Apparatus, method, and program for validating user
First Claim
1. A user validation apparatus comprising:
- an extraction device which extracts user-agent information set by default in an HTTP header of a packet received from a terminal device, and extracts an access source IP address from the packet, by applying HTTP as a protocol of an application layer and IP as a protocol of an Internet layer;
an information management device which stores the access source IP address and the user-agent information extracted by the extraction device from the packet received from the terminal device, which is operated by an individual user, in a storage device so as to correspond to user identification information of the individual user; and
a determination device which determines whether or not a user operating a given terminal device is a valid user by verifying the access source IP address and user-agent information extracted by the extraction device from the packet received from the given terminal device against the access source IP address and user-agent information which are stored in the storage device so as to correspond to user identification information of the user operating the given terminal device, and by determining whether or not the access source IP address and the user-agent information extracted from the packet received from the given terminal device correspond to the access source IP address and the user-agent information which are stored in the storage device, whereinfor the access source IP address extracted from the received packet, the determination device determines whether or not the access source IP address extracted from the received packet corresponds to the access source IP address stored in the storage device by determining whether or not a coincidence ratio of a predetermined bit unit to the access source IP address stored in the storage device is equal to or higher than a threshold and, for the user-agent information extracted from the received packet, the determination device determines whether or not the user-agent information extracted from the received packet corresponds to the user-agent information stored in the storage device by determining whether or not the user-agent information extracted from the received packet is identical to the user-agent information stored in the storage device, andwhen a plurality of sets of the access source IP address and the user-agent information are stored in the storage device so as to correspond to the user identification information of the user operating the given terminal device, the determination device determines that the user operating the given terminal device is a conditionally valid user if the determination device determines that only one of the access source IP address and the user-agent information extracted from the received packet corresponds to at least two sets of the access source IP addresses or the user-agent information among the plurality of sets stored in the storage device.
1 Assignment
0 Petitions
Accused Products
Abstract
Accuracy of user validation is improved without reducing user'"'"'s convenience. When a authentication request packet is received from a terminal, when the authentication is successful based on a user ID and a password (affirmative in 34), an HTTP header and user-agent (UA) information are extracted from the packet and an access source IP address is also extracted (36), and user authentication is performed by verifying the access source IP address and the UA information against usage history information (38, 44, and 46) where at most two sets of the IP address and the UA information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, it is determined that the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information (52, 54, 60, and 62).
-
Citations
16 Claims
-
1. A user validation apparatus comprising:
-
an extraction device which extracts user-agent information set by default in an HTTP header of a packet received from a terminal device, and extracts an access source IP address from the packet, by applying HTTP as a protocol of an application layer and IP as a protocol of an Internet layer; an information management device which stores the access source IP address and the user-agent information extracted by the extraction device from the packet received from the terminal device, which is operated by an individual user, in a storage device so as to correspond to user identification information of the individual user; and a determination device which determines whether or not a user operating a given terminal device is a valid user by verifying the access source IP address and user-agent information extracted by the extraction device from the packet received from the given terminal device against the access source IP address and user-agent information which are stored in the storage device so as to correspond to user identification information of the user operating the given terminal device, and by determining whether or not the access source IP address and the user-agent information extracted from the packet received from the given terminal device correspond to the access source IP address and the user-agent information which are stored in the storage device, wherein for the access source IP address extracted from the received packet, the determination device determines whether or not the access source IP address extracted from the received packet corresponds to the access source IP address stored in the storage device by determining whether or not a coincidence ratio of a predetermined bit unit to the access source IP address stored in the storage device is equal to or higher than a threshold and, for the user-agent information extracted from the received packet, the determination device determines whether or not the user-agent information extracted from the received packet corresponds to the user-agent information stored in the storage device by determining whether or not the user-agent information extracted from the received packet is identical to the user-agent information stored in the storage device, and when a plurality of sets of the access source IP address and the user-agent information are stored in the storage device so as to correspond to the user identification information of the user operating the given terminal device, the determination device determines that the user operating the given terminal device is a conditionally valid user if the determination device determines that only one of the access source IP address and the user-agent information extracted from the received packet corresponds to at least two sets of the access source IP addresses or the user-agent information among the plurality of sets stored in the storage device. - View Dependent Claims (12)
