Authentication device, authentication system, and authentication method
The dual-channel authentication system addresses the burden of manual registration by using internet and telephone lines to verify website legitimacy, preventing access to fake sites by displaying a security code only upon successful authentication.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- NTT INNOVATIVE DEVICES CORP
- Filing Date
- 2024-12-25
- Publication Date
- 2026-07-07
AI Technical Summary
Existing authentication systems require users to manually register authentication information for all legitimate websites, which can be burdensome and prone to errors due to URL changes, leading to potential access issues and vulnerability to phishing websites.
An authentication system utilizing dual communication channels, where a user ID is transmitted via an internet line and a client ID and security code via a telephone line, with the server authenticating both and displaying the security code on the client device if successful, thereby verifying the legitimacy of the website.
This approach effectively prevents users from accessing fake websites by ensuring the security code is only displayed if the authentication is successful, deterring access to phishing sites and protecting user information.
Smart Images

Figure 2026112993000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to an authentication device, an authentication system, and an authentication method.
Background Art
[0002] There are phishing websites on the Internet that imitate legitimate websites, and cases have been reported where malicious parties attempt to defraud personal information and money from users who access these phishing websites. One example is as follows.
[0003] A malicious party sends spam emails to users. A user who views the spam email misrecognizes that it is necessary to access the website that provides the service the user is using based on the content described in the spam email, and is made to access a phishing website from the URL described in the spam email. The phishing website is created to imitate the screen interface of the legitimate website, and the user enters the ID and password for accessing the legitimate website on the login screen of the phishing website. The malicious party fraudulently obtains the ID and password for accessing the legitimate website that the user entered on the phishing website.
[0004] Patent Document 1 describes a technique for suppressing access to such phishing websites.
Prior Art Documents
Patent Documents
[0005]
Patent Document 1
Summary of the Invention
Problems to be Solved by the Invention
[0006] In Patent Document 1, users pre-store authentication information such as URL, ID, and password on their computer terminal for each legitimate site they access. When a user attempts to access a fake site (fake server) that mimics a legitimate site (legitimate server), the computer terminal determines that it is a fake site because the authentication information for the fake site is not stored, and issues a warning.
[0007] However, in Patent Document 1, users must manually register the authentication information for all legitimate websites they wish to access in advance on their computer terminal, and if any registration is missing, they will be unable to access even legitimate websites. Furthermore, since the URLs of legitimate websites may change from time to time, users need to keep their authentication information for legitimate websites up to date.
[0008] Thus, Patent Document 1 has the problem of imposing a burden on users when accessing websites on the internet.
[0009] This invention has been made in view of the above-mentioned problems, and aims to provide a technology that can easily deter access to fake websites. [Means for solving the problem]
[0010] To achieve the above objective, an authentication device according to one aspect of the present invention comprises: a first communication unit that receives a user ID transmitted from a client device via a first communication line; a second communication unit that receives a client ID and a security code transmitted from the client device via a second communication line; and an authentication unit that authenticates the user ID and the client ID. If the authentication is successful, the authentication unit transmits the security code to the client device via the first communication unit and the first communication line, causing the client device to display the security code.
[0011] One aspect of the present invention is an authentication system comprising an authentication device and a client device, wherein the authentication device includes a first communication unit that receives a user ID transmitted from the client device via a first communication line, a second communication unit that receives a client ID and a security code transmitted from the client device via a second communication line, and an authentication unit that authenticates the user ID and the client ID, and if the authentication is successful, the authentication unit transmits the security code to the client device via the first communication unit and the first communication line, causing the client device to display the security code, and the client device includes a third communication unit that transmits the user ID to the authentication device via the first communication line, and a fourth communication unit that transmits the client ID and the security code to the authentication device via the second communication line.
