB 331 to 334 are provided and managed in the financial institution server device 30.
- each DB 331 to 334 may be managed by a separate computer. Good.
- the financial institution server device 30 executes settlement processing including remittance in the random number table RMT having the numbers “0” to “9” described above.
- a configuration may be adopted in which the destination information (financial institution, branch deposit destination account number, nominee) related to the deposit destination registered in advance by the user is assigned to a number or other input target character, and the destination information is acquired. .
- the financial institution server device 30 when the user selects the input target character via a figure, the financial institution server device 30 uniquely specifies remittance destination information corresponding to the input target character selected by the user, and specifies the specified remittance. A settlement process is executed based on the destination information.
- the random number table RMT of the present embodiment specifies a number from a figure selected by the user if the user creates a predetermined fixed sentence or a fixed format in advance and associates the fixed sentence with each number. Furthermore, it is also possible to specify a fixed sentence or the like.
Abstract
Description
ネットワークを介して、通信接続される通信端末装置からデータを受信する受信手段と、
前記通信端末装置のユーザ毎に予め定められた表データであって、前記通信端末装置にて入力される入力対象文字と、当該入力対象文字の各々に対して予め割り当てられた形象と、を対応付けた表データが、前記ユーザを識別するための識別情報と対応付けて記録される記録手段を制御する制御手段と、
前記受信手段によって前記通信端末装置からユーザを指定した所与の要求が受信された場合に、当該ユーザに対応する表データを特定するデータ特定手段と、
前記特定された表データに基づき、前記ユーザによって特定すべき入力対象文字に対応する前記形象を抽出する抽出手段と、
前記抽出された形象の各々に対応付けられ、かつ、該当する通信端末装置にて該当する形象が表示される際に用いる標識情報を含む入力用データを生成し、当該生成した入力用データを前記通信端末装置に配信する配信手段と、
前記配信された入力用データに基づき前記通信端末装置にて前記形象が表示された際に、ユーザが入力した前記形象に対応する前記標識情報を当該通信端末装置から取得する取得手段と、
前記取得された標識情報に基づき、該当する前記形象を決定する決定手段と、
前記決定された形象に基づき、前記特定すべき入力対象文字を特定し、当該特定した入力対象文字に基づき、所与の処理を実行する処理手段と、
を備える構成を有している。
各種の処理を実行するサーバシステムとネットワークを介して接続され、当該サーバシステムとデータの授受を行いつつ、ユーザに各種のサービスの提供をするための通信端末装置であって、
ユーザ毎に予め定められた表データであって、ユーザによって入力される入力対象文字と、当該入力対象文字の各々に対して予め割り当てられた形象と、を対応付けた表データの一部を、各形象を表示手段に表示する表示位置を少なくとも制御する制御情報とともに、前記サーバシステムから取得する取得手段と、
前記取得された表データに基づいて表示された画像に従って、ユーザの入力操作を受け付ける受付手段と、
前記入力操作に応じ、ユーザの指定した前記形象に対応する表示位置を特定する特定手段と、
前記特定された形象に対応する表示位置を示す情報を前記サーバシステムに送信する送信手段と、
を備える構成を有している。
ユーザが通信端末装置を用いて、各種のサービスを提供するサーバシステムにアクセスする際に、当該ユーザが入力する入力対象文字を前記サーバシステムにて特定するための形象が視認可能に形成された記憶媒体であって、
一の行又は一の列に複数の異なる入力対象文字と、
前記入力対象文字毎に異なる複数の形象と、
が配置された複数の行及び複数の列により形成された表を有し、
各形象が、ユーザによって所定の情報を入力するために用いられる入力デバイスに基づくユーザの操作入力時に用いられる文字コードによって変換不能な形状を有している構成をしている。
まず、図1又は2を用いて本実施形態におけるネットワークシステム1の構成及び概要について説明する。
ユーザが使用するパーソナルコンピュータなどの端末装置に何らかの方法により、当該端末装置をキーロガー等のマルウェアに感染させるとともに、ユーザによって入力されたパスワード(以下、「PW」ともいう。)等の入力情報を詐取するタイプ。この場合には、不正に搾取したパスワード等を用いて金融機関A(出金用)のサーバ装置に不正にログインして正規のユーザになりすまして送金指示をし、悪意の第三者の口座など金融機関C(不正送金先)のサーバ装置に不正送金する不正送金処理を実行する。
悪意の第三者が乱数発生器等を利用しつつ、金融機関A(出金用)のサーバ装置に対して全ての数字及び英文字の組み合わせを総当たり的に送信する攻撃を実施し、ユーザのアカウントを乗っ取るタイプ。この場合には、金融機関A(出金用)のサーバ装置に対して正規のユーザになりすまして送金指示をし、悪意の第三者の口座など金融機関C(不正送金先)のサーバ装置に不正送金する不正送金処理を実行する。
