09 - Scientific and electric apparatus and instruments
42 - Scientific, technological and industrial services, research and design
Goods & Services
Electronic book readers; smartphones; tablet computers;
application software for mobile telephones and personal
digital assistants; computer programs for advertising;
computer programs; computers; computer peripheral devices;
telecommunication machines and apparatus; game programs for
home video game machines; electronic circuits and CD-ROMs
recorded with programs for hand-held games with liquid
crystal displays; downloadable music files; downloadable
image files; electronic publications. Design, programming, development or maintenance of
application software; design, programming, development or
maintenance of computer programs; providing search engines
for the internet and providing information relating thereto;
providing computer programs enabling information
distribution via networks and providing information relating
thereto; design, programming or maintenance of computer
programs and providing information relating thereto; data
backup on computer systems; providing advice or information
relating to information processing by computers; consultancy
services in the field of computer system design or
programming; technological advice relating to use and
operation of computer programs enabling information
distribution via networks; technological advice relating to
computers, automobiles and industrial machines; rental of
web servers; rental of memory space on servers; hosting web
sites; rental of memory space on servers via communications
networks; rental of memory space on servers for electronic
bulletin boards; providing application software; rental of
computers and providing information relating thereto;
providing computer programs for advertising; providing
computer programs on data networks and providing information
or advice relating thereto; cloud computing; issuance,
distribution and management of digital certificates; online
user identity verification, certification and authentication
services to a third party; inspection, certification and
authentication for falsification of electronic information.
2.
NETWORK STORAGE FOR PROCESSING CRYPTOGRAPHIC FILES WHILE KEEPING PRIVATE KEY SECRET IN KEY TERMINAL
In a storage system (101), a key terminal (141) secretly records a primary private key included together with a primary public key in a primary key pair. An upload terminal (111) encrypts an object file into an encrypted file with a generated common key, encrypts the common key into a first cipher with the primary public key, and stores the encrypted file and the first cipher in a storage server (131). A download terminal (121) generates a temporary key pair including a temporary public key and a temporary private key, secretly records the temporary private key, transmits the temporary public key to the key terminal (141), and signs in to the storage server (131). Then, the key terminal (141) and the storage server (131) in cooperation with each other generate a second cipher acquired by encrypting the common key with the temporary public key while the common key is kept secret from the storage server (131), and transmit the second cipher to the download terminal (121). The download terminal (121) decrypts the shared key from the second cipher with the temporary private key, and decrypts, with the common key, the object file from the encrypted file acquired from the storage server (131).
Disclosed herein is a server, a service method, a program, and an information recording medium to enable a user to easily read an electronic mail, regardless of a determination result by a spam email filter. In a server, a receiver receives an electronic mail addressed to a user. A classifier classifies an the electronic mail into one of a plurality of classes including first and second classes. A first storer stores a first-class email classified into the first class in a mailbox for reading assigned to by the user. An acceptor accepts a permission instruction from the user. A setter sets a permission period including an instruction time when the permission instruction is accepted. An extractor extracts a permitted email received at a reception time within the set permission period from second-class emails classified into the second class. A second storer stores a notice email making a permitted email readable in the mailbox for reading.
The present invention relates to a file management system that makes it possible to transmit a file between a first information communication terminal device of a first user and a second information communication terminal device of a second user. The first information communication terminal device designates a file, a recipient-side user, and a file reception location, encrypts the file to generate an encrypted file, and sends the reception location to a file management server. The second information communication terminal device acquires the encrypted file, and sends position information acquired by a key terminal device of the second user to the file management server. The file management server determines position authentication on the basis of the reception location. If the position authentication is successful as a result of the determination, the second information communication terminal device decrypts the encrypted file to acquire the original file.
