The present invention generally relates to systems and methods of detecting unauthorized use of identifiers, and more particularly to a system and a method which enable simple detection of unauthorized use of an identifier so as to improve the system security.
Communications using personal computers have become popular, and such communications are no longer limited to the computer industry but are also used at homes. For this reason, there are demands to improve the security of the system. The management of the identifiers (hereinafter simply referred to as IDs) which are required to allow access to the system is particularly important, and there are demands to prevent unauthorized use of the IDs and to effectively detect the unauthorized use of the IDs.
FIG. 1 shows an example of a conventional system for detecting unauthorized use of the ID. In FIG. 1, a personal terminal 2 is coupled to a communication center 1 via a public communication network 4 and a switching system 3. The personal terminal 2 is provided with a communication function and may be a personal computer, a word processor or the like. On the other hand, the communication center 1 includes an unauthorized use checking program 1A shown in FIG. 2, and a management table 1B having a format shown in FIG. 3.
The communication center 1 carries out a registration service in response to an access request from the personal terminal 2, and an ID and a password are stored in the management table 1B in the format shown in FIG. 3. The management table 1B stores the previous access date and time in addition to the ID and the password.
Accordingly, as shown in FIG. 2, a step 100 searches for an ID in the management table 1B which is identical to the ID input with the access request (hereinafter simply referred to as the access ID), and a step 102 decides whether or not the access ID matches an ID in the management table 1B. If the decision result in the step 101 is YES, a step 102 decides whether or not the password input with the access request (hereinafter simply referred to as the access password) matches the password stored in the management table 1B in correspondence with the above ID which matches the access ID.
If the decision result in the step 101 or 102 is NO, it is regarded that the user making the access request is a non-registered user or an unauthorized user, and a step 103 rejects the access request.
On the other hand, if the decision result in the step 102 is YES, a step 104 carries out the communication process.
Conventionally, when the access ends, the communication center 1 refers to a timer (not shown) and records the access date and time into the management table 1B within a memory (not shown). Thereafter, if the decision results in the steps 101 and 102 are both YES for a subsequent access request, the communication center 1 refers to the management table 1B and notifies the previous access date and time to the personal terminal 2.
Accordingly, when the authorized user makes an access to the communication center 1 from the personal terminal 2, it is possible to recognize whether or not an unauthorized use of this user's ID has been made by checking the previous access date and time which are received from the communication center 1 at the start of the communication process. However, the communication center 1 notifies the personal terminal 2 of only the previous access date and time. For this reason, there were problems in that it is impossible to specify the unauthorized user who has made the unauthorized access, and that the information supplied to the authorized user is insufficient to more completely check the unauthorized use of the ID.