(12) United States Patent
`Ueshima
`
`(54) AUTHENTICATION METHOD,
`AUTHENTICATION SYSTEMAND
`RECORDING MEDIUM
`
`(75) Inventor: Yasushi Ueshima, Tokyo (JP)
`(73) Assignee: Comsquare Co., Ltd., Tokyo (JP)
`
`(*) Notice:
`
`USOO6731731B1
`(10) Patent No.:
`US 6,731,731 B1
`(45) Date of Patent:
`May 4, 2004
`
`2002/0106065 A1 * 8/2002 Joyce et al. ........... 379/114.02
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`
`686905
`O8-227397
`10-229459
`1O-336345
`10-341224
`11-12O397
`11-161618
`11-178022
`2OOO-10927
`
`12/1995
`9/1996
`8/1998
`12/1998
`12/1998
`4/1999
`6/1999
`7/1999
`1/2000
`
`* cited by examiner
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 567 days.
`(21) Appl. No.:
`09/806,350
`(22) PCT Filed:
`Jul. 3, 2000
`(86) PCT No.:
`PCT/JP00/04399
`S371 (c)(1),
`Primary Examiner Benny Tieu
`(2), (4) Date: Mar. 29, 2001
`(74) Attorney, Agent, or Firm-Collard & Roe, P.C.
`(87) PCT Pub. No.: WO01/09735
`(57)
`ABSTRACT
`PCT Pub. Date: Feb. 8, 2001
`When a Service provider authenticates a preliminarily reg
`istered user, a telephone number of a telephone of the user
`Foreign Application Priority Data
`(30)
`is registered prior to the authentication and the user calls a
`Jul. 30, 1999
`(JP) ........................................... 11-216948 E. telephony integration) server by the use of
`(51) Int. Cl. ........................... H04M 3700; G06F 12/14
`the telephone. The CTI server authenticates the user with
`(52) U.S. Cl. ........................................ 379/196; 713/201
`reference to the telephone number of the call received. A
`(58) Field of Search ................................. 379,189, 191,
`password is generated by an information processing device
`379/196, 197, 198, 114.02; 713/200, 201,
`Such as the CTI server and is transmitted to both the user and
`2O2
`the Service provider. The Service provider compares the
`received password and a password inputted by the user and
`provides the user with Service upon coincidence between
`both passwords.
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`2001/0000358 A1
`4/2001 Isomichi et al. ............ 713/201
`
`30 Claims, 6 Drawing Sheets
`
`/SAR
`I 11
`| l
`
`2
`
`22
`
`PAGER
`
`s
`N
`y
`141 y
`
`..
`
`PersonIAL COMPUter, etc. f
`M
`
`
`
`:
`i
`
`H
`
`R
`
`
`
`PCNE
`CELLUAR
`NTRK
`10
`
`PUBLIC
`NETWORK
`
`2
`
`PAGING ?
`NETWORK N
`30
`
`40
`
`CALLERS
`ATA
`MUMBER
`IDENTIFYING cowrr
`unit
`22.
`
`MAIL
`sERVER 50
`
`PUCNTWORK 20
`CONNECTION UNIT
`
`RGISTER
`TABLE
`3.
`
`ASSWOR
`TALE
`32
`
`PASSWOR
`GENERATION 4
`NIT
`
`AtAAS 30
`
`NETWORK
`LAN, WAN,
`NTERNET)
`
`50
`
`PASSWORD
`control 42
`UNIT
`
`. -> AUTHENTCATION
`
`SYSTEMUNT
`
`60
`
`BANK OF AMERICA ET AL. EXHIBIT 1022
`
`Page 1 of 18
`
`

