[go: nahoru, domu]

JP2006171857A - Personal authentication device, personal authentication method, and authentication method - Google Patents

Personal authentication device, personal authentication method, and authentication method Download PDF

Info

Publication number
JP2006171857A
JP2006171857A JP2004359899A JP2004359899A JP2006171857A JP 2006171857 A JP2006171857 A JP 2006171857A JP 2004359899 A JP2004359899 A JP 2004359899A JP 2004359899 A JP2004359899 A JP 2004359899A JP 2006171857 A JP2006171857 A JP 2006171857A
Authority
JP
Japan
Prior art keywords
authentication
user
terminal
information
service
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
JP2004359899A
Other languages
Japanese (ja)
Inventor
Kunihiko Sugata
邦彦 菅田
Toshihiro Nakagawa
俊浩 中川
Masashi Jinbo
正志 神保
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Canon Inc
Original Assignee
Canon Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Canon Inc filed Critical Canon Inc
Priority to JP2004359899A priority Critical patent/JP2006171857A/en
Publication of JP2006171857A publication Critical patent/JP2006171857A/en
Withdrawn legal-status Critical Current

Links

Images

Abstract

<P>PROBLEM TO BE SOLVED: To easily and accurately perform authentication. <P>SOLUTION: When a user receives one or more services using the Internet or the like, the primary authentication means of a primary authentication system performs basic authentication on the basis of the user's ID and password that the user receiving the services has inputted on a primary authentication screen 110. Once the user is authenticated, a service menu is displayed and the user is urged to select the services that he or she desires to receive. Based on the access control list (ACL) and the level of importance of each of the services selected, a determination is made as to whether or not terminal authentication will be performed. In the case of the service that requires terminal authentication, terminal authentication is performed. Depending on service, a secondary authentication screen may be displayed for user authentication in order to further ensure personal authentication. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

本発明は、インターネット等を用いて一つ以上のサービスを提供する場合の個人認証をより確実にするための個人認証方法、個人認証装置及び認証方法に関するものである。   The present invention relates to a personal authentication method, a personal authentication device, and an authentication method for ensuring personal authentication when providing one or more services using the Internet or the like.

インタ−ネット等では個人が特定できる仕掛けとして従来、ユーザIDと、それを入力したのが本人であることを確認するためのパスワードの組み合わせが用いられており、より確実にするためにバイオメトリックスを用いた個人認証、例えば指紋による認証などが併用あるいは単独で用いられている(例えば、特許文献1参照)。
特開2001−290778号公報 In the Internet and the like, conventionally, a combination of a user ID and a password for confirming that the person who entered it is used as a device that can identify an individual, and biometrics is used for more certainty. The personal authentication used, for example, authentication by fingerprint, is used in combination or independently (see, for example, Patent Document 1).
Japanese Patent Laid-Open No. 2001-290778

システムセキュリテイとしてバイオメトリックスを用いた個人認証を導入した場合以下のような課題がある。   When personal authentication using biometrics is introduced as system security, there are the following problems.

・認証装置をグロ−バルに提供できない。
・指紋等の登録、管理などの運用体制がいる。
・身体的特徴を採取されることへの少なからず抵抗がある。
・認証精度にまだ若干の問題がある。
・高価な費用が発生する。 ・ The authentication device cannot be provided globally.
・ There is an operation system for registering and managing fingerprints.
・ There is considerable resistance to taking physical features.
・ There are still some problems with authentication accuracy.
-Expensive costs are incurred.

本発明では、手間が掛からず且つ精度よく認証を行えるようにする個人認証方法、個人認証装置及び認証方法を提供することを課題とする。   It is an object of the present invention to provide a personal authentication method, a personal authentication device, and an authentication method that can be performed with high accuracy without taking time and effort.

本発明では、端末認証処理を使用することで、手間が掛からず且つ精度よく認証を行えるようにする。   In the present invention, by using the terminal authentication process, it is possible to perform the authentication accurately without taking time and effort.