[0012] One aspect of the present invention is an authentication method performed by an authentication device, the device receiving a user ID transmitted from a client device via a first communication line, receiving a client ID and a security code transmitted from the client device via a second communication line, authenticating the user ID and the client ID, and if the authentication is successful, transmitting the security code to the client device via the first communication line, causing the client device to display the security code. [Effects of the Invention]
[0013] According to the present invention, it is possible to provide a technology that can easily prevent access to legitimate websites. [Brief explanation of the drawing]
[0014] [Figure 1] Figure 1 shows an example of the configuration of the authentication system according to the first embodiment. [Figure 2] Figure 2 shows an example of client information. [Figure 3] Figure 3 is a sequence diagram showing the authentication process. [Figure 4]FIG. 4 is a diagram showing an example of screen transition of a computer terminal. [Figure 5] FIG. 5 is a diagram showing an example of screen transition of a telephone terminal. [Figure 6] FIG. 6 is a diagram showing an example of an electronic claim form of a modification of the first embodiment. [Figure 7] FIG. 7 is an example of a hardware configuration.
Mode for Carrying Out the Invention
[0015] Hereinafter, embodiments of the present invention will be described with reference to the drawings. The same components in the plurality of drawings are denoted by the same reference numerals, and the description thereof will not be repeated.
[0016] <First Embodiment> (System Configuration) FIG. 1 is a configuration diagram of an authentication system according to the first embodiment. The illustrated system includes a server device 1 and a client device 2.
[0017] The server device 1 (authentication device) of the present embodiment is a service providing device that provides a predetermined service to the client device 2. Specifically, the server device 1 is a regular server that provides a regular website (regular site). The client device 2 is a device used by a user (user) who uses the service provided by the server device 1.
[0018] The server device 1 and the client device 2 are connected so as to be connectable via a first communication line and a second communication line. The first communication line and the second communication line are different types of communication lines. The first communication line is, for example, an Internet line that communicates by the TCP / IP protocol, and the second communication line may be, for example, a telephone line capable of transmitting and receiving SMS (Short Message Service) messages.
[0019] In the present embodiment, the first communication line is the Internet (Internet line) and the second communication line is the telephone line, and the following description will be made.
[0020] The server device 1 authenticates using, for example, the authentication information transmitted from the client device 2 via the first communication line, and when the authentication is successful, provides a service to the client device 2.
[0021] The illustrated server device 1 includes a first communication unit 11, a second communication unit 12, an authentication unit 13, a storage unit 14, and a service providing unit 15 (application).
[0022] The first communication unit 11 communicates with the third communication unit 31 of the client device 2 via the first communication line. Specifically, the first communication unit 11 receives the user ID transmitted from the client device 2 via the first communication line.
[0023] The second communication unit 12 communicates with the fourth communication unit 41 of the client device 2 via the second communication line. Specifically, the second communication unit 12 receives the client ID and the security code transmitted from the client device 2 via the second communication line.
[0024] The authentication unit 13 authenticates the client device 2 (user) accessing the server device 1. Specifically, the authentication unit 13 authenticates the user ID and the client ID transmitted from the client device 2. When the authentication is successful, the authentication unit 13 transmits the security code to the client device 2 via the first communication unit 11 and the first communication line, and causes the client device 2 to display the security code. The authentication unit 13 acquires the user ID corresponding to the client ID transmitted via the second communication line from the storage unit 14, and may determine that the authentication is successful if the acquired user ID matches the user ID received via the first communication line. The authentication unit 13 may authenticate the password transmitted from the client device 2 after receiving the approval response of the security code from the client device 2.
[0025] In the storage unit 14, client information including the user ID and the client ID is stored for each user (each client device). The storage unit 14 may store a password for each user.
[0026] Figure 2 shows an example of client information stored in the storage unit 14. The client information shown includes a user ID (user identifier), password, and client ID (client identifier) associated with each user. Users registered in the client information are those who can use the services provided by the server device 1 using the client device 2.
[0027] The user ID and password are used by server device 1 for password authentication to identify the user. Generally, the user ID and password consist of a string containing multiple letters, numbers, and symbols.
[0028] The client ID is a communication identifier individually assigned to the fourth communication unit 41 of the client device 2 in order to use the second communication line. For example, if the second communication line is a telephone line, the telephone number may be used as the client ID. If the second communication line is an internet line, the IP address may be used as the client ID. Note that the client information does not include the security code described later.
[0029] The service provision unit 15 provides services to the client device 2. The services provided by the service provision unit 15 can be any services that can be provided via the network.
