User authentication method and system for implementing same
First Claim
1. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
- an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
a synchronization server that generates at least one token code based on the token ID included in the user account information; and
an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request, and transmits an authentication determination result to the usage target system,wherein, if the authentication server receives an authentication request prior notification from the information communication terminal being in a communicative condition, before receiving the user authentication request, the authentication server performs the authentication determination on the user authentication request based on comparison of a first token code generated by the synchronization server with a password included in the user authentication request, andwherein, if the authentication server receives the user authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the user authentication request based on comparison of a set of at least the first token code and a second token code generated by the synchronization server with a set of a password and an additional code included in the user authentication request.
1 Assignment
0 Petitions
Accused Products
Abstract
A new user authentication method which prevents illicit access to a system includes an authentication system which authenticates a user. The authentication system includes a database which manages user account information including a token ID which identifies a security token; a synchronization server which generates token codes on the basis of the token ID; and an authentication server which carries out an authentication determination transmitted from the system, and transmits the result to the system subject to use. If a prior notification of an authentication request is received prior to receiving the user authentication request, the authentication server carries out the authentication determination using a first token code. Alternatively, if the user authentication request is received without prior notification of the authentication request being received, the authentication server carries out the authentication determination using the first token code and a second token code.
28 Citations
13 Claims
-
1. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
-
an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user; a synchronization server that generates at least one token code based on the token ID included in the user account information; and an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request, and transmits an authentication determination result to the usage target system, wherein, if the authentication server receives an authentication request prior notification from the information communication terminal being in a communicative condition, before receiving the user authentication request, the authentication server performs the authentication determination on the user authentication request based on comparison of a first token code generated by the synchronization server with a password included in the user authentication request, and wherein, if the authentication server receives the user authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the user authentication request based on comparison of a set of at least the first token code and a second token code generated by the synchronization server with a set of a password and an additional code included in the user authentication request. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An information communication terminal used in authentication by an authentication system that authenticates a user who uses a usage target system, comprising:
-
a memory configured to store a password derivation pattern constituted by specific elements selected from a plurality of elements forming a geometric pattern; a communication module configured to transmit an authentication request prior notification to the authentication system; and a processor configured to obtain at least one token code that is in synchronization with at least one token code generated by the authentication system from a security token of the user; generate a code table by assigning a first token code obtained to the specific elements forming the password derivation pattern within the geometric pattern, and assign an arbitrary code to remaining elements of the geometric pattern; generate an additional code based on a second token code obtained; and display a reference screen on a user interface, wherein, in a communicative condition, the processor displays the reference screen on the user interface so as to include the code table generated, and the communication module transmits the authentication request prior notification to the authentication system, so that if an authentication server of the authentication system receives the authentication request prior notification from the information communication terminal being in the communicative condition, before receiving the authentication request, the authentication server performs an authentication determination on the authentication request based on comparison of the first token code generated by a synchronization server of the authentication system with a password included in the authentication request, and if the authentication server receives the authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the authentication request based on comparison of a set of at least the first token code and the second token code generated by the synchronization server with a set of a password and an additional code included in the authentication request, and in a non-communicative condition, the processor displays the reference screen on the user interface so as to include the code table generated and the additional code generated. - View Dependent Claims (8)
-
-
9. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
-
an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user; a synchronization server that generates at least one token code based on the token ID included in the user account information; a prior authentication server that receives an authentication request prior notification transmitted from the information communication terminal of a user, and manages a prior notification condition of the user based on the authentication request prior notification; and an authentication server which, upon reception of a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request in accordance with an authentication request state of the user, which is managed by the prior authentication server, and transmits an authentication determination result to the usage target system, wherein, if the prior notification condition of the user is active, the authentication server performs the authentication determination on the user authentication request based on comparison of a first token code generated by the synchronization server with a password included in the user authentication request, and wherein, if the user authentication request is received while the prior notification condition of the user is inactive, the authentication server performs the authentication determination on the user authentication request based on comparison of a set of the first token code and a second token code generated by the synchronization server with a set of a password and an additional code included in the user authentication request.
-
-
10. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
-
an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user; a synchronization server that generates at least one token code based on the token ID included in the user account information; a prior authentication server that receives an authentication request prior notification transmitted from the information communication terminal of a user, and manages a prior notification condition of the user based on the authentication request prior notification; and an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request based on the at least one token code, and transmits an authentication determination result to the usage target system, wherein the authentication server performs control to register the authentication determination result in the authentication database as authentication history information, and wherein, if the authentication determination result registered in the authentication database indicates successful authentication to a first usage target system, the authentication server makes, based on the at least one token code, an authentication determination on a user authentication request transmitted from a second usage target system. - View Dependent Claims (13)
-
-
11. A user authentication method executed by an authentication system in order to authenticate a user who uses a usage target system, comprising:
-
managing user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user; generating at least one token code based on the token ID included in the user account information; receiving a user authentication request transmitted from the usage target system and performing an authentication determination on the user authentication request; and transmitting an authentication determination result to the usage target system, wherein the authentication determination includes, if an authentication request prior notification, which is transmitted while an information communication terminal of the user is in a communicative condition, is received before receiving the user authentication request, performing authentication determination on the user authentication request based on comparison of a first token code with a password included in the user authentication request, and wherein the authentication determination includes, if the user authentication request is received without receiving the authentication request prior notification, performing authentication determination on the user authentication request based on comparison of a set of the first token code and a second token code with a set of a password and an additional code included in the user authentication request.
-
-
12. A product comprising a non-transitory computer-readable medium storing a program for authenticating, by an authentication system, a user who uses a usage target system,
wherein, the program being executed under control of a processor of an information communication terminal causes the information communication terminal to perform to: -
store a password derivation pattern constituted by specific elements selected from a plurality of elements forming a geometric pattern; transmit an authentication request prior notification to the authentication system; obtain at least one token code that is in synchronization with at least one token code generated by the authentication system from a security token of the user; generate a code table by assigning a first token code obtained to the specific elements forming the password derivation pattern within the geometric pattern, and assigning an arbitrary code to remaining elements of the geometric pattern; generate an additional code based on a second token code obtained; display a reference screen on a user interface; and in a communicative condition, display the reference screen on the user interface so as to include the code table generated, and transmit the authentication request prior notification to the authentication system, so that if an authentication server of the authentication system receives the authentication request prior notification from the information communication terminal being in the communicative condition, before receiving the authentication request, the authentication server performs an authentication determination on the authentication request based on comparison of the first token code generated by a synchronization server of the authentication system with a password included in the authentication request, and if the authentication server receives the authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the authentication request based on comparison of a set of at least the first token code and the second token code generated by the synchronization server with a set of a password and an additional code included in the authentication request, and in a non-communicative condition, display the reference screen on the user interface so as to include the code table generated and the additional code generated.
-
Specification