US20100077223A1 - Authentication device, authentication system, authentication method, program and recording medium - Google Patents
Authentication device, authentication system, authentication method, program and recording medium Download PDFInfo
- Publication number
- US20100077223A1 US20100077223A1 US12/543,784 US54378409A US2010077223A1 US 20100077223 A1 US20100077223 A1 US 20100077223A1 US 54378409 A US54378409 A US 54378409A US 2010077223 A1 US2010077223 A1 US 2010077223A1
- Authority
- US
- United States
- Prior art keywords
- valid
- inputter
- confirmation information
- input
- input password
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Definitions
- the present invention relates to an authentication device, an authentication system, an authentication method, a program and a recording medium.
- the present invention relates to an authentication device, an authentication system, an authentication method, a program and a recording medium enabling validity of the authentication device to be determined.
- the object of the present invention is to provide an authentication device, an authentication system, an authentication method, a program and a recording medium capable of solving the above problem.
- the object is achieved by combinations of the characteristics described in the independent Claims in the Claims. More advantageous examples of the present invention are Claimed in the dependent Claims.
- an authentication device for authenticating an inputter based on the input password accepted from the inputter, the authentication method comprising: a first input part for allowing the first part of the input password to be inputted, a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid, the second input part for allowing a second part following the first part of the input password to be inputted, and a determination part for determining that the inputter is valid when the first part and the second part are valid; an authentication system; and an authentication method, a program and a recording medium recording the program for implementing the authentication device.
- FIG. 1 is a functional block diagram of an authentication device 10 .
- the authentication device 10 is intended to authenticate an inputter based on the input password accepted from the inputter.
- the authentication device 10 is also intended to enable the valid inputter to confirm that the authentication device 10 is valid by outputting confirmation information indicating that the authentication device 10 is valid at the stage where the valid inputter has partially inputted his input password. This enables the inputter to prevent his whole input password from being stolen by a false authentication device 10 .
- an invalid inputter cannot steal the confirmation information until he has partially inputted a valid input password. Thus, it is also difficult for him to create a false authentication device 10 to output the valid confirmation information.
- the authentication device 10 is, for example, a mobile communication terminal such as PDA, and authenticates an inputter based on the input password accepted from the inputter.
- the authentication device 10 permits access to information stored in the inside thereof and use of an I/O device, etc. installed therein when it determines that the inputter is valid.
- the authentication device 10 comprises an input device 100 , a first input part 110 , an authentication information storing part 115 , a confirmation information output part 120 , a second input part 130 , a determination part 140 and an output device 150 .
- the input device 100 is, for example, a touch panel and displays multiple characters for an inputter for him to select some of the characters.
- the input device 100 accepts the characters selected by the inputter as a login ID, an example of inputter identifying information for identifying the inputter, and sends them to the authentication information storing part 115 .
- the input device 100 also accepts the characters selected by the inputter as the characters composing his input password, and sends them to the first input part 110 and the confirmation information output part 120 .
- the input device 100 may be a keyboard, a microphone or a pointing device instead of a touch panel.
- the input password may be composed of alphabets, kana and kanji characters, symbols, numerals or any combination of these. The input password may be inputted by selecting pictures displayed on the screen.
- the first input part 110 allows the inputter to input a first part of the input password by means of the input device 100 , and sends the first part to the confirmation information output part 120 and the determination part 140 .
- the authentication information storing part 115 stores an input password, confirmation information, and invalidity information to be outputted when the first part is not valid, for each of the multiple inputters to be authenticated.
- the authentication information storing part 115 sends information associated with the login ID received from the input device 100 , to the confirmation information output part 120 and the determination part 140 . If the first part is valid, the confirmation information output part 120 selects confirmation information associated with the inputter to be authenticated from the authentication information storing part 115 , and outputs it to the output device 150 .
- the confirmation information output part 120 outputs, for example, characters as the confirmation information.
- the confirmation information output part 120 may output screen color, an image to be displayed on the screen, a musical scale, etc. as the confirmation information.
- the authentication device 10 notifies confirmation information to valid inputters in advance. Confirmation information may be set in advance for the authentication device 10 by valid inputters instead.
- the second input part 130 allows the inputter to input the second part of the input password by means of the input device 100 , and sends the second part to the determination part 140 .
- the determination part 140 determines that the first and the second parts are valid when the input password obtained from the authentication information storing part 115 corresponds to the received first and the second parts.
- the determination part 140 sends a validity notification to the output device 150 that indicates validity of the inputter. In this case, the determination part 140 may perform a login process of inputter.
- the output device 150 outputs to the inputter the confirmation info nation received from the confirmation information output part 120 and the validity notification received from the determination part 140 .
- the output device 150 may display an input field for an input password to be inputted in advance.
- FIG. 2 shows an example of information stored in an authentication information storing part 115 .
- the authentication information storing part 115 stores inputter identifying information for identifying the inputter, an input password correspondent to the inputter, confirmation information to be outputted to the inputter, and invalidity information to be outputted in association with an invalid first part.
- the authentication information storing part 115 stores “B . . . CD” as the input password of an inputter whose inputter identifying information (for example, login ID) is “ID 1 ”. Specifically, the authentication information storing part 115 stores “B”, a first part 50 - 1 , as the first character of the input password, “C”, a first part 50 -N, as the Nth character, and “D”, a second part 60 , as the N+1th character. In other words, the determination part 140 determines the inputter to be valid when the input password inputted by the inputter corresponds to the first parts 50 - 1 to 50 -N and the second part 60 .
- the authentication information storing part 115 also stores “E . . . G” as confirmation information to be outputted to the inputter whose inputter identifying information is “ID 1 ”. Specifically, the authentication information storing part 115 stores each of confirmation informations 80 - 1 to 80 -N to be outputted when the first part is valid, in association with each of the first parts 50 - 1 to 50 -N.
- the confirmation information output part 120 outputs “E”, the confirmation information 80 - 1 , associated with the first part 50 - 1 when “B”, the valid first part 50 - 1 , is inputted. If “C”, the valid first part 50 -N, is inputted and all the first parts 50 - 1 to 50 -N- 1 , which have been accepted earlier than the first part 50 -N, are valid, then the confirmation information output part 120 outputs “G”, the confirmation information 80 -N associated with the first part 50 -N. In other words, when one first part is inputted, the confirmation information output part 120 outputs confirmation information associated with the one first part if the one first part is valid and all the first parts accepted earlier than the one first part are also valid.
- the authentication information storing part 115 stores invalidity information associated with the content of the first parts, in association with the inputter whose inputter identifying information is “ID 1 ”. For example, the authentication information storing part 115 stores “X” as the content of the invalid first part 50 - 1 and “Z” as invalidity information 70 - 1 associated with “X”.
- the confirmation information output part 120 determines that the first part 50 - 1 is not valid because “X” does not correspond to “B”, the valid first part 50 - 1 of the input password. Then, the confirmation information output part 120 outputs “Z”, the invalidity information associated with both of “ID 1 ” indicating the inputter to be authenticated and “X”, the content of the first part 50 - 1 . Since invalidity information is inputted according to inputters, an inputter trying invalid access cannot distinguish between confirmation information and invalid information easily, even if he changes the inputter identifying information variously.
- the authentication information storing part 115 stores all the possible combinations to be inputted by an inputter as the content of the invalid first part 50 .
- invalid information is stored for all the combinations from “A . . . A” to “Z . . . Z”.
- the confirmation information output part 120 selects the content identical to the one first part and the first parts accepted earlier than the one first part from the “content of invalid first part 50 ” field.
- the confirmation information output part 120 selects invalidity information associated with the selected content from an “invalid information” field and outputs it.
- the confirmation information output part 120 outputs invalidity information selected based on the content of the one inputted first part and the first parts accepted earlier than the one first part.
- the confirmation information output part 120 may output information randomly selected from information that can be outputted as confirmation information (for example, capital letters of alphabet) as invalidity information when the first part is not valid.
- the authentication information storing part 115 may store invalidity information already outputted in association with the content of an invalid first part already inputted. In other words, the authentication information storing part 115 can output the same invalidity information when a first part with the same content is inputted again.
- the confirmation information output part 120 determines that the first part 50 - 1 is not valid because it does not correspond to “B”, the first character of the valid input password. The confirmation information output part 120 then outputs “B” which is the invalidity information associated with both of “ID 1 ” indicating the inputter to be authenticated and “I”, the content of the first part 50 - 1 .
- the confirmation information output part 120 may output “B” identical to the confirmation information when the invalid first part 50 - 1 is predetermined data, for example, when it corresponds to “I” which is predetermined data.
- the confirmation information output part 120 outputs invalidity information different from the confirmation information “B”, for example “Z”, when the invalid first part 50 - 1 is not “I” but “X”, for example.
- the authentication device 10 can output either of information identical to the confirmation information and information different from the confirmation information for an invalid first part 50 - 1 .
- the authentication information storing part 115 may store at least one of the inputter identifying information, the input password, the confirmation information, and the invalidity information shown in the figure after encryption thereof. In this case, the authentication information storing part 115 can prevent a malicious user from easily stealing the other user's input passwords.
- FIG. 3 shows a display example of an output device 150 .
- the output device 150 displays a login ID specifying field 152 , an input password input field 155 and a confirmation information output field 158 .
- the input device 100 allows a login ID to be inputted in the login ID specifying field 152 .
- the input device 100 may obtain the login ID from an IC card or a magnetic card inserted by an inputter without the output device 150 displaying the login ID specifying field 152 .
- the input device 100 allows an input password to be inputted in a predetermined input password input field 155 .
- the first input part 110 allows first parts 50 - 1 to 50 -N in the input password input field 155
- a second input part 130 allows a second part 60 following the first parts 50 - 1 to 50 -N in the input password input field 155
- the output device 150 may display the first parts 50 - 1 to 50 -N and the second part 60 inputted in the input password input field 155 as “*” regardless of the content of the inputted information.
- the confirmation information output part 120 When the first parts 50 - 1 to 50 -N are valid, the confirmation information output part 120 outputs confirmation information to the confirmation information output field 158 , which has been known to the valid inputter in advance and indicates to the valid inputter that the authentication device 10 is valid. For example, the confirmation information output part 120 outputs confirmation information 80 - 1 when the first part 50 - 1 is valid. When any of the first parts 50 - 1 to 50 -N is not valid, the confirmation information output part 120 outputs invalidity information to a confirmation information output field 158 .
- the confirmation information output part 120 When a character is inputted as each of the first parts 50 - 1 to 50 -N, the confirmation information output part 120 outputs an alphabet character as each of confirmation informations 80 - 1 to 80 -N.
- the confirmation information output part 120 may output one character for input of multiple characters, or multiple characters for input of one character.
- the confirmation information output part 120 may output multiple characters as each of confirmation informations 80 - 1 to 80 -N and invalidity informations 70 - 1 to 70 -N, and the first input part 110 allows multiple characters to be inputted as each of the first parts 50 - 1 to 50 -N.