ユーザの端末装置から金融機関のサーバ装置に送信される情報をネットワーク上にて改竄し、入金先や金額等を変更して本来の入金先とは異なる入金先に入金させる中間者攻撃タイプ。例えば、ユーザの指示に基づいて端末装置から金融機関A(出金用)のサーバ装置に金融機関B(出金用)のサーバ装置への送金指示をした場合に、当該送信指示を解析した上で、当該指示を金融機関C(不正送金先)のサーバ装置に送信する指示に改竄して当該不正送金先への不正送金処理を実行するとともに、不正送金先からの送金結果をさらに金融機関B(入金用)のサーバ装置からの送金結果に偽装し、金融機関A(出金用)のサーバ装置からの送金完了として通知させる。
ユーザの端末装置にメール等にて本来のサービス提供サイトとは異なるサイト(すなわち、フィッシングサイト)のURLを送信し、フィッシングサイトにユーザを誘導しつつ、当該フィッシングサイト上にてパスワードや乱数表などの各種の情報を入力させてそれらを詐取するフィッシング詐欺タイプ(図2の[4])。この場合には、不正に搾取したパスワード等用いて金融機関A(出金用)のサーバ装置に不正にログインして正規のユーザになりすまして送金指示をし、悪意の第三者の口座など金融機関C(不正送金先)のサーバ装置に不正送金する不正送金処理を実行する。
(A)クライアント証明書を使う方法、
(B)ワンタイムパスワードを発生する暗号トークンを使う方法、
(C)ユーザの端末装置における固有情報(加入者番号、製造番号等)や指紋や静脈などの生体情報により認証する方法
などが挙げられる。
(1)金融機関において予めユーザ毎に発行された乱数表RMTであって、図3に例示するような数字及びアルファベットなどの入力対象文字と、記号、写真、図形又は絵柄などの当該入力対象文字を直接推定不能な形象と、が対応付けられた乱数表RMTを用いるとともに、
(2)ユーザ毎の乱数表RMTがデータ化された乱数表データと、該当ユーザを識別するためのユーザIDと、を対応付けて管理し、
(3)ユーザがインターネットバンクサービスを利用する際に、各ユーザに対応する乱数表データに基づいて該当するユーザに入力対象文字に対応する形象を含む複数の形象を表示するためのデータであって、当該入力対象文字を形象によって入力させるためのデータ(以下、「入力用データ」という。)を配信し、
(4)入力用データに基づいて複数の形象がユーザに提供(表示)された際に、ユーザが選択した形象を特定するための表示位置を示す位置情報や当該表示位置を特定するための情報(以下、「標識情報」という。)を特定し、
(5)特定した標識情報に基づいて形象を決定しつつ、最終的に入力対象文字を特定する、
構成を採用している。
特に、通信端末装置10は、ブラウジング機能を利用してインターネットバンクサービスの利用時に、金融機関サーバ装置30にログインするとともに、入力用データを取得し、乱数表RMTに基づいて入力された形象における標識情報を金融機関サーバ装置30に送信するようになっている。
(A)インターネットバンクサービスのサービス提供時に、通信端末装置10と連動し、ユーザを特定しつつ、当該ユーザ毎に発行された乱数表RMTに対応する乱数表データに基づいて入力用データを生成し、生成した入力用データを通信端末装置10に配信する入力用データ配信処理と、
(B)通信端末装置10から送信された、入力用データ及び乱数表RMTに基づいてユーザによって入力された標識情報を受信し、受信した標識情報に基づいて入力対象文字を特定する入力対象文字特定処理と、
(C)特定した入力対象文字に基づいて所定のインターネットバンクサービスを実行するサービス処理と、
を実行することが可能なことが可能な構成を有している。
(1)通信端末装置10のユーザ毎に予め定められた乱数表データであって、通信端末装置10にて入力される入力対象文字と、当該入力対象文字の各々に対して予め割り当てられた形象と、を対応付けた乱数表データが、ユーザを識別するための識別情報(すなわち、ユーザID)と対応付けて記録されるデータベースを制御し、
(2)通信端末装置10からユーザを指定した所与の要求(例えば、決済処理の要求)が受信された場合に、当該ユーザに対応する乱数表データを特定し、
(3)特定した乱数表データに基づき、ユーザによって特定すべき入力対象文字に対応する形象を抽出し、
(4)抽出した形象の各々に対応付けられ、かつ、該当する通信端末装置10にて該当する形象が表示される際に用いる標識情報を含む入力用データを生成し、当該生成した入力用データを通信端末装置10に配信し、
(5)配信した入力用データに基づき通信端末装置10にて形象が表示された際に、ユーザが入力した形象に対応する標識情報を当該通信端末装置10から取得し、
(6)取得した標識情報に基づき、該当する形象を決定し、
(7)決定した形象に基づき、特定すべき入力対象文字を特定し、当該特定した入力対象文字に基づき、決済処理などの所与の処理を実行する、
構成を有している。
このような構成により、本実施形態のネットワークシステム1は、予めユーザに発行された乱数表RMT等に記載された情報の全てをフィッシングサイトにおいて一度に全部入力するなど、ユーザの不注意に起因するセキュリティーに関する情報(例えば、パスワード)の漏洩、及び、不正ログインする第三者への情報の譲渡を防止することができるようになっている。
また、本実施形態のネットワークシステム1は、ユーザに提供しているサービスへの第三者による不正ログインや中間者攻撃を有効に防止することができるようになっている。
したがって、本実施形態のネットワークシステム1は、セキュリティーに関する情報の漏洩、不正使用及び中間者攻撃を防止し、インターネットバンクサービス等の各種のサービス提供時におけるセキュリティーを向上させることができるようになっている。
(1)通信端末装置10において各形象を選択させるための画像データ、
(2)当該画像データが通信端末装置10において表示される際の表示位置を示す位置情報、及び、
(3)各形象の画像データを各表示位置に表示させるための表示制御データ
が含まれる。
次に、図3を用いつつ、本実施形態の乱数表RMTについて説明する。なお、図3は、本実施形態において利用される乱数表RMTの一例を示す図である。
なお、乱数表RMTは、暗証カードを電子的に提供してもよい。この場合には、例えば、暗証カードを電子ペーパーにより構成し、電子インクにより視認可能に構成してもよいし、パーソナルコンピュータやスマートフォンによって表示可能に構成してもよい。この場合には、暗号トークンとは異なり、乱数表RMTの発行におけるコストを抑えることができるので、その普及を促進することができるようになっている。
次に、図4を用いて本実施形態の通信端末装置10について説明する。なお、図4は、本実施形態の通信端末装置10の構成を示すブロック図である。