-
-
2. A user validation apparatus comprising:
-
an extraction device which extracts user-agent information set by default in an HTTP header of a packet received from a terminal device, and extracts an access source IP address from the packet, by applying HTTP as a protocol of an application layer and IP as a protocol of an interne layer; an information management device which stores the access source IP address and the user-agent information extracted by the extraction device from the packet received from the terminal device, which is operated by an individual user, in a storage device so as to correspond to user identification information of the individual user; and a determination device which determines whether or not a user operating a given terminal device is a valid user by verifying the access source IP address and user-agent information extracted by the extraction device from the packet received from the given terminal device against the access source IP address and user-agent information which are stored in the storage device so as to correspond to user identification information of the user operating the given terminal device, and determining whether or not the access source IP address and the user-agent information extracted from the packet received from the given terminal device correspond to the access source IP address and the user-agent information which are stored in the storage device, wherein when, as a result of verifying the access source IP address and the user-agent information extracted from the received packet against the access source IP address and the user-agent information stored in the storage device, the determination device determines that the access source IP address and the user-agent information extracted from the received packet do not correspond to the access source IP address and the user-agent information stored in the storage device, the information management device additionally stores the access source IP address and the user-agent information extracted from the received packet in the storage device so as to correspond to the user identification information, the determination device determines whether or not the user operating the given terminal device is a valid user by respectively verifying the access source IP address and the user-agent information extracted from the packet received from the given terminal against a plurality of sets of the access source IP address and the user-agent information, when the plurality of sets of the access source IP address and the user-agent information are stored in the storage device so as to correspond to the user identification information of the user operating the given terminal device, and the determination device determines that the user operating the given terminal device is a conditionally valid user if the determination device determines that only one of the access source IP address and the user-agent information extracted from the received packet corresponds to at least two sets of the access source IP addresses or the user-agent information among the plurality of sets stored in the storage device. - View Dependent Claims (3, 4, 5, 6, 7, 8, 13)
-
-
9. A user validation method comprising:
-
extracting user-agent information set by default in an HTTP header of a packet received from a terminal device operated by an individual user, and extracting an access source IP address from the packet, by applying HTTP as a protocol of an application layer and IP as a protocol of an Internet layer, and storing the extracted user-agent information and the access source IP address in a storage unit so as to correspond to user identification information of the individual user; extracting user-agent information set in an HTTP header of a packet received from a given terminal device, and extracting an access source IP address from the packet, by applying HTTP as the protocol of the application layer and IP as a protocol of the Internet layer, and determining whether or not a user operating the given terminal device is a valid user by verifying the extracted access source IP address and the extracted user-agent information against an access source IP address and user-agent information which are stored in the storage unit so as to correspond to user identification information of the user operating the given terminal device, and determining whether or not the extracted access source IP address and the extracted user-agent information correspond to the access source IP address and the user-agent information which are stored in the storage unit; additionally storing the access source IP address and the user-agent information extracted from the packet received from the given terminal device in the storage unit so as to correspond to the user identification information, when determining that the access source IP address and the user-agent information extracted from the packet received from the given terminal device do not correspond to the access source IP address and the user-agent information stored in the storage unit as a result of verifying the access source IP address and the user-agent information extracted from the received packet against the access source IP address and the user-agent information stored in the storage unit, and determining whether or not the user operating the given terminal device is a valid user by respectively verifying the access source IP address and the user-agent information extracted from the packet received from the given terminal against a plurality of sets of the access source IP address and the user-agent information, when the plurality of sets of the access source IP address and the user-agent information are stored in the storage unit so as to correspond to the user identification information of the user operating the given terminal device, wherein when storing a plurality of sets of the access source IP address and the user-agent information corresponding to the user identification information of the user operating the given terminal in the storage unit, the determining further includes determining that the user operating the given terminal device is a conditionally valid user if only one of the access source IP address and the user-agent information extracted from the received packet corresponds to at least two sets of the access source IP addresses or the user-agent information among the plurality of sets stored in the storage unit. - View Dependent Claims (14)