本発明では、上記課題を解決するために、指紋等によるバイオメトリックスを用いた個人認証に代わる個人認証装置及び個人認証方法としてユーザIDと、パスワードの組み合わせによる認証を行う一次認証手段と提供されるサービス名を表示するメニュー機能を有する一次認証システム、二次ユーザ情報及び端末情報等を登録格納して置く二次認証用記憶手段、予めあるいは最初の接続時等にユーザの端末にダウンロードされる端末情報取得用モジュール、端末を特定できる端末固有の端末IDよる端末認証及び二次ユーザIDと二次パスワードによるユーザ認証を行う二次認証処理手段を有することで不正利用者による成り済ましなどを防止することが出来る個人認証方法、個人認証装置及び認証方法を実現することができる。   In order to solve the above-described problems, the present invention provides a personal authentication apparatus that replaces personal authentication using biometrics such as fingerprints, and primary authentication means that performs authentication by a combination of a user ID and a password as a personal authentication method. Primary authentication system having a menu function for displaying a service name, secondary authentication storage means for registering and storing secondary user information and terminal information, etc., a terminal that is downloaded to a user's terminal in advance or at the first connection, etc. Preventing impersonation by improper users by having an information acquisition module, secondary authentication processing means that performs terminal authentication with a terminal ID unique to the terminal that can identify the terminal and user authentication with a secondary user ID and secondary password Personal authentication method, personal authentication apparatus and authentication method can be realized.

尚、二次認証処理手段にはサービスのACL(Access Control List:以下ACLとする)や重要度等に基づき端末認証及びユーザ認証を行うかどうか等の二次認証制御機能を有している。また、二次認証処理手段においてユーザ情報及び端末情報取得時等に暗号化処理等をすることで更に確実に個人認証するための個人認証方法、個人認証装置及び認証方法を実現することができる。   The secondary authentication processing means has a secondary authentication control function such as whether to perform terminal authentication and user authentication based on service ACL (hereinafter referred to as ACL) and importance. In addition, the personal authentication method, the personal authentication device, and the authentication method for performing the personal authentication more reliably can be realized by performing the encryption processing or the like when the user information and the terminal information are acquired in the secondary authentication processing means.

なお、さらに詳細に説明すれば、本発明は下記の構成によって前記課題を解決できた。   In more detail, the present invention can solve the above problems by the following configuration.

(1)インターネット等を用いて一つ以上のサービスを受けるユーザをユーザIDと、パスワードの組み合わせによって一次認証し、前記サービスのアクセス制御リストや重要度等により端末認証を行うか否か判断し、行うと判断した場合は、前記ユーザの端末情報と予め登録してある端末情報との比較に基づく端末認証を行い、更には前記ユーザの二次ユーザ情報と予め登録してあるユーザ情報との比較に基づくユーザ認証を行う二次認証処理により認証をすることを特徴とする個人認証方法。   (1) A user who receives one or more services using the Internet or the like is primarily authenticated by a combination of a user ID and a password, and it is determined whether or not to perform terminal authentication based on an access control list or importance of the service, If it is determined to do so, terminal authentication is performed based on a comparison between the terminal information of the user and pre-registered terminal information, and further a comparison between the secondary user information of the user and the pre-registered user information A personal authentication method, wherein authentication is performed by a secondary authentication process for performing user authentication based on.

(2)インターネット等を用いて一つ以上のサービスを受けるユーザが最初に接続したときに表示される一次認証画面と前記ユーザが正規ユーザであるか否かを認証する一次認証手段と前記ユーザが認証された場合に提供されるサービス名を表示するメニュー機能を有する一次認証システム、前記ユーザの二次ユーザ情報及び端末情報等を予め登録格納して置く二次認証用記憶手段、前記サービスのアクセス制御リストや重要度等に基づき端末認証及びユーザ認証を行う二次認証処理手段を有することを特徴とする個人認証装置。   (2) A primary authentication screen displayed when a user who receives one or more services using the Internet or the like first connects, a primary authentication means for authenticating whether or not the user is a regular user, and the user Primary authentication system having a menu function for displaying a service name provided when authenticated, secondary authentication storage means for pre-registering and storing secondary user information and terminal information of the user, access to the service A personal authentication apparatus comprising secondary authentication processing means for performing terminal authentication and user authentication based on a control list, importance, and the like.

