JP2009187183A - Authentication check system, portable terminal, authentication check server, authentication check method, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent the unauthorized use of a portable terminal by a third person. <P>SOLUTION: A portable terminal confirms an input user ID and a password, and when the confirmation result is OK, the portable terminal acquires its own positional information, and transmits a terminal ID showing the portable terminal itself, user ID and the positional information, and when receiving log-in permission notification, the portable terminal performs log-in processing. An authentication check server receives the terminal ID, the user ID and the positional information, and compares the terminal ID, the user ID and the positional information with a registered terminal ID, a registered user ID and registered positional information registered in a database, and when the terminal ID is matched with the registered terminal ID, and the user ID is matched with the registered user ID, and the comparison result of the positional information and the registered position information matches prescribed conditions, the authentication check server transmits log-in permission notification. <P>COPYRIGHT: (C)2009,JPO&INPIT

Description

  The present invention relates to an authentication check system, and more particularly to an authentication check system using a mobile terminal capable of detecting position information.

  In general, a login operation is performed by registering a combination of a user ID (identifier) and a password in a database, checking whether a specified combination of a user ID and a password is registered in the database, If login is not allowed, login is refused.

  For security reasons, it is recommended to change the password for a certain period of time, but for users (users), it is troublesome to change the password for a certain period of time, and you may forget the set password. is there.

  Also, the login process is usually executed by combining a user ID and a password, but there is a problem that the login process is permitted to a third party who obtained the user ID and password illegally. That is, there is a case where login is permitted to a third party who obtained the user ID and password illegally.

  Furthermore, there is a problem that an unauthorized login operation by a third party cannot be suppressed for a stolen / lost portable terminal.

As a related technique, Japanese Patent Laid-Open No. 2005-050150 (Patent Document 1) discloses an “authentication system based on positioning information”.
This authentication system includes a positioning means for measuring the current position of the information terminal, a means for sending at least one of an ID, a password, or a current position to the authentication system when the user requests authentication. The ID and password and the authentication database for registering the position information for limiting the place where authentication is requested, the position information searched by at least one of the ID or password or the current position, and the current position are within the allowable range. And authenticating means for authenticating the authentication request.

JP-A-2005-050150

  An object of the present invention is to use position information acquired from position information detection means for authentication processing in a portable terminal or notebook PC equipped with position information detection means such as a GPS (Global Positioning System) sensor or a surface height sensor. An object of the present invention is to provide an authentication check system, a portable terminal, an authentication check server, an authentication check method, and a program that permit login when position information acquired from information detection means is at a predetermined position.

  The authentication check system of the present invention confirms the input user ID and password when requesting login, and if the confirmation result is OK, acquires its own location information, and indicates the terminal ID, user ID, and A mobile terminal that transmits location information and receives a login permission notification, receives a terminal ID, user ID, and location information, and receives a terminal ID, user ID, location information, and a registered terminal ID registered in the database, The registered user ID and the registered location information are compared, the terminal ID and the registered terminal ID match, the user ID and the registered user ID match, and the comparison result between the location information and the registered location information satisfies a predetermined condition. If it conforms, it includes an authentication check server that transmits a login permission notice.

  Another authentication check system of the present invention acquires its own location information when requesting login, transmits the location information, and receives an input request for authentication information required for login processing as a response to the location information. The mobile terminal that transmits the authentication information and receives a login permission notification as a response to the authentication information, and the distance between the position information and the registered position information registered in the database. Calculating, changing the authentication information according to the calculated distance, transmitting the authentication information input request, receiving the authentication information as a response to the authentication information input request, wherein the authentication information is stored in the database And an authentication check server that transmits the login permission notification.

  The portable terminal of the present invention acquires its own location information when the input unit that receives input of the user ID and password, the password check unit that confirms the user ID and password, and the confirmation result of the user ID and password are OK. A location information acquisition unit and a data transmission / reception unit that transmits a terminal ID, a user ID, and location information indicating itself for login permission determination, and receives a login permission notification for performing login processing according to the determination result It comprises.

  The authentication check server of the present invention is an authentication information registration that registers a registration terminal ID indicating a portable terminal that permits login, a registered user ID that indicates a user that permits login, and registration position information that indicates a location where login is permitted in a database. And a terminal ID indicating a portable terminal requesting login, a user ID indicating a user of the portable terminal, and position information indicating a location of the portable terminal, receiving the terminal ID, user ID, and position information, and registration The terminal ID, the registered user ID, and the registered position information are compared, the terminal ID and the registered terminal ID match, the user ID and the registered user ID match, and the comparison result between the position information and the registered position information is predetermined. If the above condition is satisfied, an authentication check unit that transmits a login permission notification is provided.

  The authentication check method of the present invention confirms the input user ID and password when requesting login, and if the confirmation result is OK, acquires its own location information, and indicates the terminal ID, user ID, and A step of transmitting location information and receiving a login permission notification; receiving a terminal ID, user ID, and location information; and receiving a terminal ID, user ID, location information, and a registered terminal ID registered in the database The user ID and the registered location information are compared, the terminal ID and the registered terminal ID match, the user ID and the registered user ID match, and the comparison result between the location information and the registered location information meets a predetermined condition If so, a step of transmitting a login permission notice is included.

  When requesting login, it acquires its own location information, transmits the location information, receives an input request for authentication information required for login processing as a response to the location information, sends the authentication information, and sends the authentication information. Receiving a login permission notification as a response to the information; receiving the position information; calculating a distance between the position information and registered position information registered in the database; and according to the calculated distance If the authentication information is changed, the authentication information input request is transmitted, the authentication information is received as a response to the authentication information input request, and the authentication information is registered in the database, the login permission notification Transmitting.

  The program of the present invention is a program executed on the mobile terminal side, and includes a step of accepting input of a user ID and password, a step of confirming the user ID and password, and a confirmation result of the user ID and password is OK The terminal ID indicating the self, the user ID, and the position information are transmitted for the login permission determination and the step of acquiring the own position information, and the login permission notification for performing the login process is performed according to the determination result. A program for causing a processor to execute the receiving step.

  Another program of the present invention is a program executed on the authentication check server side, which is a registered terminal ID indicating a portable terminal that permits login, a registered user ID that indicates a user permitted to log in, and a place where login is permitted. Receiving the registration ID information, the terminal ID indicating the mobile terminal requesting login, the user ID indicating the user of the mobile terminal, and the position information indicating the location of the mobile terminal are received, the terminal ID, the user The ID and position information are compared with the registered terminal ID, registered user ID, and registered position information, the terminal ID and the registered terminal ID match, the user ID and the registered user ID match, and the position information and registration A program for causing the processor to execute a step of transmitting a login permission notification if the comparison result with the position information meets a predetermined condition. It is.

  Unauthorized use of the mobile terminal by a third party can be prevented.

Hereinafter, a first embodiment of the present invention will be described with reference to the accompanying drawings.
Referring to FIG. 1, the authentication check system of this embodiment includes a mobile terminal 10, an authentication check server 20, and a network 30. The mobile terminal 10 and the authentication check server 20 are connected via a network 30. Note that a plurality of portable terminals 10 can be connected via the network 30. That is, there may be a plurality of mobile terminals 10. However, there may be a case where the network 30 is not actually used. In this case, it is assumed that the mobile terminal 10 and the authentication check server 20 are directly connected or directly communicate by short-range wireless communication or the like.

