JP2011118631A - Authentication server, authentication method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a high-security authentication system. <P>SOLUTION: An authentication device includes: a password symbol string generation unit for generating a password symbol string including a plurality of symbols, based on user identification information; a software key generation unit for generating software key information for laying out, in an arbitrary position, the plurality of symbols included in the password symbol string and one or more symbols not included in the password symbol string; a software key transmission unit for transmitting the software key information to a user terminal when a request for software key is acquired from the user terminal; a selected symbol string acquisition unit for acquiring from the user terminal a selected symbol string selected by a user through a software key displayed on the user terminal based on the software key information; and an authentication unit for authenticating the user based on a result of comparison between the password symbol string and the selected symbol string. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an authentication server, an authentication method, and a program.

  A system that uses a one-time password is known (see, for example, Patent Document 1).

JP 2002-149600 A

  In some cases, it is possible to easily steal a password by installing spyware that captures the key input in a terminal where the password is input. By stealing and analyzing many one-time passwords, the generation logic for one-time passwords can sometimes be analyzed.

  In order to solve the above-described problem, in one aspect of the present invention, an authentication apparatus, a password symbol string generation unit that generates a password symbol string including a plurality of symbols based on user identification information, and a password symbol When a software key generation unit that generates software key information for laying out a plurality of symbols included in a column and one or more symbols not included in a password symbol sequence at an arbitrary position, and a software key request from a user terminal, A software key transmission unit that transmits software key information to the user terminal, and a selection symbol string acquisition unit that acquires a selection symbol string selected by the user through the software key displayed on the user terminal based on the software key information from the user terminal And the comparison result between the password symbol string and the selection symbol string, And an authentication unit to authenticate over The.

  You may further provide the password transmission part which transmits a password symbol string to the portable terminal different from the user terminal which a user owns. The password transmission unit may transmit a password symbol string to the mobile terminal when a password request is acquired from the mobile terminal.

  The password symbol string generation unit generates a first symbol string that is a symbol string as a password for the user by the same logic as that executed inside the portable terminal to generate a symbol string as a password for the user. A second symbol string generation unit that generates a second symbol string that is a symbol string as a password for a user by logic different from the logic of the first symbol string generation unit, and the first symbol string generation unit; A password generation unit that generates at least one of the second symbol strings as a password symbol string may be included. When the password generation unit can communicate with the mobile terminal, the password generation unit may generate a symbol string including at least the second symbol string as the password symbol string. The password generation unit may generate the first symbol string as a password symbol string when communication with the portable terminal is not possible.

  If the password request is acquired from the mobile terminal before acquiring the software key request from the user terminal, the password generation unit generates the second symbol string as the password symbol string, and the password transmission unit generates the password generation unit. The password symbol string may be transmitted to the mobile terminal. The software key generation unit generates software key information from the password symbol string transmitted by the password transmission unit, and when the software key transmission unit acquires the software key request from the user terminal after acquiring the password request from the mobile terminal, The software key information generated from the password symbol string transmitted by the password transmission unit may be transmitted to the user terminal.

  When the software key request is acquired from the user terminal before acquiring the password request from the portable terminal, the password generation unit generates a password symbol string including the first symbol string and the second symbol string, and the software key generation unit The software key information is generated from the password symbol string including the first symbol string and the second symbol string generated by the password generation unit, and the software key transmission unit is the password including the first symbol string and the second symbol string Software key information generated from the symbol string may be transmitted to the user terminal. When the password request is acquired from the mobile terminal after acquiring the software key request from the user terminal, the password transmission unit may transmit the second symbol string as the password symbol string to the mobile terminal. When the selection symbol string is acquired from the user terminal after acquiring the password request from the portable terminal, the authentication unit may authenticate the user based on the comparison result between the selection symbol string and the second symbol string. When the selection symbol string is acquired from the user terminal without acquiring the password request from the portable terminal, the authentication unit may authenticate the user based on the comparison result between the selection symbol string and the first symbol string.

  When the password request is acquired from the mobile terminal before acquiring the software key request from the user terminal, the password generation unit generates a symbol string including at least the second symbol string as a password symbol string, and the password transmission unit includes: The second symbol string may be transmitted to the mobile terminal as a password symbol string, and the authentication unit may authenticate the user based on a comparison result between the selected symbol string and the second symbol string. It further includes an authentication determination unit that determines whether or not to authenticate a user based on a password symbol string generated by logic executed inside the mobile terminal, and the password generation unit is generated by logic executed inside the mobile terminal When the authentication determination unit determines that the user is authenticated based on the password symbol string, the symbol string including at least the first symbol string may be generated as the password symbol string. The authentication determining unit determines whether or not to authenticate the user based on a password symbol string generated by a logic executed inside the mobile terminal, based on an authentication history including at least one of an authentication frequency and an authentication error history for the user. You can do it.

  The above summary of the invention does not enumerate all necessary features of the present invention. In addition, a sub-combination of these feature groups can also be an invention.

It is a figure which shows an example of the utilization environment of the authentication system 10 which concerns on one Embodiment. 2 is a diagram illustrating an example of a block configuration of an authentication server 100. FIG. It is a figure which shows the example of a transition of the display screen by the mobile telephone. It is a figure which shows the example of a transition of the display screen by PC120. It is a figure which shows an example of the information which the setting information storage part 272 has memorize | stored. It is a figure which shows an example of the information which the setting information storage part 272 has memorize | stored. It is a figure which shows an example of the symbol string integrated in a software key, and the symbol string used for authentication.

  Hereinafter, the present invention will be described through embodiments of the invention, but the following embodiments do not limit the invention according to the claims. In addition, not all the combinations of features described in the embodiments are essential for the solving means of the invention.

