1. Field of the Invention
The invention relates to a method of authenticating a user and a system of authenticating a user both to be used for a portable data-communication terminal.
2. Description of the Related Art
When a conventional data-communication terminal is to log in to a host computer, the host computer usually requests the data-communication terminal to transmit an account name used for identifying a user and a pass word used for authenticating a user, as data for judging whether log-in is allowed.
Such data-communication terminals have been suggested in Japanese Unexamined Patent Publications Nos. 4-233341 and 9-187081.
FIG. 1 is a block diagram of one of conventional data-communication terminals which log in to a host computer.
When a data-communication terminal 20 logs in to a host computer 30, a user inputs a request for log-in to the data-communication terminal 20 through an input section 320. When a request for log-in is input through the input section 320, an access controller 210 of the data-communication terminal 20 transmits a request for communication to the host computer 30 through a communication controller 310.
When requested to show an account name and a password from the host computer 30, the access controller 210 informs a user of such a request through a display screen 220 of the data-communication terminal 20. A user informed of such a request inputs an account name and a password as log-in data 40 through the input section 320. The thus input log-in data 40 is transmitted to the host computer 30, and log-in of the data-communication terminal 20 to the host computer 30 is carried out, for instance, when the pass word as log-in data is coincident with a pass word stored in the host computer 30.
Though an input of log-in data was carried out in a user""s office in a conventional non-portable data-communication terminal, as a portable data-communication terminal has been widely used, an input of log-in data is often carried out outside a user""s office. However, in accordance with the conventional method as illustrated in FIG. 1, an input of log-in data may be furtively looked at by a third party.
In addition, a data-communication terminal designed to be portable would have much possibility of being stolen or lost, which was not found in the conventional non-portable data-communication terminal.
In view of the above-mentioned problems of the conventional data-communication terminal, it is an object of the present invention to provide a method of authenticating a user and a system of doing the same both of which are capable of preventing a third party from using a portable data-communication terminal without user""s permission.
In one aspect, there is provided a method of authenticating a portable data-communication terminal user in a system including a portable data-communication terminal and a device for authenticating a user both including a transceiver for making radio-communication to each other, the method including the steps of (a) transmitting and receiving user-authentication data between the portable data-communication terminal and the user-authenticating device to thereby carry out check as to whether the portable data-communication terminal is far away from the user-authenticating device by a distance equal to or smaller than a first distance within which the transceiver can make radio-communication between the portable data-communication terminal and the user-authenticating device, and (b) allowing the portable data-communication terminal to carry out a predetermined operation only when the portable data-communication terminal is authenticated to be located within the first distance from the user-authenticating device.
It is preferable that the user-authentication data is code data inherent to a user, and that the check is carried out by checking whether user-authentication data of the portable data-communication terminal is coincident with user-authentication data of the user-authenticating device.
It is preferable that the portable data-communication terminal has a function of logging in a host device by transmitting log-in data to the host device, and whether log-in of the portable data-communication terminal to the host device is allowed is determined in accordance with a result of the check.
It is preferable that the log-in data is stored in advance in a memory equipped in the portable data-communication terminal, and the log-in data is read out of the memory, and transmitted to the host device.
For instance, the log-in data may be comprised of first data including an account, used for identifying a user, and second data including a password, used for authenticating a user.
It is preferable that the check is carried out only when a predetermined request is input into the portable data-communication terminal.
It is preferable that after the check has been carried out once, the check is repeatedly carried out in a fixed interval.
It is preferable that the portable data-communication terminal transmits an authentication requesting signal including data about random number to the user-authenticating device, the user-authenticating device receiving the authenticating requesting signal produces a response signal including the data about random number and authentication data stored in the user-authenticating device, and transmits the thus produced response signal to the portable data-communication terminal, and the portable data-communication terminal receiving the response signal extracts the authentication data from the response signal, and compares the thus extracted authentication data with authentication data stored in the portable data-communication terminal.
In another aspect of the present invention, there is provided a system for authenticating a user, including (a) a portable terminal which makes data-communication including a memory to store authentication data of itself therein, and a radio-transceiver to make radio-communication for transmitting and receiving the authentication data, and (b) a device which authenticates a user including a memory to store authentication data of itself therein, and a radio-transceiver to make radio-communication for transmitting and receiving the authentication data, the portable data-communication terminal and the user-authenticating device transmitting and receiving the authentication data therebetween to thereby carry out check as to whether the portable data-communication terminal is far away from the user-authenticating device by a distance equal to or smaller than a first distance within which the radio-transceivers can make radio-communication between the portable data-communication terminal and the user-authenticating device, the portable data-communication terminal being allowed to carry out a predetermined operation only when the portable data-communication terminal is authenticated to be located within the first distance from the user-authenticating device.
It is preferable that the user-authenticating device includes a radio-transmitter to transmit authentication data of itself to the portable data-communication terminal in radio, and that the portable data-communication terminal includes a radio-receiver to receive the authentication data transmitted from the user-authenticating device, and a comparator to compare the thus received authentication data to authentication data of the portable data-communication terminal.
It is preferable that the portable data-communication terminal includes a radio-transmitter to transmit a request for authentication to the user-authenticating device in radio, and that the user-authenticating device includes a radio-receiver to receive the request transmitted from the portable data-communication terminal.
It is preferable that the portable data-communication terminal includes a timer which monitors whether authentication data is received from the user-authenticating device within a predetermined period of time after the request has been transmitted to the user-authenticating device.
It is preferable that the portable data-communication terminal has a function of logging in a host device by transmitting log-in data to the host device, and includes a memory storing the log-in data therein, and an access controller transmitting the log-in data to the host device.
It is preferable that the portable data-communication terminal includes (a) a random number generator, (b) a comparative data producer which produces comparative data, based on the authentication data received from the memory and a random number transmitted from the random number, and transmits the thus produced comparative data to the comparator.
It is preferable that the portable data-communication terminal includes a second timer measuring a certain period of time after the portable data-communication terminal has been allowed to log in to the host device, the check being carried out in every the certain period of time. For instance, the certain period of time may be variable.
It is preferable that the radio-transmitter of the user-authentication device transmits a variable output for making radio-communication with the portable data-communication terminal.
It is preferable that the radio-transmitter of the portable data-communication terminal transmits a variable output for making radio-communication with the user-authentication device.
In the above-mentioned present invention, the portable data-communication terminal and the user-authenticating device are used as a pair, and include means for making radio-communication to each other, that is, a transceiver. The portable data-communication terminal and the user-authenticating device store authentication data therein, and it is checked whether the portable data-communication terminal and the user-authenticating device are located within a distance within which the transceivers can make radio-communication between the portable data-communication terminal and the user-authenticating device, by transmitting and receiving the authentication data between the portable data-communication terminal and the user-authenticating device.
Only when it is recognized that the portable data-communication terminal and the user-authenticating device are located within the above-mentioned distance, the portable data-communication terminal is allowed to carry out a predetermined operation, for instance, an operation of logging in to a host computer.
When it is not recognized that the portable data-communication terminal and the user-authenticating device are located within the above-mentioned distance, it is judged that the portable data-communication terminal may be illegally used by a third party far from the user-authenticating device, and as a result, the portable data-communication terminal is prohibited to carry out any operation. Hence, it is possible to prevent a third party from using the portable data-communication terminal without user""s permission.
The above and other objects and advantageous features of the present invention will be made apparent from the following description made with reference to the accompanying drawings, in which like reference characters designate the same or similar parts throughout the drawings.