- FIG. 4 shows the operation flow of the authentication device 10 .
- the input device 100 allows an inputter to input his login ID (S 100 ).
- the output device 150 then displays input fields (S 110 ).
- the authentication device 10 may display the input fields after a duration of standby time depending on the frequency, for example, after an exponentially long duration of standby time depending on the frequency. In this case, the authentication device 10 can make it difficult for a malicious inputter to steal the input password for the same login ID.
- the first input part 110 allows a first part of an input password to be inputted (S 120 ). Then the confirmation information output part 120 determines whether or not the first part is valid and all the first parts accepted earlier than the first part are also valid (S 130 ). If the first part is valid and all the first parts accepted earlier than the first part are also valid (S 130 : YES), then the confirmation information output part 120 outputs confirmation information (S 140 ). On the contrary, if the first part or any of the first parts accepted earlier than the first part is invalid (S 130 : NO), then the confirmation information output part 120 outputs invalidity information (S 150 ). At this step, if the invalid first part is predetermined data, the confirmation information output part 120 may output validity information identical to the confirmation information.
- the authentication device 10 returns the process to S 120 if all the multiple first parts have not been inputted (S 160 : NO).
- the confirmation information output part 120 outputs confirmation information each time a valid first part is inputted until all the multiple first parts have been inputted.
- the second input part 130 allows a second part to be inputted (S 170 ). If the determination part 140 determines that both the multiple first parts and the second part are valid (S 180 : YES), then it determines that the inputter is valid (S 190 ). In this case, the determination part 140 may output a validity notification to the inputter or permit him to login to the authentication device 10 .
- FIG. 5 shows an outline of an authentication system 20 in a first variation example.
- the authentication system 20 represented by a kiosk terminal comprises an input terminal 200 for accepting an input password from an inputter, an authentication server 290 for causing the input terminal 200 to authenticate the inputter, and an authenticate information database 298 .
- the input terminal 200 and the authentication server 290 can be mutually authenticated by means of a predetermined strong secret.
- the input terminal 200 allows a login ID to be inputted and obtains confirmation information associated with a valid inputter identified with the login ID, from the authentication server 290 .
- the authentication server 290 has a confirmation information transmission part 295 .
- the confirmation information transmission part 295 determines that the input terminal 200 is valid using the secret, it obtains confirmation information from the authenticate information database 298 and sends it to the input terminal 200 in response to a direction by the input terminal 200 .
- the confirmation information transmission part 295 may further obtain an input password associated with the inputter and invalidity information from the authenticate information database 298 and send them to the input terminal 200 .
- the input terminal 200 authenticates the inputter using the confirmation information, the input password and the invalidity information it has received.
- FIG. 6 is a functional block diagram of the input terminal 200 in the first variation example.
- the input terminal 200 comprises an input device 100 , a first input part 110 , a confirmation information obtaining part 118 , a confirmation information output part 120 , a second input part 130 , a determination part 140 and an output device 150 .
- the input terminal 200 is provided with the confirmation information obtaining part 118 in addition to the authentication device 10 described with reference to FIG. 1 .
- the input terminal 200 may not be provided with the authentication information storing part 115 unlike the authentication device 10 described with reference to FIG. 1 . Since the operation of each block in the input terminal 200 is almost identical to each block with the same reference numeral shown in the authentication device 10 , only different points are now described.
- the input device 100 accepts the characters selected by an inputter as a login ID, an example of inputter identifying information for identifying the inputter and sends it to the confirmation information obtaining part 118 .
- the confirmation information obtaining part 118 obtains confirmation information from the confirmation information transmission part 295 based on the login ID, which has been known to the valid inputter in advance from the authentication server 290 and indicates to the valid inputter that the input terminal 200 is valid, and sends it to the confirmation information output part 120 and the determination part 140 .
- the confirmation information obtaining part 118 may obtain an input password and invalidity information associated with the login ID from the confirmation information transmission part 295 and send them to the confirmation information output part 120 and the determination part 140 .
- the confirmation information output part 120 and the determination part 140 then receive the confirmation information and the invalidity information from the confirmation information obtaining part 118 .
- FIG. 7 shows the operation flow of the authentication system 20 in the first variation example.
- the confirmation information obtaining part 118 sends the login ID to the confirmation information transmission part 295 , in association with information identifying the input terminal 200 (S 200 ).
- the confirmation information obtaining part 118 may encrypt the login ID or add a digital sign using a secret predetermined between the input terminal 200 and the authentication server 290 .
- the authentication server 290 determines whether or not the input terminal 200 is valid (S 210 ). Alternatively, the authentication server 290 may further determine whether or not the input terminal 200 is valid when it is directed to determine the validity of the input terminal 200 .
- the confirmation information transmission part 295 sends the input password, the confirmation information and the invalidity information to the input terminal 200 (S 220 ).
- the input terminal 200 authenticates the inputter (S 230 ). Since the detail of the authentication of the inputter is almost identical to the process from S 110 to S 190 with reference to FIG. 4 , description thereof will be omitted.
- the authentication system 20 enables an inputter to determine whether or not the input terminal 200 to which his password is to be inputted is the one authenticated by the authentication server 290 .
- the inputter can determine whether or not an input terminal 200 located at a public place such as at a street is valid by inputting the first part into the input terminal 200 and checking if the confirmation information is valid.
- the authentication server 290 may authenticate an inputter instead of the input terminal 200 . More specifically, the input terminal 200 sends the login ID and the first and second parts of the input password each time each of them has been inputted. In this case, the authentication server 290 , instead of the input terminal 200 , may have the confirmation information output part 120 and the determination part 140 to determine validity of the first part and the second part. This form enables the configuration of the input terminal 200 to be simplified.
- FIG. 8 is a functional block diagram of an authentication device 10 in a second variation example.
- the authentication device 10 in this variation example may not be provided with the input device 100 or the output device 150 unlike the authentication device 10 shown in FIG. 1 .
- the authentication device 10 communicates with a telephone set 30 located remotely from the authentication device 10 .
- a first input part 110 allows a first part to be inputted via buttons 310 of the telephone set 30 .
- a confirmation information output part 120 outputs confirmation information as voice signals to a receiver 320 of the telephone set 30 .
- the authentication device 10 in this variation example can output confirmation information as voice signals even to the remotely provided telephone set 30 which cannot display characters or images and is dedicated for voice communication.
- FIG. 9 is a functional block diagram of an authentication system 300 in a third variation example.
- the authentication system 300 is provided with a service site 330 providing a predetermined service to a valid inputter, and a mutual authentication service provider 340 communicating with the service site 330 via a network.
- the service site 330 is, for example, a web server in a WWW (World Wide Web) system and authenticates an inputter accessing thereto via the network using the mutual authentication service provider 340 .
- the service site 330 provides the predetermined service to an inputter who has been determined to be valid based on the authentication result received from the mutual authentication service provider 340 .
- the mutual authentication service provider 340 authenticates the inputter based on the input password accepted from him and sends the inputter authentication result to the service site 330 .
- the mutual authentication service provider 340 may carry out encrypted communication with the service site 330 using a predetermined secret.
- the mutual authentication service provider 340 has an input device 100 , a first input part 110 , a confirmation information obtaining part 118 , a confirmation information output part 120 , a second input part 130 , a determination part 140 , a notification part 145 and an output device 150 .
- the mutual authentication service provider 340 is further provided with the confirmation information obtaining part 118 , an input password obtaining part 125 and the notification part 145 in addition to the authentication device 10 described with regard to FIG. 1 .
- the mutual authentication service provider 340 may not be provided with the authentication information storing part 115 unlike the authentication device 10 described with regard to FIG. 1 . Since the operation of each block in the mutual authentication service provider 340 is almost identical to each block with the same reference numeral in the authentication device 10 , only differences are now described.
- the input password obtaining part 125 obtains a valid input password predetermined by a valid inputter in advance, and sends it to the confirmation information output part 120 and the determination part 140 .
- the confirmation information obtaining part 118 obtains confirmation information, which has been known to a valid inputter by the service site 330 in advance and indicates to the valid inputter that the service site 330 is valid, and sends it to the confirmation information output part 120 and the determination part 140 .
- the confirmation information output part 120 outputs the confirmation information received from the confirmation information obtaining part 118 , to the output device 150 if the first part is valid in comparison with the received valid input password.
- the determination part 140 determines that the first and second parts are valid and notifies it to the notification part 145 if the received valid input password corresponds to the received first and second parts. In response to this, the notification part 145 sends to the service site 330 a validity notification indicating validity of the inputter.
- FIG. 10 shows the operation flow of the authentication system 300 in the third variation example.
- the input password obtaining part 125 obtains a valid input password from an inputter in advance (S 300 ).
- the service site 330 notifies confirmation information to the valid inputter of in advance (S 310 ).
- the service site 330 then sends the confirmation information to the mutual authentication service provider 340 (S 320 ).
- the confirmation information obtaining part 118 obtains the confirmation information from the service site 330 (S 330 ).
- the mutual authentication service provider 340 authenticates the inputter using the obtained input password and confirmation information (S 340 ). Since the detail of the authentication of the inputter is almost identical to the process from S 100 to S 170 described with reference to FIG. 4 , description thereof will be omitted.
- the determination part 140 determines whether or not the inputter is valid by determining whether or not both of the first and second parts of the input password are valid (S 350 ). If the inputter is valid, the notification part 145 sends a validity notification indicating validity of the inputter to the service site 330 (S 360 ). In respond to this, the service site 330 provides a predetermined service to the inputter.
- the mutual authentication service provider 340 in this variation example enables a mutual authentication service to be provided to mutual authentication of validity for the service site 330 between the inputter and the service site 330 which is not provided with a function of authenticating the inputter.
- FIG. 11 shows an example of a hardware configuration of the authentication device 10 according to the embodiment and the variation examples shown above.
- An authentication device 10 comprises: a CPU peripheral section provided with a CPU 1000 , a RAM 1020 , a graphic controller 1075 and a display device 1080 mutually connected via a host controller 1082 ; an I/O section provided with a communication interface 1030 and an IC card slot 1055 connected to the host controller 1082 via an I/O controller 1084 , and a legacy I/O section provided with a ROM 1010 and an I/O chip 1070 connected to the I/O controller 1084 .
- the host controller 1082 connects the RAM 1020 to the CPU 1000 and the graphic controller 1075 which access to the RAM 1020 at a high transmission rate.
- the CPU 1000 operates based on programs stored in the ROM 1010 and the RAM 1020 and controls each part.
- the graphic controller 1075 obtains image data generated by the CPU 1000 onto a frame buffer in the RAM 1020 and displays it on the display device 1080 .
- the graphic controller 1075 may include a frame buffer for storing image data generated by the CPU 1000 in the inside thereof.