-
-
10. A non-transitory computer-readable medium encoded with a user validation program which causes a computer including a storage unit to act as:
-
an extraction unit which extracts user-agent information set by default in an HTTP header of a packet received from a terminal device, and extracts an access source IP address from the packet, by applying HTTP as a protocol of an application layer and IP as a protocol of an interne layer; an information management unit which stores the access source IP address and the user-agent information, which are extracted by the extraction unit from the packet received from the terminal device, which is operated by an individual user, in a storage unit so as to correspond to user identification information of the individual user; and a determination unit which determines whether or not a user operating a given terminal device is a valid user by verifying the access source IP address and user-agent information extracted by the extraction unit from the packet received from the given terminal device against the access source IP address and user-agent information which are stored in the storage unit so as to corresponding to user identification information of the user operating the given terminal device, and determining whether or not the access source IP address and the user-agent information extracted from the packet received from the given terminal device correspond to the access source IP address and the user-agent information which are stored in the storage unit, wherein when, as a result of verifying the access source IP address and the user-agent information extracted from the received packet against the access source IP address and the user-agent information stored in the storage unit, the determination unit determines that the access source IP address and the user-agent information extracted from the received packet do not correspond to the access source IP address and the user-agent information stored in the storage unit, the information management unit additionally stores the access source IP address and the user-agent information extracted from the received packet in the storage unit so as to correspond to the user identification information, the determination unit determines whether or not the user operating the given terminal device is a valid user by respectively verifying the access source IP address and the user-agent information extracted from the packet received from the given terminal against a plurality of sets of the access source IP address and the user-agent information, when the plurality of sets of the access source IP address and the user-agent information are stored in the storage unit so as to correspond to the user identification information of the user operating the given terminal device, and when a plurality of sets of the access source IP address and the user-agent information are stored in the storage unit so as to correspond to the user identification information of the user operating the given terminal device, the determination unit determines that the user operating the given terminal device is a conditionally valid user if the determination unit determines that only one of the access source IP address and the user-agent information extracted from the received packet corresponds to at least two sets of the access source IP addresses or the user-agent information among the plurality of sets stored in the storage unit. - View Dependent Claims (15)
-
-
11. A user validation apparatus comprising:
-
an extraction device which extracts user-agent information set by default in an HTTP header of a packet received from a terminal device, and extracts an access source IP address from the packet, by applying HTTP as a protocol of an application layer and IP as a protocol of an internet layer; an information management device which stores the access source IP address and the user-agent information extracted by the extraction device from the packet received from the terminal device, which is operated by an individual user, in a storage device so as to correspond to user identification information of the individual user; and a determination device which determines whether or not a user operating a given terminal device is a valid user by verifying the access source IP address and user-agent information extracted by the extraction device from the packet received from the given terminal device against the access source IP address and user-agent information which are stored in the storage device so as to correspond to user identification information of the user operating the given terminal device, and determining whether or not the access source IP address and the user-agent information extracted from the packet received from the given terminal device correspond to the access source IP address and the user-agent information which are stored in the storage device, wherein the determination device determines whether or not the user operating the given terminal device is a valid user by respectively verifying the access source IP address and the user-agent information extracted from the packet received from the given terminal against a plurality of sets of the access source IP address and the user-agent information, when the plurality of sets of the access source IP address and the user-agent information are stored in the storage device so as to correspond to the user identification information of the user operating the given terminal device, and when a plurality of sets of the access source IP address and the user-agent information are stored in the storage device so as to correspond to the user identification information of the user operating the given terminal device, the determination device determines that the user operating the given terminal device is a conditionally valid user if the determination device determines that only one of the access source IP address and the user-agent information extracted from the received packet corresponds to at least two sets of the access source IP addresses or the user-agent information among the plurality of sets stored in the storage device. - View Dependent Claims (16)
-
Specification