  The mobile terminal 10 is a communication device that supports network communication and is a target of authentication processing. Examples of the mobile terminal 10 include a mobile phone, a notebook PC (personal computer), a PDA (Personal Digital Assistants), a network-compatible game machine, and other gadgets. However, actually, it is not limited to these examples. For example, the portable terminal 10 is not limited to a portable portable terminal, but is a communication device mounted on a mobile body such as an automobile, a railway, a ship, and an aircraft, a desktop PC that can relocate the installation location, and the Internet. It may be a fixed terminal / wired terminal such as a home appliance.

  The authentication check server 20 is a communication device that performs network authentication and performs authentication processing on the mobile terminal 10. The authentication check server 20 is managed by a system administrator. Examples of the authentication check server 20 include a network-compatible server, a mobile phone base station, a wireless LAN access point, and a mobile terminal of the same type as the mobile terminal 10. However, actually, it is not limited to these examples.

  The network 30 is a communication line that connects the mobile terminal 10 and the authentication check server 20. The network 30 may be wired / wireless. The network 30 may include other communication devices such as a relay device such as a router or a switch that connects a plurality of networks, or a server that cooperates with the mobile terminal 10 or the authentication check server 20. Examples of the network 30 include the Internet, an intranet, a wireless LAN (Wireless LAN (Local Area Network)) spot, a home LAN, an in-store LAN, a dedicated line, a telephone communication network, IrDA (Infrared Data Association), and Bluetooth (registered trademark). WiMAX, 3G (3rd generation mobile phone), serial communication, etc. are conceivable. The network 30 may be a logical communication line such as L2TP (Layer 2 Tunneling Protocol) or VLAN (Virtual LAN) logically constructed on a physical communication line. However, actually, it is not limited to these examples.

  The mobile terminal 10 includes an input unit 11, a display unit 12, a password check unit 13, a position information acquisition unit 14, and a data transmission / reception unit 15.

  The input unit 11 inputs data to the mobile terminal 10. Examples of input data include a user ID and password, biometric authentication information, information stored in an IC tag, QR code (registered trademark), and the like. That is, the input unit 11 provides data used for user authentication to the mobile terminal 10. Here, the input unit 11 acquires a user ID and password input by a user (user) such as the owner of the mobile terminal 10 and provides the acquired user ID and password to the mobile terminal 10. Examples of the input unit 11 include a keyboard, a keypad, a keypad on the screen, a touch panel, a tablet, or a reader such as biometric authentication information or an IC chip. Alternatively, the input unit 11 may be an interface (I / F) that acquires data from an external input device or communication device. However, actually, it is not limited to these examples.

  The display unit 12 displays a password input screen and an authentication check result. Here, the display unit 12 displays an input screen for prompting the user to input a user ID and a password. As an example of the display unit 12, an LCD (Liquid Crystal Display) and a PDP (Plasma Display Panel), a projector that projects display contents on a wall or a screen, a printer that prints display contents on a sheet, or the like can be considered. Alternatively, the display unit 12 may be an interface (I / F) that provides and displays display data on an external display device. However, actually, it is not limited to these examples.

  The password check unit 13 confirms whether the user ID and password received from the input unit 11 are valid on the mobile terminal 10. However, actually, it is not limited to these examples. For example, when biometric authentication (biometric authentication) is supported, the password check unit 13 checks biometric authentication information such as a user's (user) fingerprint and iris instead of the user ID and password. In addition, the password check unit 13 confirms the authentication check result received from the authentication check server 20.

  The position information acquisition unit 14 acquires data indicating the current position information of the mobile terminal 10. At this time, the position information detection unit 14 may acquire the position information indicating the current position of the mobile terminal 10 by receiving the position information indicating the current position of the mobile terminal 10 from the outside. May be. For example, the position information acquisition unit 14 acquires latitude / longitude information of the mobile terminal 10 by GPS (Global Positioning System), or acquires height information by a ground surface height sensor, and converts it into data as position information. Can be considered. Further, the position information acquisition unit 14 determines a specific place as a starting point of movement, constantly measures the moving direction and moving distance from the specific place, and converts the moving direction and moving distance into data as position information. Is also possible. Alternatively, when communicating using the mobile terminal 10, a relay station or a relay device at a predetermined location such as a mobile phone base station, a wireless LAN access point, a gateway, or a proxy is used. In this case, the location information of the mobile station 10 may be the location information of the relay station or the relay device that is first used by the mobile device 10 during communication. If the identification information and position information of these relay stations and relay devices are registered in association with each other, the position information corresponding to the identification information can be acquired by acquiring the identification information of the relay station and the relay device. it can. Similarly, when using an automatic ticket gate, an ETC (Electronic Toll Collection System), an entrance / exit management system for a building or a room, a toll collection system for a store or a facility, etc., via the portable terminal 10 The position information may be acquired, and the acquired position information may be used as the position information of the mobile terminal 10. In addition, when the position information acquisition unit 14 acquires the position information of the mobile terminal 10, the position information acquisition unit 14 associates the time at which the position information is acquired with the position information in order to easily determine whether the position information is the current position information. May be. Here, the current position information includes not only the current time but also position information acquired before and after the current time. For example, the current position information may be position information acquired within one minute before and after the current time. However, actually, it is not limited to these examples.

  The data transmitter / receiver 15 transmits a terminal ID unique to the mobile terminal 10 and data indicating the current location information of the mobile terminal 10 to the authentication check server 20 and receives authentication check execution result data. In addition, as an example of the terminal ID unique to the mobile terminal 10, a telephone number or an e-mail address of the mobile terminal 10 or an identification number of software or hardware installed in the mobile terminal 10 can be considered. At this time, the data transmission / reception unit 15 may encrypt the combination of the terminal ID and the position information and transmit it to the authentication check server 20.

  The password check unit 13, the position information acquisition unit 14, and the data transmission / reception unit 15 may be a combination of a processor (processor) such as a CPU and a memory (memory) installed in a computer. The memory may be a medium (media). At this time, the memory stores a program that defines the functions of the password check unit 13, the position information acquisition unit 14, and the data transmission / reception unit 15. The processor functions as the password check unit 13, the position information acquisition unit 14, and the data transmission / reception unit 15 by executing this program. Further, the password check unit 13, the position information acquisition unit 14, and the data transmission / reception unit 15 may be mounted on a device connected to the mobile terminal 10. For example, the password check unit 13, the position information acquisition unit 14, and the data transmission / reception unit 15 may be mounted on an expansion card such as a NIC (Network Interface Card).

  The authentication check server 20 includes an authentication check unit 21, a database 22, a display unit 23, and an authentication information registration unit 24.

  The authentication check unit 21 confirms whether the terminal ID and the position information transmitted from the terminal are registered in the database 22, and as a result, permits or rejects login to the mobile terminal 10, or Determine whether to force log off. Note that the authentication check unit 21 may decrypt the encrypted combination of the terminal ID and the position information when receiving the encrypted combination of the terminal ID and the position information.

  The database 22 is an authentication information registration database in which combination information of terminal IDs that permit authentication and position information is stored. As an example of the database 22, a storage (external storage device) such as a hard disk may be considered. Alternatively, the database 22 may be a large-capacity medium (media: storage medium). The database 22 may be a database server that exists on the network 30 and cooperates with the authentication check server 20. However, actually, it is not limited to these examples.