- the I/O controller 1084 connects the host controller 1082 to the communication interface 1030 and the IC card slot 1055 which are relatively high speed I/O devices.
- the communication interface 1030 communicates with other devices with a network.
- the IC card slot 1055 reads a program or data from the IC card 1058 and provides it to the RAM 1020 via the I/O controller 1084 .
- the ROM 1010 stores a boot program executed by the CPU 1000 during start-up, programs dependent on the hardware of the authentication device 10 , etc.
- the I/O chip 1070 connects to a flexible disk 1090 and to various I/O devices, for example, via a parallel port, serial port, keyboard port, and mouse port.
- the program provided by the authentication device 10 is stored in a recording medium such as the IC card 1058 and provided by a user.
- the program is read from the recording medium, installed in the authentication device 10 via the I/O controller 1084 , and executed in the authentication device 10 .
- the program installed and executed in the authentication device 10 includes an input device implementing module, a first input module, a confirmation information storing module, a confirmation information output module, a second input module, a determination module and an output device implementing module. Since the operation which each module causes the authentication device 10 to execute is identical to that of each correspondent member in the authentication device 10 described with reference to FIGS. 1 to 4 and FIG. 8 , description thereof will be omitted.
- the program for implementing the authentication device 10 may be stored in the recording medium to be provided to the authentication device 10 , or it may be installed via a network.
- the hardware configuration of the input terminal 200 and of the mutual authentication service provider 340 may be identical to that shown in the figure. Alternatively each of the input terminal 200 and the mutual authentication service provider 340 may be further provided with a hard disk drive, a CD-ROM drive and an FD drive.
- the program for implementing the input terminal 200 may be installed in the recording medium to be provided to the input terminal 200 , or it may be installed from the authentication server 290 via a network.
- the program installed and executed in the input terminal 200 includes an input device implementing module, a first input module, a confirmation information storing module, a confirmation information output module, a second input module, a determination module, an output device implementing module and a confirmation information obtaining module. Since the operation which each module causes the input terminal 200 to execute is identical to that of each correspondent member in the input terminal 200 described with reference to FIGS. 5 to 7 , description thereof will be omitted.
- the program for implementing the mutual authentication service provider 340 may be stored in the recording medium to be provided to the mutual authentication service provider 340 , or it may be installed from the service site 330 via a network.
- the program installed and executed in the mutual authentication service provider 340 includes an input device implementing module, a first input module, a confirmation information storing module, a confirmation information output module, a second input module, a determination module, an output device implementing module, a confirmation information obtaining module, an input password obtaining module and a notification module. Since the operation which each module causes the mutual authentication service provider 340 to execute is identical to that of each correspondent member in the mutual authentication service provider 340 described with reference to FIGS. 9 and 10 , description thereof will be omitted.
- the program or module shown above may be stored in an external recording medium.
- an optical recording medium such as DVD and PD, a magneto-optic recording medium such as MD, a tape medium, a semiconductor memory such as an IC card, etc.
- a storage device such as a hard disk or RAM installed in a server system connected to a dedicated communication network or the Internet may be used as a recording medium to provide the program to the authentication device 10 , the input terminal 200 or the mutual authentication service provider 340 via the network.
- the authentication device 10 can authenticate an inputter based on the input password accepted from the inputter and output to the inputter a notification of validity of the authentication device 10 based on the first part of the input password.
- the inputter can determine whether or not the authentication device 10 is valid when having inputted only the first part of the input password, thereby preventing the whole password from being stolen by an invalid authentication device.
- the authentication device 10 When the first part of the input password is not valid, the authentication device 10 outputs invalidity information by which the invalid inputter cannot determine whether or not the first part of the input password is valid. Thus, the authentication device 10 can prevent stealth of an input password by an invalid inputter, thereby preventing invalid access efficiently.
- an inputter has to remember not only his password but also confirmation information, which may seem troublesome in comparison with the existing authentication system.
- This problem can be easily solved.
- the inputter can remember a relatively long, single password to use each of two sets of characters composed of every other character of the password as an input password and confirmation information, respectively.
- the inputter may remember “Falcon32” as a password and use “Flo3” as the input password and “acn2” as the confirmation information.
- an authentication device an authentication system, an authentication method, a program and a recording medium described below can be realized.
- An authentication device for authenticating an inputter based on an input password accepted from the inputter, the authentication device comprising: a first input part for allowing the first part of the input password to be inputted; a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid; a second input part for allowing the second part of the input password to be inputted; and a determination part for determining that the inputter is valid when the first part and the second part are valid.
- the authentication device described in item 1 further comprising an authentication information storing part for storing output data to be outputted in association with the content of the inputted invalid first part, for each of a plurality of the inputters; wherein the confirmation information output part outputs the invalidity information associated with both of the inputter and the content of the first part to be authenticated.
- An authentication device for authenticating an inputter based on an input password accepted from the inputter, the authentication device comprising: a first input part for allowing the first part of the input password to be inputted in a predetermined input field; a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid; a second input part for allowing the second part of the input password to be inputted in the input field subsequently after the first part; and a determination part for determining that the inputter is valid when the first part and the second part are valid.
- An authentication system comprising an input terminal for accepting an input password from an inputter and an authentication server for allowing the input terminal to authenticate the inputter, the input terminal comprising: a confirmation information obtaining part for obtaining from the authentication server, confirmation information known to the valid inputter in advance by the authentication server and indicating to the valid inputter that the input terminal is valid; a first input part for allowing the first part of the input password to be inputted; a confirmation information output part for outputting the confirmation information when the first part is valid; a second input part for allowing the second part of the input password to be inputted; and a determination part for determining that the inputter is valid when the first part and the second part are valid; and the authentication system comprising: a confirmation information transmission part for transmitting the confirmation information associated with the valid inputter in response to a direction by the input terminal.
- An authentication method for authenticating an inputter based on an input password accepted from the inputter comprising the steps of: allowing the first part of the input password to be inputted; outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that an authenticator is valid; allowing the second part of the input password to be inputted; and determining that the inputter is valid when the first part and the second part are valid.
- An authentication method for authenticating an inputter based on an input password accepted from the inputter comprising: allowing the first part of the input password to be inputted in a predetermined input field; outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that an authenticator is valid; allowing the second part of the input password to be inputted in the input field subsequently after the first part; and determining that the inputter is valid when the first part and the second part are valid.
- a mutual authentication service provider providing a mutual authentication service for authenticating an inputter based on an input password accepted from the inputter via a computer as well as allowing the inputter to authenticate validity of a service site providing a predetermined service; the mutual authentication service comprising: an input password obtaining step for obtaining a valid input password set by the valid inputter in advance; a confirmation information obtaining step for obtaining confirmation information known to the valid inputter in advance and indicating to the valid inputter that the service site is valid; a first input step for allowing the first part of the input password to be inputted; a confirmation information outputting step for outputting the confirmation information when the first part is valid in comparison with the valid input password; a second input step for allowing the second part of the input password to be inputted; and a notification step for notifying the service site that the inputter is valid when the first part and the second part are valid.
- an inputter of an input password can prevent the input password from being stolen by an invalid authentication device.
- FIG. 1 is a functional block diagram of an authentication device 10 ;
- FIG. 2 shows an example of information stored in an authentication information storing part 115 ;
- FIG. 3 shows a display example of an output device 150
- FIG. 4 shows the operation flow of an authentication device 10 ;
- FIG. 5 shows an outline of an authentication system 20 in a first variation example
- FIG. 6 is a functional block diagram of an input terminal 200 in a first variation example
- FIG. 7 shows the operation flow of an authentication system 20 in a first variation example
- FIG. 8 is a functional block diagram of an authentication device 10 in a second variation example
- FIG. 9 is a functional block diagram of an authentication system 300 in a third variation example.
- FIG. 10 shows the operation flow of an authentication system 300 in the third variation example.
- FIG. 11 shows an example of a hardware configuration of an authentication device 10 related to the embodiment and the variation examples shown above.
- the present invention can be realized in hardware, software, or a combination of hardware and software.
- a visualization tool according to the present invention can be realized in a centralized fashion in one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system—or other apparatus adapted for carrying out the methods and/or functions described herein—is suitable.
- a typical combination of hardware and software could be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein.
- the present invention can also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which—when loaded in a computer system—is able to carry out these methods.
- Computer program means or computer program in the present context include any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after conversion to another language, code or notation, and/or reproduction in a different material form.
- the invention includes an article of manufacture which comprises a computer usable medium having computer readable program code means embodied therein for causing a function described above.
- the computer readable program code means in the article of manufacture comprises computer readable program code means for causing a computer to effect the steps of a method of this invention.
- the present invention may be implemented as a computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing a a function described above.
- the computer readable program code means in the computer program product comprising computer readable program code means for causing a computer to effect one or more functions of this invention.
- the present invention may be implemented as a program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for causing one or more functions of this invention.
Abstract
To prevent an input password from being stolen by an invalid authentication device. An authentication device 10 for authenticating an inputter based on an input password accepted from the inputter is provided with a first input part 110 for allowing a first part of the input password to be inputted; a confirmation information output part 120 for outputting confirmation information known to the valid inputter in advance when the first part 10 is valid, the confirmation information indicating to the user that the authentication device is valid; a second input part 130 for allowing a second part following the first part of the input password to be inputted; and a determination part 140 for determining that the inputter is valid when the first part and the second part are valid.
Description
- This application is a divisional of U.S. application Ser. No. 10/739,817, filed Dec. 18, 2003.
- The present invention relates to an authentication device, an authentication system, an authentication method, a program and a recording medium. In particular, the present invention relates to an authentication device, an authentication system, an authentication method, a program and a recording medium enabling validity of the authentication device to be determined.
- There has been proposed a system for enabling cipher communication by providing a common secret for both of a valid sender and a valid receiver in advance. In such a system, the sender and the receiver can authenticate each other by obtaining the secret of their counterpart before starting communication, to determine whether or not it corresponds to his own secret (see Patent document 1).
- Published Unexamined Patent Application No. 5-227162
- In the system described above, however, it may occur that the sender finds the secret of the counterpart to be invalid after sending the valid secret he has, thus, the valid secret is disclosed to the invalid counterpart.
- Thus, the object of the present invention is to provide an authentication device, an authentication system, an authentication method, a program and a recording medium capable of solving the above problem. The object is achieved by combinations of the characteristics described in the independent Claims in the Claims. More advantageous examples of the present invention are Claimed in the dependent Claims.
- According to a first embodiment of the present invention, there are provided an authentication device for authenticating an inputter based on the input password accepted from the inputter, the authentication method comprising: a first input part for allowing the first part of the input password to be inputted, a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid, the second input part for allowing a second part following the first part of the input password to be inputted, and a determination part for determining that the inputter is valid when the first part and the second part are valid; an authentication system; and an authentication method, a program and a recording medium recording the program for implementing the authentication device.
- The summary of the invention described above does not enumerate all the necessary characteristics of the present invention, and subcombinations of these characteristics are also to be the invention.