[0030] Client device 2 is a device that uses the services provided by server device 1. The client device 2 shown in Figure 1 includes a computer terminal 3 and a telephone terminal 4. However, client device 2 may also be a single device (for example, a smartphone) that integrates the functions of both the computer terminal 3 and the telephone terminal 4.
[0031] Computer terminal 3 is a device capable of communicating with server device 1 via a first communication line (in this case, the internet). For example, a personal computer (PC) can be used as computer terminal 3. The computer terminal 3 shown in the figure comprises a third communication unit 31, a first control unit 32, a first display unit 33 (output device), and a first input unit 34 (input device).
[0032] The third communication unit 31 communicates with the first communication unit 11 of the server device 1 via the first communication line. Specifically, the third communication unit 31 transmits a user ID to the server device 1 via the first communication line. The first control unit 32 controls the third communication unit 31, the first display unit 33, and the first input unit 34, and also controls the signals or data they communicate. For example, the first control unit 32 displays the security code that the server device 1 has sent back via the first communication line on the first display unit 33.
[0033] The first display unit 33 can be used as an output device such as a display. The first input unit 34 can be used as an input device such as a keyboard or touch panel.
[0034] The telephone terminal 4 is a device capable of communicating with the server device 1 via a second communication line (in this case, a telephone line). The telephone terminal 4 is not limited to SMS messages; any terminal capable of sending and receiving strings of text via the second communication line can be used, for example, a mobile phone terminal such as a smartphone. The illustrated telephone terminal 4 comprises a fourth communication unit 41, a second control unit 42, a second display unit 43, and a second input unit 44.
[0035] The fourth communication unit 41 communicates with the second communication unit 12 of the server device 1 via the second communication line. Specifically, the fourth communication unit 41 transmits the client ID and security code to the server device 1 via the second communication line. The fourth communication unit 41 may transmit the client ID and security code using, for example, an SMS service.
[0036] The second control unit 42 controls the fourth communication unit 41, the second display unit 43, and the second input unit 44, and also controls the signals or data they communicate with. For example, the second control unit 42 transmits a security code entered by the user by operating the second input unit 44 to the server device 1 via the second communication line using the fourth communication unit 41. The second display unit 43 can be an output device such as a display. The second input unit 44 can be an input device such as a keyboard or touch panel.
[0037] The security code is used to determine whether the server device 1 that the user is trying to use is the legitimate server device 1. The security code can be any string of any length (letters, numbers, symbols). The user enters the security code using the second input unit 44.
[0038] The client device 2 shown in Figure 1 includes display units 33 and 43 (displays, etc.) and input units 34 and 44 (keyboards, etc.), but the display units 33 and 43 and / or input units 34 and 44 are not required. The client device 2 may also use an external display and / or keyboard.
[0039] (Authentication process) Figure 3 is a sequence diagram showing the authentication process of the authentication system in the first embodiment. Hereafter, the explanation will be based on the example where the first communication line is the internet and the second communication line is a telephone line. Furthermore, the client device 2 consists of a computer terminal 3 and a telephone terminal 4, and the telephone number of the telephone terminal 4 will be used as the client ID.
[0040] Figure 4 shows an example of a screen displayed on the first display unit 33 of the computer terminal 3. Figure 5 shows an example of a screen displayed on the second display unit 43 of the telephone terminal 4.
[0041] Server device 1 transmits an ID reception screen for user authentication to computer terminal 3 that accesses Server device 1 via the first communication line, and waits for the computer terminal 3 to enter a user ID. The ID reception screen includes a user ID input field for entering a user ID.
[0042] The first control unit 32 of the computer terminal 3 receives the user ID of the user entered from the first input unit 34 by the user's operation (S11). The first control unit 32 then sends the entered user ID to the third communication unit 31, and transmits the user ID to the server device 1 via the third communication unit 31 and the first communication line (Internet) (S12).
[0043] When the first communication unit 11 of the server device 1 receives a user ID from the computer terminal 3 via the first communication line, it sends the user ID to the authentication unit 13. The authentication unit 13 determines whether or not the received user ID exists in the client information stored in the storage unit 14 (S13).