  The display unit 23 displays the processing result of the authentication check unit 21. Examples of the display unit 23 include an LCD (Liquid Crystal Display) and a PDP (Plasma Display Panel), a projector that projects display contents on a wall or a screen, a printer that prints display contents on a sheet, and the like. Alternatively, the display unit 23 may be an interface (I / F) that provides and displays display data on an external display device. However, actually, it is not limited to these examples.

  The authentication information registration unit 24 registers, in the database 22, combination information of the terminal ID for each terminal and the location information of the location where login is permitted. Here, the authentication information registration unit 24 registers the combination information of the terminal ID and the position information set in advance in the database 22. However, in practice, the authentication information registration unit 24 instructs the system administrator if at least one of the terminal ID and the position information received from the mobile terminal 10 is not registered in the database 22 during the authentication process. Alternatively, it is determined whether the combination information of the terminal ID and the position information is registered in the database 22 according to a predetermined condition, and the combination information of the terminal ID and the position information is registered in the database 22 according to the result. You may do it. In addition, the authentication information registration unit 24 registers in the database 22 the prohibition of login with a specific terminal ID, a specific user ID, or specific position information, and other necessary information.

  Note that the authentication check unit 21 and the authentication information registration unit 24 may be a combination of a processor (processor) such as a CPU and a memory (memory) installed in a computer. The memory may be a medium (media). At this time, the memory stores a program that defines the functions of the authentication check unit 21 and the authentication information registration unit 24. The processor functions as the authentication check unit 21 and the authentication information registration unit 24 by executing this program.

Next, the operation of this embodiment will be described in detail with reference to the flowchart of FIG.
(1) Step A1
The authentication information registration unit 24 registers, in advance, the terminal 22 of the mobile terminal 10 that permits login, the user ID, and the location information of the location that allows login in the database 22 in accordance with an instruction from the system administrator.
(2) Step A2
The user turns on the mobile terminal 10. That is, the mobile terminal 10 is activated or recovered from the standby state according to a user's direct or indirect operation. That is, the mobile terminal 10 is in a usable or operable state. However, in practice, the method of turning on the mobile terminal 10 is not limited to the user's operation. For example, the mobile terminal 10 may automatically turn on the power at a predetermined time by timer control. Thereby, the portable terminal 10 operates, and subsequent operations are possible. Note that when the user turns on the mobile terminal 10, the authentication information registration unit 24 stores the terminal ID of the mobile terminal 10 that permits login, the user ID, and the location information of the location where login is permitted. It may be before registering.
(3) Step A3
The display unit 12 displays a password input screen automatically or in response to a user operation after the mobile terminal 10 starts operating. Thereby, the display unit 12 prompts the user to input a login user ID and password.

Here, an example of a password input screen will be described with reference to FIG.
The password input screen includes a “user ID input field”, a “password input field”, and a “login button”. The “user ID input field” is an input field for the user to input a user ID from the input unit 11. Here, immediately before the “user ID input field”, a sentence prompting the user ID to be input is displayed, such as “Please input user name”. This sentence may be displayed in the input field. The “password input field” is an input field for the user to input a password from the input unit 11. Here, a sentence prompting the user to enter a password is displayed just before the “password entry field”, such as “Please enter your password.” This sentence may be displayed in the input field. When the “login button” is pressed, the user ID input in the “user ID input field” and the password input in the “password input field” are acquired. The “login button” is pressed when the user instructs or operates the input unit 11. For example, pressing by a keyboard operation, clicking of a mouse, etc. can be considered. However, actually, it is not limited to these examples. When biometric authentication information or IC card information is used instead of the user ID and password, biometric authentication information or IC card information is used instead of the “user ID input field” and the “password input field”. Display the input method and prompting message. When biometric authentication information or IC card information is input according to this display, a sentence or an image indicating that biometric authentication information or IC card information has been input may be displayed.

(4) Step A4
The user inputs the user ID and password from the input unit 11 on the password input screen. At this time, the input unit 11 acquires the user ID and password input by the user and passes them to the password check unit 13.
(5) Step A5
The password check unit 13 performs a password check process for determining whether the input user ID and password are correct information. This password check is performed by referring to data built in the mobile terminal 10. If the password check result is “NG (failure / reject)”, the display unit 12 displays the user-specific information input screen again and prompts the user ID and password to be input again.
(6) Step A6
When the result of the password check process is “OK (success / permission)”, the position information acquisition unit 14 acquires the physical position information of the mobile terminal 10 itself. For example, the position information acquisition unit 14 specifies its own latitude / longitude / altitude information using a GPS system or the like, and acquires the information as position information of the mobile terminal 10. Alternatively, the position information acquisition unit 14 is within a range in which short-range wireless communication using an electromagnetic field or a radio wave using an RFID (Radio Frequency Identification) or a non-contact type IC card and a card reader, an antenna, or the like is effective. Using the movement sensor / height sensor or the like, position information of the mobile terminal 10 within a smaller specified range is detected. However, actually, it is not limited to these examples.
(7) Step A7
The transmission / reception device 15 transmits the terminal ID unique to the mobile terminal 10, the user ID input by the user, and the location information of the mobile terminal 10 itself to the authentication check unit 21 via the network 30.
(8) Step A8
The authentication check unit 21 confirms whether the received terminal ID, user ID, and position information are registered in the database 22.

Here, an example of information stored in the database 22 will be described with reference to FIG.
Here, it is assumed that the database 22 stores each piece of information in a table format. This table is called an authentication information table. The authentication information table has items of “terminal”, “user”, “location information (data)”, “location information (location)”, and “available”. “Terminal” indicates a terminal ID. “User” indicates a user ID. “Position information (data)” indicates coordinates of position information such as latitude / longitude / altitude information. “Location information (location)” indicates identification information of location information such as a specific place name or address. “Available” indicates information regarding whether or not the mobile terminal 10 corresponding to the associated terminal ID, user ID, and position information can be used. In other words, “available” indicates that the terminal ID, user ID, and position information received from the portable terminal 10 match the terminal ID, user ID, and position information associated with the “available”. Indicates whether to permit use of the terminal 10. “Available” may be individually associated with each of “terminal”, “user”, and “location information (data)”.

(9) Step A9
The authentication check unit 21 displays information on a check result on whether or not the received terminal ID, user ID, and position information have been registered in the database 22 on the display unit 23.

Here, with reference to FIG. 5, a display example of information of the check result (confirmation result) displayed on the display unit 23 will be described.
Here, the display unit 23 displays the check result information in a table format. At this time, the check result has items of “connection state”, “connection time”, “terminal ID”, “user ID”, and “position information”. The “connection state” indicates “OK (success / permission)” or “NG (failure / rejection)” as an authentication check result. If “OK (success / permitted)”, the authentication check server 20 permits access (connection) from the mobile terminal 10 to the authentication check server 20 or the network 30. If it is “NG (failure / reject)”, the authentication check server 20 rejects or restricts access (connection) from the mobile terminal 10 to the authentication check server 20 or the network 30. Here, the authentication related to the access (connection) of the mobile terminal 10 is described as an example. However, in practice, the authentication related to the use permission of the functional module of the mobile terminal 10 or the authentication check server 20 or the authentication check server 20 Alternatively, authentication relating to use permission of a service provided by a server on the network 30 may be used. In this case, the “connection state” may be a “usage state”. “Connection time” indicates a time when the authentication check server 20 performs an authentication check on the mobile terminal 10. For example, the time when the authentication check server 20 receives the information for the authentication check from the mobile terminal 10 is shown. That is, the “connection time” may be “authentication time”. “Terminal ID” indicates a terminal ID. “User ID” indicates a user ID. “Position information” indicates coordinates of position information such as latitude / longitude / altitude information.

