WO2016098191A1 - Tampering sensing device, tampering sensing system, tampering sensing method, and program - Google Patents
Tampering sensing device, tampering sensing system, tampering sensing method, and program Download PDFInfo
- Publication number
- WO2016098191A1 WO2016098191A1 PCT/JP2014/083382 JP2014083382W WO2016098191A1 WO 2016098191 A1 WO2016098191 A1 WO 2016098191A1 JP 2014083382 W JP2014083382 W JP 2014083382W WO 2016098191 A1 WO2016098191 A1 WO 2016098191A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- character
- client terminal
- data
- change table
- unit
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Definitions
- the present invention relates to a falsification detection device, a falsification detection system, a falsification detection method, and a program.
- a so-called Internet banking service that allows various transactions with banks using the Internet is known.
- Internet banking in order to ensure the safety of transactions with banks, user authentication is usually performed by a combination of a user ID and a password.
- Patent Document 1 discloses an authentication system that can select a notification destination of a password (one-time password) that can be used only once in a client terminal from an email, a mobile phone, and a fixed phone. It is disclosed.
- a password one-time password
- Man-in-the-browser Man-in-the-browser
- Man-in-the-middle where the transfer destination entered in the client terminal is tampered inside the terminal or on the Internet, and the tampered data is sent to a bank server, etc.
- An attack called (MITM) is known. These attacks are increasing the damages of unauthorized money transfers from user accounts to unscrupulous accounts. If the bank transfer data is altered by Man in the Browser or Man in the Middle, the client's bank account (bank name, branch name, account number, etc.) It is displayed correctly. Therefore, it is difficult for the user to notice that the transfer destination data has been falsified.
- the present invention has been made in view of such problems, and provides a falsification detection device, a falsification detection system, a falsification detection method, and a program that can easily detect data falsification and provide a more secure network service.
- the purpose is to do.
- an alteration detection device provides: Character data receiving means for receiving character data representing a detection target; Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character; When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character. Tamper detection means for detecting that the character data has been tampered with, Is provided.
- the tamper detection device Character change table storage means for storing a character change table for changing the character to be detected; In response to a request from the client terminal, the character change table stored in the character change table storage means is supplied to the client terminal, and the client terminal is caused to perform processing for changing the character to be detected by the character change table. And a character change table supply unit.
- the character change table supply means selects one telephone number from a list of a plurality of telephone numbers that are prepared in advance, and sets a character change table to be supplied to the client terminal based on the selected telephone number. And the encrypted character change table is supplied to the client terminal, the telephone number selected by the selected telephone number is transmitted to the user's mobile phone using the client terminal, and the telephone number displayed on the mobile phone is displayed.
- the client terminal may be made to perform a process of decrypting the encrypted character change table based on the above.
- the character change determining means determines that the character to be detected represented by the character data has been changed to the set character when belonging to the character changed by the character change table, and the character change If the character does not belong to the character changed by the table, it may be determined that the character has not been changed to the set character.
- the falsification detection device Causing the computer to function as a character changing unit that changes the character to be detected, and a character data transmitting unit that transmits character data representing the detection target after the character has been changed by the character changing unit to the tampering detection device.
- Applet storage means for storing applets; Applet transmission means for transmitting the applet stored in the applet storage means to the client terminal according to a request from the client terminal and causing the client terminal to execute the applet may be further provided.
- the falsification detection system is: A falsification detection system comprising a client terminal and a falsification detection device that detects the presence or absence of falsification of data transmitted from the client terminal,
- the client terminal is A character changing means for changing a detection target character input in accordance with a user operation;
- Character data transmission means for transmitting character data representing a detection target after the character has been changed by the character change means to the falsification detection device,
- the tampering detection device includes: Character data receiving means for receiving the character data from the client terminal; Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character; When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character.
- a tampering detection means for detecting that the character data has been tampered with.
- the client terminal is Further comprising character change table acquisition means for requesting the alteration detection device for a character change table for changing the character to be detected, and acquiring the character change table from the alteration detection device;
- the tampering detection device includes: Character change table storage means for storing the character change table; In accordance with a request from the client terminal, the character change table stored in the character change table storage means is supplied to the client terminal, and processing for changing the character to be detected by the character change table is performed on the client terminal. And a character change table supply means.
- the character change table supply means provided in the falsification detection device selects one phone number from a list of a plurality of phone numbers to be prepared in advance and supplies the selected character number to the client terminal. Is encrypted based on the selected telephone number, the encrypted character change table is supplied to the client terminal, and a telephone call is made to the user's mobile phone using the client terminal by the selected telephone number, The character change table acquisition means provided in the client terminal may decrypt the encrypted character change table based on a telephone number displayed on the mobile phone as an incoming call.
- the tampering detection device includes: Applet storage means for storing an applet that causes the computer to function as the character change table acquisition means, the character change means, and the character data transmission means; Applet transmission means for transmitting the applet stored in the applet storage means to the client terminal in accordance with a request from the client terminal;
- the client terminal is Applet receiving means for requesting the applet from the tamper detection device and receiving the applet from the tamper detection device; Applet executing means for executing the applet received by the applet receiving means;
- the character change table acquisition unit, the character change unit, and the character data transmission unit may function when the applet is executed by the applet execution unit.
- the falsification detection method includes: A character data receiving step in which the character data receiving unit receives character data representing a detection target; and A character change determining unit that determines whether or not the character to be detected represented by the character data received by the character data receiving step has been changed to a preset character; The tampering detection unit detects that the character data has not been tampered with when the character change determining step determines that the character has been changed to the set character, and has changed the character to the set character. A tampering detection step for detecting that the character data has been tampered with when it is determined that Have
- a program is: Computer Character data receiving means for receiving character data representing a detection target; Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character; When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character.
- a tamper detection means for detecting that the character data has been tampered with, To function as.
- falsification of data can be easily detected, and a safer network service can be provided.
- FIG. It is the figure which showed the structure of the tampering detection system which concerns on embodiment of this invention. It is the block diagram which showed the structure of the tampering detection apparatus shown in FIG. It is the figure which showed the structure of the user information data shown in FIG. It is the figure which showed the structure of the character change table data shown in FIG. It is the figure which showed the structure of the character change table shown in FIG. It is the figure which showed the structure of the transmission number data shown in FIG. It is the figure which showed the structure of the transmission number authentication data shown in FIG. It is the figure which showed the structure of the transaction data shown in FIG. It is the block diagram which showed the structure of the client terminal shown in FIG. It is the block diagram which showed the structure of the mobile telephone shown in FIG.
- the falsification detection system 1 is used for a transfer (remittance) service for Internet banking.
- the falsification detection system 1 includes a falsification detection device 10, a client terminal 20, and a mobile phone 30.
- the falsification detection device 10 is a bank server, and is composed of, for example, a PC (personal computer) server or a mainframe.
- the falsification detection device 10 receives the transfer destination data via the Internet 40, and detects whether the transfer destination data has been falsified.
- the bank transfer data includes information such as bank name, branch name, account number, etc., in which the type of characters input by the user is designated in advance.
- the bank name and branch name are specified by katakana, and the account number is specified by numbers.
- the tampering detection apparatus 10 sets any of such information as a detection target. In the present embodiment, it is assumed that the bank name is set as a detection target in the falsification detection device 10.
- the alteration detection device 10 stores a table (character change table) for changing the detection target character input in accordance with the user's operation.
- the falsification detection device 10 encrypts the character change table in accordance with a request from the client terminal 20 and supplies the encrypted character change table to the client terminal 20.
- the tampering detection apparatus 10 makes a call to the mobile phone 30 (makes a call) in order to decrypt the character change table in the client terminal 20.
- the mobile phone 30 is a phone owned by a user who uses the client terminal 20, and is composed of a smart phone or other mobile phone (feature phone (commonly called Garage)).
- the mobile phone 30 waits for an incoming call from the falsification detection device 10 via the telephone network 50.
- the mobile phone 30 displays the telephone number of the falsification detection device 10 (displays the incoming call).
- the client terminal 20 is a terminal used by a user who uses an internet banking transfer service, and includes a PC (personal computer) or the like.
- the client terminal 20 inputs a payee's bank name, branch name, account number, etc., according to the user's operation, and generates payee data representing the payee's address. Further, the client terminal 20 requests the alteration detection device 10 for a character change table, and acquires the encrypted character change table from the alteration detection device 10.
- the client terminal 20 decrypts the encrypted character change table based on the telephone number of the falsification detection device 10 displayed on the mobile phone 30 as an incoming call.
- the client terminal 20 changes the character of the bank name to be detected included in the transfer destination data using the decrypted character change table. For example, the bank name “IBISI” input in katakana according to the user's operation is changed to letters (characters other than katakana) such as letters, numbers, and symbols, such as “C @ 3 #”.
- the client terminal 20 transmits the transfer destination data including the detection target (bank name “C @ 3 #”) after the character is changed to the falsification detection device 10.
- the falsification detection device 10 receives the transfer destination data from the client terminal 20 and extracts the detection target character from the received transfer destination data.
- the tampering detection apparatus 10 determines whether or not the extracted detection target character has been changed to a preset character.
- the falsification detection device 10 performs this determination based on whether or not the extracted detection target character belongs to a character changed by the character change table supplied to the client terminal 20.
- the bank name “C @ 3 #” is extracted as the character to be detected.
- “C @ 3 #” is any one of English letters, numbers, and symbols (not katakana), and all are characters changed by the character change table.
- the alteration detection device 10 determines that the character has been changed to a preset character.