(3)端末からサービス要求を受けた場合、当該サービスは端末認証を必要とするか否か判断し、必要と判断した場合は、前記端末の端末ID情報と予め登録してある端末ID情報とを比較することによって端末認証を行い、該端末認証に成功した場合に前記サービスを提供するように制御することを特徴とする認証方法。   (3) When a service request is received from a terminal, it is determined whether or not the service requires terminal authentication. If it is determined that the service is necessary, terminal ID information of the terminal and previously registered terminal ID information and An authentication method characterized in that terminal authentication is performed by comparing the two, and control is performed so as to provide the service when the terminal authentication is successful.

本発明によれば、不正利用者による成り済ましなどの防止に効果がある。   The present invention is effective in preventing impersonation by an improper user.

以下、本発明の実施例を図面により説明する。   Embodiments of the present invention will be described below with reference to the drawings.

図1は本発明の手順の流れ図である。110の一次認証画面でサービスを受けるユーザが入力したユ−ザID,パスワ−ドに基づいて一次認証システムの一次認証手段で111の基本認証を行う。認証されると112のサービスメニュ−が表示され、ユ−ザは受けたいサービスを選択する。選択されたサービス毎のACL(Access Control List)や重要度などに基づいて端末認証が必要かどうかを113で判断し、必要と判断すれば114の端末認証が行われる。また、サービスによっては更に確実に個人認証するために116の二次認証画面が表示し117の更に精度の高いユーザ認証を行うようにしてもよいし、端末認証に成功した時点でサービス118を受けられるようにしてもよい。   FIG. 1 is a flowchart of the procedure of the present invention. Based on the user ID and password entered by the user who receives the service on the primary authentication screen 110, the primary authentication unit 111 performs basic authentication on the primary authentication system. Once authenticated, the 112 service menu is displayed and the user selects the service he wants to receive. It is determined in 113 whether or not terminal authentication is necessary based on the ACL (Access Control List) or importance for each selected service, and if it is determined that it is necessary, 114 terminal authentication is performed. In addition, depending on the service, a secondary authentication screen 116 may be displayed for more reliable personal authentication, and more accurate user authentication 117 may be performed, or when the terminal authentication is successful, the service 118 is received. You may be made to do.

なお、本発明は、汎用コンピュータによって実現可能であり、その場合、記憶媒体に記憶されたコンピュータプログラムをCPUで実行することにより、本発明の処理を行うようにすることができる。   Note that the present invention can be realized by a general-purpose computer, and in this case, the processing of the present invention can be performed by executing a computer program stored in a storage medium by a CPU.

図2は、本発明の個人認証方法及び装置の概念図である。   FIG. 2 is a conceptual diagram of the personal authentication method and apparatus of the present invention.

図2において、210の一次認証画面で初期ユ−ザID,パスワ−ドが入力される(1)。入力されたユ−ザID,パスワ−ドは221の一次認証手段で認証が行われる。認証の結果、正規ユーザであった場合には、222のメニュー機能により223のサービスメニュ−が表示される。サービスが選択される(2)と重要度に応じて230の二次認証処理手段が動作し、予めあるいは最初の接続時等にユーザの端末にダウンロードされた231の端末情報取得用モジュールにより接続ユーザの端末のMACアドレス(端末ID)を取得する(2)。   In FIG. 2, the initial user ID and password are input on the primary authentication screen 210 (1). The entered user ID and password are authenticated by the primary authentication means 221. As a result of authentication, if the user is an authorized user, the service menu 223 is displayed by the menu function 222. When the service is selected (2), the secondary authentication processing unit 230 operates according to the importance, and the connected user is connected by the terminal information acquisition module 231 downloaded to the user's terminal in advance or at the time of the first connection or the like. The MAC address (terminal ID) of the terminal is acquired (2).