- The present invention will be described below through embodiments thereof. The embodiments described below are not intended to limit the invention to the scope of the Claims, and all the combinations of the characteristics described in the embodiments are not necessarily required as the solution means of the invention.
-
FIG. 1 is a functional block diagram of anauthentication device 10. Theauthentication device 10 is intended to authenticate an inputter based on the input password accepted from the inputter. Theauthentication device 10 is also intended to enable the valid inputter to confirm that theauthentication device 10 is valid by outputting confirmation information indicating that theauthentication device 10 is valid at the stage where the valid inputter has partially inputted his input password. This enables the inputter to prevent his whole input password from being stolen by afalse authentication device 10. Furthermore, an invalid inputter cannot steal the confirmation information until he has partially inputted a valid input password. Thus, it is also difficult for him to create afalse authentication device 10 to output the valid confirmation information. - The
authentication device 10 is, for example, a mobile communication terminal such as PDA, and authenticates an inputter based on the input password accepted from the inputter. Theauthentication device 10 permits access to information stored in the inside thereof and use of an I/O device, etc. installed therein when it determines that the inputter is valid. Theauthentication device 10 comprises aninput device 100, afirst input part 110, an authenticationinformation storing part 115, a confirmationinformation output part 120, asecond input part 130, adetermination part 140 and anoutput device 150. - The
input device 100 is, for example, a touch panel and displays multiple characters for an inputter for him to select some of the characters. Theinput device 100 accepts the characters selected by the inputter as a login ID, an example of inputter identifying information for identifying the inputter, and sends them to the authenticationinformation storing part 115. Theinput device 100 also accepts the characters selected by the inputter as the characters composing his input password, and sends them to thefirst input part 110 and the confirmationinformation output part 120. Theinput device 100 may be a keyboard, a microphone or a pointing device instead of a touch panel. The input password may be composed of alphabets, kana and kanji characters, symbols, numerals or any combination of these. The input password may be inputted by selecting pictures displayed on the screen. - The
first input part 110 allows the inputter to input a first part of the input password by means of theinput device 100, and sends the first part to the confirmationinformation output part 120 and thedetermination part 140. The authenticationinformation storing part 115 stores an input password, confirmation information, and invalidity information to be outputted when the first part is not valid, for each of the multiple inputters to be authenticated. The authenticationinformation storing part 115 sends information associated with the login ID received from theinput device 100, to the confirmationinformation output part 120 and thedetermination part 140. If the first part is valid, the confirmationinformation output part 120 selects confirmation information associated with the inputter to be authenticated from the authenticationinformation storing part 115, and outputs it to theoutput device 150. The confirmation information outputpart 120 outputs, for example, characters as the confirmation information. Alternatively, the confirmationinformation output part 120 may output screen color, an image to be displayed on the screen, a musical scale, etc. as the confirmation information. In this embodiment, theauthentication device 10 notifies confirmation information to valid inputters in advance. Confirmation information may be set in advance for theauthentication device 10 by valid inputters instead. - The
second input part 130 allows the inputter to input the second part of the input password by means of theinput device 100, and sends the second part to thedetermination part 140. Thedetermination part 140 determines that the first and the second parts are valid when the input password obtained from the authenticationinformation storing part 115 corresponds to the received first and the second parts. Thedetermination part 140 sends a validity notification to theoutput device 150 that indicates validity of the inputter. In this case, thedetermination part 140 may perform a login process of inputter. - The
output device 150 outputs to the inputter the confirmation info nation received from the confirmationinformation output part 120 and the validity notification received from thedetermination part 140. In addition, theoutput device 150 may display an input field for an input password to be inputted in advance. -
FIG. 2 shows an example of information stored in an authenticationinformation storing part 115. For each of multiple inputters to be authenticated, the authenticationinformation storing part 115 stores inputter identifying information for identifying the inputter, an input password correspondent to the inputter, confirmation information to be outputted to the inputter, and invalidity information to be outputted in association with an invalid first part. - For example, the authentication
information storing part 115 stores “B . . . CD” as the input password of an inputter whose inputter identifying information (for example, login ID) is “ID1”. Specifically, the authenticationinformation storing part 115 stores “B”, a first part 50-1, as the first character of the input password, “C”, a first part 50-N, as the Nth character, and “D”, asecond part 60, as the N+1th character. In other words, thedetermination part 140 determines the inputter to be valid when the input password inputted by the inputter corresponds to the first parts 50-1 to 50-N and thesecond part 60. - The authentication
information storing part 115 also stores “E . . . G” as confirmation information to be outputted to the inputter whose inputter identifying information is “ID1”. Specifically, the authenticationinformation storing part 115 stores each of confirmation informations 80-1 to 80-N to be outputted when the first part is valid, in association with each of the first parts 50-1 to 50-N. - For example, the confirmation
information output part 120 outputs “E”, the confirmation information 80-1, associated with the first part 50-1 when “B”, the valid first part 50-1, is inputted. If “C”, the valid first part 50-N, is inputted and all the first parts 50-1 to 50-N-1, which have been accepted earlier than the first part 50-N, are valid, then the confirmationinformation output part 120 outputs “G”, the confirmation information 80-N associated with the first part 50-N. In other words, when one first part is inputted, the confirmationinformation output part 120 outputs confirmation information associated with the one first part if the one first part is valid and all the first parts accepted earlier than the one first part are also valid. - Furthermore, the authentication
information storing part 115 stores invalidity information associated with the content of the first parts, in association with the inputter whose inputter identifying information is “ID1”. For example, the authenticationinformation storing part 115 stores “X” as the content of the invalid first part 50-1 and “Z” as invalidity information 70-1 associated with “X”. - In other words, when “X” is inputted as the first part 50-1 of the input password at the
first input part 110, the confirmationinformation output part 120 determines that the first part 50-1 is not valid because “X” does not correspond to “B”, the valid first part 50-1 of the input password. Then, the confirmationinformation output part 120 outputs “Z”, the invalidity information associated with both of “ID1” indicating the inputter to be authenticated and “X”, the content of the first part 50-1. Since invalidity information is inputted according to inputters, an inputter trying invalid access cannot distinguish between confirmation information and invalid information easily, even if he changes the inputter identifying information variously. - In the example shown in the figure, the authentication
information storing part 115 stores all the possible combinations to be inputted by an inputter as the content of the invalidfirst part 50. For example, when the characters to be inputted by an inputter are capital letters of alphabet, invalid information is stored for all the combinations from “A . . . A” to “Z . . . Z”. When one inputted first part 50-N or any first part accepted earlier than the one first part is invalid, the confirmationinformation output part 120 selects the content identical to the one first part and the first parts accepted earlier than the one first part from the “content of invalidfirst part 50” field. The confirmationinformation output part 120 selects invalidity information associated with the selected content from an “invalid information” field and outputs it. - In this way, the confirmation
information output part 120 outputs invalidity information selected based on the content of the one inputted first part and the first parts accepted earlier than the one first part. - Alternatively, the confirmation
information output part 120 may output information randomly selected from information that can be outputted as confirmation information (for example, capital letters of alphabet) as invalidity information when the first part is not valid. In this case, the authenticationinformation storing part 115 may store invalidity information already outputted in association with the content of an invalid first part already inputted. In other words, the authenticationinformation storing part 115 can output the same invalidity information when a first part with the same content is inputted again. - When “I” is inputted as the first character of the input password at the
first input part 110, the confirmationinformation output part 120 determines that the first part 50-1 is not valid because it does not correspond to “B”, the first character of the valid input password. The confirmationinformation output part 120 then outputs “B” which is the invalidity information associated with both of “ID1” indicating the inputter to be authenticated and “I”, the content of the first part 50-1. - In this way, the confirmation
information output part 120 may output “B” identical to the confirmation information when the invalid first part 50-1 is predetermined data, for example, when it corresponds to “I” which is predetermined data. In this case, the confirmationinformation output part 120 outputs invalidity information different from the confirmation information “B”, for example “Z”, when the invalid first part 50-1 is not “I” but “X”, for example. In other words, theauthentication device 10 can output either of information identical to the confirmation information and information different from the confirmation information for an invalid first part 50-1. Thus, a malicious inputter trying to steal an input password cannot easily determine whether or not the inputtedfirst part 50 is valid, which prevents the input password from being easily stolen. - The authentication
information storing part 115 may store at least one of the inputter identifying information, the input password, the confirmation information, and the invalidity information shown in the figure after encryption thereof. In this case, the authenticationinformation storing part 115 can prevent a malicious user from easily stealing the other user's input passwords. -
FIG. 3 shows a display example of anoutput device 150. Theoutput device 150 displays a loginID specifying field 152, an inputpassword input field 155 and a confirmationinformation output field 158. For example, theinput device 100 allows a login ID to be inputted in the loginID specifying field 152. Alternatively, theinput device 100 may obtain the login ID from an IC card or a magnetic card inserted by an inputter without theoutput device 150 displaying the loginID specifying field 152. - The
input device 100 allows an input password to be inputted in a predetermined inputpassword input field 155. In other words, thefirst input part 110 allows first parts 50-1 to 50-N in the inputpassword input field 155, asecond input part 130 allows asecond part 60 following the first parts 50-1 to 50-N in the inputpassword input field 155. Theoutput device 150 may display the first parts 50-1 to 50-N and thesecond part 60 inputted in the inputpassword input field 155 as “*” regardless of the content of the inputted information. - When the first parts 50-1 to 50-N are valid, the confirmation
information output part 120 outputs confirmation information to the confirmationinformation output field 158, which has been known to the valid inputter in advance and indicates to the valid inputter that theauthentication device 10 is valid. For example, the confirmationinformation output part 120 outputs confirmation information 80-1 when the first part 50-1 is valid. When any of the first parts 50-1 to 50-N is not valid, the confirmationinformation output part 120 outputs invalidity information to a confirmationinformation output field 158. - When a character is inputted as each of the first parts 50-1 to 50-N, the confirmation
information output part 120 outputs an alphabet character as each of confirmation informations 80-1 to 80-N. Alternatively, the confirmationinformation output part 120 may output one character for input of multiple characters, or multiple characters for input of one character. In other words, the confirmationinformation output part 120 may output multiple characters as each of confirmation informations 80-1 to 80-N and invalidity informations 70-1 to 70-N, and thefirst input part 110 allows multiple characters to be inputted as each of the first parts 50-1 to 50-N. -
FIG. 4 shows the operation flow of theauthentication device 10. Theinput device 100 allows an inputter to input his login ID (S100). Theoutput device 150 then displays input fields (S110). At this step, if theauthentication device 10 has already determined multiple times that the inputter is not valid for the same login ID, it may display the input fields after a duration of standby time depending on the frequency, for example, after an exponentially long duration of standby time depending on the frequency. In this case, theauthentication device 10 can make it difficult for a malicious inputter to steal the input password for the same login ID. - The