- the extracted character is “IVISI”
- these characters are all katakana and do not belong to the characters changed by the character change table supplied to the client terminal 20. Therefore, in this case, the falsification detection device 10 determines that the character has not been changed to a preset character.
- the falsification detection device 10 detects that the transfer destination data has been falsified when it is determined that the character has not been changed to a preset character. In this case, the falsification detection device 10 does not execute the transfer process, and indicates that there is a risk of being attacked by man-in-the-browser or man-in-the-middle. Is notified to the client terminal 20.
- the falsification detection device 10 detects that the transfer destination data has not been falsified when it is determined that the character has been changed to a preset character. In this case, the falsification detection device 10 executes a transfer process based on the transfer destination data.
- the falsification detection device 10 connects to the other bank server 60 via the dedicated network 70 and executes the transfer process with the other bank server 60 when the bank account indicated by the bank transfer data is another bank. To do.
- the tampering detection apparatus 10 includes a control unit 11, a storage unit 12, an Internet communication unit 13, a telephone network communication unit 14, and a dedicated network communication unit 15.
- the Internet communication unit 13 includes a communication interface device such as a network adapter.
- the internet communication unit 13 communicates with each client terminal 20 via the internet 40.
- the telephone network communication unit 14 includes a communication interface device such as a telephone line connection device.
- the telephone network communication unit 14 makes a telephone call to each mobile phone 30 via the telephone network 50.
- the dedicated network communication unit 15 includes a communication interface device such as a network adapter.
- the dedicated network communication unit 15 communicates with the other server 60 via the dedicated network 70 under the control of the control unit 11 when the transfer destination represented by the transfer destination data is another bank.
- the storage unit 12 includes a storage device such as a hard disk drive (HDD), a read only memory (ROM), and a flash memory.
- the storage unit 12 stores various programs and data used by the control unit 11 to perform various processes, and various data generated or acquired by the control unit 11 performing various processes.
- the storage unit 12 characteristically stores a control program 12a, a transfer destination transmission applet 12b, user information data 12c, character change table data 12d, transmission number data 12e, transmission number authentication data 12f, and transaction data 12g. To do.
- the control program 12a is a program for executing processing to be described later in the falsification detection device 10.
- the control unit 12 executes the control program 12a, the control unit 11 is changed to a user information authentication unit 11a, a telephone number authentication unit 11b, an applet transmission unit 11c, a character change table supply unit 11d, a character data reception unit 11e, a character It is made to function as the change determination part 11f and the alteration detection part 11g.
- the transfer destination transmission applet 12 b is a Java (registered trademark) applet executed on the client terminal 20.
- a Java applet has a powerful security mechanism called a sandbox, and a confirmation dialog with an electronic certificate is displayed when it is executed. Therefore, there is a low possibility that various data (transfer destination data, character change table, etc.) generated by the transfer destination transmission applet 12b during the execution of the transfer destination transmission applet 12b is leaked.
- processing for changing the detection target character (bank name character) input to the client terminal 20 according to the user's operation, detection target after the character is changed A process of transmitting the transfer destination data including “” to the falsification detection device 10 is performed.
- User information data 12c is data representing various types of registration information for each user who uses the Internet banking transfer service. As shown in FIG. 3, the user information data 12c includes a user ID, a name, a password, account information, a mobile phone number, and the like for each record (for each user).
- User ID is information for uniquely identifying a user.
- the password is a combination of characters set by the user.
- the user ID and password are used for login authentication.
- the account information is information for identifying the user's bank account.
- the account information has a type and an account number.
- the mobile phone number is the phone number of the mobile phone 30 owned by the user.
- the character change table data 12d has a plurality of different character change tables TB as shown in FIG. Each character change table TB is identified by a table ID.
- the input characters have katakana characters (a, i,%) And character codes (katakana 01, katakana 02,9) That identify the characters.
- Changed characters are characters other than katakana (characters other than the type of input character) such as letters, numbers, symbols, etc. (C, @,%), And character codes (letters 03, symbols) that identify the characters. 25, ).
- the change character is associated with the input character in a one-to-one relationship.
- the changed characters are arranged in a disorderly manner without any relationship of appearance, name and concept with the input characters.
- the character (“Ivy”) of the detection target (bank name) input according to the user's operation is the character corresponding to the character (here “C @ 3 #”).
- Changed to The character change table TB shown in FIG. 5 is a character change table TB02 having a table ID “TB02”, and the arrangement of changed characters is different from the other character change tables TB01, TB03, and TB04.
- the transmission number data 12e has a list of a plurality of telephone numbers that can be used as a transmission source.
- the tampering detection apparatus 10 selects one telephone number from a list of a plurality of telephone numbers represented by the transmission number data 12e, and makes a telephone call to the mobile phone 30 using the selected telephone number.
- the transmission number authentication data 12f is data for performing authentication using the telephone number selected from the transmission number data 12e. As shown in FIG. 7, the transmission number authentication data 12f includes a user ID, a transmission number, a transmission date and time, and an authentication result.
- the transmission number is a telephone number selected from the transmission number data 12e.
- the outgoing date and time represents the date and time when the telephone call was made.
- the call origination date and time is used to specify the elapsed time after the phone call.
- the authentication result represents an authentication result based on a transmission number (source telephone number).
- the transaction data 12g a new record is generated when authentication (login authentication) is normally performed using a transmission number (phone number of the transmission source).
- the transaction data 12g includes a request ID, a mobile phone number, a table ID, a transmission number, a transfer destination, a falsification detection result, and the like for each record.
- the request ID is information for uniquely identifying a transfer request.
- the mobile phone number is the phone number of the mobile phone 30 owned by the user.
- the table ID is information for uniquely identifying the character change table TB supplied to the client terminal 20.
- the transmission number is a telephone number selected from the transmission number data 12e.
- the transfer destination is information represented by the received transfer destination data. Specifically, the transfer destination has a recipient's bank name, branch name, account type, account number, recipient's name, amount, and the like. The detection result indicates whether the transfer destination data has been tampered with.
- the control unit 11 includes a CPU (Central Processing Unit), a RAM (Random Access Memory) functioning as a main memory of the CPU, and the like.
- the control unit 11 controls the storage unit 12, the Internet communication unit 13, the telephone network communication unit 14, and the dedicated network communication unit 15, thereby controlling the entire falsification detection device 10.
- control unit 11 executes the control program 12a stored in the storage unit 12.
- control unit 11 functions as a user information authentication unit 11a, a telephone number authentication unit 11b, an applet transmission unit 11c, a character change table supply unit 11d, a character data reception unit 11e, a character change determination unit 11f, and a falsification detection unit 11g.
- the processing described below is performed by each function.
- the client terminal 20 includes a control unit 21, a storage unit 22, an Internet communication unit 23, an input unit 24, and a display unit 25.
- the Internet communication unit 23 includes a communication interface device such as a network adapter.
- the Internet communication unit 23 communicates with the tampering detection apparatus 10 via the Internet 40.
- the input unit 24 includes an input interface device that accepts various operations from the user.
- the input unit 24 supplies operation signals corresponding to the received various operations to the control unit 21.
- the input unit 24 displays an incoming call on the mobile phone 30 according to the user's operation, such as a user ID, a password, a transfer destination (recipient's bank name, branch name, account type, account number, recipient's name, amount, etc.).
- the telephone number of the alteration detection device 10 is input.
- the display unit 25 includes a display interface such as an LCD (Liquid Crystal Display) or an organic EL (Electro-Luminescence).
- the display unit 25 displays images corresponding to various image data supplied from the control unit 21 on the screen.
- the display unit 25 includes a screen for inputting a user ID and a password, a screen for inputting a telephone number of the falsification detection device 10 displayed on the mobile phone 30, a screen for inputting a transfer destination (transfer destination input screen), and falsification.
- a screen (warning screen) for notifying that the transaction has been completed, a screen (transaction completion screen) for notifying that the transaction has been completed, and the like are displayed.
- the storage unit 22 includes a storage device such as an HDD, a ROM, or a flash memory.
- the storage unit 22 stores various programs and data used by the control unit 21 to perform various processes, and various data generated or acquired by the control unit 21 performing various processes.
- the control unit 21 includes a CPU, a RAM that functions as a main memory of the CPU, and the like.
- the control unit 21 controls the storage unit 22, the Internet communication unit 23, the input unit 24, and the display unit 25, thereby controlling the entire client terminal 20.
- control unit 21 receives the transfer destination transmission applet 12b from the falsification detection device 10 and executes it.
- the control part 21 functions as the character change table acquisition part 21a, the character change part 21b, the character data transmission part 21c, and the detection result acquisition part 21d, and the below-mentioned process is performed by each function.
- the mobile phone 30 includes a control unit 31, a storage unit 32, a telephone network communication unit 33, an input unit 34, and a display unit 35.
- the telephone network communication unit 33 includes a communication interface device such as a telephone line connection device.
- the telephone network communication unit 33 waits for an incoming call from the falsification detection device 10.
- the input unit 34 includes an input interface device that accepts various operations from the user.
- the input unit 34 supplies operation signals corresponding to the received various operations to the control unit 31.
- the input unit 34 supplies the control unit 31 with an operation signal corresponding to a user operation that causes the display unit 35 to display the telephone number of the falsification detection device 10.
- the display unit 35 includes a display interface such as an LCD or an organic EL.
- the display unit 35 displays images corresponding to various image data supplied from the control unit 31 on the screen. For example, the display unit 35 displays that there is an incoming call from the falsification detection device 10 (one missed call), the telephone number of the falsification detection device 10, and the like.