MANAGEMENT SERVER, TERMINAL, METHOD, PROGRAM, AND INFORMATION RECORDING MEDIUM FOR MANAGING ATTENDEE AND ATTENDANCE VERFIFIER IN MEETING BY USING MACHINE-RECOGNIZABLE CODE
The present invention manages an attendee and a verifier in a meeting to which a code has been assigned, thereby facilitating attendance verification. A management server (111) receives a request from a terminal (121) that has machine-recognized the code. If the terminal (121) is a verifier terminal, the management server (111) sets the meeting to be valid, and sets the meeting to be invalid when a prescribed period has elapsed. If the terminal (121) is not the verifier terminal and the meeting is set to be valid, the management server (111) registers the user of the terminal (121) as a meeting attendee. The management server (111) reports the registered attendee to the verifier or the manager of the meeting. If the terminal (121) is the verifier terminal, the management server (111) may record, as a hosting region, a region in a prescribed range including the position of the terminal (121). If the terminal (121) is not the verifier terminal, the meeting is set to be valid, and the position of the terminal (121) is outside the range of the meeting hosting region, then the management server (111) may not register the user of the terminal (121) as a meeting attendee.
A transaction system, a transaction method, and an information recording medium are disclosed herein. In an example, a system includes a first terminal, a second terminal, and a server. Both the first terminal and the second terminal are assigned to a same user name. When an application is started on the second terminal, the application notifies the server of a notification that the application is running on the second terminal and the application is ready to receive data from the server. The first terminal has a login password input by a user using the first terminal, and sends, to the server, a login request specifying the input login password. When the server has already been notified of the notification from the application and the login password specified in the login request is correct for the same user name, the server successfully authenticates the first terminal.
In a storage system (101) of the present invention, a key terminal (141) secretly records a primary private key included in a primary key pair along with a primary public key. An upload terminal (111) encrypts a target file into a cryptographic file with a generated common key, encrypts the common key into a first cipher with the primary public key, and stores the cryptographic file and the first cipher on a storage server (131). A download terminal (121) generates a temporary key pair including a temporary public key and a temporary private key, secretly records the temporary private key, transmits the temporary public key to the key terminal (141), and signs in to the storage server (131). Then, the key terminal (141) and the storage server (131) cooperate to generate a second cipher encrypting the common key with the temporary public key while keeping the common key secret from the storage server (131), and transmit same to the download terminal (121). The download terminal (121) decrypts a shared key from the second cipher with the temporary private key, and decrypts the target file with the common key from the cryptographic file acquired from the storage server (131).
The present invention makes it possible to easily browse an email desired by a user regardless of the determination result of a spam email filter. At a server (101), a reception unit (102) receives emails addressed to a user. A classification unit (103) classifies the emails into one of a plurality of classes including a first class and a second class. A first storage unit (104) stores first class emails classified into the first class in a browsing email box (111) assigned to the user. An acceptance unit (105) accepts an allowance instruction from the user. A setting unit (106) sets an allowance period including an instruction time at which the allowance instruction has been accepted. An extraction unit (107) extracts, from second class emails classified into the second class, an allowed email received at a reception time included in the set allowance period. A second storage unit (108) stores, in the browsing email box (111), an announcement email for making the allowed email browsable.
In a remote control system (101), a terminal (121) waits for an instruction to be transmitted from a mediation device (111) by a browser, a virtual desktop, or the like. A remote controller (131) sends, to the mediation device (111), identification information that identifies the terminal (121) to be controlled and a service to be received by that terminal (121). If the terminal (121) identified by the sent identification information is waiting, the mediation device (111) transmits, to the waiting terminal (121), an instruction specifying the service identified by the sent identification information. The waiting terminal (121) sends, to a server (171) related to the service specified in the transmitted instruction, a request related to the service specified in the transmitted instruction. Note that it is possible to configure such that the server (171) provides the service after performing a confirmation that the terminal (121) that sends the request is the terminal (121) to be controlled.
The safety is improved when executing a transaction instructed after the login from a user having carried out the login operation to the server. A transaction system (101) includes a server (121), a first terminal (141), and a second terminal (161). A user logs-in the server (121) through the first terminal (141). The server (121) generates a notice to be transmitted to the second terminal (161) when receiving an instruction of a transaction through the first terminal (141) from a user. The first terminal (141) or the second terminal (161) prompts the user to input a confirmation of details of the transaction when the notice is transmitted to the second terminal (161) from the server (121). The server (121) regards the confirmation of the transaction made by the user as having been made when the input of the user matches with the details of the transaction.
