User authentication method in network

US 20040030935A1
Filed: 07/28/2003
Published: 02/12/2004
Est. Priority Date: 10/31/2000
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a user by which a server device of a service provider authenticates a service user on a network, the method comprising:

a confirmation information issuing step including receiving an authentication request from a first communication device of the service user, and then generating a confirmation information to be replied to the first communication device; and

an authentication step of judging whether or not the confirmation information replied to the first communication device agrees with the confirmation information sent from the service user by a second communication device using a communication path that is different from a communication path of the first communication device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

When a network connection request is sent from a user'"'"'s personal computer (2) to a server (1) on the Internet (5), the server (1) sends an authentication confirmation number generated by a random number generating unit (13) to the personal computer (2) of the connection requester. The connection requester connects a portable telephone (3) to a modem (4) and enters the authentication confirmation number displayed on the personal computer (2) through operation of keys of the portable telephone (3). An authentication unit (16) authenticates the connection request of the connection requester to set up connection to the network if the telephone number of the portable telephone (3) stored in a user information storage unit (12) agrees with the telephone number sent to the modem (4) and if the authentication confirmation number entered through the portable telephone (3) is correct.

Citations

19 Claims

1. A method for authenticating a user by which a server device of a service provider authenticates a service user on a network, the method comprising:
- a confirmation information issuing step including receiving an authentication request from a first communication device of the service user, and then generating a confirmation information to be replied to the first communication device; and
  
  an authentication step of judging whether or not the confirmation information replied to the first communication device agrees with the confirmation information sent from the service user by a second communication device using a communication path that is different from a communication path of the first communication device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method for authenticating a user according to claim 1, further comprising steps of:
    - obtaining first authentication requester information about a service user who makes the authentication request based on the information contained in the authentication request received from the first communication device; and
      
      obtaining second authentication requester information about the service user when receiving confirmation information from the second communication device and judging whether or not the first authentication requester information agrees with the second authentication requester information.
  - 3. The method for authenticating a user according to claim 2, wherein the first communication device is a computer connected to the server device of the service provider via the Internet, the second communication device is a telephone, the first authentication requester information is a telephone number registered in advance in the server device by each service user, and the second authentication requester information is a telephone number of the second communication device, and the telephone number is obtained from a calling telephone number notification service provided by a telephone network.
  - 4. The method for authenticating a user according to claim 2, wherein the first communication device is a computer connected to the server device of the service provider via the Internet, the second communication device is a telephone, the first authentication requester information is a user'"'"'s name registered in advance in the server device by each service user, and the second authentication requester information is a user'"'"'s name of the second communication device registered in a telephone company.
  - 5. The method for authenticating a user according to claim 4, wherein the second authentication requester information is obtained by performing an inquiry to the user management device of the telephone company providing the second communication device based on the telephone number of the second communication device obtained by the calling telephone number notification service provided by the telephone network.
  - 6. The method for authenticating a user according to claim 4 or 5, wherein when it is judged that the first authentication requester information agrees with the second authentication requester information, a toll of the service used by the service user is collected from the service user'"'"'s bank account from which telephone charges are drawn.
  - 7. The method for authenticating a user according to claim 6, wherein the server device of the service provider sends the confirmation information replied in the confirmation information issuing step to the user management device of the telephone company and allows the user management device of the telephone company to execute the authentication step.
  - 8. The method for authenticating a user according to claim 1, wherein the first communication device is a computer connected to the server device of the service provider via the Internet, and the second communication device is a telephone, the method further comprises, in the authentication step after it is judged that the confirmation information replied to the first communication device agrees with the confirmation information sent from the service user by the second communication device, a step of receiving credit card information of the service user from the second communication device and charging the service user based on the received credit card information.
  - 9. The method for authenticating a user according to claim 8, wherein the server device of the service provider sends the confirmation information replied in the confirmation information issuing step to the server device of a credit card company, and allowing the server device of the credit card company to execute the authentication step.
  - 10. The method for authenticating a user according to claim 8, further comprising steps of:
    - obtaining a telephone number of the second communication device from the calling telephone number notification service provided by the telephone network;
      
      obtaining a user'"'"'s name of the second communication device from the user management device of the telephone company based on the obtained telephoned number, and judging whether or not the user'"'"'s name of the credit card obtained from the user management device of the credit card company agrees with the user'"'"'s name of the second communication device obtained by the user management device of the telephone company.
  - 11. The method for authenticating a user according to any one of claims 1 to 10, wherein characters or numbers generated randomly or the combination thereof are used as the confirmation information.