  FIG. 1 shows an example of a usage environment of an authentication system 10 according to an embodiment. In the authentication system 10, the user 190 uses the mobile phone 110 and the PC 120 owned by the user 190 from the outside of the user 190, such as at home, through the communication line 180 including the Internet network 182 and the mobile phone communication network 184. The in-house server 105 in 20 is accessed.

  The mobile phone 110 can access the authentication server 100 through the mobile phone communication network 184. The authentication server 100 stores in advance the device ID of the mobile phone 110 that permits access to the in-house server 105. When the mobile phone 110 transmits the device ID to the authentication server 100, the authentication server 100 has an intra access menu for accessing the in-house server 105 when the received device ID is included in the device ID stored in advance. Is transmitted to the mobile phone 110. Thereafter, the mobile phone 110 can communicate with the in-house server 105 via the authentication server 100.

  The in-house server 105 includes servers such as a mail server, a workflow server, and a file server. The mobile phone 110 requests data provided by the in-house server 105 from the authentication server 100 in response to an operation from the user 190. The authentication server 100 transmits the data provided by the in-house server 105 to the mobile phone 110 in response to a request from the mobile phone 110. Thereby, the user 190 can receive and browse data from the in-house server 105 using the mobile phone 110. Thus, the authentication server 100 may have a function of a data gateway as well as a function of the user 190 as an authentication server.

  When the user 190 desires to update or add data handled by the in-house server 105, the user 190 uses the PC 120, which is a personal computer owned by the user 190, through the in-house system 182 via the Internet network 182. Log in to 20.

  First, the user 190 accesses the authentication server 100 using the mobile phone 110 and issues a one-time password. The mobile phone 110 requests issuance of a one-time password together with the device ID. The authentication server 100 generates a one-time password based on the device ID and transmits it to the mobile phone 110. The mobile phone 110 displays the one-time password received from the authentication server 100 (screen example A). The one-time password may be a symbol string. The symbol string may be an image such as an icon, and the mobile phone 110 can display a one-time password on the screen as an image.

  When the PC 120 transmits user identification information input from the user 190 to the authentication server 100, the authentication server 100 transmits a software key for selecting a one-time password to the PC 120. The PC 120 displays the software key received from the authentication server 100 (screen example B). As an example of user identification information, an account and a password used when logging into the in-house system 20 can be exemplified. The user identification information may be stored in the memory device 130 that is lent to the user 190. The PC 120 may read the user identification information stored in the memory device 130 from the memory device 130 and transmit it to the mobile phone 110.

  The software key provided to the PC 120 includes the same symbol as that included in the one-time password transmitted to the mobile phone 110. The user 190 selects a symbol that matches the one-time password displayed on the mobile phone 110 from a software key displayed on the PC 120 by operating a selection device such as a mouse. At this time, the PC 120 determines which position on the software key is selected based on the operation signal from the selection device.

  Symbol selection by the user 190 may be made for one software key displayed on one screen on the PC 120, and for a plurality of software keys displayed on a plurality of screens sequentially displayed on the PC 120. May be done. For example, the user 190 is made to select the same symbol as the symbol included in the first one-time password transmitted to the mobile phone 110 from the first software key in the first screen, and the symbol is selected from the first software key. After that, the user 190 is made to select the symbol included in the second one-time password transmitted to the mobile phone 110 from the second software key in the second screen displayed instead of the first screen. Good. Note that the first one-time password and the second one-time password may be one-time passwords transmitted separately to the mobile phone 110. In addition, the first one-time password is a first partial symbol string in the one-time password transmitted to the mobile phone 110, and the second one-time password is a second partial symbol string in the one-time password. It may be.

  In addition, the user 190 may be made to select the same symbol from software keys on a plurality of screens. That is, after the first software key in the first screen causes the user 190 to select the same symbol as the symbol included in the one-time password transmitted to the mobile phone 110, the symbol is selected from the first software key. The user 190 may select the same symbol included in the one-time password again from the second software key in the second screen displayed instead of the first screen. In this case, the symbol arrangement of the software keys in the second screen may be different from the symbol arrangement of the software keys in the first screen.

  When the selection of the symbol by the user 190 is completed, the PC 120 transmits information identifying the selected symbol to the authentication server 100. The authentication server 100 can authenticate the user 190 based on the information for identifying the symbol received from the PC 120 and the symbol string of the one-time password transmitted to the mobile phone 110. When authenticated, the authentication server 100 can transmit data provided by the in-house server 105 to the PC 120 in response to a request from the PC 120 and can accept data changed or added using the PC 120.

  Thus, according to the authentication system 10, since the one-time password is selected by the software key for selecting the symbol string, the password is not stolen by so-called spyware that fetches the keyboard operation. Even if the image is stolen by spyware, if the one-time password is formed of an image, it is difficult to convert the stolen image into a meaning such as a character. Therefore, the possibility that the one-time password issuance logic by the authentication server 100 is solved can be significantly reduced.

  The authentication server 100 controls both a one-time password transmitted to the mobile phone 110 and a selection menu for a one-time password transmitted to the PC 120. Therefore, even if the authentication server 100 changes both the symbol images displayed on the mobile phone 110 and the PC 120 even if the same password symbol string is generated, the one-time password is solved from the stolen display contents. The possibility can be further reduced.

  The mobile phone 110 may be an example of a mobile device in the present invention. The portable device may be any device as long as it has a display function capable of displaying a one-time password symbol and a communication function capable of communicating with the authentication server 100. However, as a portable device, it is desirable that information that can identify each individual portable device can be transmitted to the in-house server 105. Such information is more desirably incorporated in each portable device, and more desirably incorporated so that it cannot be spoofed in software.

