[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

TW201928750A - Collation server, collation method, and computer program - Google Patents

Collation server, collation method, and computer program Download PDF

Info

Publication number
TW201928750A
TW201928750A TW107112974A TW107112974A TW201928750A TW 201928750 A TW201928750 A TW 201928750A TW 107112974 A TW107112974 A TW 107112974A TW 107112974 A TW107112974 A TW 107112974A TW 201928750 A TW201928750 A TW 201928750A
Authority
TW
Taiwan
Prior art keywords
aforementioned
login
history
database
login history
Prior art date
Application number
TW107112974A
Other languages
Chinese (zh)
Other versions
TWI769240B (en
Inventor
島津敦好
Original Assignee
日商科力思股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 日商科力思股份有限公司 filed Critical 日商科力思股份有限公司
Publication of TW201928750A publication Critical patent/TW201928750A/en
Application granted granted Critical
Publication of TWI769240B publication Critical patent/TWI769240B/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F13/00Interconnection of, or transfer of information or other signals between, memories, input/output devices or central processing units
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Information Transfer Between Computers (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Hardware Redundancy (AREA)
  • Debugging And Monitoring (AREA)

Abstract

Provided is a technology for more efficiently detecting whether an access is an illegal access or a legal access made by a legitimate user by using a so-called login history. This collation server comprises: a communication unit for receiving a login history from the outside and transmitting the received login history to a control unit; the control unit for registering the login history transmitted from the communication unit in a login history database; the login history database for holding a login history, wherein, when the transmitted login history is a success history, the control unit compares the login history with the login history held in the login history database, and when the login is not the same behavior as a past behavior of a login, transmits a massage indicating that the login is not made by a person himself/herself through the communication unit.

Description

比對伺服器、比對方法及電腦程式Comparison server, comparison method and computer program

本發明,係有關於針對使用者而提供特定之服務的各種網站所能夠利用之比對伺服器。又,係有關於由該比對伺服器所致之比對方法、以及關連之電腦程式。The present invention relates to a comparison server that can be used by various websites that provide specific services to users. It also relates to a comparison method caused by the comparison server and a related computer program.

從先前技術起,在網際網路等之網路上而對於使用者提供各種的服務之web網站(服務提供系統)係為周知。From the prior art, web sites (service providing systems) that provide various services to users on networks such as the Internet have been known.

想要對此web網站作利用的使用者,係使用所被賦予的ID和密碼,來對於web網站進行存取、登入,而能夠利用web網站來接受所期望的服務。A user who wants to use this web site uses the ID and password given to access and log in to the web site, and can use the web site to receive the desired service.

例如,對於購物商場之web網站作利用的使用者,係利用ID和密碼而對於該web網站進行登入,並移動至該web網站所提供的各頁面處,而能夠在可發現到所期望的商品之頁面處實行商品之購入。For example, for a user who uses a web site in a shopping mall, he or she logs in to the web site with an ID and password, and moves to each page provided by the web site, where he can find the desired product. Purchase of goods is carried out at the page.

在先前技術之web網站中,為了成為僅有正式之使用者能夠作利用,多數的情況係利用有ID和密碼。可以想見,藉由利用此ID和密碼,係能夠排除所謂的惡意侵入者,而能夠謀求順暢的服務之利用。In prior art web sites, in order to be used only by formal users, IDs and passwords are often used. It is conceivable that by using this ID and password, a so-called malicious intruder can be eliminated, and smooth service utilization can be achieved.

<惡意之存取>   但是,近年來,係報告有具有惡意的第3者使用不正當的手段來獲取他人的ID和密碼之事件。如此這般,當具有惡意的第3者使用(身為正式之使用者的)他人之ID和密碼而登入了web網站的情況時,僅根據該ID和密碼,係難以區分出該登入者是身為正式之使用者還是具有惡意的第3者。<Malicious Access> However, in recent years, there have been reports of malicious third parties using improper means to obtain other people's IDs and passwords. In this way, when a malicious third party logs in to a web site using the ID and password of another person (as a formal user), it is difficult to distinguish whether the logged in person is based on the ID and password alone. Being a formal user is a malicious third person.