12. An authentication device comprising:
- an external connection unit for receiving an authentication request from a first communication device of a service user, a confirmation information generating unit for generating confirmation information to be replied to the first communication device, a confirmation information storage unit for storing the confirmation information replied to the first communication device, a confirmation information receiving unit for receiving the confirmation information sent by the service user from the second communication device using a communication path that is different from a communication path of the first communication device, and an authentication unit for judging whether or not the confirmation information received by the confirmation information receiving unit agrees with the confirmation information stored in the confirmation information storing unit.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The authentication device according to claim 12, further comprising a first authentication requester information obtaining unit for obtaining a first authentication requester information about a service user who makes the authentication request based on the information contained in the authentication request received from the first communication device;
    - and a second authentication requester information obtaining unit for obtaining the second authentication requester information about the service user when receiving the confirmation information from the second communication device, wherein the authentication unit also judges whether or not the first authentication requester information agrees with the second authentication requester information.
  - 14. The user authentication device according to claim 13, wherein the first communication device is a computer connected to the server device of the service provider via the Internet, and the second communication device is a telephone;
    - the user authentication device further comprises a first authentication requester information registering unit for storing a telephone number of the telephone used by each service user as the second communication device as the first authentication requester information; and
      
      the second authentication requester information is a telephone number of the second communication device, and the second authentication requester information obtaining unit obtains the second authentication requester information from a calling telephone number notification service provided by a telephone network.
  - 15. The user authentication device according to claim 13, wherein the first communication device is a computer connected to the server device of the service provider via the Internet, and the second communication device is a telephone;
    - the user authentication device further comprises a first authentication requester information registering unit for storing a name of each service user as the first authentication requester information, the second authentication requester information is the name of the user of the second communication device registered in the telephone company, and the second authentication requester information obtaining unit obtains the user'"'"'s name from the user management device of the telephone company.
  - 16. The user authentication device according to claim 15, wherein the second authentication requester information obtaining unit obtains a telephone number of the second communication device from the calling telephone number notification service provided by the telephone network and performs inquiry to the user management device of the telephone company based on the obtained telephone number, thereby obtaining the second authentication requester information.
  - 17. The user authentication device according to claim 12, wherein the first communication device is a computer connected to the server device of the service provider via the Internet and the second communication device is a telephone;
    - and the user authentication device further comprises a credit information receiving unit for receiving credit card information of the service user from the second communication device, and a billing unit for charging the service user based on the credit card information received by the credit information receiving unit after it is judged that, in the authentication step, the confirmation information replied to the first communication device agrees with the confirmation information sent from the service user by the second communication.
  - 18. The authentication device according to claim 17, further comprising a telephone number obtaining unit for obtaining a telephone number of the second communication device from the calling telephone number notification service provided by the telephone network;
    - and a user'"'"'s name obtaining unit for obtaining the name of the user of the second communication device from the user management device of the telephone company based on the obtained telephone number, wherein the authentication unit judges whether or not the user'"'"'s name of the credit card obtained from the user management device of the credit card company agrees with the user'"'"'s name of the second communication device obtained from the user management device of the telephone company.
  - 19. The authentication device according to any one of claims 12 to 18, wherein characters or numbers generated randomly or the combination thereof are used as the confirmation information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ARKRAY, Inc
Original Assignee
ARKRAY, Inc
Inventors
Kai, Akinori

Granted Patent

US 7,287,270 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/202
CPC Class Codes

G06F 21/43   wireless channels

G06Q 20/3674   involving authentication

G06Q 20/40   Authorisation, e.g. identif...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/18   using different networks or...

User authentication method in network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication method in network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links