`

`U.S. Patent
`
`May 4, 2004
`Sheet 1 of 6
`FIG. 1
`
`US 6,731,731 B1
`
`- - - - - - - - -
`
`/CELLULAR
`f PHONE
`| 111
`
`-
`
`- - -as
`
`a r - - - - - - -
`
`-
`
`is
`
`is a s
`
`PAGER
`
`
`
`m
`
`PERSONAL COMPUTER, etc. f
`
`is
`
`a
`
`CESAR
`NETWORK
`
`:
`
`PUBLC
`NETWORK
`
`110
`
`
`
`120
`
`m
`
`E.
`NETWORK
`
`130
`
`140
`
`CALLER'S
`NUMBER
`IDENTIFYING
`UNIT
`21
`
`DATA
`CONVERTER
`22
`
`MAIL
`SERVER 50
`
`PUBLIC NETWORK 20
`CONNECTION UNIT
`
`REGISTER
`TABLE
`3.
`
`PASSWORD
`TABLE
`32
`
`DATABASE 30
`
`
`
`W
`
`s
`
`NETWORK
`(LAN, WAN,
`1NTERNET)
`
`50
`
`as -) AUTHENTCATION
`SYSTEM UNIT
`
`60
`
`USER
`O
`
`
`
`
`
`
`
`PASSWORD
`GENERATION 41
`UNIT
`
`PASSWORD
`CONTROL 42
`UNIT
`
`Page 2 of 18
`
`

`

`nenees
`PASSWORD GENERATION
`CTI CALL RECEPTION FLOW
`
`USER CALLSCTI
`SYSTEM THROUGH
`
`PUBLIC NETWORK
`CTIIDENTIFIES
`
`
`
`CALLER'S ID TRANS-
`MITTED FROM CARRIER
`
`
`Ss2
`
`
`CTI CONFIRMS AT DATA
`BASE THAT CALLER'S
`
`ID CORRESPONDS TO
`
`PROPER USER
`
`NECESSARY
`
`
`
`CTI REQUESTS INPUT
`OF USER'SNAME
`
`|°?
`
`¢Sls
`
`s9
`
`
`
`
`CTI REQUESTS
`PASSWORD GENE -
`
`
`RATING PROGRAM
`
`FOR GENERATION
`
`
`USER INPUTS USER'S
`
`$12
`NAME(INPUT METHOD: |S8
`
`PASSWORD GENERATING
`DTMF, SPEECH RECOG-
`
`PROGRAM GENERATES
`A PASSWORD
`NITION,FAX,etc.)
`
`
`$13
`PASSWORD GENERATING
`
`
`PROGRAM REGISTERS THE
`
`
`GENERATED PROGRAM
`
`
`TO DATABASE
`
`
`CTI INQUIRES AT DATA-
`BASE TO CHECK IF THE
`USER'S NAMEIN ASSO-
`CIATION WITH CALLER'S
`ID IS PROPER
`
`
`
`PASSWORDIS NOTIFIED
`TO USER.
`EXAMPLES OF NOTIFICATION
`
`
`
`
`GTI AUTOMATICALLY
`CTI AUTOMATICALLY
`
`
`SPEECH
`
`RECEIVES THE CALL}%® RECEIVES THE CALL
`POCKET BELL
`AND INTERRUPTS
`
`
`
`FAX
`THE LINE AFTER
`
`
`
`TRANSMITTING
`E-MAIL
`
`
`
`
`S3
`
`
`
`$14
`
`
`
`
`
`quayed‘SN
`
`PO00T‘bAPIA
`9JO7POS
`
`TaTEL‘TEL‘’9SA
`
`Page 3 of 18
`
`

`

`U.S. Patent
`
`May 4, 2004
`
`Sheet 3 of 6
`
`US 6,731,731 B1
`
`FIG. 3
`
`GENERATION OF ESSE
`CT CALL NON-RECEPTIONELOW
`
`USER CALLS CT SYSTEM
`THROUGH PUBLIC NET
`WQRSANDANGSET
`AFTER SEVERAL TIMES
`OF GENERATION OF
`RINGING TONE
`
`
`
`
`
`
`
`
`
`CTIDENTIFIES
`CALLERS ID
`TRANSMITTED
`FROM CARRIER
`
`CT CHECKSAT DATA
`BASE IF CALLERS ID
`CORRESPONDS TO
`PROPER USER
`
`
`
`NO OPERATION
`
`
`
`
`
`
`
`CT REQUESTS
`PASSWORD GENE
`RAING PROGRAM
`FOR GENERATION
`
`PASSWORD GENERATING
`PROGRAM GENERATES
`APASSWORD
`
`PASSWORD GENERATING
`PROGRAMREGISTERS
`GENERATED PROGRAM
`TODATABASE
`
`
`
`
`
`
`
`PASSWORD IS NOTIFIED
`TO USER
`EXAMPLES OF NOTIFICATION
`SPEECH
`POCKET.BELL
`FAX
`E-MA
`etc.
`
`T8.
`
`Page 4 of 18
`
`

`

`U.S. Patent
`
`May 4, 2004
`
`Sheet 4 of 6
`
`US 6,731,731 B1
`
`FIG. 4
`
`FLOW OF USING
`AUTHENTICATIONSYSTE
`
`AUTHENTCATION
`SYSTEM REQUIRES
`USER'S NAME?
`
`U1
`
`NECESSARY
`O
`
`AUTHENTCATION
`SYSTEM RECEIVES
`INPUT OF PASSWORD
`
`USER INPUTS
`PASSWORD TO
`AUTHENTICATION
`SYSTEM
`
`
`
`
`
`
`
`
`
`
`
`
`
`AUTHENTICATION
`SYSTEM INQUIRES
`ATDATABASE
`(IF USER'S NAME IS
`PRESENT, INQUIRES BY
`THE USE OF COMBINA
`TION OF USER'S NAME
`AND PASSWORD)
`
`
`
`AUTHENTCATION
`SYSTEM RECEIVES
`INPUT OF USER'S NAME
`
`U2
`
`USER INPUTS
`USER'S NAME TO
`AUTHENTICATION
`SYSTEM
`
`U3
`
`AUTHENTCATION
`SYSTEM INQUIRES
`ATDATABASE
`
`U4
`
`CNG)
`
`U8
`AUTHENTICATION
`SYSTEM ALLOWS
`AUTHENTICATION
`
`AUTHENTICATION
`SYSTEM DOES NOT Ug
`ALLOW AUTHENTICATION
`
`Page 5 of 18
`
`

`

`U.S. Patent
`
`May 4, 2004
`
`Sheet 5 of 6
`
`US 6,731,731 B1
`
`FIG. 5
`
`PASSWORD CONTROL
`FLOW
`
`
`
`
`
`
`
`
`
`PASSWORD CONTROL PROGRAM
`MONITORS PASSWORD
`REGISTERED TODATABASE
`AND DELETES OR INVALIDATES V1
`THE PASSWORD
`NACCORDANCE WITH
`PREDETERMINED CONDITIONS
`
`
`
`Page 6 of 18
`
`

`

`U.S. Patent
`
`May 4, 2004
`
`Sheet 6 of 6
`
`US 6,731,731 B1
`
`FIG. 6
`
`
`
`5
`ATM
`INQUIRES AT
`DATABASE
`
`s
`ATM
`ALLOWS AUTHEN
`TICATION TO ENAELE
`OPERATION OF USER'S
`BANKACCOUNTASSO
`CIATED WITH THE
`PASSWORD (BALANCE
`NQUIRY, CREDITING,
`TRANSFERRING
`WITHORAWAL.
`
`FLow OF USING ATM
`BY CELLULAR PHONE
`
`USER
`USERREGUESTS
`GENERATION OF
`PASSWORD
`
`2
`USER
`USER RECEIVES PASS
`WORDUSING E-MAIL
`RECEIVING FUNCTION
`OF CELLULAR PHONE
`IF PASSWORDITSELFS
`TRANSMITTED AS
`BNARY CODE AND
`IF CELLULARPHONE
`IS PROVIDED WITH
`DECODING PROGRAM,
`SECURITY IS IMPROVED
`
`3
`ATM
`RECEIVES INPUT
`OF PASSWORD
`
`
`
`
`
`
`
`
`
`4.
`USER
`USER TRANSMITS PASS
`WORD TO ATM BY USING
`PASSWOR TRANSMS
`SION FUNCTION OF
`CELLULARPHONE
`TRANSMISSION IS PER
`FORMED BY WAY OF WA
`NON-CONTACT SYSTEM
`FOR PASSWORD
`TRANSMISSION FUNC
`TION OF CELLULAR
`PHONE, CELLULAR
`PHONE PREFERABLY
`HAS A PASSWORD
`WITH RESPECT TO
`TRANSMISSION
`
`Page 7 of 18
`
`

`

`1
`AUTHENTICATION METHOD,
`AUTHENTICATION SYSTEMAND
`RECORDING MEDIUM
`
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`Applicant claims priority under 35 USC 119 of Japanese
`application No. 216948/1999 filed Jul. 30, 1999. Applicant
`also claims priority under 35 USC 120 of PCT/JP00/04399
`filed Jul. 3, 2000. The international application under PCT
`article 21(2) was not published in English.
`TECHNICAL FIELD
`This invention relates to CTI (computer telephony
`integration) and, particularly, to user authentication utilizing
`a CTI technique.
`
`15
`
`BACKGROUND TECHNIOUE
`In the modern Society, a technique for authenticating a
`person who has preliminarily been registered as a regular
`user (hereinafter called as a registered user) is used in
`various situations in the Society. For example, Such an
`authentication technique is utilized in the Situations where a
`user makes access to information providing Service on a
`communications network System or where an electronic lock
`Set at an entrance of an office building is unlocked.
`AS the above-mentioned authentication technique, use has
`traditionally been made of a System in which each registered
`user is assigned with a fixed password. Upon authentication,
`a user of the System is required to input a password, which
`is then compared with the password which has already been
`registered. Only when the coincidence is detected between
`them, the user is allowed to use the System. Hereinafter, Such
`a technique that the authentication is carried out by the use
`of the fixed password as a general rule will hereinafter be
`called a fixed password System. In the fixed password
`System, the registered user can easily be authenticated.
`However, it is difficult to create, as a password, a character
`String which can easily be memorized only by the registered
`user and which can not be guessed by a third perSon other
`than the registered perSon. It is also difficult to make all the
`registered users conduct perfect management of the pass
`word. Under the circumstances, it is highly probable that the
`fixed password System is invaded if repeatedly attacked as a
`target of a hacker.
`In order to overcome the above-mentioned disadvantages
`of the fixed password System, a variety of techniques have
`been proposed.
`For example, Japanese Unexamined Patent Publication
`(JP-A) H10-336345 discloses an authentication system
`which is used when a user's information terminal is con
`nected to an information provider on the communications
`network System. In this authentication System, the registered
`user is authenticated by the use of a caller's telephone
`number peculiar to the users information terminal instead of
`the fixed password System. Therefore, it is possible to
`prevent the third person from making access to the infor
`mation provider by using any device other than the infor
`mation terminal which is registered.
`However, restrictions have been imposed on the above
`mentioned technique Such that a terminal for use in authen
`tication of the registered user should be the Same as a
`terminal for use in receiving the Service from the informa
`tion provider. In other words, because the telephone number
`used by the information terminal of the registered user is
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,731,731 B1
`
`2
`registered, even the registered user can not be authenticated
`if he/she uses another information terminal connected with
`an unregistered telephone number.
`The above-mentioned authentication System can be used
`in authentication of making access to the information pro
`vider on the communications network System. However, the
`System is not available to authentication of using an infor
`mation processing device which can not be accessed from
`the user's terminal. Specifically, no authentication can be
`executed by the above-mentioned System in case where the
`electronic lock of the building is unlocked or in case where
`a customer is authenticated at a cash dispenser in a bank.
`Moreover, since the telephone number used by the infor
`mation terminal is authenticated, it is not possible to Sepa
`rately authenticate individual users in case where a single
`information terminal is used by a plurality of users.
`Beside the above-mentioned technique disclosed in JP-A
`H10-336345, a so-called one-time password system is
`known as a technique to Solve the problem in the fixed
`password technique. In the fixed password System, the
`password is kept unchanged unless it is renewed by a System
`Side or the registered user. On the other hand, in the one-time
`password System, a new password is used every time when
`the authentication is performed. Therefore, even if the
`password is leaked to the third perSon, it is possible to
`minimize a damage. As a conventional technique utilizing
`the one-time password System, the following techniques are
`known.
`In the technique disclosed in JP-A H11-178022, use is
`made of a password generator which changes a generated
`password upon every authentication in Synchronism with an
`authentication Server. Upon requesting the authentication to
`the authentication Server, the registered user transmits to the
`authentication Server the password generated by the pass
`word generator together with an ID of the registered user
`himself/herself. AS the authentication Server is Synchronized
`with the password generator, it is possible to generate a
`password corresponding to the ID at the time instant when
`the authentication is requested. Thus, the authentication
`Server can authenticate the user by comparing the password
`received from the user and the password generated by the
`authentication Server itself.
`In the technique disclosed in JP-A H8-227397 or JP-A
`H11-161618, each individual registered user is assigned
`with a different coding rule. Each registered user is given a
`decoder which is operable in accordance with the coding
`rule assigned to him/her. When the ID is transmitted from
`the user, the authentication Server randomly generates a
`password, encodes the password in accordance with the
`coding rule assigned to the user of the ID, and thereafter
`Sends the encoded result to the user. Upon reception of the
`encoded result, the user decodes the password by the use of
`his/her decoder and sends the decoded result back to the
`authentication Server. The authentication Server authenti
`cates the uSerby comparing the password generated by itself
`and the data Sent back from the user.
`In the above-mentioned conventional techniques utilizing
`the one-time password System, it is necessary to prepare for
`every registered user private hardware or a set of private
`Software and hardware which can execute the Software. The
`private hardware or the private Software is often expensive.
`AS the hardware necessary to execute the private Software,
`a mobile information apparatus or a notebook type personal
`computer can be used. However, these apparatuses are not
`low in price and not available to everybody, although they
`are increasingly and widely spread. Therefore, the cost
`
`Page 8 of 18
`
`

`

`3
`problem arises also in this case. Moreover, the use of the
`private hardware urges the user to carry the apparatus which
`is required only for the authentication. This will spoil the
`convenience.
`The object of the present invention is to provide an
`authentication technique using a new one-time password
`system which solves the problems in the fixed password
`system and the technique disclosed in JP-AH11-336345 as
`well as the problems in the conventional one-time password
`system disclosed in JP-A H11-178022, JP-A H8-227397,
`and H11-161618. More particularly, the present invention
`has the following objects to be solved:
`Private hardware or software exclusively for authentica
`tion and liable to be expensive is not necessary.
`A terminal for authentication and a terminal used for
`reception of Service need not be the Same.
`Use is also possible in authentication at an information
`processing device, Such as an electronic lock for lock
`ing a building and an automatic cash dispenser, which
`can not be accessed from a user's terminal.
`Individual users can be separately authenticated even if
`the same terminal is used by a plurality of users.
`DISCLOSURE OF THE INVENTION
`In order to solve the above-mentioned problems, the
`present invention provides a user authentication method, a
`user authentication System, and a recording medium with a
`user authentication program recorded therein.
`(1) User Authentication Method
`A user authentication method provided by the present
`invention is a method of authenticating a preliminarily
`registered user by a device for providing Service (hereinafter
`referred to as a service provider) and is characterized by the
`Steps: (1) a telephone number of a telephone of the user is
`registered prior to the authentication, (2) the user calls a CTI
`(computer telephony integration) server by using the tele
`phone thus registered, (3) the CTI server authenticates the
`user with reference to the telephone number received, (4) the
`CTI Server or another information processing device oper
`able in cooperation with the CTI Server generates a
`password, (5) the password thus generated is transmitted to
`both the user and the Service provider, (6) the user inputs the
`password which he/she has received by a device (hereinafter
`referred to as a service access authentication device) for
`authenticating the access to the Service provider, (7) the
`Service acceSS authentication device compares the password
`received in the Step (5) and the password inputted in the Step
`(6) and, upon coincidence between both passwords, allows
`the user to access to the Service provider, and (8) the
`password which has been used for the authentication is
`invalidated. It is noted that the service provider mentioned
`herein is a device for directly providing Service to the user,
`for example, a WEB server, an electronic lock, an automatic
`financing device Such as an automatic cash dispenser, and
`the like. The Service access authentication device is a device
`for authenticating the user who desires to be given the
`Service, for example, an authentication Server and the like.
`In the above-mentioned user authentication method, the
`password may be invalidated, even if the user has not yet
`been authenticated by the use of the password, in case where
`a predetermined time period has lapsed after the password is
`generated. In this manner, the Safety of the authentication
`can be guaranteed even in case where the user for Some
`reasons has lost or forgotten the password and left the
`password untouched without being authenticated.
`It is especially preferable that the telephone whose tele
`phone number is registered in the Step (1) is a portable
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,731,731 B1
`
`4
`mobile communication terminal. Herein, the portable
`mobile communication terminal means a portable telephone
`Such as a so-called cellular phone or a PHS (personal handy
`phone System) terminal. In the present invention, the por
`table mobile communication terminal is used as a device
`which is analogous to the conventional password generator.
`Since the portable mobile communication terminal has
`already been wide spread, this invention is not only advan
`tageous in View of the cost but also has a merit that the user
`need not carry a password generator exclusively for the
`purpose of the authentication, as compared with the case
`where Such special password generator is used.
`The destination of the password to be transmitted to the
`user in the step (5) and a data format thereof may be
`determined by the user. In the present invention, a method of
`notifying the password to the user can be Selected from a
`plurality of methods and Such method may be determined
`depending on the type of notifying means Supported by the
`System or the convenience of the user. For example, the
`password may be transmitted by the following methods.
`The password is transmitted and informed as character
`data to a pager having a preliminarily registered tele
`phone number.
`The password is transmitted as image data to a facsimile
`apparatus having a preliminarily registered telephone
`number.
`The password is transmitted as a speech produced by a
`Speech Synthesizer to the telephone which is registered
`in the step (1). In this case, after the authentication is
`carried out with reference to the caller's phone number
`in the step (3), the line between the telephone and the
`CTI server is maintained to transmit the speech to the
`telephone.
`The telephone which is registered in the step (1) com
`prises image display means. The password transmitted
`to the user in the step (5) is transmitted as character data
`to the telephone which is registered in the Step (1).
`Because most of the recent telephones and the portable
`mobile communication terminals are provided with the
`image display means, the password can be visually and
`easily be confirmed.
`The password is transmitted as an electronic mail to a mail
`address Specified by the user. This is proposed taking
`into consideration the spread of the portable informa
`tion terminals and notebook type personal computers.
`In the electronic mail through the Internet, it is difficult
`to keep complete Secrecy of its content. In the present
`invention, however, the validity term of the password
`can be set as short as possible So that no Substantial
`problem arises even if the password is leaked. Thus, no
`Substantial influence is given to the Security of the
`System.
`The password is transmitted as binary data. In this case,
`the user is required to have a program corresponding to
`the binary data. However, any person who has obtained
`the binary data by Some method can not directly See the
`content of the data. Therefore, the security of the
`System can further be improved.
`The telephone registered in the Step (1) comprises radio
`communication means and the input of the password to
`the Service access authentication System in the Step (6)
`is carried out via the radio communication means. In
`this case, the user need not manually input the pass
`word and therefore the operation by the user will be
`more facilitated. Moreover, Since no manual input is
`carried out, the probability of occurrence of input errors
`is decreased.
`
`Page 9 of 18
`
`

`

`S
`(2) User Authentication System
`According to the present invention, there is provided a
`user authentication System which comprises one or a plu
`rality of information processing devices operable in coop
`eration through mutual data communication and a telephone
`assigned to each user, and which is wherein any one of the
`information processing devices includes line connection
`means to be connected to a telephone through a telephone
`line, caller's number identifying means for identifying a
`caller's telephone number of a call received at the line
`connection means, a first recording medium for Storing, as
`user information associated with each user, information
`relating to each user and including a telephone number of the
`telephone assigned to the user, telephone number Searching
`means for Searching, by referring to the first recording
`medium, the telephone numbers given to the telephones
`assigned to the respective users and contained in the user
`information to find whether or not the telephone number
`identified by the caller's number identifying means is
`present, password generating means for generating a
`password, a Second recording medium for Storing the pass
`word generated by the password generating means in asso
`ciation with the user information Stored in the first recording
`medium, password notifying means for notifying the pass
`word to an appropriate destination by referring to, as a
`destination, the telephone number Searched by the telephone
`number Searching means or the user information associated
`with the telephone number, password input means for
`receiving an input password inputted by the user, authenti
`cation means for comparing the password Stored in the
`Second recording medium and the input password Supplied
`through the password input means and authenticating the
`user upon coincidence between both passwords, and means
`for deleting from the Second recording medium or invali
`dating a particular password which satisfies a predetermined
`condition.
`In the above-mentioned user authentication System, it is
`especially preferable that the telephone assigned to each user
`is a portable mobile communication terminal.
`For example, following means may be used as the pass
`word notifying means. A plurality of kinds of the following
`notifying means may be included.
`Any one of the information processing devices further
`comprises Speech Synthesizing means for Synthesizing
`a speech corresponding to the password generated by
`the password generating means. The password notify
`ing means transmits the Speech Synthesized by the
`Speech Synthesizing means through the telephone line.
`Any one of the information processing devices further
`comprises facsimile image data generating means for
`generating facsimile image data corresponding to the
`password generated by the password generating means.
`The password notifying means transmits the facsimile
`image data generated by the facsimile image data
`generating means through the telephone line.
`Any one of the information processing devices further
`comprises pager data generating means for generating
`data for a pager to display the password generated by
`the password generating means. The password notify
`ing means transmits the data generated by the pager
`data generating means through the telephone line.
`Any one of the information processing devices further
`comprises electronic mail generating means for gener
`ating an electronic mail indicating the password gen
`erated by the password generating means and means for
`establishing connection to the Internet. The password
`notifying means transmits the electronic mail generated
`by the electronic mail generating means through the
`Internet.
`
`1O
`
`15
`
`25
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`US 6,731,731 B1
`
`6
`The condition for deleting or invalidating the password is,
`for example, the case where a predetermined time period has
`lapsed after the password is generated by the password
`generating means, the case where a preselected time period
`has lapsed after the latest authentication was carried out by
`the use of the password, or the case where the password has
`been used for authentication a predetermined number of
`times. As a general rule, the password can not be used again
`if it is used once for authentication after generation. In
`addition, the password may be deleted or invalidated under
`the conditions mentioned above by considering and com
`paring the convenience of the user and the Security of the
`System.
`The above-mentioned user authentication System is appli
`cable to all Systems for authenticating a perSon and, for
`example, is usable for authentication in the following cases.
`The authentication means authenticates the access to
`contents on the network.
`The authentication means is connected to a device for
`controlling an electronic lock and allows the electronic
`lock to be unlocked.
`The authentication means authenticates the user of an
`automatic financing device.
`(3) Recording Medium with a User Authentication Program
`Recorded Therein
`According to the present invention, there is provided a
`recording medium with a user authentication program
`recorded therein, the recording medium being a machine
`readable recording medium Storing the program to be
`executed by one or a plurality of information processing
`devices and operable in cooperation through mutual data
`communication, wherein the recording medium Stores the
`user authentication program for making the information
`processing device execute an operation of generating a first
`table Storing, as user information associated with each user,
`information relating to each user and including a telephone
`number of a telephone assigned to the user, a caller's number
`identifying operation of identifying a caller's telephone
`number of a call received through a telephone line, a
`telephone number Searching operation of Searching, by
`referring to the first table, the telephone numbers given to
`the telephones assigned to the respective users and contained
`in the user information to find the telephone number iden
`tified by the caller's number identifying operation, a pass
`Word generating operation of generating a password, an
`operation of generating a Second table Storing the password
`generated by the password generating operation in associa
`tion with the user information stored in the first table, a
`password notifying operation of notifying the password to
`an appropriate destination by referring to, as a destination,
`the telephone number found by the telephone number
`Searching operation or the user information associated with
`the telephone number, a password input operation of receiv
`ing an input password inputted by the user, an authenticating
`operation of comparing the password Stored in the Second
`table and the input password Supplied by the password input
`operation and authenticating the user upon coincidence
`between both passwords, and an operation of deleting from
`the Second table or invalidating a particular password which
`Satisfies a predetermined condition.
`For example, following operations may be used as the
`password notifying operation:
`The user authentication program further includes a speech
`Synthesizing operation of Synthesizing a speech corre
`sponding to the password generated by the password
`generating operation. The password notifying operation
`makes the information processing device execute an
`
`Page 10 of 18
`
`

`

`US 6,731,731 B1
`
`15
`
`25
`
`35
`
`7
`operation of transmitting the Speech Synthesized by the
`Speech Synthesizing operation through the telephone
`line.
`The user authentication program further includes a fac
`Simile image data generating operation of generating
`facsimile image data corresponding to the password
`generated by the password generating operation. The
`password notifying operation makes the information
`processing device execute an operation of transmitting
`the facsimile image data generated by the facsimile
`image data generating operation through the telephone
`line.
`The user authentication program further includes a pager
`data generating operation of generating data for a pager
`to display the password generated by the password
`generating operation. The password notifying operation
`makes the information processing device execute an
`operation of transmitting the data generated by the
`pager data generating operation through the telephone
`line.
`The user authentication program further includes an elec
`tronic mail generating operation of generating an elec
`tronic mail indicating the password generated by the
`password generating operation and an operation of
`establishing connection to the Internet. The password
`notifying operation makes the information processing
`device execute an operation of transmitting the elec
`tronic mail generated by the electronic mail generating
`operation through the Internet.
`The condition for deleting or invalidating the password is,
`for example, the case where a predetermined time period has
`lapsed after the password is generated by the password
`generating means, the case where a preselected time period
`has lapsed after the latest authentication was carried out by
`the use of the password, or the case where the password has
`been used for authentication a predetermined number of
`times. As a general rule, the password can not be used again
`if it is used once for authentication after generation. In
`addition, the password may be deleted or invalidated under
`40
`the conditions mentioned above by considering and com
`paring the convenience of the user and the Security of the
`System.
`The program recorded in the above-mentioned recording
`medium is applicable to all Systems for authenticating a
`perSon and, for example, is usable for authentication in the
`following cases.
`To make the information processing device execute an
`operation of authenticating the access to contents on the
`network.
`To make the information processing device execute an
`operation of allowing an electronic lock to be unlocked.
`To make the information processing device execute an
`operation of authenticating the user of an automatic
`financing device.
`
`45
`
`50
`
`55
`
`BRIEF DESCRIPTION OF THE DRAWING
`FIG. 1 is a view for describing a system structure of a user
`authentication System 1 according to a first embodiment of
`the present invention.
`FIG. 2 is a view for describing an operation in the user
`authentication System 1 after a user requests the generation
`of a password and until the user receives the password.
`FIG. 3 is a view for describing an operation in the user
`authentication System 1 after a user requests the generation
`of a password and until the user receives the password.
`
`60
`
`65
`
`8
`FIG. 4 is a view for describing the operation in the user
`authentication System 1 after the user receives the password
`and until the user is authenticated by an authentication
`system portion 60.
`FIG. 5 is a view for describing a password management
`flow of the user authentication System 1.
`FIG. 6 is a flow chart for describing an ATM user
`authenti