first input part 110 allows a first part of an input password to be inputted (S120). Then the confirmationinformation output part 120 determines whether or not the first part is valid and all the first parts accepted earlier than the first part are also valid (S130). If the first part is valid and all the first parts accepted earlier than the first part are also valid (S130: YES), then the confirmationinformation output part 120 outputs confirmation information (S140). On the contrary, if the first part or any of the first parts accepted earlier than the first part is invalid (S130: NO), then the confirmationinformation output part 120 outputs invalidity information (S150). At this step, if the invalid first part is predetermined data, the confirmationinformation output part 120 may output validity information identical to the confirmation information. - Then, the
authentication device 10 returns the process to S120 if all the multiple first parts have not been inputted (S160: NO). In other words, the confirmationinformation output part 120 outputs confirmation information each time a valid first part is inputted until all the multiple first parts have been inputted. - If all the multiple first parts have been inputted (S160: YES), then the
second input part 130 allows a second part to be inputted (S170). If thedetermination part 140 determines that both the multiple first parts and the second part are valid (S180: YES), then it determines that the inputter is valid (S190). In this case, thedetermination part 140 may output a validity notification to the inputter or permit him to login to theauthentication device 10. -
FIG. 5 shows an outline of anauthentication system 20 in a first variation example. Theauthentication system 20 represented by a kiosk terminal comprises aninput terminal 200 for accepting an input password from an inputter, anauthentication server 290 for causing theinput terminal 200 to authenticate the inputter, and anauthenticate information database 298. Theinput terminal 200 and theauthentication server 290 can be mutually authenticated by means of a predetermined strong secret. Theinput terminal 200 allows a login ID to be inputted and obtains confirmation information associated with a valid inputter identified with the login ID, from theauthentication server 290. Theauthentication server 290 has a confirmationinformation transmission part 295. When the confirmationinformation transmission part 295 determines that theinput terminal 200 is valid using the secret, it obtains confirmation information from theauthenticate information database 298 and sends it to theinput terminal 200 in response to a direction by theinput terminal 200. The confirmationinformation transmission part 295 may further obtain an input password associated with the inputter and invalidity information from theauthenticate information database 298 and send them to theinput terminal 200. Theinput terminal 200 authenticates the inputter using the confirmation information, the input password and the invalidity information it has received. -
FIG. 6 is a functional block diagram of theinput terminal 200 in the first variation example. Theinput terminal 200 comprises aninput device 100, afirst input part 110, a confirmationinformation obtaining part 118, a confirmationinformation output part 120, asecond input part 130, adetermination part 140 and anoutput device 150. In other words, theinput terminal 200 is provided with the confirmationinformation obtaining part 118 in addition to theauthentication device 10 described with reference toFIG. 1 . Theinput terminal 200 may not be provided with the authenticationinformation storing part 115 unlike theauthentication device 10 described with reference toFIG. 1 . Since the operation of each block in theinput terminal 200 is almost identical to each block with the same reference numeral shown in theauthentication device 10, only different points are now described. - The
input device 100 accepts the characters selected by an inputter as a login ID, an example of inputter identifying information for identifying the inputter and sends it to the confirmationinformation obtaining part 118. The confirmationinformation obtaining part 118 obtains confirmation information from the confirmationinformation transmission part 295 based on the login ID, which has been known to the valid inputter in advance from theauthentication server 290 and indicates to the valid inputter that theinput terminal 200 is valid, and sends it to the confirmationinformation output part 120 and thedetermination part 140. The confirmationinformation obtaining part 118 may obtain an input password and invalidity information associated with the login ID from the confirmationinformation transmission part 295 and send them to the confirmationinformation output part 120 and thedetermination part 140. The confirmationinformation output part 120 and thedetermination part 140 then receive the confirmation information and the invalidity information from the confirmationinformation obtaining part 118. -
FIG. 7 shows the operation flow of theauthentication system 20 in the first variation example. When theinput device 100 allows an inputter to input his login ID, the confirmationinformation obtaining part 118 sends the login ID to the confirmationinformation transmission part 295, in association with information identifying the input terminal 200 (S200). At this step, the confirmationinformation obtaining part 118 may encrypt the login ID or add a digital sign using a secret predetermined between theinput terminal 200 and theauthentication server 290. Theauthentication server 290 then determines whether or not theinput terminal 200 is valid (S210). Alternatively, theauthentication server 290 may further determine whether or not theinput terminal 200 is valid when it is directed to determine the validity of theinput terminal 200. - If it is determined that the
input terminal 200 is valid (S210: YES), then the confirmationinformation transmission part 295 sends the input password, the confirmation information and the invalidity information to the input terminal 200 (S220). In response to this, theinput terminal 200 authenticates the inputter (S230). Since the detail of the authentication of the inputter is almost identical to the process from S110 to S190 with reference toFIG. 4 , description thereof will be omitted. - In this way, the
authentication system 20 enables an inputter to determine whether or not theinput terminal 200 to which his password is to be inputted is the one authenticated by theauthentication server 290. For example, the inputter can determine whether or not aninput terminal 200 located at a public place such as at a street is valid by inputting the first part into theinput terminal 200 and checking if the confirmation information is valid. - As another example, the
authentication server 290 may authenticate an inputter instead of theinput terminal 200. More specifically, theinput terminal 200 sends the login ID and the first and second parts of the input password each time each of them has been inputted. In this case, theauthentication server 290, instead of theinput terminal 200, may have the confirmationinformation output part 120 and thedetermination part 140 to determine validity of the first part and the second part. This form enables the configuration of theinput terminal 200 to be simplified. -
FIG. 8 is a functional block diagram of anauthentication device 10 in a second variation example. Theauthentication device 10 in this variation example may not be provided with theinput device 100 or theoutput device 150 unlike theauthentication device 10 shown inFIG. 1 . As for the configuration except for these, there are used members almost identical to those with the same reference numerals of theauthentication device 10 shown inFIG. 1 , so that only differences are now described. - The
authentication device 10 communicates with a telephone set 30 located remotely from theauthentication device 10. Afirst input part 110 allows a first part to be inputted viabuttons 310 of the telephone set 30. A confirmationinformation output part 120 outputs confirmation information as voice signals to areceiver 320 of the telephone set 30. - In this way, the
authentication device 10 in this variation example can output confirmation information as voice signals even to the remotely provided telephone set 30 which cannot display characters or images and is dedicated for voice communication. -
FIG. 9 is a functional block diagram of anauthentication system 300 in a third variation example. Theauthentication system 300 is provided with aservice site 330 providing a predetermined service to a valid inputter, and a mutualauthentication service provider 340 communicating with theservice site 330 via a network. Theservice site 330 is, for example, a web server in a WWW (World Wide Web) system and authenticates an inputter accessing thereto via the network using the mutualauthentication service provider 340. Theservice site 330 provides the predetermined service to an inputter who has been determined to be valid based on the authentication result received from the mutualauthentication service provider 340. The mutualauthentication service provider 340 authenticates the inputter based on the input password accepted from him and sends the inputter authentication result to theservice site 330. The mutualauthentication service provider 340 may carry out encrypted communication with theservice site 330 using a predetermined secret. - The mutual
authentication service provider 340 has aninput device 100, afirst input part 110, a confirmationinformation obtaining part 118, a confirmationinformation output part 120, asecond input part 130, adetermination part 140, anotification part 145 and anoutput device 150. In other words, the mutualauthentication service provider 340 is further provided with the confirmationinformation obtaining part 118, an inputpassword obtaining part 125 and thenotification part 145 in addition to theauthentication device 10 described with regard toFIG. 1 . The mutualauthentication service provider 340 may not be provided with the authenticationinformation storing part 115 unlike theauthentication device 10 described with regard toFIG. 1 . Since the operation of each block in the mutualauthentication service provider 340 is almost identical to each block with the same reference numeral in theauthentication device 10, only differences are now described. - The input
password obtaining part 125 obtains a valid input password predetermined by a valid inputter in advance, and sends it to the confirmationinformation output part 120 and thedetermination part 140. The confirmationinformation obtaining part 118 obtains confirmation information, which has been known to a valid inputter by theservice site 330 in advance and indicates to the valid inputter that theservice site 330 is valid, and sends it to the confirmationinformation output part 120 and thedetermination part 140. The confirmationinformation output part 120 outputs the confirmation information received from the confirmationinformation obtaining part 118, to theoutput device 150 if the first part is valid in comparison with the received valid input password. Thedetermination part 140 determines that the first and second parts are valid and notifies it to thenotification part 145 if the received valid input password corresponds to the received first and second parts. In response to this, thenotification part 145 sends to the service site 330 a validity notification indicating validity of the inputter. -
FIG. 10 shows the operation flow of theauthentication system 300 in the third variation example. The inputpassword obtaining part 125 obtains a valid input password from an inputter in advance (S300). Theservice site 330 notifies confirmation information to the valid inputter of in advance (S310). Theservice site 330 then sends the confirmation information to the mutual authentication service provider 340 (S320). The confirmationinformation obtaining part 118 obtains the confirmation information from the service site 330 (S330). The mutualauthentication service provider 340 authenticates the inputter using the obtained input password and confirmation information (S340). Since the detail of the authentication of the inputter is almost identical to the process from S100 to S170 described with reference toFIG. 4 , description thereof will be omitted. - Then the
determination part 140 determines whether or not the inputter is valid by determining whether or not both of the first and second parts of the input password are valid (S350). If the inputter is valid, thenotification part 145 sends a validity notification indicating validity of the inputter to the service site 330 (S360). In respond to this, theservice site 330 provides a predetermined service to the inputter. - In this way, the mutual
authentication service provider 340 in this variation example enables a mutual authentication service to be provided to mutual authentication of validity for theservice site 330 between the inputter and theservice site 330 which is not provided with a function of authenticating the inputter. -
FIG. 11 shows an example of a hardware configuration of theauthentication device 10 according to the embodiment and the variation examples shown above. Anauthentication device 10 according to the embodiment comprises: a CPU peripheral section provided with aCPU 1000, aRAM 1020, agraphic controller 1075 and adisplay device 1080 mutually connected via ahost controller 1082; an I/O section provided with acommunication interface 1030 and anIC card slot 1055 connected to thehost controller 1082 via an I/O controller 1084, and a legacy I/O section provided with aROM 1010 and an I/O chip 1070 connected to the I/O controller 1084. - The
host controller 1082 connects theRAM 1020 to theCPU 1000 and thegraphic controller 1075 which access to theRAM 1020 at a high transmission rate. TheCPU 1000 operates based on programs stored in theROM 1010 and theRAM 1020 and controls each part. Thegraphic controller 1075 obtains image data generated by theCPU 1000 onto a frame buffer in theRAM 1020 and displays it on thedisplay device 1080. Alternatively, thegraphic controller 1075 may include a frame buffer for storing image data generated by theCPU 1000 in the inside thereof. - The I/
O controller 1084 connects thehost controller 1082 to thecommunication interface 1030 and theIC card slot 1055 which are relatively high speed I/O devices. Thecommunication interface 1030 communicates with other devices with a network. TheIC card slot 1055 reads a program or data from theIC card 1058 and provides it to theRAM 1020 via the I/O controller 1084. - The
ROM 1010 and a relatively low speed I/O device, such as the I/O chip 1070, are connected to the I/O controller 1084. TheROM 1010 stores a boot program executed by theCPU 1000 during start-up, programs dependent on the hardware of theauthentication device 10, etc. The I/O chip 1070 connects to a flexible disk 1090 and to various I/O devices, for example, via a parallel port, serial port, keyboard port, and mouse port. - The program provided by the