また、記録部120は、アプリケーション記録部121と、バッファ122と、を有し、アプリケーション記録部121には、ブラウジング機能を実現するためのブラウザが記録される。
なお、インターネットバンクサービス専用のアプリケーションを用いて、サービスを提供する場合には、専用アプリケーションが、アプリケーション記録部121に記録される。バッファ122は、ネットワーク通信部110、端末管理制御部160及びアプリケーション実行部170のワークエリアとして用いられる。
端末管理制御部160は、主に中央演算処理装置(CPU)によって構成されるとともに、キー入力ポート、表示制御ポート等の各種入出力ポートを含み、記録部120に記録された各種のアプリケーションを実行することにより、通信端末装置10の全般的な機能を総括的に制御する。
次に、図5~図9を用いて本実施形態の金融機関サーバ装置30の構成について説明する。
(1)対応するユーザの氏名、
(2)住所、
(3)アカウント名、及び、
(4)第1暗証(ログインパスワード)
を含み、インターネットバンクサービスに対するユーザのログインを管理するために用いられる。
(1)学術記号(例えば、微分積分等の数学記号や地図記号、音楽記号等)を含む各種記号を示す絵柄又は図形に対応するビットマップ
(2)写真等の静止画
(3)動画
(4)手書き文字の画像
のいずれの形式にて構成することも可能である。
(1)当該金融機関の金融機関名、
(2)当該金融機関が運営している各支店の支店名、
(3)当該支店の支店コード、及び、
(4)当該支店の住所、
が記録される。
(1)各ユーザのユーザID、及び、
(2)口座情報、
が対応付けて記録される。
(2A)該当する口座の口座番号、
(2B)該当する口座の開設された銀行名及び支店名、
(2C)該当する口座の口座残高、及び、
(2D)登録済みの振込先を示す情報、
が含まれ、これらの情報は、ユーザの口座を管理するために用いられる。
例えば、図9には、「user001」の口座情報として口座番号「1234567」、金融機関名「大江戸銀行」、支店名「新宿支店」、残高「¥*****」登録済み振り込み先「大江戸銀行日本橋本店****」及び「△銀行渋谷支店****」なる口座情報が、記録された場合の例が示されている。
次に、図10~図13を用いて本実施形態のネットワークシステム1において実行される決済処理の動作について説明する。
(1)入金先の金融機関名、
(2)入金額、
(3)入金先の支店名、
(4)口座種別(普通、当座等)を選択するためのプルボックス、及び、
(5)入金先の口座番号の先頭から所定の数桁分(例えば、先頭5桁分)を入力させるためのテキストボックスを通信端末装置10にて表示させるためのデータと、
(6)形象により入力させる入力対象文字(例えば、口座番号の下2桁分)を選択させるため、「(下2桁目)に該当する形象をB行から選択して下さい」等の文字列及びB行目の形象に対応する画像データ、及び、
(7)「最後の桁に対応する形象をE行目から選択して下さい」等の文字列と、E行目の形象に対応する画像データ、
を含む入力用データを生成する。
一方、通信端末装置10においては、アプリケーション実行部170は、ネットワーク通信部110を介して決済結果情報を受信すると(ステップSa121)、表示制御部130と連動して受信した決済結果を表示部140に表示して(ステップSa122)本動作を終了させる。
また、本実施形態のネットワークシステム1は、ユーザに提供しているサービスへの第三者による不正ログインや中間者攻撃を有効に防止することができる。
したがって、本実施形態のネットワークシステム1は、セキュリティーに関する情報の漏洩、不正使用及び中間者攻撃を防止し、インターネットバンクサービス等の各種のサービス提供時におけるセキュリティーを向上させることができる。
[6.1]変形例1
上記実施形態においては、入金先の口座番号の一部を入力用データに基づいて入力させる構成としたが、金融機関名、入金額等の一部を入力用データに基づき入力させるようにしてもよい。
[6.2]変形例2
また、上記実施形態においては、パスワード(第1暗証)を利用して、第一段階のユーザ認証を行った後に、入力用データと乱数表RMTによる入力を行うことにより、セキュリティーを向上させる構成を採用した。
しかしながら、例えば、ネットワークを用いたオンラインストアのように、ユーザのアカウント名及びパスワードのみで、決済が実行されるようなサービスの場合には、アカウントの一部、パスワードの一部又は双方を乱数表データ及び乱数表RMTを用いて入力させるようにしてもよい。
また、上記実施形態においては、ユーザの入力すべき情報の一部を乱数表データ及び乱数表RMTに基づき、入力させる構成を採用したが、ユーザの入力すべき情報の全てを乱数表データ及び乱数表RMTにより入力させるようにしてもよい。
また、上記実施形態においては、口座番号の下2桁分に対応する全ての形象を含む入力用データを金融機関サーバ装置30から通信端末装置10に配信し、一度に2文字分の形象をユーザに選択させる構成を採用したが、一文字ずつ入力させるようにしてもよい。
また、上記実施形態においては、オンラインストア等のサービスにおいては、クレジットカードを登録することがあるが、このクレジットカード登録に際して、本実施形態と同様に、入力用データと乱数表RMTを用いることにより、クレジットカード番号やセキュリティーコードが漏洩することを有効に防止し、クレジットカードの安全な利用を実現することができる。
また、上記実施形態においては、金融機関サーバ装置30に、各DB331~334を設け、管理する構成を採用したが、各DB331~334は、各々、別個のコンピュータにより管理する構成を採用してもよい。
また、上記実施形態においては、金融機関サーバ装置30を複数のコンピュータにより構成されるサーバシステムとして、構成してもよい。
また、上記実施形態においては、金融機関毎に金融機関サーバ装置30を設け、異なる金融機関の金融機関サーバ装置30間で、入出金を行う例について説明したが、同一の金融機関内で入出金を行う場合には、金融機関サーバ装置30は、一台あれば、入出金を管理することができる。
また、上記の実施形態においては、金融機関サーバ装置30は、上述の「0」~「9」の数字を有する乱数表RMTにおいて送金を含む決済処理を実行しているが、本変形例においては、例えば、ユーザが事前に登録済みの入金先に関する送信先情報(金融機関、支店入金先口座番号、名義人)を数字その他の入力対象文字に割り当て、当該送信先情報を取得する構成としてもよい。
10 … 通信端末装置
110 … ネットワーク通信部
120 … 記憶部
121 … アプリケーション記憶部
122 … バッファ
130 … 表示制御部
140 … 表示部
150 … 操作部
160 … 端末管理制御部
170 … アプリケーション実行部
30 … 金融機関サーバ装置
310 … 通信制御部
320 … ROM/RAM
330 … 記録装置
331 … ユーザ管理DB