取得されたMACアドレスと240の二次認証用記憶手段に登録されているユーザの端末MACアドレスとを比較する232の端末認証が行われる。認証の結果一致した場合233の二次認証画面が表示される。二次認証画面で二次ユ−ザID,二次パスワ−ドが入力されると230の二次認証処理手段が起動し、240の二次認証用記憶手段に登録されている二次ユ−ザID,二次パスワ−ドとを比較する234のユーザ認証が行われる。認証の結果正規ユーザであった場合には、250のサービスの提供を受けることが出来る(5)。   232 terminal authentication is performed in which the acquired MAC address is compared with the user's terminal MAC address registered in the secondary authentication storage unit 240. If they match as a result of authentication, a secondary authentication screen 233 is displayed. When the secondary user ID and the secondary password are input on the secondary authentication screen, the secondary authentication processing means 230 is activated and the secondary user registered in the secondary authentication storage means 240 is activated. 234 user authentication is performed to compare the ID with the secondary password. As a result of authentication, if the user is a regular user, 250 services can be provided (5).

なお、端末IDとしては、MACアドレスやIPアドレス、ホスト名など、端末固有に付けられたIDを利用するものとする。   As the terminal ID, an ID uniquely assigned to the terminal such as a MAC address, an IP address, or a host name is used.

図2において、210の一次認証画面で初期ユ−ザID,パスワ−ドが入力される(1)。入力されたユ−ザID,パスワ−ドは221の一次認証手段で基本認証が行われる。認証の結果正規ユーザであった場合には、222のメニュー機能により223のサービスメニュ−が表示される。サービスが選択される(2)とACL(Access Control List)に基づいて230の二次認証処理手段が動作し、予めあるいは最初の接続時にユーザの端末にダウンロードされた231の端末情報取得用モジュールにより接続ユーザの端末IDを取得する(2)。   In FIG. 2, the initial user ID and password are input on the primary authentication screen 210 (1). The entered user ID and password are subjected to basic authentication by the primary authentication means 221. If the user is authorized as a result of the authentication, the service menu 223 is displayed by the menu function 222. When the service is selected (2), 230 secondary authentication processing means operates based on ACL (Access Control List), and the terminal information acquisition module 231 downloaded to the user's terminal in advance or at the first connection time. The terminal ID of the connected user is acquired (2).

取得された端末IDと240の二次認証用記憶手段に登録されているユーザの端末IDとを比較する232の端末認証が行われる。認証の結果一致した場合には、234のユーザ認証を行わず直ちに250のサービスの提供を受けることが出来る(4)。   232 terminal authentication is performed in which the acquired terminal ID is compared with the user terminal ID registered in the secondary authentication storage unit 240. If the authentication results match, the user can immediately receive 250 services without performing user authentication 234 (4).

尚、図1において、一次認証システムを使用せず、二次認証処理手段(112以降から)から行うことも可能である。   In FIG. 1, it is also possible to use secondary authentication processing means (from 112 onward) without using the primary authentication system.

本実施例1〜2によれば、不正利用者による成り済ましなどの防止に効果がある。   According to the first and second embodiments, there is an effect in preventing impersonation by an unauthorized user.

また、認証に端末情報を使用するので接続ユーザの端末を特定できる。   Moreover, since terminal information is used for authentication, the terminal of a connected user can be specified.

また、運用、管理体制も比較的簡単にできる。   In addition, the operation and management system can be made relatively simple.

本発明の手順の流れ図である。3 is a flowchart of the procedure of the present invention. 本発明の個人認証方法及び装置の概念図である。It is a conceptual diagram of the personal authentication method and apparatus of this invention.