- the storage unit 32 includes a storage device such as an HDD, a ROM, or a flash memory.
- the storage unit 32 stores various programs and data used for the control unit 31 to perform various processes, and various data generated or acquired by the control unit 31 performing various processes.
- the control unit 31 includes a CPU, a RAM that functions as a main memory of the CPU, and the like.
- the control unit 31 controls the storage unit 32, the telephone network communication unit 33, the input unit 34, and the display unit 35, thereby controlling the entire mobile phone 30.
- the falsification detection system 1 configured as described above roughly performs the following processing. (1) Processing for authenticating the user of the client terminal 20 (2) Processing for supplying the character change table TB to the client terminal 20 that has succeeded in the login authentication (3) The falsification detection device 10 detects whether the transfer destination data has been falsified processing
- the tampering detection apparatus 10 reads and executes the control program 12a stored in the storage unit 12 after the power is turned on.
- the control unit 11 performs the user information authentication unit 11a, the telephone number authentication unit 11b, the applet transmission unit 11c, the character change table supply unit 11d, the character data reception unit 11e, and the character change determination. It functions as the unit 11f and the falsification detection unit 11g.
- the control unit 21 makes a login request to the tampering detection apparatus 10 via the Internet communication unit 23 (step S201).
- step S101 When the user information authentication unit 11a of the tampering detection apparatus 10 receives a login request from the client terminal 20 (step S101), user information representing a screen (user information request screen) for requesting input of user information (user ID and password). Request screen data is transmitted to the client terminal 20 (step S102).
- the control unit 21 of the client terminal 20 When the control unit 21 of the client terminal 20 receives the user information request screen data from the falsification detection device 10, the control unit 21 displays a user information input request screen represented by the screen data on the display unit 25.
- the user performs an operation of inputting his / her user ID and password to each item displayed on the display unit 25 via the input unit 24. For example, the user inputs a user ID “U0003” and a password “***”.
- the user performs an operation of selecting (clicking or the like) the completion button displayed on the display unit 25 via the input unit 24.
- the control unit 21 transmits user information (user ID and password) to the tampering detection apparatus 10 (step S202).
- the user information authentication unit 11a of the falsification detection device 10 Upon receiving the user information from the client terminal 20 (step S103), the user information authentication unit 11a of the falsification detection device 10 performs an authentication process using the received user information (step S104).
- the user information authentication unit 11a determines that the received user information is not correct user information when the record having the received user information is not registered in the user information data 12c (step S105; NO). In this case, the user information authentication unit 11a transmits authentication error screen data representing a screen for notifying an authentication error (authentication error screen) to the client terminal 20 (step S106). Thereafter, the user information authenticating unit 11a returns to step S101 and enters a standby state until another login request is made.
- the control unit 21 of the client terminal 20 When receiving the authentication error screen data from the falsification detection device 10, the control unit 21 of the client terminal 20 displays an authentication error screen represented by the screen data on the display unit 25 (step S203). In this case, the control unit 21 of the client terminal 20 displays the bank top page screen (screen before the login process) on the display unit 25. That is, in this case, the client terminal 20 has failed to log in, and the user cannot use the Internet banking transfer service. In order to use the service, the user needs to make a login request again (return to step S201).
- the user information authentication unit 11a of the tampering detection apparatus 10 determines that the user information is correct user information that matches the user information is registered in the user information data 12c (step S105; YES).
- the user information authentication unit 11a determines that the user information is correct, and in this case, the process proceeds to step S107 illustrated in FIG.
- the telephone number authentication unit 11b acquires the mobile phone number corresponding to the user information from the user information data 12c (step S107). .
- the telephone number authenticating unit 11b acquires the mobile phone number “090-3456-7890” corresponding to the user ID “U0003” and the password “***” from the user information data 12c.
- the telephone number authenticating unit 11b selects one telephone number from a list of a plurality of telephone numbers represented by the transmission number data 12e (step S108). Then, the telephone number authentication unit 11b generates a new record in the transmission number authentication data 12f, and registers the user ID obtained in step S103 and the selected telephone number in the generated record. Here, the telephone number authentication unit 11b selects the telephone number “03-3235-2222” from the transmission number data 12e, and the user ID “U0003” and the telephone number “03-” are added to the new record of the transmission number authentication data 12f. 3235-2222 ".
- the telephone number authenticating unit 11b makes a telephone call using the mobile phone number acquired in step S107 as the destination and the telephone number selected in step S108 as the caller (step S109).
- the telephone number authenticating unit 11b makes a telephone call using “090-3456-7890” as the destination and “03-3235-2222” as the source. Note that this processing is intended to notify the mobile phone 30 of the telephone number of the falsification detection device 10, and therefore, after a time of about one call has elapsed, the outgoing call is terminated (that is, one-off is performed). .
- the telephone number authenticating unit 11b registers the date and time when the telephone call is made in the outgoing date and time included in the new record generated in the outgoing number authentication data 12f. For example, the telephone number authenticating unit 11b registers “2014/12/24 18:01” as the transmission date and time.
- the control unit 31 of the mobile phone 30 displays the received phone number on the display unit 35 (step S301).
- the mobile phone 30 displays the telephone number “03-3235-2222” on the display unit 35.
- the telephone number authenticating unit 11b of the falsification detecting device 10 transmits incoming number input screen data representing a screen (incoming number input screen) for requesting input of the telephone number displayed on the mobile phone 30 to the client terminal 20. (Step S110). Note that the user ID ("U0003" in this case) registered in the new record of the calling number authentication data 12f is added to the incoming number input screen data.
- the control unit 21 of the client terminal 20 When the control unit 21 of the client terminal 20 receives the incoming call number input screen data from the falsification detection device 10, it displays the incoming call number input screen represented by the screen data on the display unit 25 (step S204). The user performs an operation of inputting the telephone number of the tampering detection apparatus 10 displayed as an incoming call on the mobile phone 30 to the item displayed on the display unit 25 via the input unit 24. Here, the user inputs the telephone number “03-3235-2222”. Further, the user performs an operation of selecting a completion button displayed on the display unit 25 via the input unit 24. In accordance with this operation, the control unit 21 transmits data representing the incoming call number (incoming call number data) to the falsification detection device 10 (step S205). The incoming call number data includes the user ID (here, “U0003”) added to the incoming call number input screen data.
- the telephone number authenticating unit 11b of the falsification detecting device 10 receives the incoming call number data from the client terminal 20 (step S103), the telephone number authenticating unit 11b performs an authentication process using the received incoming call number data (step S111).
- the telephone number authenticating unit 11b includes a record having a user ID and a telephone number included in the incoming call number data that is not registered in the outgoing number authentication data 12f, or is included in the record even if the record is registered. If the outgoing date / time has passed for a certain time (for example, 30 minutes or longer), it is determined that the telephone number is not correct (step S112; NO). In this case, the telephone number authenticating unit 11b transmits authentication error screen data representing an authentication error notification screen (authentication error screen) to the client terminal 20 (step S113). Thereafter, the telephone number authenticating unit 11b returns to step S101 and enters a standby state until another login request is made.
- the control unit 21 of the client terminal 20 When receiving the authentication error screen data from the falsification detection device 10, the control unit 21 of the client terminal 20 displays an authentication error screen represented by the screen data on the display unit 25 (step S206). In this case, the control unit 21 of the client terminal 20 displays the bank top page screen (screen before the login process) on the display unit 25. That is, in this case, the client terminal 20 has failed to log in. Therefore, in this case, the Internet banking transfer service cannot be used. In order to use the service, it is necessary to make a login request again (return to step S201).
- the telephone number authenticating unit 11b of the falsification detecting apparatus 10 has a record having a user ID and a telephone number included in the incoming number data registered in the outgoing number authentication data 12f and the outgoing number included in the record. If the date and time has not passed for a certain time (for example, 30 minutes or more), it is determined that the telephone number is correct (step S112; YES).
- a record having the user ID “U0003” and the telephone number “03-3235-2222” included in the received incoming number data is registered in the outgoing number authentication data 12f.
- the telephone number authenticating unit 11b determines that the telephone number is correct, and proceeds to step S114 shown in FIG.
- a series of processes for authenticating the user of the client terminal 20 (the process shown in (1) above) is completed.
- the applet transmitting unit 11c If the telephone number authenticating unit 11b of the falsification detecting device 10 determines that the telephone number is correct (step S112 shown in FIG. 12; YES), the applet transmitting unit 11c generates a new record in the transaction data 12g. In addition, the applet transmission unit 11c extracts the user ID (“U0003”) included in the incoming number data received in step S111. Further, the applet transmission unit 11c extracts the mobile phone number (“090-3456-7890”) corresponding to the extracted user ID from the user information data 12c. The applet transmission unit 11c registers the request ID (for example, “T002”) and the mobile phone number “090-3456-7890” in the new record of the transaction data 12g.
- the request ID for example, “T002”
- the applet transmission unit 11c transmits the transfer destination input screen data representing the screen (transfer destination input screen) requesting the user to input the transfer destination to the client terminal 20 (step S114).
- the request ID registered in the new record of the transaction data 12g (here, “T002”) is added to the transfer destination input screen data.
- the control unit 21 of the client terminal 20 displays the transfer destination input screen represented by the screen data on the display unit 25 (step S207).
- the transfer destination input screen has items for inputting a bank name, branch name, type, account number, payee, and amount.
