1. Field of Invention
This invention relates to a user authentication method and system; and more particularly, to user authentication in the xe2x80x9cintranetxe2x80x9d or xe2x80x9cextranettxe2x80x9d. The invention may be used in a system that utilizes a one time password function and a storage medium, such as a floppy disk, as a physical key for authentication.
The term xe2x80x9cintranetxe2x80x9d as used herein is a system analogous to the internet, for example, constructed in a company, and xe2x80x9cextranetxe2x80x9d is a membership system intranet. Also, the term xe2x80x9cone time passwordxe2x80x9d as used herein means a password that varies with each use.
2. Description of the Prior Art
The following types of authentication systems are currently available in the art:
(1) Access function limitation in a web server. One of the functions of conventional web servers is the function of access limitation. This function has been used in systems where a user name and a password are inputted, such as in personal computer communication.
(2) Function of access limitation using cryptocards. The cryptocard is a type of electronic or smart card. If a user name is inputted, the host sends back an ID code. The prescribed computation is executed based on this ID code, and the code obtained as a result of the computation is transmitted to the host; which uses the code as the user authentication code.
There are many disadvantages and deficiencies with these prior art systems. For example, in the case of system (1), since the user name and password are inputted, it is possible for the user name and password to be stolen when passed through a transmission line. When stolen, it is very difficult to locate the source of the theft or the location of the destination of such theft. Also, if non-specific users are managed with this system, the resource provider may allow many non-specific users to access the user name and password. As another example, in the case of system (2), reliable security can be maintained by a challenge and response function (that is the user authentication code creation and notification of that code to the host). However, disadvantageously, such a system is expensive and the cryptocard itself is expensive, and furthermore the system is not economically effective for systems that do not require high grade security.
Accordingly, an object of the invention is to overcome the aforementioned and other disadvantages, problems, and deficiencies of the prior art.
Another object is to provide a user authentication method and system that can provide reliable security at low cost.
A further object is to provide such as system wherein a floppy disc is used as a storage medium, in place of the prior art use of cryptocards.
The foregoing and other features, advantages and objectives are attained in various aspects of the invention which encompasses a user authentication method and system, as set forth in greater detail hereinbelow.
A first aspect of the invention comprises a method using control equipment and an operating section connected to the control equipment and comprising the steps of
reading a storage medium that stores specific parameters and creating a user authentication code from the specific parameters and other parameters provided by the control equipment using a specific function on the operating section side;
sending the created user authentication code to the control equipment;
comparing the user authentication code sent from the operating section with another code computed using a specific function generated in the control equipment on the control equipment side; and
allowing the information to be inputted or outputted or otherwise interchanged between the control equipment and the operating section when both codes coincide as a result of the comparison.
According to a first configuration of the invention, information is inputted or outputted or otherwise interchanged between the control equipment and the operating section only when a user authentication code created in the operating section coincides with another code generated in the control equipment as a result of the comparison of the two codes. In this case, the user authentication code created in the operating section is prepared from a specific function using a storage medium storing specific parameters in advance, Consequently, reliable security is possible at low cost for users desiring access to the control equipment.
A floppy disk can be used as the storage medium, and the user name, last access client ID, last access date and time, sequential number and seed can be selected as the parameters to be record. With use of a floppy disk as the low cost storage medium, a low cost highly reliable authentication method and system are realized.
A second aspect of the invention encompases a user authentication system comprising control equipment; an operation system connected to the control equipment; means for reading a storage medium storing specific parameters and for creating in the operating section a user authentication code using a specific function from the specific parameters and from other parameters provided by the control equipment; an authentication manager means for generating a specific code based on parameters sent from the storage medium using a specific function; an authentication web server means for downloading an applet for authentication to a browser that accesses the server for authenticating a URL (home based address) with a key sent from the operating section; and means for displaying a targeted page in a display section by acquiring the targeted page from the linked web server, respectively, in the control equipment.
According to the second aspect, information is inputted or outputted or otherwise interchanged between the control equipment and operating section only when a user authentication code, created in the operating section, coincides with another code generated in the control equipment as a result of the comparison of the two codes. In this case, the user authentication code created in the operating section is prepared from a specific function using a storage medium which stores the specific parameters in advance. Consequently, reliable security is realized with use of a low cost storage medium when the user desires to access the control equipment.
As with the prior configuration, advantageously, a floppy disk can be used as the storage medium, and the user name, last access client ID, last access date and time, sequential number and seed can be selected as the parameters to be recorded.
A third aspect of the invention encompasses a method for use in an information transmission system comprising a host and at least one terminal connected thereto and comprising the following steps:
reading a storage medium in which are stored specific parameters at the at least one terminal;
creating a user authentication code from the specific parameters using a specific function at the at least one termnial;
sending the created user authentication code and user name to the host from the at least one terminal;
comparing the user authentication code sent from the at least one terminal with another code using a host generated specific function in the host; and
allowing the host to implement information transmission to the at least one terminal when the two codes coincide as a result of the comparision.
According to a third configuration of the invention, the information transmission is executed between the host and the at least one terminal only when the user authentication code created at the at least one terminal coincides with another code generated in the host as a result of the comparison of the two codes. In this case, the user authentication code created at the at least one terminal is prepared from a specific function using a storage medium which stores specific parameters in advance. Consequently, reliable security is maintained with a low cost storage medium when the user desires access to the host.
As with the previously discussed configuration, a floppy disk can be used as the storage medium and the user name, last access terminal ID, last access date and time sequential number and seed can be selected as the parameters to be recorded. Accordingly, for similar reasons, a low cost user authentication is realized having reliable security.
A fourth aspect of the invention encompasses an information transmission system comprising a host; at least one terminal connected to the host; means for reading a storage medium storing specific parameters and for creating a user authentication code from a specific function using the specific parameters in the at least one teminal; means for generating a user authentication code using a specific function based on parameters sent from the at least one terminal; and means for authenticating a user authentication code provided by the at least one terminal and for executing a specified user service when the two codes coincide as an authentication result.
According to a fourth configuration of the invention, information transmission is executed between the host and at least one terminal only when the user authentication code, created at the at least one terminal, coincides with another code generated in the host, as a result of the comparison of the two codes. In this case, the user authentication code created at the at least one terminal is prepared from a specific function using a storage medium which stores specific parameters in advance. Consequently, reliable security can be maintained using a low cost storage medium when the user desires to access the host. As with the other configurations, a floppy disk can be used as the storage medium and the user name, last access terminal ID, last access date and time, sequential number and seed can be selected as the parameters to be recorded.