332 … 乱数表データ管理DB
333 … 金融機関管理DB
334 … 口座管理DB
340 … サーバ管理制御部
350 … データ処理部
351 … 管理制御部
352 … 形象抽出部
353 … 入力用データ生成配信部
354 … 特定処理部
355 … 決済処理部
Claims (18)
- ネットワークを介して、通信接続される通信端末装置からデータを受信する受信手段と、
前記通信端末装置のユーザ毎に予め定められた表データであって、前記通信端末装置にて入力される入力対象文字と、当該入力対象文字の各々に対して予め割り当てられた形象と、を対応付けた表データが、前記ユーザを識別するための識別情報と対応付けて記録される記録手段を制御する制御手段と、
前記受信手段によって前記通信端末装置からユーザを指定した所与の要求が受信された場合に、当該ユーザに対応する表データを特定するデータ特定手段と、
前記特定された表データに基づき、前記ユーザによって特定すべき入力対象文字に対応する前記形象を抽出する抽出手段と、
前記抽出された形象の各々に対応付けられ、かつ、該当する通信端末装置にて該当する形象が表示される際に用いる標識情報を含む入力用データを生成し、当該生成した入力用データを前記通信端末装置に配信する配信手段と、
前記配信された入力用データに基づき前記通信端末装置にて前記形象が表示された際に、ユーザが入力した前記形象に対応する前記標識情報を当該通信端末装置から取得する取得手段と、
前記取得された標識情報に基づき、該当する前記形象を決定する決定手段と、
前記決定された形象に基づき、前記特定すべき入力対象文字を特定し、当該特定した入力対象文字に基づき、所与の処理を実行する処理手段と、
を備えることを特徴とするサーバシステム。 - 請求項1に記載のサーバシステムであって、
前記処理手段が、
前記特定した入力対象文字に基づき、前記所与の処理を実行するために用いられる文字列を特定し、
前記特定した文字列に基づき、前記所与の処理を実行する、サーバシステム。 - 請求項2に記載のサーバシステムであって、
前記抽出手段が、前記特定すべき入力対象文字以上の数の形象を抽出する、サーバシステム。 - [規則91に基づく訂正 24.06.2016]
請求項2又は3に記載のサーバシステムであって、
前記取得手段が、前記通信端末装置からユーザが直接入力した1以上の文字列を取得し、
前記処理手段が、前記特定した入力対象文字と、前記取得されたユーザが直接入力した文字列とを組み合わせることによって前記所与の処理を実行するために用いられる文字列を特定する、サーバシステム。 - 請求項1~3のいずれか1項に記載のサーバシステムであって、
前記形象が、前記ユーザによって所定の情報を入力するために用いられる入力デバイスに基づくユーザの操作入力時に用いられる文字コードによって変換不能な形状を有する、サーバシステム。 - 請求項5に記載のサーバシステムであって、
前記形象が、記号、図柄、絵柄及び画像の少なくとも一以上を示すものである、サーバシステム。 - 請求項1~6のいずれか1項に記載のサーバシステムであって、
前記標識情報が、対応する前記形象が前記通信端末装置によって表示される際の位置を示す位置情報である、サーバシステム。 - 請求項1~7のいずれか1項に記載のサーバシステムであって、
行と列とで定まる位置に複数の異なる形象がユーザによって視認可能に配列された表がユーザ毎に予め提供されており、
前記抽出手段が、前記表における特定の行又は列に配列された複数の形象を抽出する、サーバシステム。 - 請求項1~8のいずれか1項に記載のサーバシステムであって、
前記抽出手段が、前記所与の処理毎又は前記決定すべき形象毎に、前記入力用データを生成する際に抽出する行又は列を変化させ、前記ユーザによって特定すべき入力対象文字に対応する前記形象を抽出する、サーバシステム。 - 請求項1~9のいずれか1項に記載のサーバシステムであって、
前記入力対象文字には、0~9の数字が含まれる、サーバシステム。 - 請求項1~9のいずれか1項に記載のサーバシステムであって、
前記入力対象文字には、A~Zの英字が含まれる、サーバシステム。 - 請求項1~11のいずれか1項に記載のサーバシステムであって、
前記処理手段が、前記特定した入力対象文字に基づいて、口座番号、送金額、銀行番号、及び、銀行における支店番号の少なくとも一以上の口座情報を特定し、特定した口座情報に基づいて、所与の処理として決済処理を実行する、サーバシステム。 - 請求項1~12のいずれか1項に記載のサーバシステムと、
前記サーバシステムにネットワークを介して通信接続される複数の通信端末装置と、
を具備することを特徴とする通信システム。 - サーバシステムとして機能するコンピュータを、
ネットワークを介して通信接続される通信端末装置からデータを受信する受信手段、
前記通信端末装置のユーザ毎に予め定められた表データであって、前記通信端末装置にて入力される入力対象文字と、当該入力対象文字の各々に対して予め割り当てられた形象と、を対応付けた表データが、前記ユーザを識別するための識別情報と対応付けて記録される記録手段を制御する制御手段、
前記受信手段によって前記通信端末装置からユーザを指定した所与の要求が受信された場合に、当該ユーザに対応する表データを特定するデータ特定手段、
前記特定された表データに基づき、前記ユーザによって特定すべき入力対象文字に対応する前記形象を抽出する抽出手段、
前記抽出された形象の各々に対応付けられ、かつ、該当する通信端末装置にて該当する形象が表示される際に用いる標識情報を含む入力用データを生成し、当該生成した入力用データを前記通信端末装置に配信する配信手段、
前記配信された入力用データに基づき前記通信端末装置にて前記形象が表示された際に、ユーザが入力した前記形象に対応する前記標識情報を当該通信端末装置から取得する取得手段、
前記取得された標識情報に基づき、該当する前記形象を決定する決定手段と、及び、
前記決定された形象に基づき、前記特定すべき入力対象文字を特定し、当該特定した入力対象文字に基づき、所与の処理を実行する処理手段、
として機能させることを特徴とするプログラム。 - 各種の処理を実行するサーバシステムとネットワークを介して接続され、当該サーバシステムとデータの授受を行いつつ、ユーザに各種のサービスの提供をするための通信端末装置であって、
ユーザ毎に予め定められた表データであって、ユーザによって入力される入力対象文字と、当該入力対象文字の各々に対して予め割り当てられた形象と、を対応付けた表データの一部を、各形象を表示手段に表示する表示位置を少なくとも制御する制御情報とともに、前記サーバシステムから取得する取得手段と、
前記取得された表データに基づいて表示された画像に従って、ユーザの入力操作を受け付ける受付手段と、
前記入力操作に応じ、ユーザの指定した前記形象に対応する表示位置を特定する特定手段と、
前記特定された形象に対応する表示位置を示す情報を前記サーバシステムに送信する送信手段と、
