USER AUTHENTICATION METHOD AND SYSTEM FOR IMPLEMENTING SAME
First Claim
1. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
- an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
a synchronization server that generates at least one token code based on the token ID included in the user account information; and
an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request, and transmits an authentication determination result to the usage target system,wherein, if the authentication server receives an authentication request prior notification, which is transmitted while the information communication terminal is in a communicative condition, before receiving the user authentication request, the authentication server performs the authentication determination on the user authentication request based on at least a first token code, andwherein, if the authentication server receives the user authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the user authentication request based on a set of at least the first token code and a second token code.
1 Assignment
0 Petitions
Accused Products
Abstract
A new user authentication method which prevents illicit access to a system includes an authentication system which authenticates a user, said authentication system including: a database which, manages user account information including a token ID which identifies a security token; a synchronization server which generates token codes on the basis of the token ID; and an authentication server which carries out an authentication determination transmitted from the system, and transmits the result to the system subject to use. If a prior notification of an authentication request is received prior to receiving the user authentication request, the authentication server carries out the authentication determination using a first token code, whereas, if the user authentication request is received without prior notification of the authentication request being received, the authentication server carries out the authentication determination using the first token code and a second token code.
46 Citations
14 Claims
-
1. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
-
an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user; a synchronization server that generates at least one token code based on the token ID included in the user account information; and an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request, and transmits an authentication determination result to the usage target system, wherein, if the authentication server receives an authentication request prior notification, which is transmitted while the information communication terminal is in a communicative condition, before receiving the user authentication request, the authentication server performs the authentication determination on the user authentication request based on at least a first token code, and wherein, if the authentication server receives the user authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the user authentication request based on a set of at least the first token code and a second token code. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An information communication terminal used in authentication by an authentication system that authenticates a user who uses a usage target system, comprising:
-
storing means for storing a password derivation pattern constituted by specific elements selected from a plurality of elements forming a geometric pattern; transmitting means for transmitting an authentication request prior notification to the authentication system; obtaining means for obtaining at least one token code that is in synchronization with at least one token code generated by the authentication system from a security token of the user; first generating means for generating a code table by assigning a first token code obtained by the obtaining means to the specific elements forming the password derivation pattern within the geometric pattern, and assigning an arbitrary code to remaining elements of the geometric pattern; second generating means for generating an additional code based on a second token code obtained by the obtaining means; and displaying means for displaying a reference screen on a user interface, wherein, in a communicative condition, the transmitting means transmits the authentication request prior notification to the authentication system and the displaying means displays the reference screen on the user interface so as to include the code table generated by the first generating means, and in a non-communicative condition, the displaying means displays the reference screen on the user interface so as to include the code table generated by the first generating means and the additional code generated by the second generating means. - View Dependent Claims (9)
-
-
10. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
-
an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user; a synchronization server that generates at least one token code based on the token ID included in the user account information; a prior authentication server that receives an authentication request prior notification transmitted from the information communication terminal of a user, and manages a prior notification condition of the user based on the authentication request prior notification; and an authentication server which, upon reception of a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request in accordance with an authentication request state of the user, which is managed by the prior authentication server, and transmits an authentication determination result to the usage target system, wherein, if the prior notification condition of the user is active, the authentication server performs the authentication determination on the user authentication request based on a first token code, and wherein, if the user authentication request is received while the prior notification condition of the user is inactive, the authentication server performs the authentication determination on the user authentication request based on a set of the first token code and a second token code.
-
-
11. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
-
an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user; a synchronization server that generates at least one token code based on the token ID included in the user account information; a prior authentication server that receives an authentication request prior notification transmitted from the information communication terminal of a user, and manages a prior notification condition of the user based on the authentication request prior notification; and an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request based on the at least one token code, and transmits an authentication determination result to the usage target system, wherein the authentication server performs control to register the authentication determination result in the authentication database as authentication history information. - View Dependent Claims (12)
-
-
13. A user authentication method executed by an authentication system in order to authenticate a user who uses a usage target system, comprising:
-
managing user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user; generating at least one token code based on the token ID included in the user account information; receiving a user authentication request transmitted from the usage target system and performing an authentication determination on the user authentication request; and transmitting an authentication determination result to the usage target system, wherein the authentication determination includes, if an authentication request prior notification, which is transmitted while an information communication terminal of the user is in a communicative condition, is received before receiving the user authentication request, performing authentication determination on the user authentication request based on a first token code, and wherein the authentication determination includes, if the user authentication request is received without receiving the authentication request prior notification, performing authentication determination on the user authentication request based on a set of the first token code and a second token code.
-
-
14. A program for authenticating, by an authentication system, a user who uses a usage target system,
wherein, the program being executed under control of a processor of an information communication terminal causes the information communication terminal to implement: -
storing means for storing a password derivation pattern constituted by specific elements selected from a plurality of elements forming a geometric pattern; transmitting means for transmitting an authentication request prior notification to the authentication system; obtaining means for obtaining at least one token code that is in synchronization with at least one token code generated by the authentication system from a security token of the user; first generating means for generating a code table by assigning a first token code obtained by the obtaining means to the specific elements forming the password derivation pattern within the geometric pattern, and assigning an arbitrary code to remaining elements of the geometric pattern; second generating means for generating an additional code based on a second token code obtained by the obtaining means; displaying means for displaying a reference screen on a user interface; and control means for performing control such that in a communicative condition, the transmitting means transmits the authentication request prior notification to the authentication system and the displaying means displays the reference screen on the user interface so as to include the code table generated by the first generating means, and performing control such that in a non-communicative condition, the displaying means displays the reference screen on the user interface so as to include the code table generated by the first generating means and the additional code generated by the second generating means.
-
Specification