This invention relates to CTI (computer telephony integration) and, particularly, to user authentication utilizing a CTI technique.
In the modern society, a technique for authenticating a person who has preliminarily been registered as a regular user (hereinafter called as a registered user) is used in various situations in the society. For example, such an authentication technique is utilized in the situations where a user makes access to information providing service on a communications network system or where an electronic lock set at an entrance of an office building is unlocked.
As the above-mentioned authentication technique, use has traditionally been made of a system in which each registered user is assigned with a fixed password. Upon authentication, a user of the system is required to input a password, which is then compared with the password which has already been registered. Only when the coincidence is detected between them, the user is allowed to use the system. Hereinafter, such a technique that the authentication is carried out by the use of the fixed password as a general rule will hereinafter be called a fixed password system. In the fixed password system, the registered user can easily be authenticated. However, it is difficult to create, as a password, a character string which can easily be memorized only by the registered user and which can not be guessed by a third person other than the registered person. It is also difficult to make all the registered users conduct perfect management of the password. Under the circumstances, it is highly probable that the fixed password system is invaded if repeatedly attacked as a target of a hacker.
In order to overcome the above-mentioned disadvantages of the fixed password system, a variety of techniques have been proposed.
For example, Japanese Unexamined Patent Publication (JP-A) H10-336345 discloses an authentication system which is used when a user""s information terminal is connected to an information provider on the communications network system. In this authentication system, the registered user is authenticated by the use of a caller""s telephone number peculiar to the user""s information terminal instead of the fixed password system. Therefore, it is possible to prevent the third person from making access to the information provider by using any device other than the information terminal which is registered.
However, restrictions have been imposed on the above-mentioned technique such that a terminal for use in authentication of the registered user should be the same as a terminal for use in receiving the service from the information provider. In other words, because the telephone number used by the information terminal of the registered user is registered, even the registered user can not be authenticated if he/she uses another information terminal connected with an unregistered telephone number.
The above-mentioned authentication system can be used in authentication of making access to the information provider on the communications network system. However, the system is not available to authentication of using an information processing device which can not be accessed from the user""s terminal. Specifically, no authentication can be executed by the above-mentioned system in case where the electronic lock of the building is unlocked or in case where a customer is authenticated at a cash dispenser in a bank.
Moreover, since the telephone number used by the information terminal is authenticated, it is not possible to separately authenticate individual users in case where a single information terminal is used by a plurality of users.
Beside the above-mentioned technique disclosed in JP-A H10-336345, a so-called one-time password system is known as a technique to solve the problem in the fixed password technique. In the fixed password system, the password is kept unchanged unless it is renewed by a system side or the registered user. On the other hand, in the one-time password system, a new password is used every time when the authentication is performed. Therefore, even if the password is leaked to the third person, it is possible to minimize a damage. As a conventional technique utilizing the one-time password system, the following techniques are known.
In the technique disclosed in JP-A H11-178022, use is made of a password generator which changes a generated password upon every authentication in synchronism with an authentication server. Upon requesting the authentication to the authentication server, the registered user transmits to the authentication server the password generated by the password generator together with an ID of the registered user himself/herself. As the authentication server is synchronized with the password generator, it is possible to generate a password corresponding to the ID at the time instant when the authentication is requested. Thus, the authentication server can authenticate the user by comparing the password received from the user and the password generated by the authentication server itself.
In the technique disclosed in JP-A H8-227397 or JP-A H11-161618, each individual registered user is assigned with a different coding rule. Each registered user is given a decoder which is operable in accordance with the coding rule assigned to him/her. When the ID is transmitted from the user, the authentication server randomly generates a password, encodes the password in accordance with the coding rule assigned to the user of the ID, and thereafter sends the encoded result to the user. Upon reception of the encoded result, the user decodes the password by the use of his/her decoder and sends the decoded result back to the authentication server. The authentication server authenticates the user by comparing the password generated by itself and the data sent back from the user.
In the above-mentioned conventional techniques utilizing the one-time password system, it is necessary to prepare for every registered user private hardware or a set of private software and hardware which can execute the software. The private hardware or the private software is often expensive. As the hardware necessary to execute the private software, a mobile information apparatus or a notebook type personal computer can be used. However, these apparatuses are not low in price and not available to everybody, although they are increasingly and widely spread. Therefore, the cost problem arises also in this case. Moreover, the use of the private hardware urges the user to carry the apparatus which is required only for the authentication. This will spoil the convenience.
The object of the present invention is to provide an authentication technique using a new one-time password system which solves the problems in the fixed password system and the technique disclosed in JP-A H11-336345 as well as the problems in the conventional one-time password system disclosed in JP-A H11-178022, JP-A H8-227397, and H11-161618. More particularly, the present invention has the following objects to be solved:
Private hardware or software exclusively for authentication and liable to be expensive is not necessary.
A terminal for authentication and a terminal used for reception of service need not be the same.
Use is also possible in authentication at an information processing device, such as an electronic lock for locking a building and an automatic cash dispenser, which can not be accessed from a user""s terminal.