- the user performs an operation of inputting necessary information for each item displayed on the display unit 25 via the input unit 24. Specifically, the bank name, branch name, and recipient are entered in katakana, and the account number and amount are entered in numbers. As the account type, either “normal” or “current” is selected.
- the control unit 21 After the user inputs necessary information for all input items, the user performs an operation of selecting a completion button displayed on the display unit 25 (clicking or the like) via the input unit 24.
- the control unit 21 detects that the input of the transfer destination has been completed, along with the request ID (here, “T002”) added to the transfer destination input screen data. Notify the device 10 (send input completion notification). Based on this notification (transmission of input completion notification), the control unit 21 requests the tampering detection apparatus 10 for the transfer destination transmission applet 12b (step S208). In step S ⁇ b> 208, the transfer destination data is not transmitted to the falsification detection device 10.
- the applet transmission unit 11c of the falsification detection device 10 reads the transfer destination transmission applet 12b from the storage unit 12 when receiving the request of the transfer destination transmission applet 12b from the client terminal 20.
- the applet transmitting unit 11c transmits the read transfer destination transmitting applet 12b to the requesting client terminal 20 together with the request ID (here, “T002”) added to the input completion notification (step S115).
- the control unit 21 of the client terminal 20 receives the transfer destination transmission applet 12b from the falsification detection device 10 and executes it (step S209). Thereby, the control part 21 functions as the character change table acquisition part 21a, the character change part 21b, the character data transmission part 21c, and the detection result acquisition part 21d.
- the character change table acquisition unit 21a pops up the incoming number input screen on the display unit 25 (step S210).
- the character change table acquisition unit 21a requests the character change table from the falsification detection device 10 (step S211).
- the character change table request is transmitted to the falsification detection device 10 together with the request ID (here, “T002”) added to the transfer destination transmission applet 12b.
- the character change table supply unit 11d of the alteration detection device 10 receives the request for the character change table from the client terminal 20, the character change table supply unit 11d selects one transmission number from the transmission number data 12e, similarly to the above-described step S108 (step S116). . Further, the character change table supply unit 11d selects one character change table TB from the character change table data 12d (step S117). Here, the character change table supply unit 11d selects the character change table TB02 having the telephone number “03-3235-3333” and the table ID “TB02”.
- the character change table supply unit 11d encrypts the selected character change table TB with the selected telephone number (step S118). Then, the character change table supply unit 11d transmits the encrypted character change table TB to the requesting client terminal 20 (step S119).
- the request ID (“T002” here) received together with the request for the character change table is added to the character change table TB.
- the character change table supply unit 11d registers the selected transmission number and table ID in the record having the request ID received together with the request for the character change table in the transaction data 12g.
- the character change table supply unit 11d registers the table ID “TB02” and the transmission number “03-3235-3333” in the record having the request ID “T002”.
- the character change table supply unit 11d extracts the mobile phone number from the record having the request ID of the transaction data 12g, uses the extracted mobile phone number as the destination, and the phone number selected in step S116 as the sender. A telephone call is made (step S120).
- the character change table supply unit 11d makes a call with the mobile phone number “090-3456-7890” as the destination and “03-3235-3333” as the source. Note that this processing is intended to notify the mobile phone 30 of the telephone number of the falsification detection device 10, and therefore, after a time of about one call has elapsed, the outgoing call is terminated (that is, one-off is performed). .
- the control unit 31 of the mobile phone 30 displays the received phone number on the display unit 35 (step S302).
- the mobile phone 30 displays the telephone number “03-3235-3333” on the display unit 35.
- the character change table acquisition unit 21a of the client terminal 20 receives the encrypted character change table TB from the falsification detection device 10 and temporarily stores it (step S212).
- the user performs an operation of inputting the telephone number of the falsification detection device 10 displayed as an incoming call on the mobile phone 30 in the input item of the incoming call number input screen shown in FIG.
- the user inputs the telephone number “03-3235-3333”.
- the user performs an operation of selecting an OK button displayed on the incoming number input screen via the input unit 24.
- the character change table acquisition unit 21a decrypts the encrypted character change table TB with the telephone number (the incoming-displayed telephone number) input in accordance with the user's operation (step S213).
- the character change table acquisition unit 21a temporarily stores the decrypted character change table TB.
- the character change table TB can be used in the client terminal 20.
- the character change part 21b of the client terminal 20 changes the character of the bank name set as a detection object among the transfer destinations input into the transfer destination input screen with the decoded character change table TB (step S214). .
- the character changing unit 21 b displays the character “IVISI” as the detection target.
- the corresponding character “C @ 3 #” is changed according to the character change table TB02 shown in FIG.
- the character data transmission unit 21c detects the object after the character is changed by the character change unit 21b (here, the bank name “C @ 3 #”) and other transfer destinations (branch name, type, account number, recipient) , Money amount, etc.) is generated.
- the transfer destination data includes a request ID (here, “T002”) added to the character change table TB.
- the character data transmission unit 21c transmits the generated transfer destination data to the falsification detection device 10 (step S215).
- the character data receiving unit 11e of the falsification detection device 10 When receiving the transfer destination data from the client terminal 20 (step S121), the character data receiving unit 11e of the falsification detection device 10 extracts character data representing a detection target from the received transfer destination data.
- the character data receiving unit 11e extracts character data representing a bank name.
- the character change determining unit 11f determines whether or not the detection target character represented by the character data extracted by the character data receiving unit 11e has been changed to a preset character (step S122).
- the character change determination unit 11f extracts the table ID (here, “TB02”) from the record having the request ID (here, “T002”) included in the transfer destination data in the transaction data 12g. To do.
- the character change determination unit 11f extracts the character change table TB (here, the character change table TB02 shown in FIG. 5) corresponding to the extracted table ID (“TB02”) from the character change table data 12d.
- the character change determination unit 11f determines whether or not the character to be detected has been changed to a preset character. The character change determination unit 11f performs this determination based on whether or not the character to be detected is in (belongs to) the changed character represented by the character change table TB.
- the character to be detected is “C @ 3 #”, and each character belongs to a changed character.
- the character change determining unit 11f determines that the character to be detected has been changed to a preset character (step S122; YES).
- the falsification detection unit 11g detects that the transfer destination data (character data) has not been falsified.
- the character change determination unit 11f has not changed the detection target character to a preset character.
- the falsification detection unit 11g detects that the transfer destination data (character data) has been falsified, and transmits warning screen data representing a screen (warning screen) to notify that to the client terminal 20.
- the falsification detection unit 11g forcibly releases the log-in state of the client terminal 20 (logs out). Further, the falsification detection unit 11g deletes the record having the request ID included in the transfer destination data from the transaction data 12g. Thereafter, the falsification detection unit 11g returns to step S101 and enters a standby state until another login request is received.
- the detection result acquisition unit 21d of the client terminal 20 When the detection result acquisition unit 21d of the client terminal 20 receives the warning screen data from the falsification detection device 10, the detection result acquisition unit 21d displays the fact that the falsification has been made on the display unit 25 (step S216). Further, the detection result acquisition unit 21d of the client terminal 20 displays a bank top page screen (screen before the login process) on the display unit 25. In this case, the transfer destination data (bank name, branch name, account number, etc.) is likely to be falsified by Man in the Browser or Man in the Middle. It is necessary to take measures such as updating the 20 security software to the latest state. Further, since the client terminal 20 logs out after receiving the warning screen data, the user needs to make a login request again in order to use the Internet banking transfer service (return to step S201). ).
- the falsification detection unit 11g returns the character to be detected represented by the character data extracted by the character data reception unit 11e to the character before the change by the character change table TB used for falsification detection.
- the alteration detection unit 11g returns the character “C @ 3 #” to be detected to the character “IVISI” before the change by using the character change table TB02.
- the falsification detection unit 11g actually has a transfer destination composed of a detection target (bank name) returned to the character before the change and other transfer destinations (branch name, type, account number, payee, amount, etc.) Whether or not there is an error in the input of the transfer destination is determined on the basis of whether or not to do so.
- the falsification detection unit 11g determines whether or not the user information data 12c has a record that matches the type and account number included in the transfer destination. Further, when the bank name represents another bank, the falsification detection unit 11g inquires of the other bank server 60 about the type and account number included in the transfer destination via the dedicated network communication unit 15.
- the falsification detection unit 11g determines whether the input has reached a certain number of times (for example, 3 times) (step S125). If the falsification detection unit 11g determines that the predetermined number of times has not been reached (step S125; NO), it transmits the transfer destination input screen data to the client terminal 20 and requests re-input of the transfer destination (step S126). . In this case, only the input items (type, account number, etc.) with errors may be set as defaults.
- the detection result acquisition unit 21d of the client terminal 20 Upon receiving the transfer destination input screen data from the falsification detection device 10, the detection result acquisition unit 21d of the client terminal 20 displays the transfer destination input screen represented by the screen data on the display unit 25 (step S217). Similar to step S207, the user inputs necessary information for each item displayed on the display unit 25 via the input unit 24, and performs an operation of selecting a completion button displayed on the display unit 25. When the user performs an operation of selecting the completion button, the detection result acquisition unit 21d generates transfer destination data representing the input transfer destination, and transmits this to the falsification detection device 10 (step S218).
- the transfer destination data character data
- it is assumed that the process of changing the detection target character is not performed.
- the detection result acquisition unit 21d determines whether the falsification detection device 10 determines that there is no error in the input of the transfer destination or until the number of times that it is determined that there is an error in the input reaches a certain number of times. (Step S124; NO / Step S125; YES).