符号の説明Explanation of symbols

210 一次認証画面
220 一次認証システム
230 二次認証処理手段
240 二次認証用記憶手段
250 サービス 210 Primary authentication screen 220 Primary authentication system 230 Secondary authentication processing means 240 Secondary authentication storage means 250 Service

Claims (7)

インターネット等を用いて一つ以上のサービスを受けるユーザをユーザIDと、パスワードの組み合わせによって一次認証し、前記サービスのアクセス制御リストや重要度等により端末認証を行うか否か判断し、行うと判断した場合は、前記ユーザの端末情報と予め登録してある端末情報との比較に基づく端末認証を行い、更には前記ユーザの二次ユーザ情報と予め登録してあるユーザ情報との比較に基づくユーザ認証を行う二次認証処理により認証をすることを特徴とする個人認証方法。   A user who receives one or more services using the Internet or the like is primarily authenticated by a combination of a user ID and a password, and it is determined whether or not to perform terminal authentication based on an access control list or importance of the service, and is determined to be performed In such a case, terminal authentication is performed based on a comparison between the terminal information of the user and terminal information registered in advance, and a user based on a comparison between the secondary user information of the user and user information registered in advance. A personal authentication method characterized by performing authentication by a secondary authentication process for performing authentication. インターネット等を用いて一つ以上のサービスを受けるユーザが最初に接続したときに表示される一次認証画面と前記ユーザが正規ユーザであるか否かを認証する一次認証手段と前記ユーザが認証された場合に提供されるサービス名を表示するメニュー機能を有する一次認証システム、前記ユーザの二次ユーザ情報及び端末情報等を予め登録格納して置く二次認証用記憶手段、前記サービスのアクセス制御リストや重要度等に基づき端末認証及びユーザ認証を行う二次認証処理手段を有することを特徴とする個人認証装置。   A primary authentication screen displayed when a user who receives one or more services using the Internet or the like first connects, a primary authentication means for authenticating whether or not the user is an authorized user, and the user is authenticated A primary authentication system having a menu function for displaying the service name provided in the case, secondary authentication storage means for pre-registering and storing secondary user information and terminal information of the user, an access control list for the service, A personal authentication apparatus comprising secondary authentication processing means for performing terminal authentication and user authentication based on importance or the like. 二次ユ−ザID、二次パスワ−ド等の二次ユーザ情報及びIPアドレス、MACアドレス、ホスト名などの端末を特定できる端末固有の端末ID等の端末情報を登録格納して置く二次認証用記憶手段を有することを特徴とする請求項2に記載の個人認証装置。   Secondary user information such as secondary user ID and secondary password, and secondary information such as IP address, MAC address, and host name that can identify the terminal such as host name are registered and stored. The personal authentication apparatus according to claim 2, further comprising an authentication storage unit. 予めあるいは最初の接続時等にユーザの端末にダウンロードされる端末情報取得用モジュールを有することを特徴とする請求項2に記載の個人認証装置。   3. The personal authentication apparatus according to claim 2, further comprising a terminal information acquisition module that is downloaded to a user's terminal in advance or at the time of first connection. 端末情報取得用モジュールによって取得されるユーザの端末情報と二次認証用記憶手段内の端末情報との比較に基づき端末認証を行う二次認証処理手段を有することを特徴とする請求項2または4に記載の個人認証装置。   5. A secondary authentication processing means for performing terminal authentication based on a comparison between user terminal information acquired by a terminal information acquisition module and terminal information in a secondary authentication storage means. The personal authentication device described in 1. 二次認証画面を表示させ入力された二次ユ−ザIDと二次パスワ−ドと二次認証用記憶手段内の二次ユ−ザID、二次パスワ−ドとの比較に基づきユーザ認証を行うことが出来る二次認証処理手段を有することを特徴とする請求項3または5に記載の個人認証装置。   User authentication based on the comparison between the secondary user ID and secondary password entered by displaying the secondary authentication screen and the secondary user ID and secondary password in the secondary authentication storage means The personal authentication device according to claim 3, further comprising a secondary authentication processing unit capable of performing authentication. 端末からサービス要求を受けた場合、当該サービスは端末認証を必要とするか否か判断し、必要と判断した場合は、前記端末の端末ID情報と予め登録してある端末ID情報とを比較することによって端末認証を行い、該端末認証に成功した場合に前記サービスを提供するように制御することを特徴とする認証方法。   When a service request is received from a terminal, it is determined whether the service requires terminal authentication. If it is determined, the terminal ID information of the terminal is compared with previously registered terminal ID information. An authentication method characterized in that terminal authentication is performed, and control is performed so as to provide the service when the terminal authentication is successful.
JP2004359899A 2004-12-13 2004-12-13 Personal authentication device, personal authentication method, and authentication method Withdrawn JP2006171857A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2004359899A JP2006171857A (en) 2004-12-13 2004-12-13 Personal authentication device, personal authentication method, and authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2004359899A JP2006171857A (en) 2004-12-13 2004-12-13 Personal authentication device, personal authentication method, and authentication method