  Accordingly, a portable information terminal (PDA) can be exemplified as the portable terminal, but a PDA that communicates with the authentication server 100 using a data communication card connected to the cellular phone communication network 184 is more preferable. A personal computer that communicates with the authentication server 100 using a data communication card connected to the mobile phone communication network 184 can also be used as a mobile terminal. The PC 120 is an example of a user terminal in the present invention, and other information processing devices such as a PDA that can be connected to the Internet network 182 can be exemplified as the user terminal.

  FIG. 2 shows an example of a block configuration of the authentication server 100. The authentication server 100 includes a password symbol string generation unit 200, a software key generation unit 230, a selection symbol string acquisition unit 240, an authentication unit 250, an authentication determination unit 270, and a communication unit 290. The password symbol string generation unit 200 includes a first symbol string generation unit 201, a second symbol string generation unit 202, and a password generation unit 204. Communication unit 290 includes password transmission unit 292 and software key transmission unit 294.

  The password symbol string generation unit 200 generates a password symbol string including a plurality of symbols based on the identification information of the user 190. The password symbol string may be a one-time password symbol string temporarily issued to the user 190 in order to authenticate the user 190. At least one of the symbols included in the symbol string may be an image such as an icon. Examples of the user identification information include a device ID of the mobile phone 110 of the user 190, a user account given to the user 190 and stored in the authentication server 100, and the like. The software key generation unit 230 generates software key information for laying out a plurality of symbols included in the password symbol string and one or more symbols not included in the password symbol string at arbitrary positions.

  Communication unit 290 can communicate with PC 120 and mobile phone 110. For example, the communication unit 290 can communicate with the PC 120 via the Internet network 182. In addition, the communication unit 290 can communicate with the mobile phone 110 via the Internet network 182 and the mobile phone communication network 184. The communication unit 290 can acquire a software key request for requesting a software key from the PC 120. Further, the communication unit 290 can acquire a password request for requesting a password from the mobile phone 110.

  The password transmission unit 292 transmits the password symbol string to the mobile phone 110 owned by the user 190 and different from the PC 120. Specifically, when the password transmission unit 292 acquires a password request from the mobile phone 110, the password transmission unit 292 transmits a password symbol string to the mobile phone 110. The mobile phone 110 can display the password symbol string on a display device included in the mobile phone 110.

  The software key transmission unit 294 transmits software key information to the PC 120 when a software key request is acquired from the PC 120. The PC 120 can display the software key on the display device of the PC 120 using the software key information. The PC 120 allows the user 190 to select a symbol string as a password through a software key. The user 190 can select the same symbol string as the password symbol string displayed on the mobile phone 110 from the symbol strings included in the software key.

  The selection symbol string acquisition unit 240 acquires, from the PC 120, a selection symbol string selected by the user 190 through the software key displayed on the PC 120 based on the software key information. The authentication unit 250 authenticates the user 190 based on the comparison result between the password symbol string and the selection symbol string. As described above, the authentication server 100 can authenticate the user 190 with the one-time password transmitted to the mobile phone 110.

  Note that the mobile phone 110 has a function of issuing a symbol string as a password for the user 190. In the mobile phone 110, for example, logic for generating the symbol string based on the device ID is incorporated in software, for example. The mobile phone 110 can generate the symbol string by the logic. The user 190 can also select a symbol string issued by the mobile phone 110 as a password symbol string.

  The authentication server 100 can generate a password symbol string with the same logic as that of the mobile phone 110. Specifically, the first symbol string generation unit 201 uses the same logic as the logic executed inside the mobile phone 110 to generate a symbol string as a password for the user 190, and a symbol string as a password for the user 190 A first symbol string is generated. For example, the first symbol string generation unit 201 stores the device ID of the mobile phone 110 owned by the user 190, and can generate the first symbol string based on the device ID.

  The second symbol string generation unit 202 generates a second symbol string that is a symbol string as a password for the user 190 by using a logic different from the logic of the first symbol string generation unit 201. The logic that the second symbol string generation unit 202 generates the second symbol string may be more complex than the logic that the first symbol string generation unit 201 has. In this case, the security can be further enhanced by using the second symbol string as the password rather than using the first symbol string as the password. The password generation unit 204 can generate at least one of the first symbol string and the second symbol string as the password symbol string described above.

  When the password generation unit 204 cannot communicate with the mobile phone 110, the password generation unit 204 generates the first symbol string as a password symbol string. For example, when the mobile phone 110 is outside the mobile phone communication network 184, communication with the mobile phone 110 cannot be performed. In such a case, it is possible to authenticate the user 190 who is outside the mobile phone communication network 184 by allowing a password including the first symbol string.

  If the password generation unit 204 can communicate with the mobile phone 110, the password generation unit 204 may generate the second symbol string as a password symbol string. When the mobile phone 110 exists within the mobile phone communication network 184, security can be further enhanced by using the second symbol string as the password symbol string. Whether or not communication with the mobile phone 110 can be made can be determined based on whether or not a password request is received from the mobile phone 110. In addition, the authentication system 10 can determine whether or not the communication unit 290 can communicate with the mobile phone 110 by determining whether or not the authentication system 10 can communicate with the mobile phone 110.

  The password generation unit 204 may generate the first symbol string as a password symbol string even if it can communicate with the mobile phone 110. As described above, when the password generation unit 204 can communicate with the mobile phone 110, the password generation unit 204 can generate a symbol string including at least the second symbol string as the password symbol string. By allowing the first symbol string and the second symbol string, the user 190 can be authenticated without being aware of whether the mobile phone communication network 184 is within or outside the service area. For this reason, according to the authentication server 100, the convenience of the user 190 can be improved.