authentication device 10 is stored in a recording medium such as theIC card 1058 and provided by a user. The program is read from the recording medium, installed in theauthentication device 10 via the I/O controller 1084, and executed in theauthentication device 10. - The program installed and executed in the
authentication device 10 includes an input device implementing module, a first input module, a confirmation information storing module, a confirmation information output module, a second input module, a determination module and an output device implementing module. Since the operation which each module causes theauthentication device 10 to execute is identical to that of each correspondent member in theauthentication device 10 described with reference toFIGS. 1 to 4 andFIG. 8 , description thereof will be omitted. The program for implementing theauthentication device 10 may be stored in the recording medium to be provided to theauthentication device 10, or it may be installed via a network. - The hardware configuration of the
input terminal 200 and of the mutualauthentication service provider 340 may be identical to that shown in the figure. Alternatively each of theinput terminal 200 and the mutualauthentication service provider 340 may be further provided with a hard disk drive, a CD-ROM drive and an FD drive. The program for implementing theinput terminal 200 may be installed in the recording medium to be provided to theinput terminal 200, or it may be installed from theauthentication server 290 via a network. The program installed and executed in theinput terminal 200 includes an input device implementing module, a first input module, a confirmation information storing module, a confirmation information output module, a second input module, a determination module, an output device implementing module and a confirmation information obtaining module. Since the operation which each module causes theinput terminal 200 to execute is identical to that of each correspondent member in theinput terminal 200 described with reference toFIGS. 5 to 7 , description thereof will be omitted. - The program for implementing the mutual
authentication service provider 340 may be stored in the recording medium to be provided to the mutualauthentication service provider 340, or it may be installed from theservice site 330 via a network. The program installed and executed in the mutualauthentication service provider 340 includes an input device implementing module, a first input module, a confirmation information storing module, a confirmation information output module, a second input module, a determination module, an output device implementing module, a confirmation information obtaining module, an input password obtaining module and a notification module. Since the operation which each module causes the mutualauthentication service provider 340 to execute is identical to that of each correspondent member in the mutualauthentication service provider 340 described with reference toFIGS. 9 and 10 , description thereof will be omitted. - The program or module shown above may be stored in an external recording medium. In addition to a flexible disk and CD-ROM, an optical recording medium such as DVD and PD, a magneto-optic recording medium such as MD, a tape medium, a semiconductor memory such as an IC card, etc. can be used as the recording medium. A storage device such as a hard disk or RAM installed in a server system connected to a dedicated communication network or the Internet may be used as a recording medium to provide the program to the
authentication device 10, theinput terminal 200 or the mutualauthentication service provider 340 via the network. - As apparent from the description above, the
authentication device 10 can authenticate an inputter based on the input password accepted from the inputter and output to the inputter a notification of validity of theauthentication device 10 based on the first part of the input password. In other words, the inputter can determine whether or not theauthentication device 10 is valid when having inputted only the first part of the input password, thereby preventing the whole password from being stolen by an invalid authentication device. - When the first part of the input password is not valid, the
authentication device 10 outputs invalidity information by which the invalid inputter cannot determine whether or not the first part of the input password is valid. Thus, theauthentication device 10 can prevent stealth of an input password by an invalid inputter, thereby preventing invalid access efficiently. - When using the
authentication device 10 described in the embodiment, an inputter has to remember not only his password but also confirmation information, which may seem troublesome in comparison with the existing authentication system. This problem, however, can be easily solved. For example, the inputter can remember a relatively long, single password to use each of two sets of characters composed of every other character of the password as an input password and confirmation information, respectively. For example, the inputter may remember “Falcon32” as a password and use “Flo3” as the input password and “acn2” as the confirmation information. - According to the embodiment shown above, an authentication device, an authentication system, an authentication method, a program and a recording medium described below can be realized.
- (Item 1) An authentication device for authenticating an inputter based on an input password accepted from the inputter, the authentication device comprising: a first input part for allowing the first part of the input password to be inputted; a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid; a second input part for allowing the second part of the input password to be inputted; and a determination part for determining that the inputter is valid when the first part and the second part are valid.
- (Item 2) The authentication device described in item 1; wherein, when the first part is invalid, the confirmation information output part outputs information identical to the confirmation information for certain predetermined inputs, and outputs invalidity information different from the confirmation information for other inputs.
- (Item 3) The authentication device described in item 1 further comprising an authentication information storing part for storing output data to be outputted in association with the content of the inputted invalid first part, for each of a plurality of the inputters; wherein the confirmation information output part outputs the invalidity information associated with both of the inputter and the content of the first part to be authenticated.
- (Item 4) The authentication device described in item 1; wherein the first input part allows a plurality of the first parts to be inputted; each of the plurality of first parts is associated with each of a plurality of the confirmation information data to be outputted when the first part is valid; and the confirmation information output part, when a subpart of the first part is inputted, outputs the confirmation information associated with subpart if the subpart is valid and all the subparts preceding to the subparts are also valid, and outputs the invalidity information selected based on the subparts inputted so far if any of these subparts is invalid.
- (Item 5) The authentication device described in item 1; wherein the first input part allows the first part to be inputted in a predetermined input field; and the second input part allows the second part to be inputted in the input field subsequently after the first part.
- (Item 6) The authentication device described in item 1; wherein the confirmation information output part outputs the confirmation information each time the valid first part is inputted.
- (Item 7) The authentication device described in item 1; wherein the first input part allows the first part to be inputted via buttons of a telephone set located remotely from the authentication device; and the confirmation information output part outputs the confirmation information as audio signals to the receiver of the telephone set.
- (Item 8) An authentication device for authenticating an inputter based on an input password accepted from the inputter, the authentication device comprising: a first input part for allowing the first part of the input password to be inputted in a predetermined input field; a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid; a second input part for allowing the second part of the input password to be inputted in the input field subsequently after the first part; and a determination part for determining that the inputter is valid when the first part and the second part are valid.
- (Item 9) An authentication system comprising an input terminal for accepting an input password from an inputter and an authentication server for allowing the input terminal to authenticate the inputter, the input terminal comprising: a confirmation information obtaining part for obtaining from the authentication server, confirmation information known to the valid inputter in advance by the authentication server and indicating to the valid inputter that the input terminal is valid; a first input part for allowing the first part of the input password to be inputted; a confirmation information output part for outputting the confirmation information when the first part is valid; a second input part for allowing the second part of the input password to be inputted; and a determination part for determining that the inputter is valid when the first part and the second part are valid; and the authentication system comprising: a confirmation information transmission part for transmitting the confirmation information associated with the valid inputter in response to a direction by the input terminal.
- (Item 10) An authentication method for authenticating an inputter based on an input password accepted from the inputter, the authentication method comprising the steps of: allowing the first part of the input password to be inputted; outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that an authenticator is valid; allowing the second part of the input password to be inputted; and determining that the inputter is valid when the first part and the second part are valid.
- (Item 11) An authentication method for authenticating an inputter based on an input password accepted from the inputter, the authentication method comprising: allowing the first part of the input password to be inputted in a predetermined input field; outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that an authenticator is valid; allowing the second part of the input password to be inputted in the input field subsequently after the first part; and determining that the inputter is valid when the first part and the second part are valid.
- (Item 12) A mutual authentication service provider providing a mutual authentication service for authenticating an inputter based on an input password accepted from the inputter via a computer as well as allowing the inputter to authenticate validity of a service site providing a predetermined service; the mutual authentication service comprising: an input password obtaining step for obtaining a valid input password set by the valid inputter in advance; a confirmation information obtaining step for obtaining confirmation information known to the valid inputter in advance and indicating to the valid inputter that the service site is valid; a first input step for allowing the first part of the input password to be inputted; a confirmation information outputting step for outputting the confirmation information when the first part is valid in comparison with the valid input password; a second input step for allowing the second part of the input password to be inputted; and a notification step for notifying the service site that the inputter is valid when the first part and the second part are valid.
- (Item 13) A program for causing a computer as an authentication device for authenticating an inputter based on an input password accepted from the inputter; the program causing the computer to function as: a first input part for allowing the first part of the input password to be inputted; a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid; a second input part for allowing the second part of the input password to be inputted; and a determination part for determining that the inputter is valid when the first part and the second part are valid.
- (Item 14) A program for causing a computer as an authentication device for authenticating an inputter based on an input password accepted from the inputter; the program causing the computer to function as: a first input part for allowing the first part of the input password to be inputted in a predetermined input field; a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid; a second input part for allowing the second part of the input password to be inputted in the input field subsequently after the first part; and a determination part for determining that the inputter is valid when the first part and the second part are valid.
- (Item 15) A program for causing a computer to function as a mutual authentication service provider providing a mutual authentication service for authenticating an inputter based on an input password accepted from the inputter as well as allowing the inputter to authenticate validity of a service site providing a predetermined service; the program causing the computer to function as: an input password obtaining part for obtaining a valid input password set by the valid inputter in advance; a confirmation information obtaining part for obtaining confirmation information known to the valid inputter in advance and indicating to the valid inputter that the service site is valid; a first input part for allowing the first part of the input password to be inputted; a confirmation information outputting part for outputting the confirmation information when the first part is valid in comparison with the valid input password; a second input part for allowing the second part of the input password to be inputted; and a notification part for notifying the service site that the inputter is valid when the first part and the second part are valid.
- (Item 16) A recording medium recording the program described in any of items 13 to 15.
- Though the present invention has been described using an embodiment, the technical scope of the present invention is not limited to the scope described in the embodiment. A variety of changes and improvements can be made in the embodiment described above. It is apparent from the description in the Claims that such changed or improved embodiments are to be included in the technical scope of the present invention.
- As apparent from the above description, an inputter of an input password can prevent the input password from being stolen by an invalid authentication device.