(10) Step A10
The authentication check unit 21 transmits “OK (success / permission)” or “NG (failure / rejection)” to the mobile terminal 10 as the authentication check result. Note that the authentication check unit 21 may transmit other information registered in the database 22 other than the check result. For example, when information as shown in FIG. 4 is stored in the database 22, information of “position information (location)” is also transmitted. Thereafter, the authentication check unit 21 waits again until it receives the terminal ID, the user ID, and the position information.
(11) Step A11
The mobile terminal 10 receives the authentication check result transmitted from the authentication check server 20 and confirms the authentication check result. At this time, the data transmitting / receiving unit 15 receives the authentication check result from the authentication check server 20. The password check unit 13 confirms the authentication check result received by the data transmission / reception unit 15 from the authentication check server 20.
(12) Step A12
When the authentication check result is “OK (success / permitted)”, the password check unit 13 displays a message of authentication success on the display unit 12.

Here, a display example of an authentication success message will be described with reference to FIG.
Here, “authentication OK”, “user name”, “terminal ID”, “location information”, and “location (address)” are displayed as messages of authentication success. “Authentication OK” indicates that the authentication is successful. “User name” indicates a user ID. “Terminal ID” indicates a terminal ID. “Position information” indicates coordinates of position information such as latitude / longitude / altitude information. “Location (address)” indicates identification information of position information such as a specific place name or address.
(13) Step A13
If the authentication check result is “OK (success / permitted)”, login to the mobile terminal 10 is permitted, processing after login can be continued, and a transition is made to the login state. At this time, the password check unit 13 changes the state of the mobile terminal 10 to the login state. When the authentication check server 20 is a server of a provider that provides a web service such as a provider, the authentication check unit 21 receives an access (connection) or a service request from the mobile terminal 10 via the data transmission / reception unit 15. Like that.
(14) Step A14
When the authentication check result is “NG (failure / reject)”, the password check unit 13 displays a message indicating an authentication failure on the display unit 12.
(15) Step A15
When the authentication check result is “NG (failure / reject)”, the login to the mobile terminal 10 is rejected, the login process is interrupted, and the process returns to the state before the login process is started. Here, the password check unit 13 interrupts the login process of the mobile terminal 10. At this time, the display unit 12 may display the password input screen again. When the authentication check server 20 is a server of a provider that provides a web service such as a provider, the authentication check unit 21 interrupts the provision of the service to the mobile terminal 10.

  Thereby, it is possible to provide a login process in which the authentication process is strengthened as compared with the conventional login method using only the user ID and password.

  In the present embodiment, first, a password check process is performed on the mobile terminal 10 side, and if the result of the password check process is OK, position information of the mobile terminal 10 is acquired and an authentication process is performed on the authentication check server 20 side. Therefore, a two-stage check is possible. That is, there are two types of users: (1) a user who knows only the user ID and password, and (2) a user who knows the location (location information) where use is permitted in addition to the user ID and password. It can also be divided into For example, a user who knows only the user ID and password of (1) is a user who uses only limited functions of the mobile terminal 10, and a place where use is permitted in addition to the user ID and password of (2). A user who knows (location information) may be a user who uses all the functions of the mobile terminal 10 and the services of the authentication check server 20 and the network 30. In addition, since the terminal ID and the user ID are individually authenticated, it is possible for a user who is permitted to log in using a specific mobile terminal to be denied login if another mobile terminal is used. . Thus, in the present embodiment, login is permitted when the terminal ID, the user ID, and the position information all match or when a predetermined condition is met.

  In addition, even if the mobile terminal 10 is stolen / lost and a third party uses the mobile terminal 10 at an unspecified location, it can be determined that the location information transmitted from the terminal is different from the permitted location. Unauthorized use by a third party can be prevented.

  Furthermore, since the location information is transmitted from the terminal, the current location of the terminal can be grasped, and the location can be easily confirmed even if the terminal is stolen / lost.

  In the present embodiment, when the mobile terminal 10 moves outside the area where login or communication is permitted in the logged-in state, a forced logoff process is executed to return to the state before the login. good. At this time, the authentication check unit 21 periodically acquires the position information of the mobile terminal 10, confirms whether the acquired position information is registered in the database 22, and the acquired position information is registered in the database 22. If not, the forced logoff process is executed to return to the state before login.

The second embodiment of the present invention will be described below.
In the first embodiment, the operation when the power is turned on has been described. In the present embodiment, the sleep state is entered when there is no operation for a while after logging in the mobile terminal 10, not when the mobile terminal 10 is powered on. The operation when returning from the sleep state will be described.

The operation of this embodiment will be described in detail with reference to the flowchart of FIG.
(1) Step B1
By detecting that an operation has been performed on the input unit 11 when the user is logged in and in the sleep state, it is detected that the user has performed an operation on the mobile terminal 10 side. Note that when the transmitting / receiving device 15 detects that it has received some information from the outside when it is in the login state and in the sleep state, it is detected that some operation has been performed on the mobile terminal 10. May be.
(2) Step B2
The position information acquisition unit 14 acquires position information indicating the current position of the mobile terminal 10.
(3) Step B3
The transmission / reception device 15 transmits the acquired position information, terminal ID, and user ID to the authentication check server 20. Here, the transmission / reception device 15 transmits the terminal ID unique to the mobile terminal 10, the user ID input by the user, and the location information of the mobile terminal 10 itself to the authentication check unit 21 via the network 30.
(4) Step B4
The authentication check unit 21 confirms whether the received terminal ID, user ID, and position information are registered in the database 22.
(5) Step B5
The authentication check unit 21 displays information on a check result on whether or not the received terminal ID, user ID, and position information have been registered in the database 22 on the display unit 23.
(6) Step B6
The authentication check unit 21 transmits “OK (success / permission)” or “NG (failure / rejection)” to the mobile terminal 10 as the authentication check result. Other information registered in the database other than the check result may be transmitted. For example, when information as shown in FIG. 4 is stored in the database, information of “position information (location)” is also transmitted. Thereafter, the authentication check unit 21 waits again until it receives the terminal ID, the user ID, and the position information.
(7) Step B7
The mobile terminal 10 receives the authentication check result transmitted from the authentication check server 20 and confirms the authentication check result. At this time, the data transmitting / receiving unit 15 receives the authentication check result from the authentication check server 20. The password check unit 13 confirms the authentication check result received by the data transmission / reception unit 15 from the authentication check server 20.
(8) Step B8
When the received check result is “OK (success / permitted)”, the password check unit 13 displays the screen displayed before entering the sleep mode on the display unit 12, continues the processing, and returns from the sleep state. .
(9) Step B9
When the received check result is “NG (failure / reject)”, the password check unit 13 displays a message to the effect that “the terminal cannot be used at the current position” on the display unit 12. However, actually, the message is not limited to text, but may be an image, voice, or other notification indicating that “the terminal cannot be used at the current position”.
(10) Step B10
The password check unit 13 executes a forced logoff process and returns to the state before login. At this time, the display unit 12 may display the password input screen again. When the authentication check server 20 is a server of a provider that provides a web service such as a provider, the authentication check unit 21 interrupts the provision of the service to the mobile terminal 10.