  Note that which of the first symbol string and the second symbol string (or both) is permitted as the password symbol string may be set for each user 190. For example, the user 190 traveling on a place where the mobile phone 110 cannot access the mobile phone communication network 184 (for example, a foreign country) can be set to allow only the first symbol string.

  Information indicating which of the first symbol string and the second symbol string is permitted as the password symbol string may be stored in the setting information storage unit 272 for each user 190. The authentication determining unit 270 can determine for each user 190 which one of the first symbol string and the second symbol string is used as the password symbol string based on the information stored in the setting information storage unit 272. Then, the password generation unit 204 determines for each user 190 which one (or both) of the first symbol string and the second symbol string is generated as the password symbol string based on the determination result of the authentication determination unit 270. Can do.

  As described above, the authentication determination unit 270 determines whether or not to authenticate the user 190 based on the password symbol string generated by the logic executed inside the mobile phone 110. When the authentication determination unit 270 determines that the user 190 is authenticated by the password symbol string generated by the logic executed inside the mobile phone 110, the password generation unit 204 includes a symbol string including at least the first symbol string Is generated as a password symbol string. Therefore, according to the authentication server 100, it is possible to set for each user 190 whether or not to allow the first symbol string having lower security than the second symbol string. For this reason, it is possible to flexibly set which one is allowed according to the responsibility range of the user 190.

  Note that the authentication determination unit 270 authenticates the user 190 with a password symbol string generated by a logic executed inside the mobile phone 110 based on an authentication history including at least one of an authentication frequency and an authentication error history for the user 190. You may decide whether to do it. For example, the setting information storage unit 272 can store information indicating that only a second symbol string is permitted for a user whose ratio of the number of times of authentication to the number of times of authentication is greater than a predetermined value. . As a result, the authentication determination unit 270 can determine that a user with a large ratio should not permit the first symbol string but only the second symbol string.

  In addition, the setting information storage unit 272 can store information indicating that only the second symbol string is allowed for a user who has not been authenticated for a period exceeding a predetermined time width since the previous authentication. . Naturally, the setting information storage unit 272 can also store that neither the first symbol string nor the second symbol string is allowed based on the authentication history.

  As described above, by permitting at least one of the first symbol string and the second symbol string as a password symbol string, an authentication unit can be flexibly set for each user 190. Therefore, the authentication server 100 can provide an authentication system with a good balance between security for the in-house system 20 and convenience for the user 190.

  Note that the recording medium 90 stores a program for the authentication server 100. The program stored in the recording medium 90 is provided to an electronic information processing apparatus such as a computer that functions as the authentication server 100 according to the present embodiment. The CPU included in the computer operates according to the contents of the program and controls each unit of the computer. The program executed by the CPU causes the computer to function as the authentication server 100 described with reference to FIG.

  As the recording medium 90, in addition to a CD-ROM, an optical recording medium such as DVD or PD, a magneto-optical recording medium such as MO or MD, a magnetic recording medium such as a tape medium or a hard disk device, a semiconductor memory, a magnetic memory, etc. It can be illustrated. In addition, a storage device such as a hard disk or a RAM provided in a server system connected to a dedicated communication network or the Internet can function as the recording medium 90.

  FIG. 3 shows an example of display screen transition by the mobile phone 110. The top menu screen 310 is an example of a screen displayed on the mobile phone 110 when the software for accessing the in-house server 105 is activated using the mobile phone 110. Note that the mobile phone 110 can display the top menu screen 310 without accessing the authentication server 100. As a result, the mobile phone 110 can display the top menu screen 310 regardless of whether it is within or outside the mobile phone communication network 184.

  The top menu screen 310 includes a one-time password issue button 312. When the user 190 operates the keyboard of the mobile phone 110 or touches the screen to select and execute the one-time password issue button 312, the mobile phone 110 displays a one-time password display screen 320. The one-time password display screen 320 includes a password symbol string 322 as a one-time password.

  Note that the mobile phone 110 displays either the password symbol string acquired from the password transmission unit 292 of the authentication server 100 or the password symbol string generated by the logic inside the mobile phone 110 as the password symbol string 322.

  In the example of this figure, the password symbol string 322 is formed by arranging four symbols 324a to 324d in order from the left. As described above, the password symbol string 322 may have a defined symbol order. Further, as illustrated, the symbol 324 may be an image different from a character. It is more difficult to parse passwords than when characters are displayed as passwords. Although security can be relatively low, the symbol 324 can of course be an image of a character.

  FIG. 4 shows a display screen transition example by the PC 120. The authentication server 100 transmits data for displaying the login screen 410 to the PC 120 when the PC 120 (or the user 190 using the PC 120) is accessed without being authenticated. The login screen 410 includes an account input box 411, a password input box 412, a one-time password input box 413, and a one-time password selection box 414 on which a menu for selecting a one-time password is displayed later.

  In the login screen 410, no software key is displayed in the one-time password selection box 414. The user 190 can input a character string into the account input box 411 and the password input box 412 using, for example, a keyboard of the PC 120. When an account is input in the account input box 411, a password is input in the password input box 412, and a predetermined operation is performed by the user 190, the PC 120 transmits a message including the account and the password to the authentication server 100. Note that the message including the account and password pair may be an example of the password request described above.

  The authentication server 100 stores a combination of an account and a password in advance in association with identification information for identifying the user 190. If there is user identification information stored in advance in association with the combination of the account and password acquired from the PC 120, the password symbol string generation unit 200 generates a password symbol string based on the user identification information. Generate. The PC 120 acquires a software key including the password symbol string generated by the password symbol string generation unit 200 and other symbols from the software key transmission unit 294.