[0044] If the received user ID is not found in the storage unit 14, the authentication unit 13 determines that the user with that user ID is not a user who can use the services provided by the server device 1, and terminates the authentication process. In this case, the authentication unit 13 sends an error screen indicating that authentication failed to the computer terminal 3 via the first communication unit 11 and the first communication line (not shown).
[0045] If the received user ID exists in the storage unit 14, the authentication unit 13 sends a screen (screen information) prompting the user to enter a security code to the computer terminal 3 via the first communication unit 11 and the first communication line (S14). The third communication unit 31 of the computer terminal 3 receives the screen sent from the server device 1 and sends it to the first control unit 32. The first control unit 32 displays the received screen on the first display unit 33 (S15).
[0046] Screen 51 in Figure 4 is an example of a screen received from server device 1. Screen 51 shows a message prompting the user to enter a security code using the SMS service of the second communication line (telephone line) (for example, "Please send a security code via SMS"). Screen 51 may also display the user ID entered by the user in S11. In this case, the authentication unit 13 of server device 1 generates a screen with the user ID received in S12 set.
[0047] The user who sees this screen uses the second input unit 44 to operate the telephone terminal 4 to activate the SMS service and enters a security code to the legitimate server device 1's telephone number, which they know in advance. The legitimate server device 1's telephone number is the telephone number to which the security code is sent. The telephone terminal 4's phonebook may already have the legitimate server device 1's telephone number registered.
[0048] The screen 61 in Figure 5 is an example of a screen displayed on the second display unit 43 of the telephone terminal 4, showing the state after the user has entered a security code.
[0049] The second control unit 42 of the telephone terminal 4 receives a security code entered from the second input unit 44 by user operation (S16), and transmits the security code to the server device 1 using the fourth communication unit 41 (S17). Specifically, the second control unit 42 sends the security code to the fourth communication unit 41, and the fourth communication unit 41 transmits the security code via the second communication line (telephone line) using the SMS service.
[0050] Here, when the fourth communication unit 41 transmits the security code, it adds the client ID (telephone number) assigned to it to the security code and transmits it to the server device 1.
[0051] Furthermore, after receiving the security code, the server device 1 may send a message to the telephone terminal 4 via the second communication line using the SMS service to indicate that the security code has been received. Screen 62 in Figure 5 is an example of the screen displayed on the telephone terminal 4 at this time. On screen 62, the message "Please check on your PC screen" is displayed as an indication that the security code has been received, prompting the user to check the entered security code on the computer terminal 3.
[0052] The second communication unit 12 of the server device 1 receives the security code and client ID (telephone number) transmitted from the telephone terminal 4 via the second communication line and sends them to the authentication unit 13. The authentication unit 13 determines whether or not the received client ID exists in the client information stored in the storage unit 14.
[0053] If the client ID does not exist in the storage unit 14 (client information), the authentication unit 13 terminates the authentication process. In this case, the authentication unit 13 sends an error screen indicating that authentication failed to the computer terminal 3 via the first communication unit 11 and the first communication line (not shown).
[0054] If a client ID exists in the storage unit 14, the authentication unit 13 retrieves the user ID corresponding to that client ID from the storage unit 14 (S18). The authentication unit 13 then determines whether the user ID retrieved from the storage unit 14 matches the user ID transmitted from the computer terminal 3 in S12 (S19).
[0055] If the user ID does not match, the authentication unit 13 terminates the authentication process. In this case, the authentication unit 13 sends an error screen indicating that authentication failed to the computer terminal 3 via the first communication unit 11 and the first communication line (not shown).
[0056] If the user ID matches, the authentication unit 13 transmits the received security code to the computer terminal 3 via the first communication unit 11 and the first communication line (S20). The authentication unit 13 may also transmit the client ID received in S17 along with the security code.
[0057] The third communication unit 31 of the computer terminal 3 receives the security code transmitted from the server device 1 via the first communication line and sends it to the first control unit 32. The first control unit 32 displays the received security code on the first display unit 33 (S21).
[0058] The screen 52 in Figure 4 is an example of a screen displayed on the first display unit 33. The illustrated screen 52 displays a security code. The client ID (telephone number) of the telephone terminal 4 that sent the security code may also be displayed on screen 52.