を備えることを特徴とする通信端末装置。 - 各種の処理を実行するサーバシステムとネットワークを介して接続され、当該サーバシステムとデータの授受を行いつつ、ユーザに各種のサービスの提供をするための通信端末装置を駆動するためのプログラムであって、
ユーザ毎に予め定められた表データであって、ユーザによって入力される入力対象文字と、当該入力対象文字の各々に対して予め割り当てられた形象と、を対応付けた表データの一部を、各形象を表示手段に表示する表示位置を少なくとも制御する制御情報とともに、前記サーバシステムから取得する取得手段、
前記取得された表データに基づいて表示された画像に従って、ユーザの入力操作を受け付ける受付手段、
前記入力操作に応じ、ユーザの指定した前記形象に対応する表示位置を特定する特定手段、及び、
前記特定された形象に対応する表示位置を示す情報を前記サーバシステムに送信する送信手段、
として機能させることを特徴とするプログラム。 - ユーザが通信端末装置を用いて、各種のサービスを提供するサーバシステムにアクセスする際に、当該ユーザが入力する入力対象文字を前記サーバシステムにて特定するための形象が視認可能に形成された記憶媒体であって、
一の行又は一の列に複数の異なる入力対象文字と、
前記入力対象文字毎に異なる複数の形象と、
が配置された複数の行及び複数の列により形成された表を有し、
各形象が、ユーザによって所定の情報を入力するために用いられる入力デバイスに基づくユーザの操作入力時に用いられる文字コードによって変換不能な形状を有していることを特徴とする記録媒体。 - ネットワークを介して通信接続される通信端末装置からデータを受信し、
前記通信端末装置のユーザ毎に予め定められた表データであって、前記通信端末装置にて入力される入力対象文字と、当該入力対象文字の各々に対して予め割り当てられた形象と、を対応付けた表データが、前記ユーザを識別するための識別情報と対応付けて記録される記録手段を制御し、
前記受信手段によって前記通信端末装置からユーザを指定した所与の要求が受信された場合に、当該ユーザに対応する表データを特定するデータ特定手段、
前記特定された表データに基づき、前記ユーザによって特定すべき入力対象文字に対応する前記形象を抽出し、
前記抽出された形象の各々に対応付けられ、かつ、該当する通信端末装置にて該当する形象が表示される際に用いる標識情報を含む入力用データを生成し、当該生成した入力用データを前記通信端末装置に配信し、
前記配信された入力用データに基づき前記通信端末装置にて前記形象が表示された際に、ユーザが入力した前記形象に対応する前記標識情報を当該通信端末装置から取得し、
前記取得された標識情報に基づき、該当する前記形象を決定し、
前記決定された形象に基づき、前記特定すべき入力対象文字を特定し、当該特定した入力対象文字に基づき、所与の処理を実行する、ことを特徴とする通信方法。
Priority Applications (9)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
RU2016146098A RU2016146098A (ru) | 2014-05-01 | 2015-04-27 | Серверная система, система связи, оконечное устройство связи, программа, носитель записи и способ осуществления связи |
AU2015254236A AU2015254236A1 (en) | 2014-05-01 | 2015-04-27 | Server system, communication system, communication terminal device, program, recording medium, and communication method |
CN201580021800.4A CN106233359B (zh) | 2014-05-01 | 2015-04-27 | 服务器系统、通信系统、通信终端装置以及通信方法 |
CA2946988A CA2946988A1 (en) | 2014-05-01 | 2015-04-27 | Server system, communication system, communication terminal device, program, recording medium, and communication method |
EP15786540.3A EP3139366A1 (en) | 2014-05-01 | 2015-04-27 | Server system, communication system, communication terminal device, program, recording medium, and communication method |
SG11201608849QA SG11201608849QA (en) | 2014-05-01 | 2015-04-27 | Server system, communication system, communication terminal device, program, recording medium, and communication method |
KR1020167030431A KR20170016821A (ko) | 2014-05-01 | 2015-04-27 | 서버 시스템, 통신 시스템, 통신 단말장치, 프로그램, 기록 매체 및 통신방법 |
US15/339,296 US9886564B2 (en) | 2014-05-01 | 2016-10-31 | Server system, communication system, communication terminal device, program, recording medium, and communication method |
US15/850,978 US20180181742A1 (en) | 2014-05-01 | 2017-12-21 | Server system, communication system, communication terminal device, program, recording medium, and communication method |
Applications Claiming Priority (6)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2014-104705 | 2014-05-01 | ||
JP2014104705 | 2014-05-01 | ||
JP2014-135075 | 2014-06-12 | ||
JP2014135075 | 2014-06-12 | ||