A management device calculates, from access information transmitted from a token terminal and a site seed assigned to a server, a user seed, and registers the user seed in the token terminal. The token terminal obtains a share seed, calculates a key code from the share seed and the user seed, and presents the key code to the user. When the user enters the key code to an access terminal, the access terminal transmits, to the server, a request having the key code specified. The server obtains access information relating to the transmitted request, calculates a checkup seed from the access information and the site seed assigned to the server, obtains a share seed independently from the token terminal, calculates a checkup code from the share seed and the checkup seed, and sets a necessary condition for sign-in that is consistent between the key code and the checkup code.
G06F 21/35 - User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
An authentication system prevents leakage of a key-reading speech during user authentication based on the key-reading speech of a user reading an authentication key. For each user ID, a storage stores a voiceprint of a user in association with a recorded sound including speech spoken previously by the user. A specifier specifies the user ID of a user attempting to receive authorization. An outputter outputs a masking sound that includes the recorded sound recorded in association with the specified user ID. An acquirer acquires a key-reading speech of the user reading the authentication key and the output masking sound. A remover acquires a second sound by removing the masking sound from the acquired first sound. A determiner determines whether the user has authority pertaining to the specified user ID based on the acquired second sound.
G10L 15/22 - Procedures used during a speech recognition process, e.g. man-machine dialog
G07C 9/00 - Individual registration on entry or exit
G10L 15/02 - Feature extraction for speech recognitionSelection of recognition unit
G10L 17/02 - Preprocessing operations, e.g. segment selectionPattern representation or modelling, e.g. based on linear discriminant analysis [LDA] or principal componentsFeature selection or extraction
13.
REMOTE CONTROL SYSTEM, REMOTE CONTROL METHOD, PROGRAM, AND INFORMATION RECORDING MEDIUM
The present invention is a remote control system (101), wherein a terminal (121) stands by for a command to be conveyed from a mediation device (111) by a browser, a virtual desktop client, etc. A remote controller (131) sends, to the mediation device (111), specification information that specifies a terminal (121) to be controlled and a service to be received by the terminal (121). When the terminal (121) specified by the sent specification information is standing by, the mediation device (111) conveys a command that designates the service specified by the sent specification information to the terminal (121) that is standing by. The terminal (121) that is standing by transmits a request pertaining to the service designated in the conveyed command to a server (171) pertaining to the service designated in the conveyed command. The server (171) can be configured so as to provide the service after confirming that the terminal (121) that has transmitted the request is the terminal (121) to be controlled.
A reminder terminal apparatus and authentication method are disclosed. An example authentication method includes creating a table having letter strings contained in elements respectively, where the letter strings are created at random. The method also includes creating a registration letter string using the table and registering or newly registering the registration letter string as a password for a user name of the user at a resource server. The example method further includes prompting the user to use the access terminal to extract second elements from the table in accordance with the selection sequence, arrange second letter strings contained in the extracted second elements to obtain an authentication letter string, and apply the obtained authentication letter string as a password for requesting a utilization of a resource of the resource server under the user name.
H04L 9/12 - Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
An authentication system prevents leakage of a key-reading speech during user authentication based on the key-reading speech of a user reading an authentication key. For each user ID, a storage stores a voiceprint of a user in association with a recorded sound including speech spoken previously by the user. A specifier specifies the user ID of a user attempting to receive authorization. An outputter outputs a masking sound that includes the recorded sound recorded in association with the specified user ID. An acquirer acquires a key-reading speech of the user reading the authentication key and the output masking sound. A remover acquires a second sound by removing the masking sound from the acquired first sound. A determiner determines whether the user has authority pertaining to the specified user ID based on the acquired second sound.
