Apparatus, Method, and Program for Validating User

US 20090034521A1
Filed: 03/29/2006
Published: 02/05/2009
Est. Priority Date: 03/29/2006
Status: Active Grant

First Claim

Patent Images

1. A user validation apparatus comprising:

an extraction unit which extracts user-agent information set in an HTTP header of a packet received from a terminal device by applying HTTP as a protocol of an application layer;

an information management unit which stores the user-agent information extracted by the extraction unit from the packet received from the terminal device, which is operated by an individual user, in a storage unit so as to correspond to user identification information of the individual user; and

a determination unit which determines whether or not a user operating a given terminal device is a valid user by verifying user-agent information extracted by the extraction unit from a packet received from the given terminal device, against user-agent information stored in the storage unit so as to correspond to user identification information of the user operating the given terminal device.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Accuracy of user validation is improved without reducing user'"'"'s convenience. When a authentication request packet is received from a terminal, when the authentication is successful based on a user ID and a password (affirmative in 34), an HTTP header and user-agent (UA) information are extracted from the packet and an access source IP address is also extracted (36), and user authentication is performed by verifying the access source IP address and the UA information against usage history information (38, 44, and 46) where at most two sets of the IP address and the UA information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, it is determined that the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information (52, 54, 60, and 62).

53 Citations

View as Search Results

13 Claims

1. A user validation apparatus comprising:
- an extraction unit which extracts user-agent information set in an HTTP header of a packet received from a terminal device by applying HTTP as a protocol of an application layer;
  
  an information management unit which stores the user-agent information extracted by the extraction unit from the packet received from the terminal device, which is operated by an individual user, in a storage unit so as to correspond to user identification information of the individual user; and
  
  a determination unit which determines whether or not a user operating a given terminal device is a valid user by verifying user-agent information extracted by the extraction unit from a packet received from the given terminal device, against user-agent information stored in the storage unit so as to correspond to user identification information of the user operating the given terminal device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The user validation apparatus of claim 1, wherein:
    - IP is applied as a protocol of an Internet layer during communication with a terminal device,the extraction unit further extracts an access source IP address from a received packet,the information management unit stores the access source IP address and the user-agent information extracted by the extraction unit from a packet received from a terminal device operated by an individual user, in the storage unit so as to correspond to user identification information of the individual user, andthe determination unit determines whether or not a user operating a given terminal device is a valid user by determining whether or not an access source IP address and user-agent information extracted from a packet received from the given terminal device correspond to an access source IP address and user-agent information stored in the storage unit so as to correspond to user identification information of the user operating the given terminal device.
  - 3. The user validation apparatus of claim 1 or 2, wherein a password set in advance for each individual user is stored in the storage unit so as to correspond to user identification information of an individual user, andthe determination unit makes the determination based on information extracted by the extraction unit, when a combination of the user identification information and the password inputted by the user operating the given terminal device is stored in the storage unit.
  - 4. The user validation apparatus of claim 2, wherein, for the access source IP address extracted from the received packet, the determination unit determines whether or not the access source IP address extracted from the received packet corresponds to the access source IP address stored in the storage unit by determining whether or not a coincidence ratio of a predetermined bit unit to the access source IP address stored in the storage unit is equal to or higher than a threshold and, for the user-agent information extracted from the received packet, the determination unit determines whether or not the user-agent information extracted from the received packet corresponds to the user-agent information stored in the storage unit by determining whether or not the user-agent information extracted from the received packet is identical to the user-agent information stored in the storage unit.
  - 5. The user validation apparatus of claim 2, wherein when, as a result of verifying the access source IP address and the user-agent information extracted from the received packet against the access source IP address and the user-agent information stored in the storage unit, the determination unit determines that the access source IP address and the user-agent information extracted from the received packet do not correspond to the access source IP address and the user-agent information stored in the storage unit, the information management unit additionally stores the access source IP address and the user-agent information extracted from the received packet in the storage unit so as to correspond to the user identification information, andthe determination unit determines whether or not the user operating the given terminal device is a valid user by respectively verifying the access source IP address and the user-agent information extracted from the packet received from the given terminal against a plurality of sets of the access source IP address and the user-agent information, when the plurality of sets of the access source IP address and the user-agent information are stored in the storage unit so as to correspond to the user identification information of the user operating the given terminal device.
  - 6. The user validation apparatus of claim 5, wherein, when the plurality of sets of the access source IP address and the user-agent information are stored in the storage unit so as to correspond to the user identification information of the user operating the given terminal device, the determination unit determines that the user operating the given terminal device is a valid user when the determination unit determines that the access source IP address and the user-agent information extracted from the received packet correspond to at least one set of the access source IP address and the user-agent information among the plurality of sets of the access source IP address and the user-agent information stored in the storage unit.
  - 7. The user validation apparatus of claim 5, wherein, when the plurality of sets of the access source IP address and the user-agent information are stored in the storage unit so as to correspond to the user identification information of the user operating the given terminal device, the determination unit determines that the user operating the given terminal device is not a valid user when no set of the access source IP address and the user-agent information that is determined to respectively correspond to the access source IP address and the user-agent information extracted from the received packet, exists among the plurality of sets of the access source IP address and the user-agent information stored in the storage unit.
  - 8. The user validation apparatus of claim 7, wherein when notified that the user who has been determined by the determination unit not to be a valid user, has been determined to be a valid user by a confirmation method different from the user validation of the determination unit, the information management unit stores predetermined identification information in the storage unit so as to correspond to the user identification information of the user andthe determination unit determines that the user operating the given terminal device is a valid user when the predetermined identification information is stored in the storage unit so as to correspond to the user identification information of the user operating the given terminal device and when, among the plurality of sets of the access source IP address and the user-agent information, more than one set of the access source IP address and the user-agent information exists which is determined to correspond to the access source IP address extracted from the received packet, or when more than one set of the access source IP address and the user-agent information exists which is determined to correspond to the user-agent information extracted from the received packet.
  - 9. The user validation apparatus of claim 1 or 2, further comprising:
    - an electronic mail address storage unit which stores an electronic mail address used by the individual user so as to correspond to the user identification information of the individual user; and
      