  With the above operation, when the mobile terminal 10 is left in the state where the power is already turned on and the mobile terminal 10 is logged in, theft / loss occurs, and a third party puts the mobile terminal 10 in another place. It can prevent being available.

The third embodiment of the present invention will be described below.
In the present embodiment, an operation when the mobile terminal 10 is lost / stolen and a login request of a third party who has picked up the mobile terminal 10 is rejected will be described.

The operation of this embodiment will be described with reference to the flowchart of FIG.
(1) Step C1
When the user (user) recognizes the loss / theft of the mobile terminal 10, the user (user) sets “connection prohibited” information in the information record of the mobile terminal 10 stored in the database 22. At this time, the input unit 11 acquires instruction data for setting “connection prohibited” information in accordance with a user (user) input operation, and authenticates the instruction data via the data transmission / reception unit 15. It transmits to the information registration part 24. The authentication information registration unit 24 sets “connection prohibited” information in the information record of the mobile terminal 10 stored in the database 22 in accordance with the instruction data. Here, the authentication information registration unit 24 registers information indicating “connection prohibited” in the database 22 in association with the terminal ID of the mobile terminal 10.
(2) Step C2
It is assumed that a third party who has picked up the mobile terminal 10 turns on the power of the mobile terminal 10 or returns from the sleep state. For example, the input unit 11 turns on the power of the mobile terminal 10 or returns from the sleep state according to an operation by a third party.
(3) Step C3
The portable terminal 10 acquires its own position information from the position information acquisition device. At this time, the position information acquisition unit 14 acquires the current position information of the mobile terminal 10 from a position information acquisition device such as a GPS system.
(4) Step C4
The data transmission / reception unit 15 transmits the terminal ID and the acquired location information data to the authentication check unit 21.
(5) Step C5
The authentication check unit 21 confirms whether the received terminal ID and position information are registered in the database. Further, the authentication check unit 21 confirms whether the corresponding terminal ID is registered as “connection prohibited”.
(6) Step C6
The authentication check unit 21 displays the received terminal ID and position information on the display unit 23 when the corresponding terminal is registered as “connection prohibited”.
(7) Step C7
The authentication check unit 21 transmits an authentication check result indicating connection prohibition to the mobile terminal 10. For example, the authentication check unit 21 transmits “FORBIDDEN” to the mobile terminal 10 as an authentication check result indicating connection prohibition.
(8) Step C8
The portable terminal 10 receives the connection check authentication check result. Here, the data transmitting / receiving unit 15 receives an authentication check result indicating connection prohibition from the authentication check unit 21.
(9) Step C9
The data transmission / reception unit 15 outputs a message “terminal unavailable” to the display unit 12. At this time, the display unit 12 displays a message “terminal unavailable”. However, actually, the message is not limited to text, but may be an image, sound, or other notification indicating “terminal unavailable”.
(10) Step C10
If the login is in progress, the password check unit 13 performs a forced logoff process and transitions to a logoff state. In addition, the password check unit 13 rejects all inputs from the input unit 11 and puts the mobile terminal 10 in a locked state (a state in which no operation can be performed).
(11) Step C11
After a certain time has elapsed, the position information acquisition unit 14 acquires the current position information of the mobile terminal 10. The data transmission / reception unit 15 repeatedly transmits the location information of the mobile terminal 10 acquired from the location information acquisition unit 14 to the authentication check unit 21. The display unit 23 displays the position information of the mobile terminal 10 acquired from the data transmission / reception unit 15 one by one.

  By the above operation, when the portable terminal is stolen / lost, the use to a third party can be suppressed and the current position information can be detected, so that the portable terminal can be found quickly.

  For example, a place where a mobile terminal provided by a company is used is limited to a company, a home, and a commuting route between the company and the home. Therefore, the position information registered in the database is a limited place such as a self-seat or a conference room in the case of a company, and is a place limited to a living room or the like even at home. Commuting routes are also limited to those on specific trains.

  When a mobile device is lost, a third party who has picked up the mobile device will bring it to a nearby police box / lost station at the station where the mobile device will be operated. You have been notified.

  The same applies to theft, and the third party operating the mobile terminal is used at a place other than the one registered in the database, so the position information is notified. Therefore, the position information of the mobile terminal can be known and discovered early.

The fourth embodiment of the present invention will be described below.
In this embodiment, two types of simple passwords and normal passwords are prepared in the database 22.

The operation of this embodiment will be described with reference to the flowchart of FIG.
(1) Step D1
Prior to authentication, the location information acquisition unit 14 acquires the current location information of the mobile terminal 10 from a location information acquisition device such as a GPS system.
(2) Step D2
The data transmission / reception unit 15 transmits the location information of the mobile terminal 10 to the authentication check unit 21.
(3) Step D3
The authentication check unit 21 compares the position information registered in the database 22 with the position information of the mobile terminal 10 and calculates the distance.
(4) Step D4
The authentication check unit 21 compares the calculated distance with a threshold value and determines whether the calculated distance is equal to or less than the threshold value. Here, it is assumed that this threshold value is set in advance in the authentication check unit 21 or the database 22. However, actually, it is not limited to this example. For example, a region (area) where login is permitted may be set in advance, and it may be determined whether the position information of the mobile terminal 10 is within this region (area). In this case, the “calculated distance” is current position information of the mobile terminal 10, and the “threshold value” is position information indicating the range of this area (area).
(5) Step D5
If the calculated distance is equal to or smaller than the threshold value, the authentication check unit 21 determines that the user is in a place assumed to be used, and requests input of a simple password. At this time, the authentication check unit 21 may only request the input of a simple password, and may not authenticate even if a normal password is input.
(6) Step D6
The input unit 11 acquires a simple password input by a user (user) in response to a request for inputting a simple password from the authentication check unit 21. The data transmission / reception unit 15 transmits the simple password to the authentication check unit 21. At this time, the data transmitter / receiver 15 may transmit the terminal ID, the user ID, and the position information together with the simple password.
(7) Step D7
The authentication check unit 21 confirms whether the received simple password is registered in the database 22. When the authentication check unit 21 receives the terminal ID, the user ID, and the location information together with the simple password, the received terminal ID, the user ID, and the location information are stored in the database 22 as in the first embodiment. You may make it confirm whether it is registered.
(8) Step D8
The authentication check unit 21 permits the mobile terminal 10 to log in when the received simple password is registered in the database 22. At this time, the password check unit 13 changes the state of the mobile terminal 10 to the login state.
(9) Step D9
If the received simple password is not registered in the database 22, the authentication check unit 21 does not permit the mobile terminal 10 to log in. That is, the authentication check unit 21 refuses login from the mobile terminal 10. In this case, the mobile terminal 10 cannot use functions and services that require authentication. At this time, the password check unit 13 interrupts the login process of the mobile terminal 10. Further, the display unit 12 may display the password input screen again.
(10) Step D10
Further, if the calculated distance exceeds the threshold, the authentication check unit 21 determines that the user is away from the place where the use is assumed and requests normal password input.
(11) Step D11
The input unit 11 acquires a normal password input by a user (user) in response to a normal password input request from the authentication check unit 21. The data transmission / reception unit 15 transmits a normal password to the authentication check unit 21. At this time, the data transmitter / receiver 15 may transmit the terminal ID, the user ID, and the position information together with a normal password.
(12) Step D12
The authentication check unit 21 confirms whether the received normal password is registered in the database 22. When the authentication check unit 21 receives a terminal ID, a user ID, and position information together with a normal password, the received terminal ID, user ID, and position information are stored in the database 22 as in the first embodiment. You may make it confirm whether it is registered in.
(13) Step D13
If the received normal password is registered in the database 22, the authentication check unit 21 permits the mobile terminal 10 to log in. At this time, the password check unit 13 changes the state of the mobile terminal 10 to the login state. In this case, the mobile terminal 10 is not limited by available functions and provided services. Alternatively, the authentication check unit 21 may permit limited login to the mobile terminal 10 in the case of login with a normal password. In this case, the portable terminal 10 is limited in usable functions and provided services.
(14) Step D14
If the received normal password is not registered in the database 22, the authentication check unit 21 does not permit the mobile terminal 10 to log in. That is, the authentication check unit 21 refuses login from the mobile terminal 10. In this case, the mobile terminal 10 cannot use functions and services that require authentication. At this time, the password check unit 13 interrupts the login process of the mobile terminal 10. Further, the display unit 12 may display the password input screen again.