因此,近年來,係周知有下述一般之架構:亦即是,係預先將正式之使用者所實行的登入之後之動作的資訊作記錄,並作為白名單來資料庫化。於此,作為所記錄的動作之資訊,例如,係以下述一般之資訊為理想。Therefore, in recent years, it has been known to have the following general structure: That is, information on actions performed after login by a formal user is recorded in advance, and databased as a white list. Here, as the recorded action information, for example, the following general information is ideal.

・OS   ・瀏覽器   ・語言   ・IP位址(代表正在實行存取的使用者之地理性的位置)   ・時間(進行了存取的時刻)   若是將此些之資訊作記錄並預先作為所謂的白名單(WhiteList)來建構出資料庫,則係能夠將進行了登入的使用者正在進行與平常相異之動作一事偵測出來。如此這般,對於進行與平常相異之動作的使用者,為了確認其並非身為具有惡意的之第3者,較理想,係實行追加認證。例如,係對於使用者之行動電話或智慧型手機等,而送出「現在係正使用您的ID而進行對於以下之web網站的存取。此存取是否為由您本人所進行者。若並非如此,請按下(觸碰)NO按鍵」一般之訊息,當「NO按鍵」被按下(被觸碰)的情況時,係可判斷正在進行存取者並非為正式之使用者而是具有惡意的第3者。之後,係可採取立即將該使用者之存取切斷的處理。・ OS ・ Browser ・ Language ・ IP address (represents the geographical location of the user who is accessing) 时间 ・ Time (the time when the access was made) If this information is recorded and previously called white The list (WhiteList) to build a database is able to detect that the logged-in user is doing something different from usual. In this way, it is desirable that a user performing an operation different from usual to perform additional authentication in order to confirm that the user is not a malicious third person. For example, for a user ’s mobile phone or smartphone, the message “Now you are using your ID to access the following web sites. Is this access by yourself? If not In this way, please press (touch) the "NO button" general message. When the "NO button" is pressed (touched), it can be determined that the accessing user is not an official user but has Malicious third person. After that, it is possible to take the processing of cutting off the user's access immediately.

例如,係可列舉出從與平常相異之其他的場所(IP位址)而進行了存取的情況、或是從與平常相異之個人電腦(OS、瀏覽器)而進行了存取的情況等。於此種情況時,追加認證係被實行,並確認是否為正式之使用者(亦被稱作本人確認)。又,白名單,多係基於由該正式之使用者所致的過去之數十次之程度的存取來建構,但是,也會有更少的情況(數次),亦會有更多的情況(數百次)。進而,白名單,也會有構成為在每次正式之使用者進行存取時會被置換為新的資訊而被作更新的情況。又,同樣的,亦利用有將惡意第3者之資料作為黑名單來建構的方法。可以想見,若是使用此些之白名單或黑名單,則係能夠對於惡意第3者和正式之使用者有效率地作區分。For example, there are cases where access is made from a place (IP address) different from usual, or access is made from a personal computer (OS, browser) different from usual. Situation, etc. In this case, additional authentication is implemented and it is confirmed whether or not the user is a formal user (also referred to as personal identification). In addition, the white list is mostly constructed based on the past dozens of times of access by the formal user, but there will be fewer cases (several times), and there will be more Situation (hundreds of times). Furthermore, the white list may be configured to be replaced with new information and updated every time a formal user accesses it. Also, similarly, a method of constructing a malicious third party's data as a blacklist is also used. It is conceivable that if these whitelists or blacklists are used, they can effectively distinguish between malicious third parties and formal users.

先前專利文獻例如,在下述專利文獻1中,係揭示有一種使用白名單和黑名單來對於內容之資訊進行檢索的裝置。在該文獻中,係記載有:藉由使用兩名單,隱私係被保護。In the prior patent documents, for example, Patent Document 1 below discloses a device for retrieving content information using a white list and a black list. In this document, it is stated that by using two lists, privacy is protected.