G10L 15/22 - Procedures used during a speech recognition process, e.g. man-machine dialog
G07C 9/00 - Individual registration on entry or exit
G10L 15/02 - Feature extraction for speech recognitionSelection of recognition unit
G10L 17/02 - Preprocessing operations, e.g. segment selectionPattern representation or modelling, e.g. based on linear discriminant analysis [LDA] or principal componentsFeature selection or extraction
16.
Authentication system, and information recording medium
A management device (181) calculates, from access information transmitted from a token terminal (121) and a site seed assigned to a server (161), a user seed, and registers the user seed in the token terminal (121). The token terminal (121) obtains a share seed to be shared with the server (161) independently therefrom, calculates a key code from the share seed and the user seed, and presents the key code to the user. When the user enters the key code to an access terminal (141), the access terminal (141) transmits, to the server (161), a request having the key code specified. The server (161) obtains access information relating to the transmitted request, calculates a checkup seed from the access information and the site seed assigned to the server (161), obtains a share seed independently from the token terminal (121), calculates a checkup code from the share seed and the checkup seed, and sets a necessary condition for sign-in that is consistent between the key code and the checkup code.
G06F 21/35 - User authentication involving the use of external additional devices, e.g. dongles or smart cards communicating wirelessly
G06F 21/36 - User authentication by graphic or iconic representation
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
In the present invention, a management device (181) calculates a user seed from access information transmitted from a token terminal (121) and a site seed allocated to a server (161), and registers the user seed in the token terminal (121). The token terminal (121) independently acquires, from the server, a shared seed shared with the server (161), calculates a key code from the shared seed and the user seed, and presents the key code to the user. When the user inputs the key code to an access terminal (141), the access terminal (141) transmits the request for which the key code is specified to the server (161). The server (161) acquires access information pertaining to the transmitted request, calculates a verification seed from the access information and the site seed allocated to the server (161), acquires a shared seed independent from the token terminal (121), calculates a verification code from the shared seed and the verification seed, and uses the matching of the key code and the verification code as a sign-in requirement.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
18.
User authentication method and system for implementing the same
There is proposed a user authentication method that uses a time-based password (TP) having a relatively long update cycle instead of a TOTP having a conventional short update cycle (e.g., 60 seconds). The present invention is a user authentication method executed by an authentication system that performs authentication of a user who performs access from an information communication terminal device in order to use a usage target system by using a reference terminal device that includes a security token capable of generating a TP. The authentication method includes setting an update cycle of the TP to a first update cycle of 30 days, 1 month, or a time period longer than 1 month, receiving a user authentication request that includes a time-based password generated by the security token according to the set first update cycle, and performing the authentication based on the TP contained in the received user authentication request.
A reminder terminal creates a table having random letter strings in elements. A user views the created table and registers, at a resource server, a password obtained by arranging first letter strings contained in first elements extracted from the viewed table in accordance with a selection sequence. The created table is stored at the reminder terminal. When the user accesses the resource server, the reminder terminal presents the stored table to the user and transmits information indicative that the stored table is presented. The user obtains a password for the resource server by arranging second letter strings contained in second elements extracted from the presented table in accordance with the selection sequence. Unless the information is received by a management server, the resource server does not permit the user to access contents of the resource server.
H04L 9/12 - Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A new user authentication method which prevents illicit access to a system includes an authentication system which authenticates a user. The authentication system includes a database which manages user account information including a token ID which identifies a security token; a synchronization server which generates token codes on the basis of the token ID; and an authentication server which carries out an authentication determination transmitted from the system, and transmits the result to the system subject to use. If a prior notification of an authentication request is received prior to receiving the user authentication request, the authentication server carries out the authentication determination using a first token code. Alternatively, if the user authentication request is received without prior notification of the authentication request being received, the authentication server carries out the authentication determination using the first token code and a second token code.
G06F 21/30 - Authentication, i.e. establishing the identity or authorisation of security principals
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
21.