  At this time, for example, it is conceivable that the simple password is set to “about 4 digits” and the normal password is set to “8 or more alphanumeric characters”. However, actually, it is not limited to this example.

  In the case of this embodiment, since the user ID cannot be input first, the usable information is registered by associating the terminal ID with the position information.

  In the present embodiment, like the authentication check unit 21 described above, the password check unit 13 may perform two types of password checks: a simple password and a normal password. In this case, the simple password and the normal password are registered on the mobile terminal 10 side.

  The operation of the present embodiment shown in the flowchart of FIG. 9 may be performed when the mobile terminal 10 transmits position information (after step A6 of FIG. 2) in the first embodiment.

The fifth embodiment of the present invention will be described below.
In the present embodiment, the position information registered in advance and the position information of the mobile terminal 10 are compared, and the number of characters of the requested password is changed according to the distance between these position information. For example, the authentication check unit 21 simplifies the authentication when the distance is short, requests a part of the password, and provides a normal service if the part of the password is input. On the other hand, when the distance is long, the authentication is stricted, the full password is requested, and if the full password is entered, a normal service or a service with limited use is provided.

  In the present embodiment, as in the fourth embodiment, the terminal ID and location information are transmitted prior to authentication. Also, a password longer than a certain length is stored in advance on the server side. One type of password is sufficient.

  The authentication check unit 21 compares the position information registered in advance with the position information transmitted from the mobile terminal 10 and calculates the distance between these position information. The authentication check unit 21 associates the distance with the password, and when the position information of the mobile terminal 10 is close to the registered position information, for example, the input of the first three characters of the registered password is requested. If the location information of the mobile terminal 10 is far from the registered location information, the authentication check unit 21 must input the full text of the registered password.

  At this time, if the distance between the location information of the mobile terminal 10 and the registered location information is equal to or smaller than a predetermined threshold, the authentication check unit 21 determines whether the location information of the mobile terminal 10 is registered. Judge that it is close. Further, when the distance between the position information of the mobile terminal 10 and the registered position information is larger than a predetermined threshold, the authentication check unit 21 determines that the position information of the mobile terminal 10 is far from the registered position information. to decide. This threshold is preferably set in advance. This threshold value may be registered in the database 22 together with the position information.

The operation of this embodiment will be described with reference to the flowchart of FIG.
(1) Step E1
Prior to authentication, the location information acquisition unit 14 acquires the current location information of the mobile terminal 10 from a location information acquisition device such as a GPS system.
(2) Step E2
The data transmission / reception unit 15 transmits the location information of the mobile terminal 10 to the authentication check unit 21.
(3) Step E3
The authentication check unit 21 compares the position information registered in the database 22 with the position information of the mobile terminal 10 and calculates the distance. It is assumed that the position information registered in the database 22 can be arbitrarily set. For example, the position information registered in the database 22 may be company position information or position information of other mobile terminals.
(4) Step E4
The authentication check unit 21 determines whether the calculated distance is close. If the calculated distance is not close, it is preferable to determine that the calculated distance is far. For example, if the distance between the location information of the mobile terminal 10 and the registered location information is equal to or less than a predetermined threshold, the authentication check unit 21 is closer to the location information where the location information of the mobile terminal 10 is registered. Judge. This threshold value may be registered in the database 22 together with the position information. However, actually, it is not limited to this example.
(5) Step E5
If the calculated distance is short, the authentication check unit 21 determines that the user is in a place where it is assumed to be used, and requests input of a part of the password. At this time, the authentication check unit 21 may authenticate even if the entire password is entered instead of a part of the password. However, actually, it is not limited to this example.
(6) Step E6
The input unit 11 acquires a part of the password input by the user (user) in response to a request to input a part of the password from the authentication check unit 21. The data transmission / reception unit 15 transmits a part of the password to the authentication check unit 21. At this time, the data transmitter / receiver 15 may transmit the terminal ID, the user ID, and the position information together with a part of the password.
(7) Step E7
The authentication check unit 21 confirms whether a part of the received password matches a part of the password registered in the database 22. At this time, a part of the target password is a character string at a predetermined position in the password, like the first three characters of the entire password. That is, it is not necessary that a part of the received password matches any appropriate part of the full text of the password registered in the database 22. Accordingly, the authentication check unit 21 confirms whether a part of the received password matches the character string at a predetermined position in the password registered in the database 22. When the authentication check unit 21 receives the terminal ID, the user ID, and the position information together with a part of the password, the received terminal ID, the user ID, and the position information are stored in the database as in the first embodiment. 22 may be confirmed.
(8) Step E8
If a part of the received password matches a part of the password registered in the database 22, the authentication check unit 21 permits the mobile terminal 10 to log in. At this time, the password check unit 13 changes the state of the mobile terminal 10 to the login state.
(9) Step E9
The authentication check unit 21 does not permit the mobile terminal 10 to log in when a part of the received password does not match a part of the password registered in the database 22. That is, the authentication check unit 21 refuses login from the mobile terminal 10. In this case, the mobile terminal 10 cannot use functions and services that require authentication. At this time, the password check unit 13 interrupts the login process of the mobile terminal 10. Further, the display unit 12 may display the password input screen again.
(10) Step E10
Further, when the calculated distance is long, the authentication check unit 21 determines that the user is away from the place assumed to be used, and requests the full text input of the password. For example, if the distance between the location information of the mobile terminal 10 and the registered location information is greater than a predetermined threshold, the authentication check unit 21 determines that the location information of the mobile terminal 10 is far from the registered location information. to decide. This threshold value may be registered in the database 22 together with the position information. However, actually, it is not limited to this example.
(11) Step E11
The input unit 11 acquires the full text of the password input by the user (user) in response to the input request for the full text of the password from the authentication check unit 21. The data transmission / reception unit 15 transmits the full text of the password to the authentication check unit 21. At this time, the data transmitter / receiver 15 may transmit the terminal ID, the user ID, and the position information together with the full text of the password.
(12) Step E12
The authentication check unit 21 confirms whether the full text of the received password matches the full text of the password registered in the database 22. When the authentication check unit 21 receives the terminal ID, the user ID, and the location information together with the full text of the password, the received terminal ID, the user ID, and the location information are stored in the database 22 as in the first embodiment. You may make it confirm whether it is registered in.
(13) Step E13
If the full text of the received password matches the full text of the password registered in the database 22, the authentication check unit 21 permits the mobile terminal 10 to log in. At this time, the password check unit 13 changes the state of the mobile terminal 10 to the login state. In this case, the mobile terminal 10 is not limited by available functions and provided services. Alternatively, the authentication check unit 21 may permit limited login to the mobile terminal 10 in the case of login with the full text of the password. In this case, the portable terminal 10 is limited in usable functions and provided services.
(14) Step E14
If the full text of the received password is not registered in the database 22, the authentication check unit 21 does not permit the mobile terminal 10 to log in. That is, the authentication check unit 21 refuses login from the mobile terminal 10. In this case, the mobile terminal 10 cannot use functions and services that require authentication. At this time, the password check unit 13 interrupts the login process of the mobile terminal 10. Further, the display unit 12 may display the password input screen again.