JP2014-177578 | 2014-09-01 | ||
JP2014177578A JP2016015107A (ja) | 2014-05-01 | 2014-09-01 | サーバシステム、通信システム、通信端末装置、プログラム、記録媒体及び通信方法 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/339,296 Continuation US9886564B2 (en) | 2014-05-01 | 2016-10-31 | Server system, communication system, communication terminal device, program, recording medium, and communication method |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2015166913A1 WO2015166913A1 (ja) | 2015-11-05 |
WO2015166913A9 true WO2015166913A9 (ja) | 2016-09-22 |
Family
ID=54358640
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2015/062704 WO2015166913A1 (ja) | 2014-05-01 | 2015-04-27 | サーバシステム、通信システム、通信端末装置、プログラム、記録媒体及び通信方法 |
Country Status (10)
Country | Link |
---|---|
US (2) | US9886564B2 (ja) |
EP (1) | EP3139366A1 (ja) |
JP (1) | JP2016015107A (ja) |
KR (1) | KR20170016821A (ja) |
CN (1) | CN106233359B (ja) |
AU (1) | AU2015254236A1 (ja) |
CA (1) | CA2946988A1 (ja) |
RU (1) | RU2016146098A (ja) |
SG (2) | SG11201608849QA (ja) |
WO (1) | WO2015166913A1 (ja) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018004600A1 (en) | 2016-06-30 | 2018-01-04 | Sophos Limited | Proactive network security using a health heartbeat |
US10404691B2 (en) | 2017-03-02 | 2019-09-03 | Bank Of America Corporation | Preventing unauthorized access to secured information systems using authentication tokens |
CN108234110B (zh) * | 2017-12-29 | 2019-07-12 | 飞天诚信科技股份有限公司 | 信用卡及其工作方法 |
CN112367375B (zh) * | 2020-10-27 | 2023-06-30 | 国核自仪系统工程有限公司 | 基于fpga的多终端安全显示系统 |
Family Cites Families (35)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9622058B1 (en) * | 2000-06-02 | 2017-04-11 | Timothy G. Newman | Apparatus, system, methods and network for communicating information associated with digital images |
US6907131B2 (en) * | 2002-08-27 | 2005-06-14 | Signarom, Inc. | Method and program for producing photographs with autographed messages written in customized character fonts |
JP2004102460A (ja) * | 2002-09-06 | 2004-04-02 | Hitachi Software Eng Co Ltd | 個人認証方法及びプログラム |
US6724416B1 (en) * | 2002-10-01 | 2004-04-20 | Jianxin Liu | Image transceiving telephone with integrated digital camera |
CN1759364A (zh) * | 2003-03-11 | 2006-04-12 | 皇家飞利浦电子股份有限公司 | 用于能够远程消息合成的方法和系统 |
CA2540193A1 (en) * | 2003-09-25 | 2005-03-31 | Solmaze Co., Ltd. | The method of safe certification service |
US20060031174A1 (en) * | 2004-07-20 | 2006-02-09 | Scribocel, Inc. | Method of authentication and indentification for computerized and networked systems |
US7644281B2 (en) * | 2004-09-27 | 2010-01-05 | Universite De Geneve | Character and vector graphics watermark for structured electronic documents security |
WO2006092960A1 (ja) * | 2005-02-28 | 2006-09-08 | National University Of Corporation Hiroshima University | 認証装置 |
US20060206919A1 (en) * | 2005-03-10 | 2006-09-14 | Axalto Sa | System and method of secure login on insecure systems |
US7836492B2 (en) * | 2005-10-20 | 2010-11-16 | Sudharshan Srinivasan | User authentication system leveraging human ability to recognize transformed images |