  The PC 120 displays the acquired software key in the one-time password selection box 414. As illustrated in the one-time password selection screen 420 of this figure, 16 symbols including symbols included in the password symbol string shown in FIG. 3 are displayed in the one-time password selection box 414.

  The user 190 can position the pointer on any symbol in the one-time password selection box by operating an input device that can operate the pointer, such as a mouse, a touch pad, or a trackball of the PC 120. it can. The PC 120 stores the symbol when a selection operation is performed by clicking or the like while the pointer is positioned on the specific symbol. Each time a symbol is selected, the PC 120 sequentially adds and displays a specific hidden character (for example, the character “*”) indicating that the symbol has been selected in the one-time password input box 413.

  When a predetermined number of characters are input or the user is notified that the input of the one-time password is finished, the PC 120 transmits information for identifying the selected symbol to the authentication server 100. Here, as the information for identifying the selected symbol, position information for specifying the position where the symbol is displayed can be exemplified. As the position information, in the example of this figure, the row number and the column number where the selected symbol is located can be exemplified in the symbol matrix of 4 rows and 4 columns forming the software key. In addition, as the position information, the absolute coordinates of the pointer position at the timing of the selection operation in the one-time password selection box 414 can be exemplified. Since the authentication server 100 generates the software key, the authentication server 100 can easily identify which symbol is selected as long as the location of the selected symbol can be acquired from the PC 120.

  Even if the information input by the user 190 is stolen in a communication path such as the Internet network 182, the information to be stolen is not the symbol itself but merely information such as the position selected by the user 190. For this reason, the possibility that the authentication server 100 can unravel the logic for generating the password symbol string from the position information can be significantly reduced.

  The selection symbol string acquisition unit 240 of the authentication server 100 acquires the selection symbol string selected by the user 190 from the position information received by the communication unit 290. The authentication unit 250 determines whether or not the password symbol string generated by the password symbol string generation unit 200 matches the selected symbol string, and authenticates the user 190 if they match. Authentication of the user 190 means that the PC 120 operated by the user 190 is authenticated. Thereafter, the PC 120 establishes a secure connection for communication with the in-house server 105 with the authentication server 100, and does not authenticate again for at least a predetermined length of time with the in-house server 105 via the authentication server 100. Can communicate.

  When authenticated, the PC 120 receives the intra menu 430 of the in-house system 20 from the authentication server 100 and displays it as a screen after login. After authentication, the PC 120 can be used to access e-mails, schedules, shared files, and the like provided by the in-house server 105, for example. For example, as shown in the figure, immediately after being authenticated, the mail function is enabled in the intra menu 430, and mail can be read and written.

  Thus, according to the authentication server 100, a symbol string as a one-time password can be input by causing the user 190 to select it using a mouse or the like. For this reason, the authentication system 10 with high security can be provided.

  Here, as an example of the login screen, the login screen 410 including the account input box 411, the password input box 412, the one-time password input box 413, and the one-time password selection box 414 is illustrated. In another example, the login screen may not include the account input box 411 and the password input box 412. For example, when authentication is performed through an authentication unit other than an account and password authentication unit such as a personal identification number code, the authentication server 100 displays a login screen including a one-time password input box 413 and a one-time password selection box 414. The data and software key data to be displayed in the one-time password selection box 414 may be transmitted to the PC 120.

  In addition, the login screen may be a screen independent of the authentication screen including the account input box 411 and the password input box 412. When the user is identified by the account and password input on the authentication screen, the authentication server 100 includes data on the login screen including the one-time password input box 413 and the one-time password selection box 414, software key data, and the like. May be transmitted to the PC 120. As described above, the authentication server 100 may provide the PC 120 with a software key login screen independent of various authentication screens by various other authentication means in addition to the login screen 410 illustrated in FIG. The key login screen can be linked with various authentication screens.

  FIG. 5 shows an example of information stored in the setting information storage unit 272 in a table format. The setting information storage unit 272 stores a device ID of the mobile phone 110 owned by the user identified by the user ID and authentication setting information in association with a user ID as an example of user identification information. In the following description, the symbol string generated by the logic of the first symbol string generation unit 201 or the logic of the cell phone 110 is referred to as a cell phone logic password. A symbol string generated by the logic of the second symbol string generation unit 202 is referred to as a server logic password.

  The setting information storage unit 272 indicates whether or not to permit the user identified by the user ID to use the server logic password and the mobile phone logic password as passwords in association with the user ID. I remember information. In the example of this figure, it is stored that the server logic password is permitted for the user identified by UID # 001, but the mobile phone logic password is not permitted. It is stored that the user identified by UID # 002 does not permit the server logic password, but permits the mobile phone logic password. In addition, it is stored that the user identified by UID # 003 is allowed both the server logic password and the mobile phone logic password.

  A user identified by UID # 001 cannot access the authentication server 100 when he / she is out of the mobile phone communication network 184, for example, but is securely protected with a one-time password based on the logic of the authentication server 100. The On the other hand, for the user identified by UID # 002, the one-time password based on the logic of the mobile phone 110 is permitted, so the security is relatively low. However, even if the user is out of the mobile phone communication network 184, the internal server 105 can be accessed. For example, the in-house server 105 can be accessed even when traveling on a business trip abroad. A user identified by UID # 003 allows a one-time password based on either logic, so the security is lowered, but the in-house server 105 is accessed regardless of whether the user is within the mobile phone communication network 184 or not. Therefore, user convenience is improved.