  According to the present embodiment, if the current position of the mobile terminal 10 is in the vicinity of a place where the use of the mobile terminal 10 is assumed, a login operation can be performed with a small number of password characters following the user ID.

  On the contrary, when the current position of the mobile terminal 10 is away from the place where the mobile terminal 10 is supposed to be used, a long password character number is input, and thus security safety is improved.

  The operation of this embodiment shown in the flowchart of FIG. 10 may be performed when the mobile terminal 10 transmits position information (step A6 and subsequent steps in FIG. 2) in the first embodiment.

  The above embodiments can be implemented in combination.

  As described above, in the present invention, the portable terminal includes means for acquiring position information such as a GPS system and a ground surface height sensor. For example, in addition to or instead of the user ID and password at the time of login, the location information acquired from the location information acquisition device included in the mobile terminal matches the login permission location information registered in the database of the server. Authentication is further strengthened by sometimes allowing login and authenticating and logging in based on available location information known only to the user.

  In the present invention, position information is transmitted from the mobile terminal to the server, and login permission / rejection is performed for the mobile terminal. For example, by registering login prohibition information in advance for a specific mobile terminal that has been lost / stolen, login is refused when a third-party login operation is performed using the mobile terminal. Then, the unauthorized login operation can be suppressed by putting the portable terminal in the locked state.

  Furthermore, in the present invention, since the position information is acquired at the time of authentication, the current position of the mobile terminal can be easily searched on the server side. For example, there is also an advantage that the mobile terminal can be found at an early stage when the mobile terminal is lost / stolen.

FIG. 1 is a block diagram illustrating a configuration example of an authentication check system according to the present invention. FIG. 2 is a flowchart showing the operation of the first embodiment. FIG. 3 is a diagram illustrating an example of a password input screen. FIG. 4 is a diagram illustrating an example of information stored in the database. FIG. 5 is a diagram illustrating a display example of information on the displayed check result (confirmation result). FIG. 6 is a diagram illustrating a display example of an authentication success message. FIG. 7 is a flowchart showing the operation of the second embodiment. FIG. 8 is a flowchart showing the operation of the third embodiment. FIG. 9 is a flowchart showing the operation of the fourth embodiment. FIG. 10 is a flowchart showing the operation of the fifth embodiment.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Mobile terminal 11 ... Input part 12 ... Display part 13 ... Password check part 14 ... Location information acquisition part 15 ... Data transmission / reception part 20 ... Authentication check server 21 ... Authentication check part 22 ... Database 23 ... Display part 24 ... Authentication information registration Part 30 ... Network

Claims (36)