JP2007293562A (ja) * | 2006-04-25 | 2007-11-08 | Nec Access Technica Ltd | 認証装置、集線装置、認証方法、認証プログラム |
US20080052245A1 (en) * | 2006-08-23 | 2008-02-28 | Richard Love | Advanced multi-factor authentication methods |
US20080209223A1 (en) * | 2007-02-27 | 2008-08-28 | Ebay Inc. | Transactional visual challenge image for user verification |
JP2008234440A (ja) * | 2007-03-22 | 2008-10-02 | Sharp Corp | パスワード入力システム及び方法 |
US7941834B2 (en) * | 2007-04-05 | 2011-05-10 | Microsoft Corporation | Secure web-based user authentication |
JP5136843B2 (ja) * | 2007-12-26 | 2013-02-06 | 三井住友カード株式会社 | ユーザ認証方法およびシステム |
KR100817767B1 (ko) * | 2008-01-14 | 2008-03-31 | 알서포트 주식회사 | 아이콘 암호를 이용한 인증방법 |
US20090187583A1 (en) * | 2008-01-18 | 2009-07-23 | Aginfolink Holdings, Inc., A Bvi Corporation | Enhanced label claim validation |
US20090212929A1 (en) * | 2008-02-27 | 2009-08-27 | Tal Drory | Verifying Vehicle Authenticity |
US8904479B1 (en) * | 2008-03-28 | 2014-12-02 | Google Inc. | Pattern-based mobile device unlocking |
JP2010049554A (ja) | 2008-08-22 | 2010-03-04 | Japan Net Bank Ltd | 口座情報管理方法、ネットバンキングシステム及びコンピュータプログラム |
US8321671B2 (en) * | 2009-12-23 | 2012-11-27 | Intel Corporation | Method and apparatus for client-driven profile update in an enterprise wireless network |
US10027676B2 (en) * | 2010-01-04 | 2018-07-17 | Samsung Electronics Co., Ltd. | Method and system for multi-user, multi-device login and content access control and metering and blocking |
WO2011120184A1 (en) * | 2010-03-29 | 2011-10-06 | Intel Corporation | Methods and apparatuses for administrator-driven profile update |
JP5513957B2 (ja) * | 2010-04-02 | 2014-06-04 | 株式会社ジャパンディスプレイ | 表示装置、認証方法、およびプログラム |
US8810365B2 (en) * | 2011-04-08 | 2014-08-19 | Avaya Inc. | Random location authentication |
JP5969805B2 (ja) * | 2012-04-25 | 2016-08-17 | キヤノン株式会社 | 情報処理装置、認証システム、認証方法、およびプログラム |
JP5994390B2 (ja) * | 2012-05-24 | 2016-09-21 | 株式会社バッファロー | 認証方法および無線接続装置 |
US8881251B1 (en) * | 2012-05-30 | 2014-11-04 | RememberIN, Inc. | Electronic authentication using pictures and images |
CA3092595A1 (en) * | 2012-06-18 | 2014-01-16 | Ologn Technologies Ag | Secure password management systems, methods and apparatuses |
US8973095B2 (en) * | 2012-06-25 | 2015-03-03 | Intel Corporation | Authenticating a user of a system via an authentication image mechanism |
US11037147B2 (en) * | 2012-07-09 | 2021-06-15 | The Western Union Company | Money transfer fraud prevention methods and systems |
US8925056B2 (en) * | 2013-03-18 | 2014-12-30 | Rawllin International Inc. | Universal management of user profiles |
US9495527B2 (en) * | 2013-12-30 | 2016-11-15 | Samsung Electronics Co., Ltd. | Function-level lock for mobile device security |
-
2014
- 2014-09-01 JP JP2014177578A patent/JP2016015107A/ja active Pending
-
2015
- 2015-04-27 KR KR1020167030431A patent/KR20170016821A/ko not_active Application Discontinuation
- 2015-04-27 WO PCT/JP2015/062704 patent/WO2015166913A1/ja active Application Filing