[0059] When a user sees screen 52, they determine whether the security code they entered on the telephone terminal 4 matches the security code displayed on screen 52 on the computer terminal 3. If they match, the user determines that the server device 1 they are trying to use is the legitimate server device 1 and enters the security code approval operation using the first input unit 34 in order to continue the login process. For example, as an approval operation, the user presses the "Next" button displayed on screen 52. The first control unit 32 receives the user's approval operation (S22) and sends an approval response to the server device 1 via the third communication unit 31 and the first communication line (S23).
[0060] If they do not match, the user determines that Server Device 1 is not the legitimate Server Device 1 and terminates the login process by closing screen 52 or taking other actions (not shown).
[0061] When the authentication unit 13 of the server device 1 receives an approval response using the first communication unit 11, it generates a login screen and transmits the login screen to the computer terminal 3 via the first communication unit 11 and the first communication line (S24, S25). The first control unit 32 of the computer terminal 3 receives the login screen using the third communication unit 31 and displays the login screen on the first display unit 33 (S26).
[0062] Figure 4 shows an example of the login screen 53. The login screen 53 is a screen that prompts the user to enter their password. The login screen 53 shown displays the user ID entered in S11, a password input field, and a message prompting the user to enter their password.
[0063] The user operates the first input unit 34 and enters a password into the computer terminal 3. The first control unit 32 receives the entered password (S27) and transmits the password to the server device 1 via the third communication unit 31 and the first communication line (S28). The first control unit 32 may also transmit the user ID displayed on the login screen 53 along with the password.
[0064] The first communication unit 11 of the server device 1 receives the password transmitted from the computer terminal 3 and sends it to the authentication unit 13. The authentication unit 13 determines whether the combination of the received password and the user ID received in S11 (or S28) is registered in the client information of the storage unit 14 (S29). In other words, the authentication unit 13 performs password authentication. If password authentication is successful, the server device 1 provides the service executed by the service provision unit 15 to the computer terminal 3 via the first communication line (S30).
[0065] Next, we will explain what happens when a user accesses a fake server device (fake website). We will assume a scenario where a user attempting to access legitimate server device 1 to receive services is redirected to a fake server device via a URL found in a spam email or similar.
[0066] The fake server device does not have the function to obtain a security code from client device 2 and send the received security code to client device 2. Therefore, when the fake server device receives a user ID from client device 2, it does not send a screen prompting the user to enter a security code (corresponding to screen 51 in Figure 4) to client device 2, nor does it display the security code on client device 2. Even if the fake server device had the function to obtain a security code from client device 2 and send the received security code to client device 2, the user would operate the telephone terminal 4 of client device 2 and attempt to enter the security code into the legitimate server device 1's telephone number, which they already know. As a result, the fake server device would not receive the security code entered by the user. Therefore, the fake server device cannot display the security code entered on client device 2 (telephone terminal 4) on client device 2 (computer terminal 3). Since the user was not prompted to enter a security code after entering their user ID, they can realize that the server device they were trying to access is a fake server device, thereby preventing them from mistakenly attempting to access the fake server device by entering their password.
[0067] On the other hand, in this embodiment, the server device 1 uses the client information in the storage unit 14 to associate the user ID received via the first communication line (Internet) with the client ID (telephone number) received via the second communication line (telephone line). Then, the server device 1 sends the security code received from the second communication line (telephone line) to the client device 2, which has entered the user ID, via the first communication line and displays it. With this configuration, the user of the client device 2 can determine that the server device 1 they accessed is a legitimate server device if the security code they entered matches the security code sent from the server device 1. In other words, this embodiment can deter (prevent) users from mistakenly accessing a fake server device.
[0068] <Modified form of the first embodiment> Next, a modified version of the first embodiment will be described. In this modified version, a specific example of a service (Figure 3: S30) provided by the server device 1 of the first embodiment after authentication processing (after login) will be described. Here, an example will be described in which the server device 1 provides an "invoice issuance service," which is one of the document provision services (electronic data provision services).
[0069] The authentication system in this modified example comprises a server device 1 and a client device 2, similar to that in Figure 1. The configuration of the server device 1 and client device 2 in this modified example is the same as that of the server device 1 and client device 2 in the first embodiment shown in Figure 1.