- step S125 When the tampering detection unit 11g of the tampering detection apparatus 10 determines that the number of times it is determined that there is an error in the input has reached a certain number (step S125; YES), a screen for notifying that the transfer destination is unknown (step S125). Transfer destination unknown notification data representing the transfer destination unknown screen is transmitted to the client terminal 20 (step S127). Thereafter, the falsification detection unit 11g forcibly releases the log-in state of the client terminal 20 (logs out). Further, the falsification detection unit 11g deletes the record having the request ID included in the transfer destination data from the transaction data 12g. Thereafter, the falsification detection unit 11g returns to step S101 and enters a standby state until another login request is received.
- the detection result acquisition unit 21d of the client terminal 20 Upon receiving the transfer destination unknown notification data from the falsification detection device 10, the detection result acquisition unit 21d of the client terminal 20 displays a transfer destination unknown screen on the display unit 25 (step S219). Further, the detection result acquisition unit 21d of the client terminal 20 displays a bank top page screen (screen before the login process) on the display unit 25. In this case, since the input transfer destination is incorrect, the user needs to confirm the correct transfer destination. Further, since the client terminal 20 logs out after receiving the transfer destination unknown notification data, the user needs to make a login request again in order to use the Internet banking transfer service (step S201). Back to).
- the falsification detection unit 11g of the falsification detection device 10 determines that there is no error in the input of the transfer destination (step S124; NO), that is, when the input transfer destination actually exists, the transfer processing is executed ( Step S128).
- the falsification detection unit 11g registers the transfer destination represented by the transfer destination data in the record having the request ID included in the transfer destination data in the transaction data 12g.
- the falsification detection unit 11g adds a bank name “Ibishi”, a branch name “Jinboucho”, a type “ordinary”, an account number “45567890”, a recipient “Jitsuyo Giro”, a record having the request ID “T002”. The amount “50,000 yen” is registered.
- the falsification detection unit 11g extracts the mobile phone number included in the record having the request ID included in the transfer destination data from the transaction data 12g.
- the falsification detection unit 11g extracts the mobile phone number “090-3456-7890” included in the record having the request ID “T002”.
- the falsification detection unit 11g extracts the name (requester) and the account information (account information of the requester) included in the record having the extracted mobile phone number from the user information data 12c.
- the falsification detection unit 11g extracts the names “Tokkyo Ichiro” and “Normal, 0000-123-3456789” included in the record having the mobile phone number “090-3456-7890”.
- the falsification detection unit 11g transfers the designated amount (here, “50,000 yen”) from the client (here “Ichiro Ichiro”) account to the recipient (here “Jizuo Giraud”) account. Perform the transfer process.
- the falsification detection unit 11g transmits transaction completion notification data representing a screen (transaction completion screen) for notifying that the transaction has been completed to the client terminal 20 after the transfer process (step S129). Thereafter, the falsification detection unit 11g forcibly releases the log-in state of the client terminal 20 (logs out). Thereafter, the falsification detection unit 11g returns to step S101 and enters a standby state until another login request is received.
- the detection result acquisition unit 21d of the client terminal 20 displays a transaction completion screen on the display unit 25 as shown in FIG. 19 (step S220). Thereby, the user can confirm that the transfer has been completed normally. Further, the detection result acquisition unit 21d of the client terminal 20 displays a bank top page screen (screen before the login process) on the display unit 25. Further, since the client terminal 20 logs out after receiving the transaction completion notification data, the user needs to make a login request again in order to use the Internet banking transfer service (in step S201). Return). As described above, a series of processing (the processing shown in (3) above) for detecting whether or not the transfer destination data is falsified by the falsification detection device 10 is completed.
- the falsification detection device 10 is changed to a preset character depending on whether or not the character to be detected represented by the character data in the transfer destination data belongs to the changed character in the character change table TB. It is determined whether or not.
- the falsification detection device 10 determines that the transfer destination data has been changed to a set character
- the falsification detection device 10 detects that the transfer destination data has not been falsified, and determines that the transfer has not been changed to the set character. Detect that the destination data has been tampered with.
- a branch name or an account number may be set as a detection target.
- the branch name is usually entered in katakana. Therefore, when the branch name is set as a detection target, the changed characters included in the character change table TB are composed of characters other than katakana (characters other than the type of input character) such as letters, numbers and symbols.
- the account number is entered as a number. Therefore, when the account number is set as a detection target, the change characters included in the character change table TB are characters other than numbers (characters other than the type of input character) such as katakana, English characters, symbols, and kanji characters. Composed.
- the input characters included in the character change table TB are not necessarily one type, and may be a plurality of types.
- the bank name may be entered in katakana or English characters.
- the input characters included in the character change table TB have katakana and English characters and a character code for identifying the characters.
- the change characters included in the character change table TB do not necessarily have to be plural types, and are composed of one type of character (for example, only a symbol) other than the type of input character and a character code for identifying the character. Also good.
- a plurality of detection targets may be set, such as a combination of a bank name and a branch name, or a combination of a bank name, a branch name, and an account number. Further, the number of detection targets may be fixed or variable. When the number of detection targets is variable, it is set by the falsification detection device 10 for each communication performed between the falsification detection device 10 and the client terminal 20.
- the number of characters and the character position can be set as appropriate for the detection target.
- the detection target may be set as “a bank name having two characters from the top”.
- the client terminal 20 changes the first two characters “A” in the bank name “IVISI” input according to the user's operation to “C @” using the character change table TB.
- the number of characters and the character position to be set may be fixed or variable.
- it sets by the alteration detection apparatus 10 for every communication performed between the alteration detection apparatus 10 and the client terminal 20. FIG.
- the tampering detection apparatus 10 may hash-convert the telephone number transmitted to the mobile phone 30 and encrypt the character change table TB using the telephone number after the hash conversion.
- the character change table supply unit 11d of the tampering detection apparatus 10 performs hash conversion on one telephone number selected from the transmission number data 12e, and encrypts the character change table TB with the telephone number after hash conversion.
- the character change table acquisition unit 21a of the client terminal 20 performs the hash conversion on the telephone number of the falsification detection device 10 that is received and displayed on the mobile phone 30, and the character change table encrypted by the telephone number after the hash conversion. Decode TB.
- the client terminal 20 is required to use a common hash function with the falsification detection device 10.
- the client terminal 20 may encrypt the transfer destination data and transmit the encrypted transfer destination data to the falsification detection device 10.
- the character data transmission unit 21c of the client terminal 20 encrypts the transfer destination data based on the telephone number of the falsification detection device 10 displayed on the mobile phone 30 and detects the falsification of the encrypted transfer destination data. Transmit to device 10.
- the character data reception unit 11e of the falsification detection device 10 receives the encrypted transfer destination data received from the client terminal 20 as the transfer destination data out of the telephone number (transaction data 12g of the transaction data 12g). Decoding based on the transmission number of the record having the added request ID. Thereby, the security of transfer destination data can be improved more.
- each transmission number may have a plurality of subaddresses.
- the number of transmission numbers can be substantially increased by the number of subaddresses, and even when the number of transmission numbers held by the falsification detection device 10 is small, the security of authentication by the transmission number can be improved. .
- the tampering detection apparatus 10 first receives character data representing a detection target, and determines whether or not the detection target character represented by the received character data has been changed to a preset character. Also good.
- the falsification detection device 10 may receive the transfer destination data from the client terminal 20 when it is determined that the character has been changed to a preset character.
- the client terminal 20 transmits character data representing the input information to the falsification detection device 10 every time corresponding information is input to the item displayed on the transfer destination input screen, and the transfer destination input screen is displayed.
- the falsification detection apparatus 10 may be made to sequentially determine whether or not the character data has been falsified.
- the tampering detection apparatus 10 detects whether or not the received character data has been tampered with each time it receives character data corresponding to the item displayed on the transfer destination input screen.
- the character change table supply unit 11d of the falsification detection device 10 encrypts the character change table TB and supplies the encrypted character change table TB to the client terminal 20, but the character change table TB is The character change table TB may be supplied to the client terminal 20 without being encrypted.
- the transfer destination transmission applet 12b is transmitted from the falsification detection device 10 to the client terminal 20 when requested by the client terminal 20 at the timing when the input of the transfer destination is completed in the client terminal 20.
- the transfer destination transmission applet 12b may be stored in the client terminal 20 before using the Internet banking transfer service (that is, before login).
- the transfer destination transmission applet 12b may not be supplied to the client terminal 20 via the Internet 40.
- a portable memory storing the transfer destination transmission applet may be provided to the user by a bank counter or by mail.
- the control unit 21 of the client terminal 20 reads and executes the transfer destination transmission applet from the portable memory, thereby executing a character change table acquisition unit 21a, a character change unit 21b, a character data transmission unit 21c, and a detection result acquisition unit 21d. Function as.
- the character change table TB may not be supplied to the client terminal 20 via the Internet 40.
- a portable memory storing the character change table TB or a paper medium on which the character change table TB is printed may be provided to the user by a bank window or mail.
- the falsification detection device 10 uses the change character corresponding to the character to be detected (for example, “C @ 3 #” corresponding to the bank name “ibishi”) input by the user referring to the character change table TB. Receive character data to represent. Then, the falsification detection device 10 determines whether or not the character represented by the received character data has been changed to a preset character, and detects whether or not the character data has been falsified according to the determination result. May be.
- the user has described an example in which the client terminal 20 and the mobile phone 30 are used.
- the client terminal 20 can be connected to both the Internet 40 and the telephone network 50, one user terminal is used.