- 2015-04-27 EP EP15786540.3A patent/EP3139366A1/en not_active Withdrawn
- 2015-04-27 CN CN201580021800.4A patent/CN106233359B/zh active Active
- 2015-04-27 SG SG11201608849QA patent/SG11201608849QA/en unknown
- 2015-04-27 CA CA2946988A patent/CA2946988A1/en not_active Abandoned
- 2015-04-27 AU AU2015254236A patent/AU2015254236A1/en not_active Abandoned
- 2015-04-27 SG SG10201702780XA patent/SG10201702780XA/en unknown
- 2015-04-27 RU RU2016146098A patent/RU2016146098A/ru not_active Application Discontinuation
-
2016
- 2016-10-31 US US15/339,296 patent/US9886564B2/en active Active
-
2017
- 2017-12-21 US US15/850,978 patent/US20180181742A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
US9886564B2 (en) | 2018-02-06 |
KR20170016821A (ko) | 2017-02-14 |
RU2016146098A3 (ja) | 2018-12-03 |
EP3139366A4 (en) | 2017-03-08 |
EP3139366A1 (en) | 2017-03-08 |
CN106233359B (zh) | 2018-07-27 |
WO2015166913A1 (ja) | 2015-11-05 |
JP2016015107A (ja) | 2016-01-28 |
SG11201608849QA (en) | 2016-12-29 |
SG10201702780XA (en) | 2017-06-29 |
US20170046506A1 (en) | 2017-02-16 |
CA2946988A1 (en) | 2015-11-05 |
CN106233359A (zh) | 2016-12-14 |
RU2016146098A (ru) | 2018-06-04 |
US20180181742A1 (en) | 2018-06-28 |
AU2015254236A1 (en) | 2016-11-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11048784B2 (en) | Authentication method and system | |
US8881251B1 (en) | Electronic authentication using pictures and images | |
US9460278B2 (en) | Automatic PIN creation using password | |
US9111073B1 (en) | Password protection using pattern | |
US9117068B1 (en) | Password protection using pattern | |
US10140465B2 (en) | Methods and systems for user authentication in a computer system using multi-component log-ins, including image-based log-ins | |
US9768959B2 (en) | Computer security system and method to protect against keystroke logging | |
US20130106916A1 (en) | Drag and drop human authentication | |
CA2420239A1 (en) | Validation of transactions | |
US20180181742A1 (en) | Server system, communication system, communication terminal device, program, recording medium, and communication method | |
JP6005890B1 (ja) | サーバシステム、通信システム、通信端末装置、プログラム及び通信方法 | |
JP2017097419A (ja) | サーバシステム及び通信端末装置 | |
US20150339054A1 (en) | Method and system for inputting and uploading data | |
KR101351785B1 (ko) | 터치 혹은 포인팅 디바이스 지원 기기의 보안기능이 강화된 패턴 인증방법 | |
BR112015000980B1 (pt) | Método de verificação implementado por computador |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15786540 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2946988 Country of ref document: CA |
|
REEP | Request for entry into the european phase |
Ref document number: 2015786540 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2015786540 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20167030431 Country of ref document: KR Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 2015254236 Country of ref document: AU Date of ref document: 20150427 Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2016146098 Country of ref document: RU Kind code of ref document: A |