Publications (1)

Publication Number Publication Date
JP2006171857A true JP2006171857A (en) 2006-06-29

Family

ID=36672573

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2004359899A Withdrawn JP2006171857A (en) 2004-12-13 2004-12-13 Personal authentication device, personal authentication method, and authentication method

Country Status (1)

Country Link
JP (1) JP2006171857A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7827592B2 (en) 2007-05-02 2010-11-02 International Business Machines Corporation Implicit authentication to computer resources and error recovery
US8312513B2 (en) 2007-07-11 2012-11-13 Fujitsu Limited Authentication system and terminal authentication apparatus
CN101442747B (en) * 2009-01-15 2012-12-12 吴静 Method and system for automatically judging user identification by terminal
JP2019219993A (en) * 2018-06-21 2019-12-26 Intelligence Design株式会社 Authentication system

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7827592B2 (en) 2007-05-02 2010-11-02 International Business Machines Corporation Implicit authentication to computer resources and error recovery
US8312513B2 (en) 2007-07-11 2012-11-13 Fujitsu Limited Authentication system and terminal authentication apparatus
CN101442747B (en) * 2009-01-15 2012-12-12 吴静 Method and system for automatically judging user identification by terminal
JP2019219993A (en) * 2018-06-21 2019-12-26 Intelligence Design株式会社 Authentication system

Similar Documents

Publication Publication Date Title
US8752145B1 (en) Biometric authentication with smart mobile device
US8875264B2 (en) System, method and program for off-line two-factor user authentication
US11765177B1 (en) System and method for providing a web service using a mobile device capturing dual images
US11057372B1 (en) System and method for authenticating a user to provide a web service
CN109903043B (en) Block chain-based secure transaction method, device, equipment and storage medium
JP2013164835A (en) Authentication system, authentication method, apparatus, and program
US9697346B2 (en) Method and apparatus for identifying and associating devices using visual recognition
US8327420B2 (en) Authentication system and method
EP3118760B1 (en) Authentication information management system, authentication information management device, program, recording medium, and authentication information management method
JP6399605B2 (en) Authentication apparatus, authentication method, and program
WO2015184894A2 (en) Method and device for implementing multi-user login mode
CN106529232A (en) Startup method and device
JP2010114725A (en) Evidence preservation apparatus, method of preserving evidence, and program
JP2005208993A (en) User authentication system
JP2011192154A (en) Usb storage device
WO2013118302A1 (en) Authentication management system, authentication management method, and authentication management program
JP2006171857A (en) Personal authentication device, personal authentication method, and authentication method
JP6279643B2 (en) Login management system, login management method, and login management program
JP2007193463A (en) Personal authentication device
JP2004234041A (en) Fingerprint matching device
CN103049686A (en) Method for verifying information of database and user through universal serial bus (Usb) key
JP2007034978A (en) Device, method and program for authenticating biological information
JP2007172176A (en) Authentication device
JP2004013865A (en) Personal identification method by associative memory
US20240106823A1 (en) Sharing a biometric token across platforms and devices for authentication

Legal Events

Date Code Title Description
A300 Application deemed to be withdrawn because no request for examination was validly filed

Free format text: JAPANESE INTERMEDIATE CODE: A300

Effective date: 20080304