USER CERTIFICATION METHOD AND SYSTEM FOR IMPLEMENTING USER CERTIFICATION METHOD
[Problem] To provide a user certification method in which a time-based password (TP) which has a comparatively long update period is used instead of a conventional time-synchronous one-time password (TOTP) which has a short update period (e.g., 60 seconds). [Solution] The present invention is a user certification method which is executed by a certification system which, using a referring terminal device which includes a security token which is capable of generating a TP, carries out a certification of a user who connects via an information communication terminal device in order to use a system to be used. The certification method comprises: setting the update period of the TP to a first update period which is 30 days or one month or longer; receiving a user certification request which includes the time-based password which has been generated by the security token according to the set first update period; and carrying out the certification on the basis of the TP which is included in the received user certification request.
The safety is improved when executing a transaction instructed after the login from a user having carried out the login operation to the server. A transaction system (101) includes a server (121), a first terminal (141), and a second terminal (161). A user logs-in the server (121) through the first terminal (141). The server (121) generates a notice to be transmitted to the second terminal (161) when receiving an instruction of a transaction through the first terminal (141) from a user. The first terminal (141) or the second terminal (161) prompts the user to input a confirmation of details of the transaction when the notice is transmitted to the second terminal (161) from the server (121). The server (121) regards the confirmation of the transaction made by the user as having been made when the input of the user matches with the details of the transaction.
Provided is an authentication system, wherein in a reminder terminal (121) a table generating unit (204) generates a table which stores a random character string in each element. A password registration unit (205) has a user view the table, and prompts the user to register a text string for registration with a resource server as a password, said text string for registration obtained by arranging the text strings which are stored in the elements which are extracted from the table in a selection order for the user. A storage unit (201) stores the table. A presentation unit (202) presents the table to the user by the instruction of the user, and prompts the user to use a text string for authentication as a password relating to a request to use the resources of the resource server, said text string for authentication obtained by arranging the text strings which are stored in the elements which are extracted from the table in the selection order for the user. It would also be permissible for a notification to be transmitted by a transmission unit (203) to the effect that the table has been presented to the user. With the destination of the notification set to a management server linked with the resource server, it is possible to place a condition on the use of the resource server that the table has been presented to the user.
In the present invention, a table corresponding to a resource server to which an access terminal has requested access is sent to a reminder terminal. The reminder terminal presents the received table to a user, and sends to the resource server a report stating that the presentation was made. As a result, the resource server sets a validity period that includes a point in time at which the report was received. The access terminal receives, in an input column included in a login form received from the resource server in response to the access request, a password for which arranged are elements extracted in a preassigned selection order from the table presented by the reminder terminal and sends the password to the resource server. Whereupon, the resource server determines whether to allow or deny the access request on the basis of the password, if the point in time at which the password is received is within the validity period.
G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
25.
USER AUTHENTICATION METHOD AND SYSTEM FOR IMPLEMENTING SAME
[Problem] To provide a new user authentication method which efficaciously prevents illicit access to a system. [Solution] The present invention is an authentication system which authenticates a user who uses a system subject to use, said authentication system comprising: a database which, for each user, manages user account information including a token ID which identifies a security token; a synchronization server which generates token codes on the basis of the token ID; and an authentication server which carries out an authentication determination with respect to a user authentication request which is transmitted from the system subject to use, and transmits the result of the authentication determination to the system subject to use. If a prior notification of an authentication request which an information communication terminal has transmitted in a state of being capable of communication is received prior to receiving the user authentication request, the authentication server carries out the authentication determination on the basis of a first token code, whereas, if the user authentication request is received without the prior notification of the authentication request being received, the authentication server carries out the authentication determination on the basis of the first token code and a second token code.
G06F 21/30 - Authentication, i.e. establishing the identity or authorisation of security principals
H04L 9/14 - Arrangements for secret or secure communicationsNetwork security protocols using a plurality of keys or algorithms
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
A transaction system (101) is provided with a server (121), a first terminal (141), and a second terminal (161). A user logs in to the server (121) via the first terminal (141) through successful first authentication. Upon reception of a transaction instruction from the user via the first terminal (141), the server (121) generates a notice to be transmitted to the second terminal (161). When the notice is transmitted from the server (121), the second terminal (161) attempts second authentication of the user. If the second authentication is successful, the second terminal (161) presents transaction details to the user. If the transaction is confirmed by the user presented with the transaction details, the server (121) executes the transaction.