  The combination of authentication settings associated with UID # 001 is referred to as setting A in the following description. A combination of authentication settings associated with UID # 002 is referred to as setting B in the following description. The combination of authentication settings associated with UID # 003 is referred to as setting C in the following description.

  FIG. 6 shows an example of a processing sequence of the authentication server 100, the mobile phone 110, and the PC 120. In step 611, the mobile phone 110 displays the top menu screen 310 in accordance with the operation of the user 190. When the one-time password issue button 312 in the top menu screen 310 is selected by the user 190 operation, the mobile phone 110 transmits a password request to the authentication server 100 in step 612. The password request is transmitted to the authentication server 100 on the condition that the mobile phone communication network 184 can be connected. The password request may include a device ID for identifying the user 190.

  In step 601, the authentication determination unit 270 acquires authentication setting information based on the information stored in the setting information storage unit 272 in association with the device ID. In step 602, the password symbol string generation unit 200 generates a password symbol string. Specifically, when the authentication setting information acquired in step 601 is setting A or setting C, the password generation unit 204 uses the symbol string generated by the second symbol string generation unit 202 by the server logic as the password symbol string. Generate as When the authentication setting information acquired in step 601 is setting B, the password generation unit 204 generates a symbol string generated by the first symbol string generation unit 201 using the mobile phone logic as a password symbol string. The setting C is a setting that permits a password symbol string by either logic. However, when a password is requested from the mobile phone 110, the symbol generated by the second symbol string generation unit 202 is provided to increase security. The column is a password symbol string.

  In step 603, the password transmission unit 292 returns a password response to the password request to the mobile phone 110. When the authentication setting information is setting A or setting C, the password symbol string generated by the password generation unit 204 is included in the password response. When the authentication setting information is setting B, information for instructing the mobile phone 110 to issue a password is included in the password response.

  If the password response acquired in step 603 includes information instructing the issuance of the password, or if the mobile phone 110 cannot connect to the mobile phone communication network 184, the mobile phone 110 is returned in step 613. The password symbol string is generated with the internal logic of. In step 614, the mobile phone 110 displays the password symbol string. Thus, when the authentication setting information is setting A or setting C, the high security password symbol string issued by the second symbol string generating unit 202 is displayed on the mobile phone 110. When the authentication setting information is setting B, or when the mobile phone 110 is out of the mobile phone communication network 184 and cannot be connected to the mobile phone communication network 184, the internal logic of the mobile phone 110 is used. The issued password symbol string is displayed.

  In the PC 120, the login screen is displayed when the user 190 accesses the authentication server 100 in Step 621. In step 622, the PC 120 acquires an account and a password through the account input box 411 and the password input box 412. In step 623, the PC 120 transmits a software key request including the acquired account / password to the authentication server 100.

  When the mobile phone 110 receives a software key request from the PC 120, the mobile phone 110 generates a software key in step 604. Here, the software key generation unit 230 generates a software key including one or more randomly generated symbols and the symbols included in the symbol string generated in step 602. In step 6605, the software key is transmitted to the PC 120.

  When receiving the software key from the authentication server 100, the PC 120 displays the software key in the one-time password selection box 414 in step 624. In step 625, the PC 120 acquires the symbol string selected by the operation of the user 190. In step 626, the PC 120 transmits the selected symbol string to the authentication server 100.

  In step 626, the authentication server 100 authenticates the user 190 by comparing the selected symbol string with the password symbol string generated in step 602. If authenticated, the authentication server 100 transmits data for generating an intra menu to the PC 120 in step 607. The PC 120 displays the intra menu 430 of the authentication system 10 based on the data for generating the intra menu. As described above, according to the authentication server 100, it is possible to construct the secure authentication system 10 using the one-time password for the mobile phone 110.

  FIG. 7 shows an example of a symbol string incorporated in the software key by the authentication server 100 and a symbol string used for authentication in a table format. As shown in this figure, the authentication server 100 assigns the software key to the software key according to the combination of the timing of sending the password response, sending the software key, and acquiring the selected password, and the authentication setting for the user 190. The symbol string to be incorporated and the symbol string used for authentication are controlled.

  When the authentication setting for the user 190 is set A, the password generation unit 204 generates a server logic password as a password symbol string regardless of the timing. In addition, the software key generation unit 230 generates a software key from the symbols included in the generated server logic password and the randomly generated symbols. At this time, the software key generation unit 230 may generate a software key that does not include at least all symbols of the mobile phone logic password. The authentication unit 250 authenticates the user 190 by comparing the symbol string of the server logic password with the selected symbol string.

  When the authentication setting for the user 190 is setting B, the password generation unit 204 generates a mobile phone logic password as a password symbol string regardless of the timing. Also, the software key generation unit 230 generates a software key from the symbols included in the generated mobile phone logic password and the randomly generated symbols. At this time, the software key generation unit 230 may generate a software key that does not include at least all symbols of the server logic password. The authentication unit 250 authenticates the user 190 by comparing the symbol string of the mobile phone logic password with the selected symbol string.

  When the authentication setting for the user 190 is the setting C, a symbol string incorporated in the software key and a symbol used for authentication according to each timing of transmission of the password response, transmission of the software key, and acquisition of the selected password The column is different. In the sequence column in the table of this figure, the order of the timing at which the password response is transmitted, the timing at which the password request is received, the timing at which the software key request is received, and the timing at which the software key is transmitted is shown at the left end.