-
FIG. 1 is a functional block diagram of anauthentication device 10; -
FIG. 2 shows an example of information stored in an authenticationinformation storing part 115; -
FIG. 3 shows a display example of anoutput device 150; -
FIG. 4 shows the operation flow of anauthentication device 10; -
FIG. 5 shows an outline of anauthentication system 20 in a first variation example; -
FIG. 6 is a functional block diagram of aninput terminal 200 in a first variation example; -
FIG. 7 shows the operation flow of anauthentication system 20 in a first variation example; -
FIG. 8 is a functional block diagram of anauthentication device 10 in a second variation example; -
FIG. 9 is a functional block diagram of anauthentication system 300 in a third variation example; -
FIG. 10 shows the operation flow of anauthentication system 300 in the third variation example; and -
FIG. 11 shows an example of a hardware configuration of anauthentication device 10 related to the embodiment and the variation examples shown above. -
- 10 . . . Authentication device
- 20 . . . Authentication system
- 30 . . . Telephone set
- 50 . . . First part
- 60 . . . Second part
- 70 . . . Invalidity information
- 80 . . . Confirmation information
- 100 . . . Input device
- 110 . . . First input part
- 115 . . . Authentication information storing part
- 118 . . . Confirmation information obtaining part
- 120 . . . Confirmation
information output part 120 - 125 . . . Input password obtaining part
- 130 . . . Second input part
- 140 . . . Determination part
- 145 . . . Notification part
- 150 . . . Output device
- 152 . . . Login ID specifying field
- 155 . . . Input password input field
- 158 . . . Confirmation information output field
- 200 . . . Input terminal
- 290 . . . Authentication server
- 295 . . . Confirmation information transmission part
- 298 . . . Authenticate information database
- 300 . . . Authentication system
- 310 . . . Buttons
- 320 . . . Receiver
- 330 . . . Service site
- 340 . . . Mutual authentication service provider
- Variations described for the present invention can be realized in any combination desirable for each particular application. Thus particular limitations, and/or embodiment enhancements described herein, which may have particular advantages to the particular application need not be used for all applications. Also, not all limitations need be implemented in methods, systems and/or apparatus including one or more concepts of the present invention.
- The present invention can be realized in hardware, software, or a combination of hardware and software. A visualization tool according to the present invention can be realized in a centralized fashion in one computer system, or in a distributed fashion where different elements are spread across several interconnected computer systems. Any kind of computer system—or other apparatus adapted for carrying out the methods and/or functions described herein—is suitable. A typical combination of hardware and software could be a general purpose computer system with a computer program that, when being loaded and executed, controls the computer system such that it carries out the methods described herein. The present invention can also be embedded in a computer program product, which comprises all the features enabling the implementation of the methods described herein, and which—when loaded in a computer system—is able to carry out these methods.
- Computer program means or computer program in the present context include any expression, in any language, code or notation, of a set of instructions intended to cause a system having an information processing capability to perform a particular function either directly or after conversion to another language, code or notation, and/or reproduction in a different material form.
- Thus the invention includes an article of manufacture which comprises a computer usable medium having computer readable program code means embodied therein for causing a function described above. The computer readable program code means in the article of manufacture comprises computer readable program code means for causing a computer to effect the steps of a method of this invention. Similarly, the present invention may be implemented as a computer program product comprising a computer usable medium having computer readable program code means embodied therein for causing a a function described above. The computer readable program code means in the computer program product comprising computer readable program code means for causing a computer to effect one or more functions of this invention. Furthermore, the present invention may be implemented as a program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform method steps for causing one or more functions of this invention.
- It is noted that the foregoing has outlined some of the more pertinent objects and embodiments of the present invention. This invention may be used for many applications. Thus, although the description is made for particular arrangements and methods, the intent and concept of the invention is suitable and applicable to other arrangements and applications. It will be clear to those skilled in the art that modifications to the disclosed embodiments can be effected without departing from the spirit and scope of the invention. The described embodiments ought to be construed to be merely illustrative of some of the more prominent features and applications of the invention. Other beneficial results can be realized by applying the disclosed invention in a different manner or modifying the invention in ways known to those familiar with the art.
Claims (4)
1. An authentication device for authenticating an inputter based on an input password accepted from the inputter, the authentication device comprising:
a first input part for allowing the first part of the input password to be inputted;
a confirmation information output part for outputting confirmation information known to the valid inputter in advance when the first part is valid, the confirmation information indicating to the user that the authentication device is valid;
a second input part for allowing the second part of the input password to be inputted; and
a determination part for determining that the inputter is valid when the first part and the second part are valid.
2. The authentication device according to claim 1 ; wherein the first input part allows the first part to be inputted via buttons of a telephone set located remotely from the authentication device; and
the confirmation information output part outputs the confirmation information as audio signals to the receiver of the telephone set.
3. A mutual authentication service provider providing a mutual authentication service for authenticating an inputter based on an input password accepted from the inputter via a computer as well as allowing the inputter to authenticate validity of a service site providing a predetermined service; the mutual authentication service comprising:
an input password obtaining step for obtaining a valid input password set by the valid inputter in advance;
a confirmation information obtaining step for obtaining confirmation information known to the valid inputter in advance and indicating to the valid inputter that the service site is valid;
a first input step for allowing the first part of the input password to be inputted;
a confirmation information outputting step for outputting the confirmation information when the first part is valid in comparison with the valid input password;
a second input step for allowing the second part of the input password to be inputted; and
a notification step for notifying the service site that the inputter is valid when the first part and the second part are valid.
4. A program for causing a computer to function as a mutual authentication service provider providing a mutual authentication service for authenticating an inputter based on an input password accepted from the inputter as well as allowing the inputter to authenticate validity of a service site providing a predetermined service;
the program causing the computer to function as:
an input password obtaining part for obtaining a valid input password set by the valid inputter in advance;
a confirmation information obtaining part for obtaining confirmation information known to the valid inputter in advance and indicating to the valid inputter that the service site is valid; a first input part for allowing the first part of the input password to be inputted;
a confirmation information outputting part for outputting the confirmation information when the first part is valid in comparison with the valid input password;
a second input part for allowing the second part of the input password to be inputted; and
a notification part for notifying the service site that the inputter is valid when the first part and the second part are valid.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/543,784 US20100077223A1 (en) | 2002-12-25 | 2009-08-19 | Authentication device, authentication system, authentication method, program and recording medium |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2002-375449 | 2002-12-25 | ||
JP2002375449A JP3956130B2 (en) | 2002-12-25 | 2002-12-25 | Authentication device, authentication system, authentication method, program, and recording medium |
US10/739,817 US7610489B2 (en) | 2002-12-25 | 2003-12-18 | Authentication device, authentication system, authentication method, program and recording medium |
US12/543,784 US20100077223A1 (en) | 2002-12-25 | 2009-08-19 | Authentication device, authentication system, authentication method, program and recording medium |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/739,817 Division US7610489B2 (en) | 2002-12-25 | 2003-12-18 | Authentication device, authentication system, authentication method, program and recording medium |
Publications (1)
Publication Number | Publication Date |
---|---|
US20100077223A1 true US20100077223A1 (en) | 2010-03-25 |
Family
ID=32813202
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/739,817 Expired - Fee Related US7610489B2 (en) | 2002-12-25 | 2003-12-18 | Authentication device, authentication system, authentication method, program and recording medium |
US12/543,784 Abandoned US20100077223A1 (en) | 2002-12-25 | 2009-08-19 | Authentication device, authentication system, authentication method, program and recording medium |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/739,817 Expired - Fee Related US7610489B2 (en) | 2002-12-25 | 2003-12-18 | Authentication device, authentication system, authentication method, program and recording medium |
Country Status (2)
Country | Link |
---|---|
US (2) | US7610489B2 (en) |
JP (1) | JP3956130B2 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20090241196A1 (en) * | 2008-03-19 | 2009-09-24 | Websense, Inc. | Method and system for protection against information stealing software |
US20130067554A1 (en) * | 2010-05-11 | 2013-03-14 | Thomson Licensing | Methods, devices and computer program supports for password generation and verification |
US9094826B2 (en) | 2011-07-11 | 2015-07-28 | Ricoh Company, Limited | Wireless communication system and terminal-device authentication method in wireless communication system |
US9130986B2 (en) | 2008-03-19 | 2015-09-08 | Websense, Inc. | Method and system for protection against information stealing software |
US9241259B2 (en) | 2012-11-30 | 2016-01-19 | Websense, Inc. | Method and apparatus for managing the transfer of sensitive information to mobile devices |
US9609001B2 (en) | 2007-02-02 | 2017-03-28 | Websense, Llc | System and method for adding context to prevent data leakage over a computer network |
CN113343273A (en) * | 2021-06-30 | 2021-09-03 | 重庆渝高科技产业(集团)股份有限公司 | User login method, first server and computer readable storage medium |
Families Citing this family (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8171567B1 (en) | 2002-09-04 | 2012-05-01 | Tracer Detection Technology Corp. | Authentication method and system |
JP4306390B2 (en) * | 2003-09-29 | 2009-07-29 | 日本電気株式会社 | Password authentication apparatus, method and program |
US20060015733A1 (en) * | 2004-06-24 | 2006-01-19 | John H. Harland Company | Process and system for the material reduction of counterfeit and identity-maker fraud |
JP4636632B2 (en) * | 2004-12-27 | 2011-02-23 | 富士通株式会社 | Authentication system |
KR100714725B1 (en) * | 2005-08-29 | 2007-05-07 | 삼성전자주식회사 | Apparatus and method for protecting exposure of inputted information |
US8392707B2 (en) * | 2005-09-07 | 2013-03-05 | Bally Gaming, Inc. | Gaming network |