[0070] The service provision unit 15 of server device 1 provides services to client devices. In this modified example, the service provision unit 15 adds a security code to the electronic data requested by client device 2 and transmits it to client device 2. Specifically, the service provision unit 15 creates and issues an invoice as an electronic file (electronic data) based on a request from the user. Therefore, server device 1 in this modified example is an invoice issuing server device that provides invoice issuance services.
[0071] The user operates client device 2 to remotely log in to server device 1 (invoice issuance server device) and causes server device 1 to create an electronic invoice in a predetermined format.
[0072] Server device 1 configures the created electronic invoice to be downloadable from client device 2. Client device 2 downloads the electronic invoice based on user input.
[0073] In this modified version, in order to suppress access to a fake server device (a fake invoice issuing server device), the same authentication process as in the first embodiment is applied when a user remotely logs in to server device 1 using client device 2. Specifically, as explained in Figure 3, server device 1 sends an ID reception screen for user authentication to client device 2 that has accessed server device 1 via the first communication line, and waits for the user ID to be entered by client device 2. The subsequent processing is the same as S11 to S30 in Figure 3.
[0074] In providing service S30, the service provision unit 15 of the server device 1 receives a request from the client device 2 and sets the security code received from the client device 2 in an electronic invoice (electronic data) that has been created in advance using a predetermined invoice format.
[0075] Figure 6 shows examples of an electronic invoice 71 in a prescribed format and an electronic invoice 72 with a security code set. Electronic invoice 71 contains the information that would normally be included in an invoice (issuer, invoice amount and its details, bank account for payment, etc.). Electronic invoice 72 contains the information from electronic invoice 71 plus a security code received from client device 2.
[0076] The service provider unit 15 configures the created electronic invoice 72 to be downloadable. For example, the service provider unit 15 may store the electronic invoice 72, created in a file format such as PDF (Portable Document Format), in storage accessible by the client device 2, and display a hyperlink to the URL (Uniform Resource Locator) of the electronic invoice 72 stored in that storage on the first display unit 33 of the client device 2. Alternatively, the service provider unit 15 may grant permission to download the electronic invoice 72, created in a file format such as PDF (Portable Document Format), from the client device 2, and then display the electronic invoice 72 on the first display unit 33 of the client device 2.
[0077] Client device 2 receives (downloads) the electronic invoice via the first communication line (Internet). The downloaded electronic invoice 72 displays the security code entered by the user into client device 2. Therefore, by viewing the electronic invoice 72 with the security code set, the user can determine that the electronic invoice 72 was created by the legitimate server device 1. On the other hand, if an electronic invoice without a security code is downloaded, the user can determine that it may have been created by a fake server device.
[0078] <Effects and Effects> The server device 1 (authentication device) of this embodiment described above comprises a first communication unit 11 that receives a user ID transmitted from the client device 2 via a first communication line, a second communication unit 12 that receives a client ID and security code transmitted from the client device 2 via a second communication line, and an authentication unit 13 that authenticates the user ID and the client ID. If the authentication is successful, the authentication unit 13 transmits the security code to the client device 2 via the first communication unit 11 and the first communication line, causing the client device 2 to display the security code.
[0079] The authentication system of this embodiment comprises a server device 1 (authentication device) and a client device 2. The server device 1 includes a first communication unit 11 that receives a user ID transmitted from the client device 2 via a first communication line, a second communication unit 12 that receives a client ID and security code transmitted from the client device 2 via a second communication line, and an authentication unit 13 that authenticates the user ID and the client ID. If the authentication is successful, the authentication unit 13 transmits the security code to the client device 2 via the first communication unit 11 and the first communication line, causing the client device 2 to display the security code. The client device 2 includes a third communication unit 31 that transmits the user ID to the server device 1 via the first communication line, and a fourth communication unit 41 that transmits the client ID and security code to the server device 1 via the second communication line.
[0080] This makes it possible to deter users from mistakenly accessing a fake server device (fake website) in this embodiment. Specifically, it is possible to deter users from entering authentication information (user ID, password) on a fake login screen provided by a fake server device, thereby preventing malicious actors from stealing their authentication information.