Individual users can be separately authenticated even if the same terminal is used by a plurality of users.
In order to solve the above-mentioned problems, the present invention provides a user authentication method, a user authentication system, and a recording medium with a user authentication program recorded therein.
(1) User Authentication Method
A user authentication method provided by the present invention is a method of authenticating a preliminarily registered user by a device for providing service (hereinafter referred to as a service provider) and is characterized by the steps: (1) a telephone number of a telephone of the user is registered prior to the authentication, (2) the user calls a CTI (computer telephony integration) server by using the telephone thus registered, (3) the CTI server authenticates the user with reference to the telephone number received, (4) the CTI server or another information processing device operable in cooperation with the CTI server generates a password, (5) the password thus generated is transmitted to both the user and the service provider, (6) the user inputs the password which he/she has received by a device (hereinafter referred to as a service access authentication device) for authenticating the access to the service provider, (7) the service access authentication device compares the password received in the step (5) and the password inputted in the step (6) and, upon coincidence between both passwords, allows the user to access to the service provider, and (8) the password which has been used for the authentication is invalidated. It is noted that the service provider mentioned herein is a device for directly providing service to the user, for example, a WEB server, an electronic lock, an automatic financing device such as an automatic cash dispenser, and the like. The service access authentication device is a device for authenticating the user who desires to be given the service, for example, an authentication server and the like.
In the above-mentioned user authentication method, the password may be invalidated, even if the user has not yet been authenticated by the use of the password, in case where a predetermined time period has lapsed after the password is generated. In this manner, the safety of the authentication can be guaranteed even in case where the user for some reasons has lost or forgotten the password and left the password untouched without being authenticated.
It is especially preferable that the telephone whose telephone number is registered in the step (1) is a portable mobile communication terminal. Herein, the portable mobile communication terminal means a portable telephone such as a so-called cellular phone or a PHS (personal handy phone system) terminal. In the present invention, the portable mobile communication terminal is used as a device which is analogous to the conventional password generator. Since the portable mobile communication terminal has already been wide spread, this invention is not only advantageous in view of the cost but also has a merit that the user need not carry a password generator exclusively for the purpose of the authentication, as compared with the case where such special password generator is used.
The destination of the password to be transmitted to the user in the step (5) and a data format thereof may be determined by the user. In the present invention, a method of notifying the password to the user can be selected from a plurality of methods and such method may be determined depending on the type of notifying means supported by the system or the convenience of the user. For example, the password may be transmitted by the following methods.
The password is transmitted and informed as character data to a pager having a preliminarily registered telephone number.
The password is transmitted as image data to a facsimile apparatus having a preliminarily registered telephone number.
The password is transmitted as a speech produced by a speech synthesizer to the telephone which is registered in the step (1). In this case, after the authentication is carried out with reference to the caller""s phone number in the step (3), the line between the telephone and the CTI server is maintained to transmit the speech to the telephone.
The telephone which is registered in the step (1) comprises image display means. The password transmitted to the user in the step (5) is transmitted as character data to the telephone which is registered in the step (1). Because most of the recent telephones and the portable mobile communication terminals are provided with the image display means, the password can be visually and easily be confirmed.
The password is transmitted as an electronic mail to a mail address specified by the user. This is proposed taking into consideration the spread of the portable information terminals and notebook type personal computers. In the electronic mail through the Internet, it is difficult to keep complete secrecy of its content. In the present invention, however, the validity term of the password can be set as short as possible so that no substantial problem arises even if the password is leaked. Thus, no substantial influence is given to the security of the system.
The password is transmitted as binary data. In this case, the user is required to have a program corresponding to the binary data. However, any person who has obtained the binary data by some method can not directly see the content of the data. Therefore, the security of the system can further be improved.
The telephone registered in the step (1) comprises radio communication means and the input of the password to the service access authentication system in the step (6) is carried out via the radio communication means. In this case, the user need not manually input the password and therefore the operation by the user will be more facilitated. Moreover, since no manual input is carried out, the probability of occurrence of input errors is decreased.
(2) User Authentication System
According to the present invention, there is provided a user authentication system which comprises one or a plurality of information processing devices operable in cooperation through mutual data communication and a telephone assigned to each user, and which is wherein any one of the information processing devices includes line connection means to be connected to a telephone through a telephone line, caller""s number identifying means for identifying a caller""s telephone number of a call received at the line connection means, a first recording medium for storing, as user information associated with each user, information relating to each user and including a telephone number of the telephone assigned to the user, telephone number searching means for searching, by referring to the first recording medium, the telephone numbers given to the telephones assigned to the respective users and contained in the user information to find whether or not the telephone number identified by the caller""s number identifying means is present, password generating means for generating a password, a second recording medium for storing the password generated by the password generating means in association with the user information stored in the first recording medium, password notifying means for notifying the password to an appropriate destination by referring to, as a destination, the telephone number searched by the telephone number searching means or the user information associated with the telephone number, password input means for receiving an input password inputted by the user, authentication means for comparing the password stored in the second recording medium and the input password supplied through the password input means and authenticating the user upon coincidence between both passwords, and means for deleting from the second recording medium or invalidating a particular password which satisfies a predetermined condition.