When requesting login, confirm the input user ID and password, and if the confirmation result is OK, acquire the own location information, send the terminal ID indicating the user, the user ID, and the location information, A mobile device that receives a login permission notification,
The terminal ID, the user ID, and the location information are received, and the terminal ID, the user ID, and the location information, and the registered terminal ID, registered user ID, and registered location information registered in the database are obtained. The terminal ID and the registered terminal ID match, the user ID and the registered user ID match, and the comparison result between the position information and the registered position information meets a predetermined condition. And an authentication check server that transmits the login permission notification. The authentication check system according to claim 1,
The mobile terminal requests the user ID and the password when starting up and returns from the sleep state, confirms the user ID and the password, and if the confirmation result is OK, the terminal ID An authentication check system that transmits the user ID and the location information to the authentication check server. The authentication check system according to claim 1 or 2,
The mobile terminal transmits the terminal ID and the location information to the authentication check server when starting up and returning from the sleep state, and the registration terminal ID corresponding to the terminal ID is set to “connection prohibited” An authentication check system that, when registered in the database, receives a connection prohibition notification from the authentication check server, rejects the input, enters a locked state, and performs a forced logoff process when logged in. When requesting login, it acquires its own location information, transmits the location information, receives an input request for authentication information required for login processing as a response to the location information, sends the authentication information, and sends the authentication information. A mobile device that receives a login permission notification as a response to the information,
Receiving the position information, calculating a distance between the position information and registered position information registered in a database, changing the authentication information according to the calculated distance, and requesting an input of the authentication information And an authentication check server that receives the authentication information as a response to the authentication information input request and transmits the login permission notice if the authentication information is registered in the database. The authentication check system according to claim 4,
The authentication check server requests a simple password as the authentication information if the calculated distance is less than or equal to a predetermined threshold, and if the calculated distance is not less than or equal to a predetermined threshold, An authentication check system that requires a password. The authentication check system according to claim 4,
The authentication check server requests a part of the authentication password as the authentication information if the calculated distance is short, and requests the full text of the authentication password as the authentication information if the calculated distance is long. Check system. An input unit for receiving an input of a user ID and a password;
A password check unit for confirming the user ID and the password;
If the confirmation result of the user ID and the password is OK, a position information acquisition unit that acquires its own position information;
A data transmission / reception unit that transmits a terminal ID indicating itself, the user ID, and the position information for receiving a login permission notification for performing a login process according to the determination result is provided for the login permission determination. Mobile device. The mobile terminal according to claim 7,
The password check unit is a portable terminal that requests input of authentication information according to the location information when performing a login process in response to the login permission notification. The mobile terminal according to claim 8,
When performing a login process in response to the login permission notification, the password check unit inputs a simple password as the authentication information if the distance between the position information and the predetermined position information is equal to or less than a predetermined threshold. A portable terminal that requests and inputs a normal password as the authentication information if the distance between the position information and the predetermined position information is not less than a predetermined threshold. The mobile terminal according to claim 8,
When performing a login process in response to the login permission notification, the password check unit requests input of a part of an authentication password as the authentication information if the distance between the position information and the predetermined position information is short. If the distance between the position information and the predetermined position information is long, the portable terminal requests input of the full text of the authentication password as the authentication information. It is a portable terminal as described in any one of Claims 7 thru | or 10, Comprising:
The password check unit requests input of the user ID and the password when starting up and returning from the sleep state, confirms the user ID and the password, and if the confirmation result is OK, the terminal A portable terminal that transmits an ID, the user ID, and the position information. The mobile terminal according to any one of claims 7 to 11,
The password check unit transmits the terminal ID and the location information when starting up and returning from the sleep state, and receives a connection prohibition notification when the terminal ID is set as “connection prohibition” A mobile terminal that refuses input and puts it in a locked state, and performs forced logoff processing when logged in. A registration terminal ID indicating a portable terminal that permits login, a registered user ID that indicates a user permitted to log in, and an authentication information registration unit that registers registration position information indicating a location where login is permitted;
Receiving a terminal ID indicating a portable terminal requesting login, a user ID indicating a user of the portable terminal, and position information indicating a location of the portable terminal; and receiving the terminal ID, the user ID, and the position information; The registered terminal ID, the registered user ID, and the registered location information are compared, the terminal ID and the registered terminal ID match, the user ID and the registered user ID match, and the location information An authentication check server comprising: an authentication check unit for transmitting the login permission notice if a comparison result between the registered location information and the registered location information meets a predetermined condition. An authentication check server according to claim 13,
The authentication check unit is configured to calculate a distance between the position information and the registered position information, and change authentication information necessary for a login process according to the calculated distance. An authentication check server according to claim 14,
The authentication check unit requests a simple password as the authentication information if the calculated distance is less than or equal to a predetermined threshold, and if the calculated distance is not less than or equal to a predetermined threshold, An authentication check server that requires a password. An authentication check server according to claim 14,
The authentication check unit requests a part of the authentication password as the authentication information if the calculated distance is short, and requests the full text of the authentication password as the authentication information if the calculated distance is long. Check server. The authentication check server according to any one of claims 13 to 16,
The authentication information registration unit registers, in the database, information indicating “connection prohibited” in association with the registration terminal ID corresponding to the terminal ID in response to an instruction to set the portable terminal to “connection prohibited” Authentication check server. An authentication check server according to claim 17,
The authentication check unit receives the terminal ID and the location information from the mobile terminal when the mobile terminal starts up and when the mobile terminal returns from a sleep state, and the registration corresponding to the terminal ID An authentication check server that transmits a connection prohibition notification to the mobile terminal when information indicating “connection prohibition” is associated with the terminal ID, and performs forced logoff processing if the mobile terminal is logged in. Confirm the entered user ID and password, and if the confirmation result is OK, acquire the own location information, transmit the terminal ID indicating the user, the user ID, and the location information, and receive the login permission notification Steps,
The terminal ID, the user ID, and the location information are received, and the terminal ID, the user ID, and the location information, and the registered terminal ID, registered user ID, and registered location information registered in the database are obtained. The terminal ID and the registered terminal ID match, the user ID and the registered user ID match, and the comparison result between the position information and the registered position information meets a predetermined condition. Transmitting the login permission notice. The authentication check method according to claim 19, comprising:
When starting up and when returning from the sleep state, the user ID and the password are requested to be input, the user ID and the password are confirmed, and if the confirmation result is OK, the terminal ID, the user ID, And an authentication check method further comprising the step of transmitting the position information. The authentication check method according to claim 19 or 20, comprising:
When starting up and returning from the sleep state, the terminal ID and the location information are transmitted, and when the registered terminal ID corresponding to the terminal ID is registered in the database as “connection prohibited”, An authentication check method further comprising a step of receiving a connection prohibition notification from the authentication check server, rejecting the input to be locked, and performing a forced logoff process if logged in. When requesting login, it acquires its own location information, transmits the location information, receives an input request for authentication information required for login processing as a response to the location information, sends the authentication information, and sends the authentication information. Receiving a login permission notification as a response to the information;
Receiving the position information, calculating a distance between the position information and registered position information registered in a database, changing the authentication information according to the calculated distance, and requesting an input of the authentication information And a step of receiving the authentication information as a response to the authentication information input request, and transmitting the login permission notice if the authentication information is registered in the database. An authentication check method according to claim 22, wherein
Requesting a simple password as the authentication information if the calculated distance is less than or equal to a predetermined threshold; and requesting a normal password as the authentication information if the calculated distance is not less than a predetermined threshold. Further including an authentication check method. An authentication check method according to claim 22, wherein
An authentication check method further comprising: requesting a part of an authentication password as the authentication information if the calculated distance is short, and requesting the full text of the authentication password as the authentication information if the calculated distance is long. . Receiving an input of a user ID and a password;
Confirming the user ID and the password;
If the confirmation result of the user ID and the password is OK, obtaining own position information;
A step of transmitting a terminal ID indicating the user ID, the user ID, and the location information, and receiving a login permission notification for performing a login process according to the determination result to the processor for executing the login permission determination. Program to let you. A program according to claim 25, wherein
A program for causing a processor to further execute a step of requesting input of authentication information corresponding to the position information when performing login processing in response to the login permission notification. The program according to claim 26, wherein
If the distance between the position information and the predetermined position information is less than or equal to a predetermined threshold, requesting input of a simple password as the authentication information;
A program for causing a processor to further execute a step of requesting input of a normal password as the authentication information if a distance between the position information and the predetermined position information is not less than a predetermined threshold. The program according to claim 26, wherein
If the distance between the position information and the predetermined position information is short, requesting a part of an authentication password as the authentication information;
A program for causing a processor to further execute a step of requesting input of the full text of the authentication password as the authentication information if the distance between the position information and the predetermined position information is long. A program according to any one of claims 25 to 28, wherein
When starting up and when returning from the sleep state, the user ID and the password are requested to be input, the user ID and the password are confirmed, and if the confirmation result is OK, the terminal ID, the user ID, And a program for causing the processor to further execute the step of transmitting the position information. A program according to any one of claims 25 to 29,
Transmitting the terminal ID and the position information when starting up and when returning from the sleep state;
If the terminal ID is set as “prohibit connection”, the processor further executes a step of receiving a connection prohibition notice, rejecting the input and entering a locked state, and performing a forced logoff process if logged in. Program for. A step of setting a registration terminal ID indicating a portable terminal permitting login, a registered user ID indicating a user permitting login, and registration position information indicating a location permitting login;
Receiving a terminal ID indicating a portable terminal requesting login, a user ID indicating a user of the portable terminal, and position information indicating a location of the portable terminal; and receiving the terminal ID, the user ID, and the position information; The registered terminal ID, the registered user ID, and the registered location information are compared, the terminal ID and the registered terminal ID match, the user ID and the registered user ID match, and the location information And a step of causing the processor to execute the step of transmitting the login permission notice if a comparison result between the registered location information and the registered location information meets a predetermined condition. The program according to claim 31, wherein
A program for causing a processor to further execute a step of calculating a distance between the position information and the registered position information, and changing authentication information necessary for the login process according to the calculated distance. A program according to claim 32, wherein
If the calculated distance is less than or equal to a predetermined threshold, requesting a simple password as the authentication information;
A program for causing a processor to further execute a step of requesting a normal password as the authentication information if the calculated distance is not less than a predetermined threshold. A program according to claim 32, wherein
If the calculated distance is close, requesting a part of an authentication password as the authentication information;
A program for causing a processor to further execute a step of requesting the full text of the authentication password as the authentication information if the calculated distance is long. A program according to any one of claims 31 to 34, wherein
In order to cause the processor to further execute a step of associating and setting information indicating “connection prohibited” to the registered terminal ID corresponding to the terminal ID in response to an instruction to make the portable terminal “connection prohibited” program. 36. The program according to claim 35, wherein
Receiving the terminal ID and the position information from the portable terminal when the portable terminal is activated and when the portable terminal is restored from a sleep state;
When information indicating “connection prohibited” is associated with the registered terminal ID corresponding to the terminal ID, a connection prohibition notification is transmitted to the mobile terminal, and if the mobile terminal is logged in, forced logoff processing A program for causing the processor to further execute the step of performing.

Images