[0081] Thus, a user using the server device 1 in this embodiment can determine that the server device 1 they are trying to access is a legitimate server if the security code they entered into the client device 2 matches the security code they received from the server device 1. This makes it possible to prevent users from accessing a fake server device in this embodiment.
[0082] <Hardware Configuration> The server device 1, client device 2, computer terminal 3, and telephone terminal 4 of this embodiment described above can be general-purpose computer systems such as the one shown in Figure 7. The illustrated computer system comprises a CPU (Central Processing Unit, processor) 901, memory 902, storage 903 (HDD: Hard Disk Drive, SSD: Solid State Drive), communication device 904, input device 905, and output device 906. The memory 902 and storage 903 are storage devices. In this computer system, the functions of the server device 1, client device 2, computer terminal 3, and telephone terminal 4 are realized when the CPU 901 executes a predetermined program loaded onto the memory 902.
[0083] Furthermore, server device 1 and client device 2 may be implemented on one computer or on multiple computers. Server device 1 may also be a virtual machine implemented on a computer. The programs for server device 1, client device 2, computer terminal 3, and telephone terminal 4 can be stored on computer-readable recording media such as HDDs, SSDs, USB (Universal Serial Bus) memory, CDs (Compact Discs), and DVDs (Digital Versatile Discs), or distributed over a network. Computer-readable recording media are, for example, non-transitory recording media.
[0084] This disclosure is not limited to the embodiments described above, and numerous modifications are possible within the scope of its essence. [Explanation of Symbols]
[0085] 1: Server device 11: First Communications Department 12: Second Communications Department 13: Authentication Department 14: Storage part 15: Service Provision Department 2: Client device 3: Computer terminals 31: Third Communications Department 32: First Control Unit 33: 1st display section 34: First Input Section 4: Telephone terminal 41: 4th Communications Department 42: Second Control Unit 43:Second display section 44: Second input section
Claims
1. A first communication unit that receives a user ID transmitted from a client device via a first communication line, A second communication unit that receives the client ID and security code transmitted from the client device via the second communication line, The system includes an authentication unit that authenticates the user ID and the client ID, If the authentication is successful, the authentication unit transmits the security code to the client device via the first communication unit and the first communication line, causing the client device to display the security code. Authentication device.
2. Each user has a memory unit that stores a user ID and a client ID. The authentication unit obtains a user ID corresponding to the client ID transmitted via the second communication line from the storage unit, and determines that the authentication was successful if the obtained user ID matches the user ID received via the first communication line. The authentication device according to claim 1.
3. After receiving an approval response for the security code from the client device, the authentication unit authenticates the password transmitted from the client device. The authentication device according to claim 1.
4. The service provision unit provides services to the aforementioned client device, The service provider adds the security code to the electronic data requested by the client device and transmits it to the client device. The authentication device according to claim 1.
5. An authentication system comprising an authentication device and a client device, The authentication device is A first communication unit that receives a user ID transmitted from the client device via a first communication line, A second communication unit that receives the client ID and security code transmitted from the client device via the second communication line, The system includes an authentication unit that authenticates the user ID and the client ID, If the authentication is successful, the authentication unit transmits the security code to the client device via the first communication unit and the first communication line, causing the client device to display the security code. The aforementioned client device A third communication unit that transmits the user ID to the authentication device via the first communication line, The system includes a fourth communication unit that transmits the client ID and security code to the authentication device via the second communication line. Authentication system.
6. The aforementioned client device A computer terminal having the aforementioned third communication unit, A telephone terminal having the fourth communication unit, The authentication system according to claim 5.
7. An authentication method performed by an authentication device, The user ID transmitted from the client device via the first communication line is received. The client ID and security code transmitted from the client device via the second communication line are received. Authenticate the user ID and the client ID, If the authentication is successful, the security code is transmitted to the client device via the first communication line, and the client device is made to display the security code. Authentication method.
8. The authentication device includes a storage unit that stores a user ID and a client ID for each user. The system retrieves a user ID corresponding to the client ID received via the second communication line from the storage unit, and determines that the authentication was successful if the retrieved user ID matches the user ID received via the first communication line. The authentication method according to claim 7.