      a transmission unit which transmits electronic mail, at which a link to a predetermined web page is added in order to confirm whether or not the user is a valid user by a method different from the determination unit, to the electronic mail address stored in the electronic mail address storage unit so as to correspond to the user identification information of the user, when the determination unit determines that the user operating the given terminal device is not a valid user.
  - 10. The user validation apparatus of claim 5, wherein, as a result of respectively verifying the access source IP address and the user-agent information extracted from the received packet against the plurality of sets of the access source IP address and the user-agent information stored in the storage unit, when the determination unit determines that the access source IP address and the user-agent information extracted from the received packet do not correspond to any one of the plurality of sets of the access source IP address and the user-agent information stored in the storage unit, and when the number of sets of the access source IP address and the user-agent information stored in the storage unit so as to correspond to the user identification information of the user operating the given terminal device reaches a predetermined upper limit value, the information management unit overwrites the set of the access source IP address and the user-agent information which was stored in the storage unit earliest among the plurality of sets of the access source IP address and the user-agent information stored in the storage unit, with the access source IP address and the user-agent information extracted from the received packet, and stores the access source IP address and the user-agent information extracted from the received packet in the storage unit.
  - 11. The user validation apparatus of claim 5, wherein, as a result of respectively verifying the access source IP address and the user-agent information extracted from the received packet against the plurality of sets of the access source IP address and the user-agent information stored in the storage unit, when the determination unit determines that the access source IP address and the user-agent information extracted from the received packet correspond to a specific set of the access source IP address and the user-agent information among the plurality of sets of the access source IP address and the user-agent information stored in the storage unit, the information management unit overwrites the specific set of the access source IP address and the user-agent information with at least the user-agent information of the set of the access source IP address and the user-agent information extracted from the received packet, and stores the user-agent information in the storage unit.

12. A user validation method comprising:
- extracting user-agent information set in an HTTP header of a packet received from a terminal device operated by an individual user by applying HTTP as a protocol of an application layer, and storing the extracted user-agent information in a storage unit so as to correspond to user identification information of the individual user; and
  
  extracting user-agent information set in an HTTP header of a packet received from a given terminal device by applying HTTP as the protocol of the application layer, and determining whether or not a user operating the given terminal device is a valid user by verifying the extracted user-agent information against user-agent information stored in the storage unit so as to correspond to user identification information of the user operating the given terminal device.

13. A user validation program which causes a computer comprising a storage unit to act as:
- an extraction unit which extracts user-agent information set in an HTTP header of a packet received from a terminal device by applying HTTP as a protocol of an application layer;
  
  an information management unit which stores the user-agent information extracted by the extraction unit from the packet received from the terminal device, which is operated by an individual user, in a storage unit so as to correspond to user identification information of the individual user; and
  
  a determination unit which determines whether or not a user operating a given terminal device is a valid user by verifying user-agent information extracted by the extraction unit from a packet received from the given terminal device against user-agent information which is stored in the storage unit so as to correspond to user identification information of the user operating the given terminal device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of Tokyo-Mitsubishi UFJ Limited (Mitsubishi UFJ Financial Group Incorporated)
Original Assignee
Bank of Tokyo-Mitsubishi UFJ Limited (Mitsubishi UFJ Financial Group Incorporated)
Inventors
Kato, Takaya

Granted Patent

US 8,347,368 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/389
CPC Class Codes

G06F 16/13   File access structures, e.g...

G06F 21/31   User authentication

G06F 21/34   involving the use of extern...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2111   Location-sensitive, e.g. ge...

H04L 2463/082   applying multi-factor authe...

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/101   Access control lists [ACL]

H04L 63/126   the source of the received ...

H04L 63/168   above the transport layer

Apparatus, Method, and Program for Validating User

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

53 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus, Method, and Program for Validating User

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links