Apparatus, method, and program for validating user
First Claim
Patent Images
1. A user validation apparatus comprising:
- a memory configured to store instructions; and
a controller that is configured to execute the instructions to;
extract user-agent information about an individual user and a user access source IP address in a hyper-text transfer (HTTP) header of a packet received from a terminal device, which is operated by the individual user, by applying HTTP as a protocol of an application layer;
verify;
(i) whether or not the extracted user-agent information corresponds to each user-agent information in two sets of user-agent information stored in a storage unit, and (ii) whether or not the extracted IP address corresponds to each IP address in two access source IP addresses stored in the storage unit;
determine the user is a valid user, based at least in part on the verification result when;
(a) the extracted user-agent information corresponds to each of the two sets of user-agent information and the extracted access source IP address corresponds to any of the two sets of access source IP addresses, or (b) the extracted access source IP address corresponds to each of the two access source IP addresses and the extracted user-agent information corresponds to any of the two sets of user-agent information;
determine the user is an invalid user, based at least in part on the verification result, when;
(a) the extracted user-agent information does not correspond to any of the two sets of user-agent information and the extracted access source IP address does not correspond to each of the two access source IP addresses, or (b) the extracted source IP address does not correspond to any of the two access source IP addresses and the extracted user-agent information does not correspond to each of the two sets of user-agent information;
determine the individual user is a conditionally valid user, based at least in part on the verification result, when the extracted user-agent information corresponds to each set of the two sets of user-agent information, and the extracted user IP address does not correspond to either of the stored sets of IP addresses; and
when the individual user is a conditionally valid user, request re-authentication to the individual user operating the terminal device.
3 Assignments
0 Petitions
Accused Products
Abstract
User validation accuracy is improved without inconveniencing a user. When an authentication request packet is received from a terminal and the authentication is successful based on a user ID and a password, an HTTP header, user-agent information, and access source IP address are extracted from the packet, and user authentication is performed by verifying the IP address and the user-agent information against usage history information where at most two sets of the IP address and the user-agent information extracted from the authentication request packet which is received from the same user previously are registered. When the set of the IP address and the UA information corresponding to the new extracted IP address and the new extracted UA information is registered in the usage history information, the authentication is successful, and the usage history information is overwritten with the new IP address and the new UA information.
20 Citations
3 Claims
-
1. A user validation apparatus comprising:
-
a memory configured to store instructions; and a controller that is configured to execute the instructions to; extract user-agent information about an individual user and a user access source IP address in a hyper-text transfer (HTTP) header of a packet received from a terminal device, which is operated by the individual user, by applying HTTP as a protocol of an application layer; verify;
(i) whether or not the extracted user-agent information corresponds to each user-agent information in two sets of user-agent information stored in a storage unit, and (ii) whether or not the extracted IP address corresponds to each IP address in two access source IP addresses stored in the storage unit;determine the user is a valid user, based at least in part on the verification result when;
(a) the extracted user-agent information corresponds to each of the two sets of user-agent information and the extracted access source IP address corresponds to any of the two sets of access source IP addresses, or (b) the extracted access source IP address corresponds to each of the two access source IP addresses and the extracted user-agent information corresponds to any of the two sets of user-agent information;determine the user is an invalid user, based at least in part on the verification result, when;
(a) the extracted user-agent information does not correspond to any of the two sets of user-agent information and the extracted access source IP address does not correspond to each of the two access source IP addresses, or (b) the extracted source IP address does not correspond to any of the two access source IP addresses and the extracted user-agent information does not correspond to each of the two sets of user-agent information;determine the individual user is a conditionally valid user, based at least in part on the verification result, when the extracted user-agent information corresponds to each set of the two sets of user-agent information, and the extracted user IP address does not correspond to either of the stored sets of IP addresses; and when the individual user is a conditionally valid user, request re-authentication to the individual user operating the terminal device. - View Dependent Claims (2, 3)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeTakaya Kato
-
Original AssigneeBank of Tokyo-Mitsubishi UFJ Limited (Mitsubishi UFJ Financial Group Incorporated)
-
InventorsKato, Takaya
-
Primary Examiner(s)WANG, HARRIS C
-
Application NumberUS13/679,401Publication NumberTime in Patent Office893 DaysField of Search726/3US Class Current726/3CPC Class CodesG06F 16/13 File access structures, e.g...G06F 21/31 User authenticationG06F 21/34 involving the use of extern...G06F 2221/2101 Auditing as a secondary aspectG06F 2221/2111 Location-sensitive, e.g. ge...H04L 2463/082 applying multi-factor authe...H04L 63/08 for authentication of entit...H04L 63/083 using passwords cryptograph...H04L 63/101 Access control lists [ACL]H04L 63/126 the source of the received ...H04L 63/168 above the transport layer