[Problem] To improve safety during execution of a transaction according to an instruction, after a login, from a user who has logged in to a server. [Solution] A transaction system (101) is provided with a server (121), a first terminal (141), and a second terminal (161). A user logs in to the server (121) via the first terminal (141). Upon reception of a transaction instruction from the user via the first terminal (141), the server (121) produces a notice to be delivered to the second terminal (161). Upon delivery of the notice from the server (121), the first terminal (141) or the second terminal (161) prompts the user to provide an input for checking details of the transaction. If the input from the user matches the details of the transaction, the server (121) executes the transaction.
G06F 21/42 - User authentication using separate channels for security data
G06Q 20/10 - Payment architectures specially adapted for electronic funds transfer [EFT] systemsPayment architectures specially adapted for home banking systems
28.
User authentication method, system for implementing the same, and information communication terminal used in the same
[Problem] To provide a user authentication technology whereby hacking of a system by a third party is effectively prevented. [Solution] The present invention is a user authentication method and system, wherein: an information communication terminal allocates numerals, etc., which configure a token code which is generated by time synchronizing with an authentication system side to each cell which configures a user's password derivation pattern, and displays upon a user interface a personal identification table whereupon numerals, etc., are allocated which have been randomly generated with other cells; the user, with reference to the personal identification table, selects the numerals, etc., which are allocated to each cell which configures the user's password derivation pattern, and inputs same as a password; and the authentication system carries out an authentication determination upon the inputted password on the basis of the generated time synchronized token code.
H04L 29/06 - Communication control; Communication processing characterised by a protocol
G06F 16/955 - Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
G06F 21/34 - User authentication involving the use of external additional devices, e.g. dongles or smart cards
G06F 21/36 - User authentication by graphic or iconic representation
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 29/08 - Transmission control procedure, e.g. data link level control procedure
29.
USER AUTHENTICATION METHOD, SYSTEM FOR IMPLEMENTING SAME, AND INFORMATION COMMUNICATION TERMINAL WHEREUPON SAME IS EMPLOYED
[Problem] To provide a user authentication technology whereby hacking of a system by a third party is effectively prevented. [Solution] The present invention is a user authentication method and system, wherein: an information communication terminal allocates numerals, etc., which configure a token code which is generated by time synchronizing with an authentication system side to each cell which configures a user's password derivation pattern, and displays upon a user interface a personal identification table whereupon numerals, etc., are allocated which have been randomly generated with other cells; the user, with reference to the personal identification table, selects the numerals, etc., which are allocated to each cell which configures the user's password derivation pattern, and inputs same as a password; and the authentication system carries out an authentication determination upon the inputted password on the basis of the generated time synchronized token code.
A site check method is provided that enables a user to check, when the user accesses a predetermined site, whether the site is legitimate or not. The method includes a first display step in which, when the user accesses a first server managing the site from a first information terminal, the first server has the first information terminal display predetermined check information. The method further includes a second display step in which, when the user accesses a second server from a second information terminal, the second server has the second information terminal display the check information.
When a user makes a remote log-in to a server apparatus from a terminal apparatus, a password managing apparatus, which manages the name of a user of the server apparatus, his/her direct log-in password and transformation rule, displays an authentication purpose symbol sequence on a display apparatus. The user transforms the displayed sequence by his/her transformation rule and supplies, via the terminal apparatus, his/her user name and the post-transformation symbol sequence to the server apparatus, which then sends them to the password managing apparatus. If the result of applying the user's transformation rule to any authentication purpose symbol sequence generated in the past coincides with the post-transformation symbol sequence, the password managing apparatus sends the direct log-in password to the server apparatus to pass the remote log-in to the server apparatus by the terminal apparatus as a success.