FR2893732B1 (en) * | 2005-11-22 | 2009-09-18 | Trusted Logic Sa | METHOD AND DEVICE FOR USER AUTHENTICATION OF CONFIDENCE INTERFACE AND ASSOCIATED COMPUTER PROGRAM |
JP4783236B2 (en) * | 2006-08-09 | 2011-09-28 | 株式会社リコー | Image reading apparatus, image information verification apparatus, image reading method, image information verification method, and image reading program |
JP5212642B2 (en) | 2006-09-20 | 2013-06-19 | 日本電気株式会社 | Validity confirmation system, validity confirmation method, information processing card, confirmation device, and authentication device |
JP4970221B2 (en) * | 2007-11-16 | 2012-07-04 | 株式会社東芝 | Power saving control apparatus and method |
JP5252989B2 (en) * | 2008-05-15 | 2013-07-31 | キヤノン株式会社 | Information processing apparatus, control method therefor, data management system, and computer program |
US9641537B2 (en) | 2008-08-14 | 2017-05-02 | Invention Science Fund I, Llc | Conditionally releasing a communiqué determined to be affiliated with a particular source entity in response to detecting occurrence of one or more environmental aspects |
US9659188B2 (en) * | 2008-08-14 | 2017-05-23 | Invention Science Fund I, Llc | Obfuscating identity of a source entity affiliated with a communiqué directed to a receiving user and in accordance with conditional directive provided by the receiving use |
US9667423B2 (en) | 2010-09-27 | 2017-05-30 | Nokia Technologies Oy | Method and apparatus for accelerated authentication |
US8590017B2 (en) * | 2011-02-28 | 2013-11-19 | International Business Machines Corporation | Partial authentication for access to incremental data |
FR2984564A1 (en) * | 2011-12-20 | 2013-06-21 | France Telecom | METHOD AND DEVICE FOR SECURING A COMPUTER APPLICATION |
US10395065B2 (en) * | 2015-12-28 | 2019-08-27 | International Business Machines Corporation | Password protection under close input observation based on dynamic multi-value keyboard mapping |
FR3080693B1 (en) * | 2018-04-30 | 2021-10-08 | Ledger | MUTUAL AUTHENTICATION OF A DEVICE OR SYSTEM CONTAINING SENSITIVE OR CONFIDENTIAL DATA THAT CAN BE CONTROLLED BY A USER |
Citations (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4964156A (en) * | 1988-07-25 | 1990-10-16 | Gte Mobilnet Incorporated | Cellular telephone unit capable of automatic interaction with audio services |
US20010056400A1 (en) * | 2000-06-21 | 2001-12-27 | Nec Corporation | Data sale immediate settling method and prepaid card |
US20020099663A1 (en) * | 2000-11-01 | 2002-07-25 | Kenji Yoshino | Content delivery system and content delivery method |
US6438230B1 (en) * | 1999-09-15 | 2002-08-20 | Coinstar, Inc. | Data mapping method and apparatus with multi-party capability |
US20030046541A1 (en) * | 2001-09-04 | 2003-03-06 | Martin Gerdes | Universal authentication mechanism |
US20030070098A1 (en) * | 2001-05-10 | 2003-04-10 | Fujitsu Limited Kawasaki, Japan | Processing machine, method of administering processing machine, program and system |
US20030093367A1 (en) * | 2001-11-15 | 2003-05-15 | First Data Corporation | Online incremental payment method |
US6643784B1 (en) * | 1998-12-14 | 2003-11-04 | Entrust Technologies Limited | Password generation method and system |
US6671672B1 (en) * | 1999-03-30 | 2003-12-30 | Nuance Communications | Voice authentication system having cognitive recall mechanism for password verification |
US20040034766A1 (en) * | 2002-06-10 | 2004-02-19 | Ken Sakamura | Autonomous integrated-circuit card |
US20040039906A1 (en) * | 2002-06-07 | 2004-02-26 | Makoto Oka | Access authorization management system, relay server, access authorization management method, and computer program |
US20040044911A1 (en) * | 2002-06-26 | 2004-03-04 | Sony Corporation | Information terminal apparatus, information processing apparatus and information communication system |
US6731731B1 (en) * | 1999-07-30 | 2004-05-04 | Comsquare Co., Ltd. | Authentication method, authentication system and recording medium |
US6817519B2 (en) * | 2000-09-08 | 2004-11-16 | Pioneer Corporation | User authentication system and user authentication method |
US7006819B2 (en) * | 2002-05-08 | 2006-02-28 | General Motors Corporation | Method of programming a telematics unit using voice recognition |
US7240339B2 (en) * | 2001-04-19 | 2007-07-03 | International Business Machines Corporation | Syntax checker with real-time feedback |
US7451322B2 (en) * | 2002-03-05 | 2008-11-11 | Samsung Electronics Co., Ltd. | User authentication method using password |
US7466806B2 (en) * | 2000-07-07 | 2008-12-16 | At&T Intellectual Property, I, L.P. | Pre-paid wireless interactive voice response system with variable announcements |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0713930A (en) | 1993-06-24 | 1995-01-17 | Nec Corp | Security control system for on-line system |
JP2000235630A (en) | 1999-02-15 | 2000-08-29 | Yasufumi Mase | Method for authenticating authentication information, medium for authentication information input and authenticating device for authentication information |
-
2002
- 2002-12-25 JP JP2002375449A patent/JP3956130B2/en not_active Expired - Fee Related
-
2003
- 2003-12-18 US US10/739,817 patent/US7610489B2/en not_active Expired - Fee Related
-
2009
- 2009-08-19 US US12/543,784 patent/US20100077223A1/en not_active Abandoned
Patent Citations (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4964156A (en) * | 1988-07-25 | 1990-10-16 | Gte Mobilnet Incorporated | Cellular telephone unit capable of automatic interaction with audio services |
US6643784B1 (en) * | 1998-12-14 | 2003-11-04 | Entrust Technologies Limited | Password generation method and system |
US6671672B1 (en) * | 1999-03-30 | 2003-12-30 | Nuance Communications | Voice authentication system having cognitive recall mechanism for password verification |
US6731731B1 (en) * | 1999-07-30 | 2004-05-04 | Comsquare Co., Ltd. | Authentication method, authentication system and recording medium |
US6438230B1 (en) * | 1999-09-15 | 2002-08-20 | Coinstar, Inc. | Data mapping method and apparatus with multi-party capability |
US20010056400A1 (en) * | 2000-06-21 | 2001-12-27 | Nec Corporation | Data sale immediate settling method and prepaid card |
US7466806B2 (en) * | 2000-07-07 | 2008-12-16 | At&T Intellectual Property, I, L.P. | Pre-paid wireless interactive voice response system with variable announcements |
US6817519B2 (en) * | 2000-09-08 | 2004-11-16 | Pioneer Corporation | User authentication system and user authentication method |
US20020099663A1 (en) * | 2000-11-01 | 2002-07-25 | Kenji Yoshino | Content delivery system and content delivery method |
US7240339B2 (en) * | 2001-04-19 | 2007-07-03 | International Business Machines Corporation | Syntax checker with real-time feedback |
US20030070098A1 (en) * | 2001-05-10 | 2003-04-10 | Fujitsu Limited Kawasaki, Japan | Processing machine, method of administering processing machine, program and system |
US20030046541A1 (en) * | 2001-09-04 | 2003-03-06 | Martin Gerdes | Universal authentication mechanism |
US7188360B2 (en) * | 2001-09-04 | 2007-03-06 | Telefonaktiebolaget Lm Ericsson (Publ) | Universal authentication mechanism |
US20030093367A1 (en) * | 2001-11-15 | 2003-05-15 | First Data Corporation | Online incremental payment method |
US7451322B2 (en) * | 2002-03-05 | 2008-11-11 | Samsung Electronics Co., Ltd. | User authentication method using password |
US7006819B2 (en) * | 2002-05-08 | 2006-02-28 | General Motors Corporation | Method of programming a telematics unit using voice recognition |
US20040039906A1 (en) * | 2002-06-07 | 2004-02-26 | Makoto Oka | Access authorization management system, relay server, access authorization management method, and computer program |
US20040034766A1 (en) * | 2002-06-10 | 2004-02-19 | Ken Sakamura | Autonomous integrated-circuit card |
US20040044911A1 (en) * | 2002-06-26 | 2004-03-04 | Sony Corporation | Information terminal apparatus, information processing apparatus and information communication system |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9609001B2 (en) | 2007-02-02 | 2017-03-28 | Websense, Llc | System and method for adding context to prevent data leakage over a computer network |
US20090241196A1 (en) * | 2008-03-19 | 2009-09-24 | Websense, Inc. | Method and system for protection against information stealing software |
US9015842B2 (en) * | 2008-03-19 | 2015-04-21 | Websense, Inc. | Method and system for protection against information stealing software |
US9130986B2 (en) | 2008-03-19 | 2015-09-08 | Websense, Inc. | Method and system for protection against information stealing software |
US9455981B2 (en) | 2008-03-19 | 2016-09-27 | Forcepoint, LLC | Method and system for protection against information stealing software |
US9495539B2 (en) | 2008-03-19 | 2016-11-15 | Websense, Llc | Method and system for protection against information stealing software |
US20130067554A1 (en) * | 2010-05-11 | 2013-03-14 | Thomson Licensing | Methods, devices and computer program supports for password generation and verification |
US9384343B2 (en) * | 2010-05-11 | 2016-07-05 | Thomson Licensing | Methods, devices and computer program supports for password generation and verification |
US9094826B2 (en) | 2011-07-11 | 2015-07-28 | Ricoh Company, Limited | Wireless communication system and terminal-device authentication method in wireless communication system |
US9241259B2 (en) | 2012-11-30 | 2016-01-19 | Websense, Inc. | Method and apparatus for managing the transfer of sensitive information to mobile devices |
US10135783B2 (en) | 2012-11-30 | 2018-11-20 | Forcepoint Llc | Method and apparatus for maintaining network communication during email data transfer |
CN113343273A (en) * | 2021-06-30 | 2021-09-03 | 重庆渝高科技产业(集团)股份有限公司 | User login method, first server and computer readable storage medium |
Also Published As
Publication number | Publication date |
---|---|
JP2004206475A (en) | 2004-07-22 |
US7610489B2 (en) | 2009-10-27 |
US20040177280A1 (en) | 2004-09-09 |
JP3956130B2 (en) | 2007-08-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20100077223A1 (en) | Authentication device, authentication system, authentication method, program and recording medium | |
CN101345617B (en) | Safety authentication system and method | |
US6118872A (en) | Apparatus and method for controlling secret data by using positions of input image points on an image and a sequence of the positions | |
JP4733167B2 (en) | Information processing apparatus, information processing method, information processing program, and information processing system | |
EP2355443B1 (en) | Network authentication method and device for implementing the same | |
KR100331671B1 (en) | Personal device, terminal, server and methods for establishing a trustworthy connection between a user and a terminal | |
US8874910B2 (en) | Method for implementing encryption and device thereof | |
US20100242104A1 (en) | Methods and systems for secure authentication | |
US20090077640A1 (en) | System and method for validating user identification | |
US20120260325A1 (en) | Secure and Usable Protection of a Roamable Credentials Store | |
US11496462B2 (en) | Secure multifactor authentication with push authentication | |
US20160036805A1 (en) | Network authentication method and device for implementing the same | |
US20160253510A1 (en) | Method for security authentication and apparatus therefor | |
CN107111698B (en) | Authentication server device, storage medium, and authentication method | |
CN104137111A (en) | Information processing apparatus, information processing system, information processing method and computer program | |
JPWO2006018889A1 (en) | Terminal device, authentication device, encryption communication method, and certificate provision method | |
CN113491141A (en) | Techniques for call authentication | |
WO2006129383A1 (en) | Service providing system, service using device, template transmitter | |
JP2006302116A (en) | Authentication system, authentication server, terminal device, authentication method and program | |
JP2001236315A (en) | User authentication system, user, authentication support device, and storage medium stored with user authenticating program | |
US8843593B2 (en) | Information distribution system, information processing server, distribution server, communication apparatus, program and information distribution method | |
CN114510688A (en) | Equipment unlocking method and device, computer readable storage medium and electronic equipment | |
JP2007293538A (en) | User authentication method, user authentication device, and user authentication program | |
JP2002073859A (en) | Portable authentication device having managing function of electronic ticket | |
JP2022076134A (en) | Authentication device, authentication method and authentication program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |