`Ueshima
`
`(54) AUTHENTICATION METHOD,
`AUTHENTICATION SYSTEMAND
`RECORDING MEDIUM
`
`(75) Inventor: Yasushi Ueshima, Tokyo (JP)
`(73) Assignee: Comsquare Co., Ltd., Tokyo (JP)
`
`(*) Notice:
`
`USOO6731731B1
`(10) Patent No.:
`US 6,731,731 B1
`(45) Date of Patent:
`May 4, 2004
`
`2002/0106065 A1 * 8/2002 Joyce et al. ........... 379/114.02
`
`FOREIGN PATENT DOCUMENTS
`
`EP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`JP
`
`686905
`O8-227397
`10-229459
`1O-336345
`10-341224
`11-12O397
`11-161618
`11-178022
`2OOO-10927
`
`12/1995
`9/1996
`8/1998
`12/1998
`12/1998
`4/1999
`6/1999
`7/1999
`1/2000
`
`* cited by examiner
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 567 days.
`(21) Appl. No.:
`09/806,350
`(22) PCT Filed:
`Jul. 3, 2000
`(86) PCT No.:
`PCT/JP00/04399
`S371 (c)(1),
`Primary Examiner Benny Tieu
`(2), (4) Date: Mar. 29, 2001
`(74) Attorney, Agent, or Firm-Collard & Roe, P.C.
`(87) PCT Pub. No.: WO01/09735
`(57)
`ABSTRACT
`PCT Pub. Date: Feb. 8, 2001
`When a Service provider authenticates a preliminarily reg
`istered user, a telephone number of a telephone of the user
`Foreign Application Priority Data
`(30)
`is registered prior to the authentication and the user calls a
`Jul. 30, 1999
`(JP) ........................................... 11-216948 E. telephony integration) server by the use of
`(51) Int. Cl. ........................... H04M 3700; G06F 12/14
`the telephone. The CTI server authenticates the user with
`(52) U.S. Cl. ........................................ 379/196; 713/201
`reference to the telephone number of the call received. A
`(58) Field of Search ................................. 379,189, 191,
`password is generated by an information processing device
`379/196, 197, 198, 114.02; 713/200, 201,
`Such as the CTI server and is transmitted to both the user and
`2O2
`the Service provider. The Service provider compares the
`received password and a password inputted by the user and
`provides the user with Service upon coincidence between
`both passwords.
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`2001/0000358 A1
`4/2001 Isomichi et al. ............ 713/201
`
`30 Claims, 6 Drawing Sheets
`
`/SAR
`I 11
`| l
`
`2
`
`22
`
`PAGER
`
`s
`N
`y
`141 y
`
`..
`
`PersonIAL COMPUter, etc. f
`M
`
`
`
`:
`i
`
`H
`
`R
`
`
`
`PCNE
`CELLUAR
`NTRK
`10
`
`PUBLIC
`NETWORK
`
`2
`
`PAGING ?
`NETWORK N
`30
`
`40
`
`CALLERS
`ATA
`MUMBER
`IDENTIFYING cowrr
`unit
`22.
`
`sERVER 50
`
`PUCNTWORK 20
`CONNECTION UNIT
`
`RGISTER
`TABLE
`3.
`
`ASSWOR
`TALE
`32
`
`PASSWOR
`GENERATION 4
`NIT
`
`AtAAS 30
`
`NETWORK
`LAN, WAN,
`NTERNET)
`
`50
`
`PASSWORD
`control 42
`UNIT
`
`. -> AUTHENTCATION
`
`SYSTEMUNT
`
`60
`
`EXPERIAN EXHIBIT 1006
`IPR2023-01406
`
`
`
`U.S. Patent
`U.S. Patent
`
`Sheet 1 of6
`May 4, 2004
`Sheet 1 of 6
`May 4, 2004
`FIG. 1
`FIG. 1
`
`US 6,731,731 B1
`US 6,731,731 B1
`
`- - - - - - - - -
`
`/‘CELLULAR
`/CELLULAR
`f PHONE
`; PHONE
`| 111
`
`-
`
`- - -as
`
`a r - - - - - - -
`
`-
`
`is
`
`is a s
`
`PAGER
`
`m
`
`PERSONAL COMPUTER, etc. f
`
`is
`
`a
`
`|
`PUBLIC
`PUBLC
`NETWORK
`NETWORK
`120
`120
`
`m
`
`)
`PAGING
`E.
`NETWORK
`NETWORK
`130
`130
`
`140
`
`
`
`CELLULAR
`CESAR
`NETWORK
`NETWORK
`110
`110
`
`
`
`CALLER'S
`NUMBER
`IDENTIFYING
`UNIT
`21
`
`DATA
`CONVERTER
`22
`
`SERVER 50
`
`II
`iI
`!
`:
`tI
`il
`
`il
`
`" PUBLIC NETWORK|20
`
`PUBLIC NETWORK 20
`CONNECTION UNIT
`CONNECTION UNIT
`UI
`
`!
`aT
`
`i
`
`REGISTER
`REGISTER
`TABLE
`TABLE
`31
`3.
`
`PASSWORD
`PASSWORD
`TABLE
`TABLE
`32
`32
`
`
`
`
`
`PASSWORD
`PASSWORD
`GENERATION 41
`GENERATION 4
`UNIT
`
`
`
`DATABASE 30
`1 DATABASE|30
`
`PASSWORD
`PASSWORD
`
`CONTROL
`|42
`i
`CONTROL 42
`UNIT
`"
`UNIT
`W
`
`\
`it
`s
`
`
`
`
`
`
`
`f i
`CALLER'S
`UNIT
`150
`
`NETWORK
`NETWORK
`(LAN, WAN,
`(LAN, WAN,
`INTERNET)
`1NTERNET)
`
`50
`
`= — AUTHENTICATION
`as -) AUTHENTCATION
`SYSTEM UNIT
`SYSTEM UNIT
`
`60
`60
`
`USER
`USER
`O
`10
`
`
`
`U.S. Patent
`
`May 4, 2004
`
`Sheet 2 of 6
`
`US 6,731,731 B1
`
`FIG. 2
`
`REPETITION OF TRIAL
`
`SEVERAL TIMES OF
`
`
`
`
`
`
`¥__
`
`sto
`
`RUPTS THE LINE AFTER
`MESSAGE AND INTER-
`CTI TRANSMITS ERROR
`
`
`
`
`W@
`
`CORD
`
`
`
`
`ID IS PROPER
`
`CIATION WITH CALLER'S
`USER'S NAME IN ASSO-
`BASE TO CHECK IF THE
`CTI INQUIRES AT DATA-
`
`Y
`
`NITION, FAX, etc.)
`
`
`
`
`
`
`
`
`DTMF, SPEECH RECOG-
`NAME (INPUT METHOD: |s3
`USER INPUTS USER'S
`
`
`
`
`
`
`
`s7
`
`OF USER'S NAME
`
`y
`
`CTI REQUESTS INPUT
`
`
`
`
`
`
`
`
`
`
`/€
`
`
`
`
`FOR GENERATION
`RATING PROGRAM
`PASSWORD GENE-
`
`
`
`
`
`
`CTI REQUESTS
`
`$11
`
`UNNECESSARY
`
`NECESSARY
`
`
`
`
`
`
`
`
`
`POCKET BELL
`
`SPEECH
`
`FAX
`
`etc.
`
`TO USER.
`
`PASSWORD IS NOTIFIED
`
`$14
`
` ¥
`
`
`
`
`
`TO DATABASE
`
`GENERATED PROGRAM
`
`PROGRAM GENERATES
`PASSWORD GENERATING
`$12
`
`Y.
`
`Y.
`
`
`
`
`
`
`
`
`
`
`EXAMPLES OF NOTIFICATION
`
`
`
`
`
`
`
`
`
`PROGRAM REGISTERS THE
`PASSWORD GENERATING
`$13
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`NAME IS NECESSARY.
`CTI JUDGES IF USER'S
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CALL RECEPTION
`
`CTI REJECTS
`
`OR
`
`ERROR MESSAGE
`TRANSMITTING
`THE LINE AFTER
`AND INTERRUPTS
`
`
`
`
`56
`
`RECEIVES THE CALL
`CTI AUTOMATICALLY
`
`$3
`
` Vv
`
`
`
`
`
`
`Y
`
`
`
`
`RECEIVES THE CALL
`CTI AUTOMATICALLY
`
`
`
`
`
`
`CK
`
`<<
`
`$4
`
`
`
`
`
`
`
`CTI CONFIRMS AT DATA-~
`
`ID CORRESPONDS TO
`BASE THAT CALLER'S
`
`PROPER USER
`
`
`
`
`
`
`
`CK
`
`
`
`
`MITTED FROM CARRIER
`
`CALLER'S ID TRANS-
`
`CTI IDENTIFIES
`
` Y
`
`
`
`$1
`
`PUBLIC NETWORK
`SYSTEM THROUGH
`USER CALLS CTI
`
`
`
`CTI CALL RECEPTION FLOW
`PASSWORD GENERATION
`
`
`
`
` v
`
`
`
`
`
`
`U.S. Patent
`U.S. Patent
`
`May 4, 2004
`May 4, 2004
`
`Sheet 3 of6
`Sheet 3 of 6
`
`US 6,731,731 B1
`US 6,731,731 B1
`
`FIG. 3
`FIG. 3
`
`GENERATION OF ESSE
`GENERATION OF PASSWORD
`CT CALL NON-RECEPTIONELOW
`CTI CALL NON-RECEPTION FLOW
`
`USER CALLS CTI SYSTEM
`USER CALLS CT SYSTEM
`THROUGH PUBLIC NET
`
`WQRSANDANGSET
`WORK AND HANGS UP|_.,
`AFTER SEVERAL TIMES
`OF GENERATION OF
`RINGING TONE
`RINGING TONE
`
`
`
`
`
`
`CTIIDENTIFIES
`CTIDENTIFIES
`CALLER'S ID
`CALLERS ID
`TRANSMITTED
`TRANSMITTED
`FROM CARRIER
`FROM CARRIER
`
`
`
`
`
`
`
`
`
`
`CTI CHECKS AT DATA-
`CT CHECKSAT DATA
`BASE IF CALLER'S ID
`BASE IF CALLERS ID
`CORRESPONDS TO
`CORRESPONDS TO
`PROPER USER
`PROPER USER
`
`
`
`
`
`
`
`
`TS
`
`Té
`
`
`
`
`
`
`
`
`
`
`
`CTI REQUESTS
`CT REQUESTS
`PASSWORD GENE-
`
`
`PASSWORD GENE
`RATING PROGRAM
`RAING PROGRAM
`
`
`FOR GENERATION
`FOR GENERATION
`
` PASSWORD GENERATING
`
`PASSWORD GENERATING
`PROGRAM GENERATES
`PROGRAM GENERATES
`
`A PASSWORD
`APASSWORD
`
`
`
`PASSWORD GENERATING
`PASSWORD GENERATING
`PROGRAM REGISTERS
`PROGRAMREGISTERS
`GENERATED PROGRAM
`GENERATED PROGRAM
`
`TO DATABASE
`TODATABASE
`
`
`PASSWORD IS NOTIFIED
`PASSWORD IS NOTIFIED
`TO USER
`TO USER
`
`
`EXAMPLESOF NOTIFICATION
`EXAMPLES OF NOTIFICATION
`SPEECH
`SPEECH
`POCKET BELL
`POCKET.BELL
`FAXA
`FAX
`E-MA
`etc.
`etc.
`
`
`
`
`
`
`
`T3
`
`
`
`NO OPERATION
`NO OPERATION
`
`T38
`T8.
`
`
`
`U.S. Patent
`U.S. Patent
`
`May 4, 2004
`May 4, 2004
`
`Sheet 4 of6
`Sheet 4 of 6
`
`US 6,731,731 B1
`US 6,731,731 B1
`
`FIG. 4
`FIG. 4
`
`FLOW OF USING
`FLOW OF USING
`AUTHENTICATION SYSTE
`AUTHENTICATIONSYSTE
`
`AUTHENTICATION
`AUTHENTCATION
`SYSTEM REQUIRES
`SYSTEM REQUIRES
`USER'S NAME?
`USER'S NAME?
`
`U1
`
`U2
`
`U3
`
`U4
`
`NECESSARY
`NECESSARY
`O
`Cc
`
` AUTHENTICATION
`AUTHENTCATION
`
`SYSTEM RECEIVES
`SYSTEM RECEIVES
`INPUT OF USER'S NAME
`INPUT OF USER'S NAME
`
`
`
`AUTHENTICATION
`AUTHENTCATION
`SYSTEM RECEIVES
`SYSTEM RECEIVES
`
`INPUT OF PASSWORD
`INPUT OF PASSWORD
`
`USER INPUTS©
`USER INPUTS