In the above-mentioned user authentication system, it is especially preferable that the telephone assigned to each user is a portable mobile communication terminal.
For example, following means may be used as the password notifying means. A plurality of kinds of the following notifying means may be included.
Any one of the information processing devices further comprises speech synthesizing means for synthesizing a speech corresponding to the password generated by the password generating means. The password notifying means transmits the speech synthesized by the speech synthesizing means through the telephone line.
Any one of the information processing devices further comprises facsimile image data generating means for generating facsimile image data corresponding to the password generated by the password generating means. The password notifying means transmits the facsimile image data generated by the facsimile image data generating means through the telephone line.
Any one of the information processing devices further comprises pager data generating means for generating data for a pager to display the password generated by the password generating means. The password notifying means transmits the data generated by the pager data generating means through the telephone line.
Any one of the information processing devices further comprises electronic mail generating means for generating an electronic mail indicating the password generated by the password generating means and means for establishing connection to the Internet. The password notifying means transmits the electronic mail generated by the electronic mail generating means through the Internet.
The condition for deleting or invalidating the password is, for example, the case where a predetermined time period has lapsed after the password is generated by the password generating means, the case where a preselected time period has lapsed after the latest authentication was carried out by the use of the password, or the case where the password has been used for authentication a predetermined number of times. As a general rule, the password can not be used again if it is used once for authentication after generation. In addition, the password may be deleted or invalidated under the conditions mentioned above by considering and comparing the convenience of the user and the security of the system.
The above-mentioned user authentication system is applicable to all systems for authenticating a person and, for example, is usable for authentication in the following cases.
The authentication means authenticates the access to contents on the network.
The authentication means is connected to a device for controlling an electronic lock and allows the electronic lock to be unlocked.
The authentication means authenticates the user of an automatic financing device.
(3) Recording Medium with a User Authentication Program Recorded Therein
According to the present invention, there is provided a recording medium with a user authentication program recorded therein, the recording medium being a machine-readable recording medium storing the program to be executed by one or a plurality of information processing devices and operable in cooperation through mutual data communication, wherein the recording medium stores the user authentication program for making the information processing device execute an operation of generating a first table storing, as user information associated with each user, information relating to each user and including a telephone number of a telephone assigned to the user, a caller""s number identifying operation of identifying a caller""s telephone number of a call received through a telephone line, a telephone number searching operation of searching, by referring to the first table, the telephone numbers given to the telephones assigned to the respective users and contained in the user information to find the telephone number identified by the caller""s number identifying operation, a password generating operation of generating a password, an operation of generating a second table storing the password generated by the password generating operation in association with the user information stored in the first table, a password notifying operation of notifying the password to an appropriate destination by referring to, as a destination, the telephone number found by the telephone number searching operation or the user information associated with the telephone number, a password input operation of receiving an input password inputted by the user, an authenticating operation of comparing the password stored in the second table and the input password supplied by the password input operation and authenticating the user upon coincidence between both passwords, and an operation of deleting from the second table or invalidating a particular password which satisfies a predetermined condition.
For example, following operations may be used as the password notifying operation:
The user authentication program further includes a speech synthesizing operation of synthesizing a speech corresponding to the password generated by the password generating operation. The password notifying operation makes the information processing device execute an operation of transmitting the speech synthesized by the speech synthesizing operation through the telephone line.
The user authentication program further includes a facsimile image data generating operation of generating facsimile image data corresponding to the password generated by the password generating operation. The password notifying operation makes the information processing device execute an operation of transmitting the facsimile image data generated by the facsimile image data generating operation through the telephone line.
The user authentication program further includes a pager data generating operation of generating data for a pager to display the password generated by the password generating operation. The password notifying operation makes the information processing device execute an operation of transmitting the data generated by the pager data generating operation through the telephone line.
The user authentication program further includes an electronic mail generating operation of generating an electronic mail indicating the password generated by the password generating operation and an operation of establishing connection to the Internet. The password notifying operation makes the information processing device execute an operation of transmitting the electronic mail generated by the electronic mail generating operation through the Internet.
The condition for deleting or invalidating the password is, for example, the case where a predetermined time period has lapsed after the password is generated by the password generating means, the case where a preselected time period has lapsed after the latest authentication was carried out by the use of the password, or the case where the password has been used for authentication a predetermined number of times. As a general rule, the password can not be used again if it is used once for authentication after generation. In addition, the password may be deleted or invalidated under the conditions mentioned above by considering and comparing the convenience of the user and the security of the system.
The program recorded in the above-mentioned recording medium is applicable to all systems for authenticating a person and, for example, is usable for authentication in the following cases.
To make the information processing device execute an operation of authenticating the access to contents on the network.
To make the information processing device execute an operation of allowing an electronic lock to be unlocked.
To make the information processing device execute an operation of authenticating the user of an automatic financing device.