- the client terminal 20 can also use the falsification detection system 1 (perform processing with the falsification detection apparatus 10).
- the alteration detection device may be implemented in other modes.
- the tampering detection device may detect the presence or absence of tampering with respect to data of a foreign language document in which the type of characters input by the user is specified, such as only English letters or only Kanji characters.
- the tampering detection apparatus 10 may be realized by a dedicated system or an ordinary computer system.
- the falsification detection device 10 is configured by storing and distributing a program for executing the above-described operation on a computer-readable recording medium, installing the program in a computer, and executing the above-described processing.
- the program may be stored in a disk device provided in a server device on a network such as the Internet so that it can be downloaded to a computer.
- the above functions may be realized by cooperation between the OS and application software. In this case, a part other than the OS may be stored and distributed in a medium, or a part other than the OS may be stored in a server device and downloaded to a computer.
- the present invention can be used to detect alteration of character data in which the type of input character is designated.
- Dedicated network communication unit 20, 20a, 20b ... Client terminal, 21 ... Control unit, 21a ... Character Change table acquisition unit, 21b ... Character change unit, 21c ... Character data transmission unit, 21d ... Detection result Acquisition unit, 22 ... storage unit, 23 ... Internet communication unit, 24 ... input unit, 25 ... display unit, 30, 30a, 30b ... mobile phone, 31 ... control unit, 32 ... storage unit, 33 ... telephone network communication unit, 34 ... Input unit, 35 ... Display unit, 40 ... Internet, 50 ... Telephone network, 60 ... Other server, 70 ... Dedicated network, TB, TB01, TB02, TB03, TB04 ... Character change table
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Telephone Function (AREA)
Abstract
Description
検知対象を表す文字データを受信する文字データ受信手段と、
前記文字データ受信手段によって受信された前記文字データにより表される検知対象の文字が、予め設定された文字に変更されているか否かを判別する文字変更判別手段と、
前記文字変更判別手段によって、前記設定された文字に変更されていると判別された場合に前記文字データが改ざんされていないことを検知し、前記設定された文字に変更されていないと判別された場合に前記文字データが改ざんされていることを検知する改ざん検知手段と、
を備える。 In order to achieve the above object, an alteration detection device according to the first aspect of the present invention provides:
Character data receiving means for receiving character data representing a detection target;
Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character;
When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character. Tamper detection means for detecting that the character data has been tampered with,
Is provided.
前記検知対象の文字を変更するための文字変更テーブルを記憶する文字変更テーブル記憶手段と、
クライアント端末からの要求に従って、前記文字変更テーブル記憶手段に記憶された前記文字変更テーブルを前記クライアント端末に供給し、当該文字変更テーブルによって前記検知対象の文字を変更する処理を前記クライアント端末に行わせる文字変更テーブル供給手段と、をさらに備えてもよい。 The tamper detection device
Character change table storage means for storing a character change table for changing the character to be detected;
In response to a request from the client terminal, the character change table stored in the character change table storage means is supplied to the client terminal, and the client terminal is caused to perform processing for changing the character to be detected by the character change table. And a character change table supply unit.
コンピュータを、前記検知対象の文字を変更する文字変更部、前記文字変更部によって前記文字が変更された後の検知対象を表す文字データを前記改ざん検知装置に送信する文字データ送信部、として機能させるアプレットを記憶するアプレット記憶手段と、
クライアント端末からの要求に従って、前記アプレット記憶手段に記憶された前記アプレットを前記クライアント端末に送信し、前記クライアント端末に前記アプレットを実行させるアプレット送信手段と、をさらに備えてもよい。 Furthermore, the falsification detection device
Causing the computer to function as a character changing unit that changes the character to be detected, and a character data transmitting unit that transmits character data representing the detection target after the character has been changed by the character changing unit to the tampering detection device. Applet storage means for storing applets;
Applet transmission means for transmitting the applet stored in the applet storage means to the client terminal according to a request from the client terminal and causing the client terminal to execute the applet may be further provided.
クライアント端末と、前記クライアント端末から送信されたデータについて改ざんの有無を検知する改ざん検知装置とを備えた改ざん検知システムであって、
前記クライアント端末は、
ユーザの操作に従って入力された検知対象の文字を変更する文字変更手段と、
前記文字変更手段によって前記文字が変更された後の検知対象を表す文字データを前記改ざん検知装置に送信する文字データ送信手段と、を備え、
前記改ざん検知装置は、
前記クライアント端末から前記文字データを受信する文字データ受信手段と、
前記文字データ受信手段によって受信された前記文字データにより表される検知対象の文字が、予め設定された文字に変更されているか否かを判別する文字変更判別手段と、
前記文字変更判別手段によって、前記設定された文字に変更されていると判別された場合に前記文字データが改ざんされていないことを検知し、前記設定された文字に変更されていないと判別された場合に前記文字データが改ざんされていることを検知する改ざん検知手段と、を備える。 In addition, the falsification detection system according to the second aspect of the present invention is:
A falsification detection system comprising a client terminal and a falsification detection device that detects the presence or absence of falsification of data transmitted from the client terminal,
The client terminal is
A character changing means for changing a detection target character input in accordance with a user operation;
Character data transmission means for transmitting character data representing a detection target after the character has been changed by the character change means to the falsification detection device,
The tampering detection device includes:
Character data receiving means for receiving the character data from the client terminal;
Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character;
When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character. A tampering detection means for detecting that the character data has been tampered with.
前記検知対象の文字を変更するための文字変更テーブルを前記改ざん検知装置に要求し、前記文字変更テーブルを前記改ざん検知装置から取得する文字変更テーブル取得手段をさらに備え、
前記改ざん検知装置は、
前記文字変更テーブルを記憶する文字変更テーブル記憶手段と、
前記クライアント端末からの要求に従って、前記文字変更テーブル記憶手段に記憶された前記文字変更テーブルを前記クライアント端末に供給し、当該文字変更テーブルによって前記検知対象の文字を変更する処理を前記クライアント端末に行わせる文字変更テーブル供給手段と、をさらに備えてもよい。 The client terminal is
Further comprising character change table acquisition means for requesting the alteration detection device for a character change table for changing the character to be detected, and acquiring the character change table from the alteration detection device;
The tampering detection device includes:
Character change table storage means for storing the character change table;
In accordance with a request from the client terminal, the character change table stored in the character change table storage means is supplied to the client terminal, and processing for changing the character to be detected by the character change table is performed on the client terminal. And a character change table supply means.
前記クライアント端末に備えられた前記文字変更テーブル取得手段は、前記携帯電話に着信表示された電話番号に基づいて前記暗号化された文字変更テーブルを復号化してもよい。 The character change table supply means provided in the falsification detection device selects one phone number from a list of a plurality of phone numbers to be prepared in advance and supplies the selected character number to the client terminal. Is encrypted based on the selected telephone number, the encrypted character change table is supplied to the client terminal, and a telephone call is made to the user's mobile phone using the client terminal by the selected telephone number,
The character change table acquisition means provided in the client terminal may decrypt the encrypted character change table based on a telephone number displayed on the mobile phone as an incoming call.
コンピュータを、前記文字変更テーブル取得手段、前記文字変更手段及び前記文字データ送信手段として機能させるアプレットを記憶するアプレット記憶手段と、
前記クライアント端末からの要求に従って、前記アプレット記憶手段に記憶された前記アプレットを前記クライアント端末に送信するアプレット送信手段と、をさらに備え、
前記クライアント端末は、
前記改ざん検知装置に前記アプレットを要求し、前記改ざん検知装置から前記アプレットを受信するアプレット受信手段と、
前記アプレット受信手段によって受信された前記アプレットを実行するアプレット実行手段と、をさらに備え、
前記文字変更テーブル取得手段、前記文字変更手段及び前記文字データ送信手段は、前記アプレット実行手段によって前記アプレットが実行されることにより機能してもよい。 The tampering detection device includes:
Applet storage means for storing an applet that causes the computer to function as the character change table acquisition means, the character change means, and the character data transmission means;
Applet transmission means for transmitting the applet stored in the applet storage means to the client terminal in accordance with a request from the client terminal;
The client terminal is
Applet receiving means for requesting the applet from the tamper detection device and receiving the applet from the tamper detection device;
Applet executing means for executing the applet received by the applet receiving means;
The character change table acquisition unit, the character change unit, and the character data transmission unit may function when the applet is executed by the applet execution unit.
文字データ受信部が、検知対象を表す文字データを受信する文字データ受信ステップと、
文字変更判別部が、前記文字データ受信ステップによって受信された前記文字データにより表される検知対象の文字が、予め設定された文字に変更されているか否かを判別する文字変更判別ステップと、
改ざん検知部が、前記文字変更判別ステップによって、前記設定された文字に変更されていると判別された場合に前記文字データが改ざんされていないことを検知し、前記設定された文字に変更されていないと判別された場合に前記文字データが改ざんされていることを検知する改ざん検知ステップと、
を有する。 In addition, the falsification detection method according to the third aspect of the present invention includes:
A character data receiving step in which the character data receiving unit receives character data representing a detection target; and
A character change determining unit that determines whether or not the character to be detected represented by the character data received by the character data receiving step has been changed to a preset character;
The tampering detection unit detects that the character data has not been tampered with when the character change determining step determines that the character has been changed to the set character, and has changed the character to the set character. A tampering detection step for detecting that the character data has been tampered with when it is determined that
Have
コンピュータを、
検知対象を表す文字データを受信する文字データ受信手段、
前記文字データ受信手段によって受信された前記文字データにより表される検知対象の文字が、予め設定された文字に変更されているか否かを判別する文字変更判別手段、
前記文字変更判別手段によって、前記設定された文字に変更されていると判別された場合に前記文字データが改ざんされていないことを検知し、前記設定された文字に変更されていないと判別された場合に前記文字データが改ざんされていることを検知する改ざん検知手段、
として機能させる。 A program according to the fourth aspect of the present invention is:
Computer
Character data receiving means for receiving character data representing a detection target;
Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character;
When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character. A tamper detection means for detecting that the character data has been tampered with,
To function as.
改ざん検知装置10は、制御部11と、記憶部12と、インターネット通信部13と、電話網通信部14と、専用網通信部15とを備える。 Next, the configuration of the
The tampering
(1)クライアント端末20のユーザを認証する処理
(2)ログイン認証に成功したクライアント端末20に文字変更テーブルTBを供給する処理
(3)改ざん検知装置10で振込先データの改ざんの有無を検知する処理 The
(1) Processing for authenticating the user of the client terminal 20 (2) Processing for supplying the character change table TB to the
以上によって、クライアント端末20のユーザを認証する一連の処理(上記(1)に示した処理)が終了する。 On the other hand, the telephone
Thus, a series of processes for authenticating the user of the client terminal 20 (the process shown in (1) above) is completed.
以上によって、ログイン認証に成功したクライアント端末20に文字変更テーブルTBを供給する一連の処理(上記(2)に示した処理)が終了する。 The character change
Thus, a series of processes (the process shown in (2) above) for supplying the character change table TB to the
また、クライアント端末20の検知結果取得部21dは、表示部25に銀行のトップページ画面(ログイン処理を行う前の画面)を表示する。また、クライアント端末20は、取引完了通知データを受信した後は、ログアウトとなるため、ユーザが、再度、インターネットバンキングの振り込みサービスを利用するためには、ログイン要求を行う必要がある(ステップS201に戻る)。
以上によって、改ざん検知装置10で振込先データの改ざんの有無を検知する一連の処理(上記(3)に示した処理)が終了する。 When receiving the transaction completion notification data from the
Further, the detection
As described above, a series of processing (the processing shown in (3) above) for detecting whether or not the transfer destination data is falsified by the
Claims (11)
- 検知対象を表す文字データを受信する文字データ受信手段と、
前記文字データ受信手段によって受信された前記文字データにより表される検知対象の文字が、予め設定された文字に変更されているか否かを判別する文字変更判別手段と、
前記文字変更判別手段によって、前記設定された文字に変更されていると判別された場合に前記文字データが改ざんされていないことを検知し、前記設定された文字に変更されていないと判別された場合に前記文字データが改ざんされていることを検知する改ざん検知手段と、
を備える改ざん検知装置。 Character data receiving means for receiving character data representing a detection target;
Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character;
When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character. Tamper detection means for detecting that the character data has been tampered with,
A tamper detection device comprising: - 前記検知対象の文字を変更するための文字変更テーブルを記憶する文字変更テーブル記憶手段と、
クライアント端末からの要求に従って、前記文字変更テーブル記憶手段に記憶された前記文字変更テーブルを前記クライアント端末に供給し、当該文字変更テーブルによって前記検知対象の文字を変更する処理を前記クライアント端末に行わせる文字変更テーブル供給手段と、をさらに備える、
請求項1に記載の改ざん検知装置。 Character change table storage means for storing a character change table for changing the character to be detected;
In response to a request from the client terminal, the character change table stored in the character change table storage means is supplied to the client terminal, and the client terminal is caused to perform processing for changing the character to be detected by the character change table. A character change table supply means;
The tampering detection apparatus according to claim 1. - 前記文字変更テーブル供給手段は、予め用意された発信元となる複数の電話番号のリストの中から一の電話番号を選択し、前記クライアント端末に供給する文字変更テーブルを前記選択した電話番号を基に暗号化し、暗号化した前記文字変更テーブルを前記クライアント端末に供給し、前記クライアント端末を使用するユーザの携帯電話に前記選択した電話番号により電話発信し、前記携帯電話に着信表示された電話番号に基づいて前記暗号化された文字変更テーブルを復号化する処理を前記クライアント端末に行わせる、
請求項2に記載の改ざん検知装置。 The character change table supply means selects one telephone number from a list of a plurality of telephone numbers that are prepared in advance, and sets a character change table to be supplied to the client terminal based on the selected telephone number. And the encrypted character change table is supplied to the client terminal, the telephone number selected by the selected telephone number is transmitted to the user's mobile phone using the client terminal, and the telephone number displayed on the mobile phone is displayed. The client terminal to perform a process of decrypting the encrypted character change table based on
The tampering detection apparatus according to claim 2. - 前記文字変更判別手段は、前記文字データにより表される検知対象の文字が、前記文字変更テーブルによって変更される文字に属する場合に前記設定された文字に変更されていると判別し、前記文字変更テーブルによって変更される文字に属さない場合に前記設定された文字に変更されていないと判別する、
請求項2または3に記載の改ざん検知装置。 The character change determining means determines that the character to be detected represented by the character data has been changed to the set character when belonging to the character changed by the character change table, and the character change When it does not belong to the character changed by the table, it is determined that the character has not been changed to the set character.
The tampering detection apparatus according to claim 2 or 3. - コンピュータを、前記検知対象の文字を変更する文字変更部、前記文字変更部によって前記文字が変更された後の検知対象を表す文字データを前記改ざん検知装置に送信する文字データ送信部、として機能させるアプレットを記憶するアプレット記憶手段と、
クライアント端末からの要求に従って、前記アプレット記憶手段に記憶された前記アプレットを前記クライアント端末に送信し、前記クライアント端末に前記アプレットを実行させるアプレット送信手段と、をさらに備える、
請求項1から4の何れか1項に記載の改ざん検知装置。 Causing the computer to function as a character changing unit that changes the character to be detected, and a character data transmitting unit that transmits character data representing the detection target after the character has been changed by the character changing unit to the tampering detection device. Applet storage means for storing applets;
Applet transmission means for transmitting the applet stored in the applet storage means to the client terminal in accordance with a request from the client terminal, and causing the client terminal to execute the applet.
The falsification detection device according to any one of claims 1 to 4. - クライアント端末と、前記クライアント端末から送信されたデータについて改ざんの有無を検知する改ざん検知装置とを備えた改ざん検知システムであって、
前記クライアント端末は、
ユーザの操作に従って入力された検知対象の文字を変更する文字変更手段と、
前記文字変更手段によって前記文字が変更された後の検知対象を表す文字データを前記改ざん検知装置に送信する文字データ送信手段と、を備え、
前記改ざん検知装置は、
前記クライアント端末から前記文字データを受信する文字データ受信手段と、
前記文字データ受信手段によって受信された前記文字データにより表される検知対象の文字が、予め設定された文字に変更されているか否かを判別する文字変更判別手段と、
前記文字変更判別手段によって、前記設定された文字に変更されていると判別された場合に前記文字データが改ざんされていないことを検知し、前記設定された文字に変更されていないと判別された場合に前記文字データが改ざんされていることを検知する改ざん検知手段と、を備える、
改ざん検知システム。 A falsification detection system comprising a client terminal and a falsification detection device that detects the presence or absence of falsification of data transmitted from the client terminal,
The client terminal is
A character changing means for changing a detection target character input in accordance with a user operation;
Character data transmission means for transmitting character data representing a detection target after the character has been changed by the character change means to the falsification detection device,
The tampering detection device includes:
Character data receiving means for receiving the character data from the client terminal;
Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character;
When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character. A tamper detection means for detecting that the character data has been tampered with,
Tamper detection system. - 前記クライアント端末は、
前記検知対象の文字を変更するための文字変更テーブルを前記改ざん検知装置に要求し、前記文字変更テーブルを前記改ざん検知装置から取得する文字変更テーブル取得手段をさらに備え、
前記改ざん検知装置は、
前記文字変更テーブルを記憶する文字変更テーブル記憶手段と、
前記クライアント端末からの要求に従って、前記文字変更テーブル記憶手段に記憶された前記文字変更テーブルを前記クライアント端末に供給し、当該文字変更テーブルによって前記検知対象の文字を変更する処理を前記クライアント端末に行わせる文字変更テーブル供給手段と、をさらに備える、
ことを特徴とする請求項6に記載の改ざん検知システム。 The client terminal is
Further comprising character change table acquisition means for requesting the alteration detection device for a character change table for changing the character to be detected, and acquiring the character change table from the alteration detection device;
The tampering detection device includes:
Character change table storage means for storing the character change table;
In accordance with a request from the client terminal, the character change table stored in the character change table storage means is supplied to the client terminal, and processing for changing the character to be detected by the character change table is performed on the client terminal. And a character change table supply means for
The falsification detection system according to claim 6 characterized by things. - 前記改ざん検知装置に備えられた前記文字変更テーブル供給手段は、予め用意された発信元となる複数の電話番号のリストの中から一の電話番号を選択し、前記クライアント端末に供給する文字変更テーブルを前記選択した電話番号を基に暗号化し、暗号化した前記文字変更テーブルを前記クライアント端末に供給し、前記クライアント端末を使用するユーザの携帯電話に前記選択した電話番号により電話発信し、
前記クライアント端末に備えられた前記文字変更テーブル取得手段は、前記携帯電話に着信表示された電話番号に基づいて前記暗号化された文字変更テーブルを復号化する、
請求項7に記載の改ざん検知システム。 The character change table supply means provided in the falsification detection device selects one phone number from a list of a plurality of phone numbers to be prepared in advance and supplies the selected character number to the client terminal. Is encrypted based on the selected telephone number, the encrypted character change table is supplied to the client terminal, and a telephone call is made to the user's mobile phone using the client terminal by the selected telephone number,
The character change table acquisition means provided in the client terminal decrypts the encrypted character change table based on a telephone number displayed as an incoming call on the mobile phone.