`USER'S NAM
`USER'S NAME TO
`
`AUTHENTICATION
`AUTHENTICATION
`SYSTEM
`USER INPUTS
`SYSTEM
`
`USER INPUTS
`PASSWORDT'
`AUTHENTICATION
`PASSWORD TO
`
`AUTHENTICATION
`SYSTEM
`
`
`
`AUTHENTICATION
`AUTHENTCATION
`SYSTEM INQUIRES
`SYSTEM INQUIRES
`
`
`
`AUTHENTICATION
`AT DATABASE
`AUTHENTICATION
`ATDATABASE
`
`SYSTEM INQUIRES
`SYSTEM INQUIRES
`
`AT DATABASE
`ATDATABASE
`(IF USER'S NAME IS
`(IF USER'S NAME IS
`PRESENT, INQUIRES BY
`PRESENT, INQUIRES BY
`
`THE USE OF COMBINA-
`THE USE OF COMBINA
`
`TION OF USER'S NAME
`TION OF USER'S NAME
`AND PASSWORD)
`AND PASSWORD)
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`CNG)
`
`COK
`
`Us
`U8
`AUTHENTICATION
`AUTHENTICATION
`SYSTEM ALLOWS
`SYSTEM ALLOWS
`AUTHENTICATION
`AUTHENTICATION
`
`AUTHENTICATION
`AU
`NTICATION
`SYSTEM DOES NOT Ug
`SYSTEM DOES NOT
`|us
`ALLOW AUTHENTICATION
`ALLOW AUTHENTICATION
`
`
`
`U.S. Patent
`U.S. Patent
`
`May 4, 2004
`May 4, 2004
`
`Sheet 5 of6
`Sheet 5 of 6
`
`US 6,731,731 B1
`US 6,731,731 B1
`
`FIG. 5
`FIG. 5
`
`PASSWORD CONTROL
`PASSWORD CONTROL
`FLOW
`FLOW
`
`
`
`
`
`
`
`PASSWORD CONTROL PROGRAM
`PASSWORD CONTROL PROGRAM
`
`
`MONITORS PASSWORD
`MONITORS PASSWORD
`REGISTERED TODATABASE
`REGISTERED TO DATABASE
`
`AND DELETES OR INVALIDATES V1
`AND DELETES OR INVALIDATES|;V1
`THE PASSWORD
`
`THE PASSWORD
`
`NACCORDANCE WITH
`INACCORDANCE WITH
`PREDETERMINED CONDITIONS
`PREDETERMINED CONDITIONS
`
`
`
`
`
`
`
`
`
`
`
`U.S. Patent
`U.S. Patent
`
`May 4, 2004
`May4, 2004
`
`Sheet 6 of 6
`Sheet 6 of 6
`
`US 6,731,731 B1
`US 6,731,731 B1
`
`FIG. 6
`FIG. 6
`
`
`
`5
`5
`AT
`ATM
`INQUIRES AT
`INQUIRES AT
`DATABASE
`DATABASE
`
`
`
`ASATM
`s
`ATM
`ALLOWS _AUTHEN-
`ALLOWS AUTHEN
`TICATION TO ENABLE
`TICATION TO ENAELE
`OPERATION OF USER'S
`OPERATION OF USER'S
`BANK ACCOUNT ASSO-
`BANKACCOUNTASSO
`ATED WITH T!
`PASSWORD (BALANCE
`CIATED WITH THE
`PASSWORD (BALANCE
`NQUIRY, CREDITING,
`INQUIRY,CRECREDITING,
`TRANSFERRING
`WITHDRAWALS
`WITHORAWAL.
`
`FLow OF USING ATM
`FLOW OF USING ATM
`BY CELLULAR PHONE
`BY CELLULAR PHONE
`
`
`
`1
`USER
`USER
`USER REQUESTS
`USERREGUESTS
`GENERATION OF
`GENERATION OF
`PASSWORD
`PASSWORD
`
`SECURITY IS IMPROVED
`
`2
`2
`USER
`USER
`USER RECEIVES PASS -
`USER RECEIVES PASS
`WORDUSING E-MAIL
`WORDUSING E-MAIL
`RECEIVING FUNCTION
`RECEIVING FUNCTION
`OF CELLULAR PHONE
`OF CELLULAR PHONE
`IF PASSWORDITSELFIS
`IF PASSWORDITSELFS
`TRANSMITTED AS
`TRANSMITTED AS
`BINARY CODE AND
`BNARY CODE AND
`IF CELLULAR PHONE
`IF CELLULARPHONE
`IS PROVIDED WITH
`IS PROVIDED WITH
`DECODING PROGRAM, °
`DECODING PROGRAM,
`SECURITY IS IMPROVED
`
`
`
`
`3
`ATM
`ATM
`
`
`RECEIVES INPUT
`RECEIVES INPUT
`OF PASSWORD
`OF PASSWORD
`
`
`
`
`
`wa
`
`4.
`USER
`USER
`USER TRANSMITS PASS-
`USER TRANSMITS PASS
`WORDTO ATM BY USING
`WORD TO ATM BY USING
`PASSWORD TRANSMIS-
`PASSWOR TRANSMS
`SION FUNCTION OF
`CELLULAR PHONE
`CELLULARPHONE
`TRANSMISSIONIS PER-
`TRANSMISSION IS PER
`Wa
`FORMED BY WAYOF
`FORMED BY WAY OF WA
`NON-CONTACT SYSTEM
`NON-CONTACT SYSTEM
`FOR PASSWORD
`FOR PASSWORD
`TRANSMISSION FUNC-
`TRANSMISSION FUNC
`TION OF CELLULAR
`TION OF CELLULAR
`PHONE, CELLULAR
`PHONE, CELLULAR
`PHONE PREFERABLY
`PHONE PREFERABLY
`SAWITH RESPECT TO
`HAS A PASSWORD
`WITH RESPECT TO
`TRANSMISSION
`TRANSMISSION
`
`
`
`1
`1
`AUTHENTICATION METHOD,
`AUTHENTICATION METHOD,
`AUTHENTICATION SYSTEM AND
`AUTHENTICATION SYSTEMAND
`RECORDING MEDIUM
`RECORDING MEDIUM
`CROSS REFERENCE TO RELATED
`CROSS REFERENCE TO RELATED
`APPLICATIONS
`APPLICATIONS
`Applicant claims priority under 35 USC 119 of Japanese
`Applicant claims priority under 35 USC 119 of Japanese
`application No. 216948/1999 filed Jul. 30, 1999. Applicant
`application No. 216948/1999 filed Jul. 30, 1999. Applicant
`also claims priority under 35 USC 120 of PCT/JP00/04399
`also claimspriority under 35 USC 120 of PCT/JP00/04399
`filed Jul. 3, 2000. The international application under PCT
`filed Jul. 3, 2000. The international application under PCT
`article 21(2) was not published in English.
`article 21(2) was not published in English.
`TECHNICAL FIELD
`TECHNICAL FIELD
`This invention relates to CTI (computer telephony
`This invention relates to CTI
`(computer telephony
`integration) and, particularly, to user authentication utilizing
`integration) and,particularly, to user authentication utilizing
`a CTI technique.
`a CTItechnique.
`BACKGROUND TECHNIQUE
`BACKGROUND TECHNIOUE
`In the modern Society, a technique for authenticating a
`In the modern society, a technique for authenticating a
`person who has preliminarily been registered as a regular
`person who has preliminarily been registered as a regular
`user (hereinafter called as a registered user) is used in
`user (hereinafter called as a registered user) is used in
`various situations in the Society. For example, Such an
`various situations in the society. For example, such an
`authentication technique is utilized in the Situations where a
`authentication techniqueis utilized in the situations where a
`user makes access to information providing Service on a
`user makes access to information providing service on a
`communications network System or where an electronic lock
`communications network system or where an electronic lock
`Set at an entrance of an office building is unlocked.
`set at an entrance of an office building is unlocked.
`AS the above-mentioned authentication technique, use has
`As the above-mentioned authentication technique, use has
`traditionally been made of a System in which each registered
`traditionally been made of a system in which eachregistered
`user is assigned with a fixed password. Upon authentication,
`useris assigned with a fixed password. Uponauthentication,
`a user of the System is required to input a password, which
`a user of the system is required to input a password, which
`is then compared with the password which has already been
`is then compared with the password which hasalready been
`registered. Only when the coincidence is detected between
`registered. Only when the coincidence is detected between
`them, the user is allowed to use the System. Hereinafter, Such
`them,the useris allowed to use the system. Hereinafter, such
`a technique that the authentication is carried out by the use
`a technique that the authentication is carried out by the use
`of the fixed password as a general rule will hereinafter be
`of the fixed password as a general rule will hereinafter be
`called a fixed password System. In the fixed password
`called a fixed password system.
`In the fixed password
`System, the registered user can easily be authenticated.
`system,
`the registered user can easily be authenticated.
`However, it is difficult to create, as a password, a character
`However, it is difficult to create, as a password, a character
`String which can easily be memorized only by the registered
`string which can easily be memorized only by the registered
`user and which can not be guessed by a third perSon other
`user and which can not be guessed by a third person other
`than the registered perSon. It is also difficult to make all the
`than the registered person. It is also difficult to make all the
`registered users conduct perfect management of the pass
`registered users conduct perfect management of the pass-
`word. Under the circumstances, it is highly probable that the
`word. Underthe circumstances,it is highly probable that the
`fixed password System is invaded if repeatedly attacked as a
`fixed password system is invaded if repeatedly attacked as a
`target of a hacker.
`target of a hacker.
`In order to overcome the above-mentioned disadvantages
`In order to overcome the above-mentioned disadvantages
`of the fixed password System, a variety of techniques have
`of the fixed password system, a variety of techniques have
`been proposed.
`been proposed.
`For example, Japanese Unexamined Patent Publication
`For example, Japanese Unexamined Patent Publication
`(JP-A) H10-336345 discloses an authentication system
`(JP-A) H10-336345 discloses an authentication system
`which is used when a user’s information terminal is con-
`which is used when a user's information terminal is con
`nected to an information provider on the communications
`nected to an information provider on the communications
`network System. In this authentication System, the registered
`network system. In this authentication system,the registered
`user is authenticated by the use of a caller's telephone
`user is authenticated by the use of a caller’s telephone
`number peculiar to the users information terminal instead of
`numberpeculiarto the user’s information terminal instead of
`the fixed password System. Therefore, it is possible to
`the fixed password system. Therefore,
`it
`is possible to
`prevent the third person from making access to the infor
`prevent the third person from making access to the infor-
`mation provider by using any device other than the infor
`mation provider by using any device other than the infor-
`mation terminal which is registered.
`mation terminal which is registered.
`However, restrictions have been imposed on the above
`However, restrictions have been imposed on the above-
`mentioned technique Such that a terminal for use in authen
`mentioned technique such that a terminal for use in authen-
`tication of the registered user should be the Same as a
`tication of the registered user should be the same as a
`terminal for use in receiving the Service from the informa
`terminal for use in receiving the service from the informa-
`tion provider. In other words, because the telephone number
`tion provider. In other words, because the telephone number
`used by the information terminal of the registered user is
`used by the information terminal of the registered user is
`
`35
`
`40
`
`45
`45
`
`50
`50
`
`55
`55
`
`60
`60
`
`65
`65
`
`US 6,731,731 B1
`US 6,731,731 B1
`
`10
`
`15
`15
`
`20
`
`25
`25
`
`2
`2
`registered, even the registered user can not be authenticated
`registered, even the registered user can not be authenticated
`if he/she uses another information terminal connected with
`if he/she uses another information terminal connected with
`an unregistered telephone number.
`an unregistered telephone number.
`The above-mentioned authentication System can be used
`The above-mentioned authentication system can be used
`in authentication of making access to the information pro
`in authentication of making access to the information pro-
`vider on the communications network System. However, the
`vider on the communications network system. However, the
`System is not available to authentication of using an infor
`system is not available to authentication of using an infor-
`mation processing device which can not be accessed from
`mation processing device which can not be accessed from
`the user's terminal. Specifically, no authentication can be
`the user’s terminal. Specifically, no authentication can be
`executed by the above-mentioned System in case where the
`executed by the above-mentioned system in case where the
`electronic lock of the building is unlocked or in case where
`electronic lock of the building is unlocked or in case where
`a customer is authenticated at a cash dispenser in a bank.
`a customeris authenticated at a cash dispenser in a bank.
`Moreover, since the telephone number used by the infor
`Moreover, since the telephone number used bythe infor-
`mation terminal is authenticated, it is not possible to Sepa
`mation terminal is authenticated, it is not possible to sepa-
`rately authenticate individual users in case where a single
`rately authenticate individual users in case where a single
`information terminal is used by a plurality of users.
`information terminal is used by a plurality of users.
`Beside the above-mentioned technique disclosed in JP-A
`Beside the above-mentioned technique disclosed in JP-A
`H10-336345, a so-called one-time password system is
`H10-336345, a so-called one-time password system is
`known as a technique to Solve the problem in the fixed
`known as a technique to solve the problem in the fixed
`password technique. In the fixed password System, the
`password technique.
`In the fixed password system,
`the
`password is kept unchanged unless it is renewed by a System
`passwordis kept unchanged unless it is renewed by a system
`Side or the registered user. On the other hand, in the one-time
`side or the registered user. On the other hand,in the one-time
`password System, a new password is used every time when
`password system, a new password is used every time when
`the authentication is performed. Therefore, even if the
`the authentication is performed. Therefore, even if the
`password is leaked to the third perSon, it is possible to
`password is leaked to the third person,
`it
`is possible to
`minimize a damage. As a conventional technique utilizing
`minimize a damage. As a conventional technique utilizing
`the one-time password System, the following techniques are
`the one-time password system, the following techniques are
`known.
`known.
`In the technique disclosed in JP-A H11-178022, use is
`In the technique disclosed in JP-A H11-178022, use is
`made of a password generator which changes a generated
`made of a password generator which changes a generated
`password upon every authentication in Synchronism with an
`password uponevery authentication in synchronism with an
`authentication Server. Upon requesting the authentication to
`authentication server. Upon requesting the authentication to
`the authentication Server, the registered user transmits to the
`the authentication server, the registered user transmits to the
`authentication Server the password generated by the pass
`authentication server the password generated by the pass-
`word generator together with an ID of the registered user
`word generator together with an ID of the registered user
`himself/herself. AS the authentication Server is Synchronized
`himself/herself. As the authentication server is synchronized
`with the password generator, it is possible to generate a
`with the password generator, it is possible to generate a
`password corresponding to the ID at the time instant when
`password corresponding to the ID at the time instant when
`the authentication is requested. Thus, the authentication
`the authentication is requested. Thus,
`the authentication
`Server can authenticate the user by comparing the password
`server can authenticate the user by comparing the password
`received from the user and the password generated by the
`received from the user and the password generated by the
`authentication server itself.
`authentication Server itself.
`In the technique disclosed in JP-A H8-227397 or JP-A
`In the technique disclosed in JP-A H8-227397 or JP-A
`H11-161618, each individual registered user is assigned
`H11-161618, each individual registered user is assigned
`with a different coding rule. Each registered user is given a
`with a different coding rule. Each registered user is given a
`decoder which is operable in accordance with the coding
`decoder which is operable in accordance with the coding
`rule assigned to him/her. When the ID is transmitted from
`rule assigned to him/her. When the ID is transmitted from
`the user, the authentication Server randomly generates a
`the user,
`the authentication server randomly generates a
`password, encodes the password in accordance with the
`password, encodes the password in accordance with the
`coding rule assigned to the user of the ID, and thereafter
`coding rule assigned to the user of the ID, and thereafter
`Sends the encoded result to the user. Upon reception of the
`sends the encoded result to the user. Upon reception of the
`encoded result, the user decodes the password by the use of
`encoded result, the user decodes the passwordby the use of
`his/her decoder and sends the decoded result back to the
`his/her decoder and sends the decoded result back to the
`authentication server. The authentication server authenti-
`authentication Server. The authentication Server authenti
`cates the uSerby comparing the password generated by itself
`cates the user by comparing the password generatedbyitself
`and the data sent back from the user.
`and the data Sent back from the user.
`In the above-mentioned conventional techniques utilizing
`In the above-mentioned conventional techniquesutilizing
`the one-time password System, it is necessary to prepare for
`the one-time password system, it is necessary to prepare for
`every registered user private hardware or a set of private
`every registered user private hardware or a set of private
`software and hardware which can execute the software. The
`Software and hardware which can execute the Software. The
`private hardware or the private Software is often expensive.
`private hardware or the private software is often expensive.
`AS the hardware necessary to execute the private Software,
`As the hardware necessary to execute the private software,
`a mobile information apparatus or a notebook type personal
`a mobile information apparatus or a notebook type personal
`computer can be used. However, these apparatuses are not
`computer can be used. However, these apparatuses are not
`low in price and not available to everybody, although they
`low in price and not available to everybody, although they
`are increasingly and widely spread. Therefore, the cost
`are increasingly and widely spread. Therefore,
`the cost
`
`
`
`3
`3
`problem arises also in this case. Moreover, the use of the
`problem arises also in this case. Moreover, the use of the
`private hardware urges the user to carry the apparatus which
`private hardware urgesthe userto carry the apparatus which
`is required only for the authentication. This will spoil the
`is required only for the authentication. This will spoil the
`convenience.
`convenience.
`The object of the present invention is to provide an
`The object of the present
`invention is to provide an
`authentication technique using a new one-time password
`authentication technique using a new one-time password
`system which solves the problems in the fixed password
`system which solves the problems in the fixed password
`system and the technique disclosed in JP-AH11-336345 as
`system and the technique disclosed in JP-A H11-336345 as
`well as the problems in the conventional one-time password
`well as the problems in the conventional one-time password
`system disclosed in JP-A H11-178022, JP-A H8-227397,
`system disclosed in JP-A H11-178022, JP-A H8-227397,
`and H11-161618. More particularly, the present invention
`and H11-161618. More particularly, the present invention
`has the following objects to be solved:
`has the following objects to be solved:
`Private hardware or software exclusively for authentica
`Private hardware or software exclusively for authentica-
`tion and liable to be expensive is not necessary.
`tion and liable to be expensive is not necessary.
`A terminal for authentication and a terminal used for
`A terminal for authentication and a terminal used for
`reception of Service need not be the Same.
`reception of service need not be the same.
`Use is also possible in authentication at an information
`Use is also possible in authentication at an information
`processing device, Such as an electronic lock for lock
`processing device, such as an electronic lock for lock-
`ing a building and an automatic cash dispenser, which
`ing a building and an automatic cash dispenser, which
`can not be accessed from a user’s terminal.
`can not be accessed from a user's terminal.
`Individual users can be separately authenticated even if
`Individual users can be separately authenticated even if
`the same terminal is used by a plurality of users.
`the same terminal is used by a plurality of users.
`DISCLOSURE OF THE INVENTION
`DISCLOSURE OF THE INVENTION
`In order to solve the above-mentioned problems, the
`In order to solve the above-mentioned problems,
`the
`present invention provides a user authentication method, a
`present invention provides a user authentication method, a
`user authentication System, and a recording medium with a
`user authentication system, and a recording medium with a
`user authentication program recorded therein.
`user authentication program recorded therein.
`(1) User Authentication Method
`(1) User Authentication Method
`A user authentication method provided by the present
`A user authentication method provided by the present
`invention is a method of authenticating a preliminarily
`invention is a method of authenticating a preliminarily
`registered user by a device for providing Service (hereinafter
`registered user by a device for providing service (hereinafter
`referred to as a service provider) and is characterized by the
`referred to as a service provider) and is characterized by the
`Steps: (1) a telephone number of a telephone of the user is
`steps: (1) a telephone numberofa telephone of the useris
`registered prior to the authentication, (2) the user calls a CTI
`registered priorto the authentication,(2) the user calls a CTI
`(computer telephony integration) server by using the tele
`(computer telephony integration) server by using the tele-
`phone thus registered, (3) the CTI server authenticates the
`phone thus registered, (3) the CTI server authenticates the
`user with reference to the telephone number received, (4) the
`user with reference to the telephone numberreceived,(4) the
`CTI Server or another information processing device oper
`CTI server or another information processing device oper-
`able in cooperation with the CTI Server generates a
`able in cooperation with the CTI server generates a
`password, (5) the password thus generated is transmitted to
`password,(5) the password thus generated is transmitted to
`both the user and the Service provider, (6) the user inputs the
`both the user and the service provider, (6) the user inputs the
`password which he/she has received by a device (hereinafter
`password which he/she has received by a device (hereinafter
`referred to as a service access authentication device) for
`referred to as a service access authentication device) for
`authenticating the access to the Service provider, (7) the
`authenticating the access to the service provider, (7) the
`Service acceSS authentication device compares the password
`service access authentication device compares the password
`received in the Step (5) and the password inputted in the Step
`received in the step (5) and the password inputtedin the step
`(6) and, upon coincidence between both passwords, allows
`(6) and, upon coincidence between both passwords, allows
`the user to access to the Service provider, and (8) the
`the user to access to the service provider, and (8)
`the
`password which has been used for the authentication is
`password which has been used for the authentication is
`invalidated. It is noted that the service provider mentioned
`invalidated. It is noted that the service provider mentioned
`herein is a device for directly providing Service to the user,
`herein is a device for directly providing service to the user,
`for example, a WEB server, an electronic lock, an automatic
`for example, a WEBserver, an electronic lock, an automatic
`financing device Such as an automatic cash dispenser, and
`financing device such as an automatic cash dispenser, and
`the like. The service access authentication device is a device
`the like. The Service access authentication device is a device
`for authenticating the user who desires to be given the
`for authenticating the user who desires to be given the
`Service, for example, an authentication Server and the like.
`service, for example, an authentication server and the like.
`In the above-mentioned user authentication method, the
`In the above-mentioned user authentication method, the
`password may be invalidated, even if the user has not yet
`password may be invalidated, even if the user has not yet
`been authenticated by the use of the password, in case where
`been authenticated by the use of the password, in case where
`a predetermined time period has lapsed after the password is
`a predetermined timeperiod has lapsed after the password is
`generated. In this manner, the Safety of the authentication
`generated. In this manner, the safety of the authentication
`can be guaranteed even in case where the user for Some
`can be guaranteed even in case where the user for some
`reasons has lost or forgotten the password and left the
`reasons has lost or forgotten the password andleft the
`password untouched without being authenticated.
`password untouched without being authenticated.
`It is especially preferable that the telephone whose tele
`It is especially preferable that the telephone whosetele-
`phone number is registered in the Step (1) is a portable
`phone numberis registered in the step (1) is a portable
`
`10
`
`15
`15
`
`25
`25
`
`30
`
`35
`35
`
`40
`40
`
`45
`45
`
`50
`50
`
`55
`55
`
`60
`60
`
`65
`65
`
`US 6,731,731 B1
`US 6,731,731 B1
`
`4
`4
`mobile communication terminal. Herein, the portable
`mobile communication terminal. Herein,
`the portable
`mobile communication terminal means a portable telephone
`mobile communication terminal meansa portable telephone
`Such as a so-called cellular phone or a PHS (personal handy
`such as a so-called cellular phone or a PHS (personal handy
`phone System) terminal. In the present invention, the por
`phone system) terminal. In the present invention, the por-
`table mobile communication terminal is used as a device
`table mobile communication terminal is used as a device
`which is analogous to the conventional password generator.
`which is analogous to the conventional password generator.
`Since the portable mobile communication terminal has
`Since the portable mobile communication terminal has
`already been wide spread, this inventio