又,例如,在下述專利文獻2中,係揭示有一種使用白名單和黑名單來對於對web網站之存取作控制的存取控制系統。又,例如,在下述專利文獻3中,係揭示有一種對於針對對記憶媒體之存取作限制的架構而作了特殊設計之記憶媒體。在該架構中,係利用有白名單、黑名單。 [先前技術文獻] [專利文獻]In addition, for example, Patent Document 2 below discloses an access control system that uses a white list and a black list to control access to a web site. In addition, for example, Patent Document 3 below discloses a memory medium specially designed for a structure that restricts access to the memory medium. In this architecture, a white list and a black list are used. [Prior Art Literature] [Patent Literature]

[專利文獻1] 日本特開2012-159939號公報   [專利文獻2] 日本特開2011-3132號公報   [專利文獻3] 日本特開2011-248474號公報[Patent Document 1] Japanese Patent Application Publication No. 2012-159939 939 [Patent Document 2] Japanese Patent Application Publication No. 2011-3132 [Patent Literature 3] Japanese Patent Application Publication No. 2011-248474

[發明所欲解決之課題][Problems to be Solved by the Invention]

如此這般,在先前技術之web網站中,係將正式使用者之存取的動作之資訊作為白名單而預先作記錄,並對於進行與此白名單大幅度相異之動作的使用者而適宜進行有追加認證。In this way, in the prior art web site, the information of actions accessed by regular users is recorded as a white list in advance, and it is suitable for users who perform actions that are significantly different from this white list. Perform additional certification.

但是,具有惡意的第3者,當然會巧妙地偽裝成正式之使用者本人,因此,一般而言也會有難以看穿此事的情形。故而,也多會有依循於安全措施之擔任者的經驗法則來作對應的情況。例如,也會有依據像是「在金融機關之web網站中的從存款帳戶所進行之到達提款金額限度之存款的提款,其身為具有惡意的第3者之可能性係為高」等等的經驗法則而發現到具有惡意之第3者的情況。However, a malicious third person will of course cleverly disguise himself as a formal user. Therefore, it is generally difficult to see through the matter. Therefore, it is often the case to follow the rules of thumb of the person in charge of security measures to respond. For example, there may also be a basis such as "Withdrawal of a deposit made from a deposit account in a financial institution's web site to the limit of the withdrawal amount, the probability of being a malicious third party is high" The rule of thumb and so on found the situation of a malicious third person.

進而,ID和密碼,係亦多會有對於複數之web網站而使用共通的ID和密碼的情況。於此情況,當1組的ID以及密碼被具有惡意的第3者不正當地取得的情況時,有時也會發現到對於複數之web網站而連續地實行有不正當之存取的情況。於此種情況,可以想見,當檢測出對於某一個的web網站所進行之不正當存取的情況時,將該資訊對於其他之web網站的業者作提供一事,對於對起因於上述之利用共通之ID和密碼一事所導致的連續之不正當存取作防止而言係為有效。Furthermore, IDs and passwords are often used in common for multiple web sites. In this case, when a group of IDs and passwords are obtained improperly by a malicious third person, it is sometimes found that unauthorized access to a plurality of web sites is continuously performed. In this case, it is conceivable that when an unauthorized access to a certain web site is detected, the information is provided to the operators of other web sites, and to the use caused by the above. The continuous unauthorized access caused by the common ID and password is effective for prevention.

本案發明者,係針對此種架構,而在2016年5月3日進行有日本特願2016-092850(以下,稱作先行專利申請)之專利申請。在由本案發明者所致之此先行專利申請中,係提案有一種架構,其係並不僅是使用白名單,而亦使用黑名單,來有效率地檢測出不正當的存取,並將此結果作共有。The inventor of this case is for such a structure, and on May 3, 2016, he filed a patent application with Japanese Patent Application No. 2016-092850 (hereinafter referred to as the prior patent application). In this prior patent application by the inventor of this case, the proposal has a structure that not only uses a white list but also a black list to efficiently detect improper access, and The results are shared.

白名單和黑名單等,係為對於進行了存取者之資訊作記錄者,並被認為能夠基於此些來使關於進行了存取的使用者是否為正式使用者一事的偵測成為更加有效率。但是,根據經驗,係得知了,惡意地進行存取的人物,係會進行像是對於同一網站而反覆進行多次的失敗存取一般之與正式之使用者明顯不同的行為。Whitelists and blacklists are used to record the information of those who have accessed them, and it is considered that based on this, it is possible to make the detection of whether the accessed users are regular users more accurate. effectiveness. However, according to experience, it has been learned that a maliciously accessed person will behave like a failed access repeatedly for the same website, which is generally significantly different from a formal user.