The falsification detection system according to claim 7. - 前記改ざん検知装置は、
コンピュータを、前記文字変更テーブル取得手段、前記文字変更手段及び前記文字データ送信手段として機能させるアプレットを記憶するアプレット記憶手段と、
前記クライアント端末からの要求に従って、前記アプレット記憶手段に記憶された前記アプレットを前記クライアント端末に送信するアプレット送信手段と、をさらに備え、
前記クライアント端末は、
前記改ざん検知装置に前記アプレットを要求し、前記改ざん検知装置から前記アプレットを受信するアプレット受信手段と、
前記アプレット受信手段によって受信された前記アプレットを実行するアプレット実行手段と、をさらに備え、
前記文字変更テーブル取得手段、前記文字変更手段及び前記文字データ送信手段は、前記アプレット実行手段によって前記アプレットが実行されることにより機能する、
請求項7または8に記載の改ざん検知システム。 The tampering detection device includes:
Applet storage means for storing an applet that causes the computer to function as the character change table acquisition means, the character change means, and the character data transmission means;
Applet transmission means for transmitting the applet stored in the applet storage means to the client terminal in accordance with a request from the client terminal;
The client terminal is
Applet receiving means for requesting the applet from the tamper detection device and receiving the applet from the tamper detection device;
Applet executing means for executing the applet received by the applet receiving means;
The character change table acquisition means, the character change means, and the character data transmission means function when the applet is executed by the applet execution means.
The falsification detection system according to claim 7 or 8. - 文字データ受信部が、検知対象を表す文字データを受信する文字データ受信ステップと、
文字変更判別部が、前記文字データ受信ステップによって受信された前記文字データにより表される検知対象の文字が、予め設定された文字に変更されているか否かを判別する文字変更判別ステップと、
改ざん検知部が、前記文字変更判別ステップによって、前記設定された文字に変更されていると判別された場合に前記文字データが改ざんされていないことを検知し、前記設定された文字に変更されていないと判別された場合に前記文字データが改ざんされていることを検知する改ざん検知ステップと、
を有する改ざん検知方法。 A character data receiving step in which the character data receiving unit receives character data representing a detection target; and
A character change determining unit that determines whether or not the character to be detected represented by the character data received by the character data receiving step has been changed to a preset character;
The tampering detection unit detects that the character data has not been tampered with when the character change determining step determines that the character has been changed to the set character, and has changed the character to the set character. A tampering detection step for detecting that the character data has been tampered with when it is determined that
A tamper detection method comprising: - コンピュータを、
検知対象を表す文字データを受信する文字データ受信手段、
前記文字データ受信手段によって受信された前記文字データにより表される検知対象の文字が、予め設定された文字に変更されているか否かを判別する文字変更判別手段、
前記文字変更判別手段によって、前記設定された文字に変更されていると判別された場合に前記文字データが改ざんされていないことを検知し、前記設定された文字に変更されていないと判別された場合に前記文字データが改ざんされていることを検知する改ざん検知手段、
として機能させるプログラム。 Computer
Character data receiving means for receiving character data representing a detection target;
Character change determination means for determining whether or not the character to be detected represented by the character data received by the character data reception means has been changed to a preset character;
When it is determined by the character change determining means that the character has been changed to the set character, it is detected that the character data has not been tampered with, and it has been determined that the character has not been changed to the set character. A tamper detection means for detecting that the character data has been tampered with,
Program to function as.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2016564501A JPWO2016098191A1 (en) | 2014-12-17 | 2014-12-17 | Tamper detection device, tamper detection system, tamper detection method and program |
PCT/JP2014/083382 WO2016098191A1 (en) | 2014-12-17 | 2014-12-17 | Tampering sensing device, tampering sensing system, tampering sensing method, and program |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2014/083382 WO2016098191A1 (en) | 2014-12-17 | 2014-12-17 | Tampering sensing device, tampering sensing system, tampering sensing method, and program |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016098191A1 true WO2016098191A1 (en) | 2016-06-23 |
Family
ID=56126114
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2014/083382 WO2016098191A1 (en) | 2014-12-17 | 2014-12-17 | Tampering sensing device, tampering sensing system, tampering sensing method, and program |
Country Status (2)
Country | Link |
---|---|
JP (1) | JPWO2016098191A1 (en) |
WO (1) | WO2016098191A1 (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000056681A (en) * | 1998-08-07 | 2000-02-25 | Casio Comput Co Ltd | Digital data recorder with security information |
JP2000124889A (en) * | 1998-10-16 | 2000-04-28 | Ntt Data Corp | Method and system for cryptographic communication and recording medium |
JP2004005117A (en) * | 2002-05-31 | 2004-01-08 | Kawasaki Steel Systems R & D Corp | Transaction message accumulation method and verification method for electronic commerce |
JP2007213305A (en) * | 2006-02-09 | 2007-08-23 | Nomura Research Institute Ltd | Settlement processor, settlement processing method and program |
JP2010015559A (en) * | 2008-06-24 | 2010-01-21 | Ricoh Co Ltd | Method for printing locking print data using authentication of user and print data |
JP2011204169A (en) * | 2010-03-26 | 2011-10-13 | Nomura Research Institute Ltd | Authentication system, authentication device, authentication method and authentication program |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3989577B2 (en) * | 1996-10-22 | 2007-10-10 | 株式会社野村総合研究所 | Digital document marking device and mark recognition device |
JP2003050932A (en) * | 2001-08-06 | 2003-02-21 | Fuji Bolt Seisakusho:Kk | Method and device for communication data relaying, and method and device for substitutional purchase by relaying of communication data |
JP2007272539A (en) * | 2006-03-31 | 2007-10-18 | Ns Solutions Corp | Security device and application server system |
-
2014
- 2014-12-17 WO PCT/JP2014/083382 patent/WO2016098191A1/en active Application Filing
- 2014-12-17 JP JP2016564501A patent/JPWO2016098191A1/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000056681A (en) * | 1998-08-07 | 2000-02-25 | Casio Comput Co Ltd | Digital data recorder with security information |
JP2000124889A (en) * | 1998-10-16 | 2000-04-28 | Ntt Data Corp | Method and system for cryptographic communication and recording medium |
JP2004005117A (en) * | 2002-05-31 | 2004-01-08 | Kawasaki Steel Systems R & D Corp | Transaction message accumulation method and verification method for electronic commerce |
JP2007213305A (en) * | 2006-02-09 | 2007-08-23 | Nomura Research Institute Ltd | Settlement processor, settlement processing method and program |
JP2010015559A (en) * | 2008-06-24 | 2010-01-21 | Ricoh Co Ltd | Method for printing locking print data using authentication of user and print data |
JP2011204169A (en) * | 2010-03-26 | 2011-10-13 | Nomura Research Institute Ltd | Authentication system, authentication device, authentication method and authentication program |
Non-Patent Citations (1)
Title |
---|
SHOJI SAKURAI: "Input Method of Sensitive Information Online", IPSJ SIG NOTES HEISEI 21 NENDO ?6?, 6 May 2010 (2010-05-06), pages 1 - 6 * |
Also Published As
Publication number | Publication date |
---|---|
JPWO2016098191A1 (en) | 2017-09-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20230245092A1 (en) | Terminal for conducting electronic transactions | |
USRE46158E1 (en) | Methods and systems to detect attacks on internet transactions | |
US8286227B1 (en) | Enhanced multi-factor authentication | |
CA2926128C (en) | Authorization of server operations | |
WO2014040479A1 (en) | User identity authenticating method and device for preventing malicious harassment | |
US20100257359A1 (en) | Method of and apparatus for protecting private data entry within secure web sessions | |
KR20190111006A (en) | Authentication server, authentication system and method | |
US11805090B1 (en) | Method, apparatus, and system for securing electronic messages | |
JP6307610B2 (en) | Data falsification detection device, data falsification detection method, and program | |
JP7079528B2 (en) | Service provision system and service provision method | |
JP6325654B2 (en) | Network service providing apparatus, network service providing method, and program | |
WO2015186195A1 (en) | Transaction system | |
WO2016098191A1 (en) | Tampering sensing device, tampering sensing system, tampering sensing method, and program | |
JP2008003754A (en) | Authentication system, authentication method, and authentication program | |
JP5770354B1 (en) | Server system and request execution control method | |
JP6578659B2 (en) | Transaction system and transaction method | |
KR101595340B1 (en) | Security device | |
JP2021093063A (en) | Information processing device, authentication system, information processing method, and authentication method | |
KR20140047058A (en) | Digital certificate system for cloud-computing environment and providing method thereof | |
KR20150102652A (en) | Authentication method using in-house e-mail for in-house bulletin board service | |
JP4717356B2 (en) | Information processing device, information processing method using the same, and information processing program | |
JP2022098775A (en) | Remittance system, remittance method, and program | |
JP2019096090A (en) | Information processing device, information processing method, and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 14908401 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2016564501 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 05/10/2017) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 14908401 Country of ref document: EP Kind code of ref document: A1 |