  The sequence shown in FIG. 6 corresponds to the uppermost sequence of the sequence corresponding to the setting C. That is, before receiving the software key request from the PC 120, the password request is received from the mobile phone 110 and a password response is sent to the mobile phone 110. In this case, as described with reference to FIG. 6, the software key generation unit 230 generates a symbol string of a server logic password and a software key of a random symbol. Then, the authentication unit 250 authenticates the user 190 by comparing the symbol string of the server logic password with the selected symbol string. By authenticating the user 190 with a high-security server logic password, it is possible to prevent the security from being lowered.

  On the other hand, let us consider a case where a password request has not yet been acquired at the timing when the software key is requested (sequences shown in the middle and lower rows of the sequence column corresponding to setting C). In this case, a case where the user 190 is not in the range of the mobile phone communication network 184 can be considered. Therefore, the password generation unit 204 generates a server logic password and a mobile phone logic password as a password symbol string. Then, the software key generation unit 230 generates a software key including the password symbol string and a randomly generated symbol, and the software key transmission unit 294 transmits the software key.

  Here, it is assumed that there is a password request before acquiring the selected password as in the sequence shown in the middle section of the sequence column corresponding to setting C. In this case, the password transmission unit 292 transmits the server logic password symbol string to the mobile phone 110. After that, when the selection symbol string is acquired from the PC 120, the authentication unit 250 authenticates the user 190 by comparing the symbol string of the server logic password with the selection symbol string. The authentication unit 250 does not authenticate the user 190 even if the mobile phone logic password matches the selection symbol string.

  On the other hand, assume that the selected password is acquired without a password request as in the sequence shown in the lower part of the sequence column corresponding to setting C. This sequence may occur when user 190 is out of range of cellular telephone network 184. In this case, the authentication unit 250 authenticates the user 190 by comparing the symbol string of the mobile phone logic password with the selected symbol string. The authentication unit 250 does not authenticate the user 190 even if the server logic password matches the selection symbol string.

  As described above, the authentication server 100 controls the software key and the symbol string for authentication according to the sequence, so that the user 190 is allowed to issue a password with the mobile phone 110 and then access with the PC 120. You can get certified without it. Therefore, it is possible to provide the authentication system 10 that is highly usable for the user 190. On the other hand, as shown in the middle section of the sequence column corresponding to setting C, when there is a password request from the mobile phone 110, the authentication unit 250 authenticates using a high-security server logic password. Can be kept high.

  As described in relation to this figure, when a password request is obtained from the mobile phone 110 before obtaining a software key request from the PC 120, as shown in the top row of the sequence column of setting C, a password is generated. The unit 204 generates the second symbol string as a password symbol string, and the password transmission unit 292 transmits the password symbol string generated by the password generation unit 204 to the mobile phone 110. Then, the software key generation unit 230 generates software key information from the password symbol string transmitted by the password transmission unit 292. Then, when the software key transmission unit 294 acquires the password request from the mobile phone 110 and then acquires the software key request from the PC 120, the software key transmission unit 294 displays the software key information generated from the password symbol string transmitted by the password transmission unit 292. Send to.

  When the software key request is acquired from the PC 120 before the password request is acquired from the mobile phone 110 as shown in the middle and lower sections of the setting C sequence column, the password generation unit 204 displays the first symbol string and the first symbol string. The software key generation unit 230 generates software key information from the password symbol string including the first symbol string and the second symbol string generated by the password generation unit 204 by generating a password symbol string including two symbol strings. . Then, the software key transmitting unit 294 transmits software key information generated from the password symbol string including the first symbol string and the second symbol string to the PC 120.

  When the password request is acquired from the mobile phone 110 after acquiring the software key request from the PC 120, as shown in the middle section of the setting C sequence column, the password transmission unit 292 uses the second symbol string as the password symbol string. To the mobile phone 110. When the selection symbol string is acquired from the PC 120 after acquiring the password request from the mobile phone 110 as shown in the middle section of the setting C sequence column, the authentication unit 250 determines whether the selection symbol string, the second symbol string, The user 190 is authenticated based on the comparison result.

  As described above, when the password request is acquired from the mobile phone 110 before acquiring the software key request from the PC 120, the password generation unit 204 generates a symbol string including at least the second symbol string as the password symbol string. Then, the password transmission unit 292 transmits the second symbol string to the mobile phone 110 as a password symbol string. Then, the authentication unit 250 authenticates the user 190 based on the comparison result between the selected symbol string and the second symbol string. Thereby, security can be maintained high together with user convenience.

  On the other hand, when the selection symbol string is acquired from the PC 120 without acquiring the password request from the mobile phone 110, as shown in the lower part of the sequence column of the setting C, the authentication unit 250 displays the selection symbol string and the first symbol string. The user is authenticated based on the comparison result.

  As described in relation to this figure, according to the authentication system 10, the user 190 who allows both the server logic password and the mobile phone logic password is prevented from deteriorating in security, and the user 190 is prevented. It is possible to construct a highly convenient authentication system 10.

  As mentioned above, although this invention was demonstrated using embodiment, the technical scope of this invention is not limited to the range as described in the said embodiment. It will be apparent to those skilled in the art that various modifications or improvements can be added to the above-described embodiment. It is apparent from the scope of the claims that the embodiments added with such changes or improvements can be included in the technical scope of the present invention.

  The order of execution of each process such as operations, procedures, steps, and stages in the apparatus, system, program, and method shown in the claims, the description, and the drawings is particularly “before” or “prior to”. It should be noted that the output can be realized in any order unless the output of the previous process is used in the subsequent process. Regarding the operation flow in the claims, the description, and the drawings, even if it is described using “first”, “next”, etc. for convenience, it means that it is essential to carry out in this order. It is not a thing.

10 authentication system, 20 in-house system, 90 recording medium, 100 authentication server, 105 in-house server, 110 mobile phone, 120 PC, 130 memory device, 160a screen, 160b screen, 180 communication line, 182 Internet network, 184 mobile phone communication network , 190 users, 200 password symbol string generation unit, 201 first symbol string generation unit, 202 second symbol string generation unit, 204 password generation unit, 230 software key generation unit, 240 selection symbol string acquisition unit, 250 authentication unit, 270 Authentication judgment unit, 272 setting information storage unit, 290 communication unit, 292 password transmission unit, 294 software key transmission unit, 310 top menu screen, 312 one-time password issue button, 320 one-time password display screen, 322 page Word symbol string, 324 symbols, 410 login screen 411 account input box 412 a password input box, 413 one-time password input box, 414 one-time password selection box 420 one-time password selection screen 430 intra Menu

Claims (17)

A password symbol string generation unit that generates a password symbol string including a plurality of symbols based on the user identification information;
A software key generation unit that generates software key information for laying out the plurality of symbols included in the password symbol string and one or more symbols not included in the password symbol string at arbitrary positions;
When acquiring a software key request from a user terminal, a software key transmission unit that transmits the software key information to the user terminal;
A selection symbol string acquisition unit that acquires a selection symbol string selected by a user through a software key displayed based on the software key information in the user terminal;
An authentication apparatus comprising: an authentication unit that authenticates a user based on a comparison result between the password symbol string and the selection symbol string. The authentication apparatus according to claim 1, further comprising a password transmission unit that transmits the password symbol string to a portable terminal owned by a user and different from the user terminal. The authentication device according to claim 2, wherein the password transmission unit transmits the password symbol string to the mobile terminal when a password request is acquired from the mobile terminal. The password symbol string generation unit
A first symbol string generation unit that generates a first symbol string that is a symbol string as a password for a user by the same logic as that executed inside the portable terminal to generate a symbol string as a password for the user; ,
A second symbol string generation unit that generates a second symbol string that is a symbol string as a password for a user by a logic different from the logic of the first symbol string generation unit;
The authentication apparatus according to claim 3, further comprising: a password generation unit configured to generate at least one of the first symbol string and the second symbol string as the password symbol string. The authentication device according to claim 4, wherein the password generation unit generates a symbol string including at least the second symbol string as the password symbol string when the password generation unit can communicate with the mobile terminal. The authentication device according to claim 4 or 5, wherein the password generation unit generates the first symbol string as the password symbol string when communication with the portable terminal is not possible. If the password request is obtained from the mobile terminal before obtaining the software key request from the user terminal,
The password generation unit generates the second symbol string as the password symbol string,
The authentication apparatus according to claim 4, wherein the password transmission unit transmits the password symbol string generated by the password generation unit to the mobile terminal. The software key generation unit generates the software key information from the password symbol string transmitted by the password transmission unit,
The software key transmitter generates the software key generated from the password symbol string transmitted by the password transmitter when acquiring the software key request from the user terminal after acquiring the password request from the mobile terminal. The authentication apparatus according to claim 7, wherein information is transmitted to the user terminal. If the software key request is acquired from the user terminal before acquiring the password request from the mobile terminal,
The password generation unit generates the password symbol string including the first symbol string and the second symbol string;
The software key generation unit generates the software key information from the password symbol string including the first symbol string and the second symbol string generated by the password generation unit,
The software key transmission unit transmits the software key information generated from the password symbol string including the first symbol string and the second symbol string to the user terminal. Authentication device. The password transmission unit transmits the second symbol string as the password symbol string to the portable terminal when the password request is acquired from the portable terminal after acquiring the software key request from the user terminal. 9. The authentication device according to 9. When the selection symbol string is acquired from the user terminal after acquiring the password request from the portable terminal, the authentication unit authenticates the user based on a comparison result between the selection symbol string and the second symbol string The authentication device according to claim 10. When the selection symbol string is acquired from the user terminal without acquiring the password request from the portable terminal, the authentication unit determines a user based on a comparison result between the selection symbol string and the first symbol string. The authentication device according to claim 9 for performing authentication. When acquiring the password request from the mobile terminal before acquiring the software key request from the user terminal,
The password generation unit generates a symbol string including at least the second symbol string as the password symbol string;
The password transmission unit transmits the second symbol string as the password symbol string to the portable terminal,
The authentication apparatus according to claim 4, wherein the authentication unit authenticates a user based on a comparison result between the selection symbol string and the second symbol string. An authentication judgment unit for judging whether or not to authenticate a user by a password symbol string generated by logic executed inside the portable terminal;
The password generation unit includes a symbol string including at least the first symbol string when the authentication determination unit determines that the user is authenticated by a password symbol string generated by logic executed inside the portable terminal. Is generated as the password symbol string. Whether the authentication determination unit authenticates the user with a password symbol string generated by a logic executed inside the mobile terminal based on an authentication history including at least one of an authentication frequency and an authentication error history for the user. The authentication apparatus according to claim 14, which determines A password symbol string generation stage for generating a password symbol string including a plurality of symbols based on the identification information of the user;
A software key generation step of generating software key information for laying out the plurality of symbols included in the password symbol string and one or more symbols not included in the password symbol string at an arbitrary position;
A software key transmission step of transmitting the software key information to the user terminal when a software key request is acquired from the user terminal;
A selection symbol string acquisition step of acquiring a selection symbol string selected by a user through a software key displayed based on the software key information in the user terminal, from the user terminal;
An authentication method comprising: an authentication stage for authenticating a user based on a comparison result between the password symbol string and the selection symbol string.   A program for an authentication device for causing a computer to execute the method according to claim 16.