於此,白名單和黑名單,係為進行了存取的人物之人物狀態、靜態之資料,而幾乎不具備有像是正在進行何種登入行為(履歷)、至今為止實行了何種的登入動作之類的相關於「登入履歷」、「行為」之資訊。Here, the white list and black list are the character status and static data of the person who has accessed, and they hardly have any login behavior (resume), and what login has been implemented so far. Information such as actions related to "login history" and "behavior".

因此,較理想,係採用除了上述白名單、黑名單之外,亦進而使用所謂的登入歷史,來基於進行了存取的人物之行為,而判斷其係身為正式使用者或是惡意的存取者之架構,但是,至今為止係尚未出現有此種架構。Therefore, it is better to use the so-called login history in addition to the above white list and black list to judge whether the user is a formal user or a malicious user based on the behavior of the person who accessed it. The structure of the winner, but so far no such structure has appeared.

本發明,係為為有鑑於上述課題所進行者,其目的,係在於提供一種利用所謂的登入歷史來對於該存取是身為不正當之存取或者是身為由正式使用者所致之正當之存取一事更有效率地偵測出來之技術。 [用以解決課題之手段]The present invention has been made in view of the above-mentioned problems, and an object thereof is to provide a use of a so-called login history to make the access as an unauthorized access or as a result of a regular user. The technology of legitimate access is more efficiently detected. [Means to solve the problem]

(1)本發明,係為了解決上述課題,而身為一種比對伺服器,其係具備有:通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和前述登入歷史資料庫,係保持前述登入履歷,該比對伺服器,其特徵為:前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,係將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較,當前述登入與至今為止之登入的行為並非為相同之行為時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊。(1) The present invention is a comparison server for solving the above-mentioned problems. The server includes a communication unit, which is a communication unit that communicates with the outside, and receives a login history from the outside. And send the message to the control department; and the aforementioned control department is used to register the login history sent from the aforementioned communications department in the login history database; and the aforementioned login history database is to maintain the aforementioned login history, the The comparison server is characterized in that the aforementioned control unit compares the aforementioned log-in history with the log-in history held in the aforementioned log-in history database when the log-in history sent from the former is a successful log. When the aforementioned login behavior is not the same as the previous login behavior, it will send a message representing the content that does not look like itself through the aforementioned communication department.

(2)又,本發明,係在(1)所記載之比對伺服器中,更進而具備有:黑名單資料庫,係保持惡意之駭客的資訊,前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,係將前述登入履歷,與前述黑名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為惡意駭客的內容之訊息,經由前述通訊部來作送訊。(2) Furthermore, the present invention is provided in the comparison server described in (1), and further includes: a blacklist database, which holds information of malicious hackers, and the control unit, when the above is sent In the case where the login history is a successful one, the aforementioned login history is compared with the registered content of the aforementioned blacklist database. When the same information exists, it will represent the content as a malicious hacker. The information is sent through the aforementioned communication department.

(3)又,本發明,係在(1)所記載之比對伺服器中,更進而具備有:白名單資料庫,係保持正式之使用者的資訊,前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,係將前述登入履歷,與前述白名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為正式之使用者的內容之訊息,經由前述通訊部來作送訊。(3) The present invention is based on the comparison server described in (1), and further includes: a whitelist database, which holds information of formal users, and the aforementioned control unit, when the aforementioned information is sent When the log-in history is a successful one, the aforementioned log-in history is compared with the log-in content of the aforementioned white list database, and when the same information exists, it will represent the official user. The content information is sent through the aforementioned communication department.

(4)本發明,係為了解決上述課題,而身為一種比對伺服器,其係具備有:通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和前述登入歷史資料庫,係保持前述登入履歷;和黑名單資料庫,係保持惡意之駭客的資訊;和白名單資料庫,係保持正式之使用者的資訊,該比對伺服器,其特徵為:前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,係將前述登入履歷,與前述黑名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為惡意駭客的內容之訊息,經由前述通訊部來作送訊,當與前述黑名單資料庫之登錄內容作比較後的結果,係並不存在有同樣之資料的情況時,係將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較,當與前述登入歷史資料庫之登錄內容作比較後的結果,前述登入與至今為止之登入的行為並非為相同之行為時,將前述登入履歷,與前述白名單資料庫之登錄內容作比較,當與前述白名單資料庫之登錄內容作比較後的結果,係存在有同樣之資料的情況時,將代表身為正式之使用者的內容之訊息,經由前述通訊部來作送訊,當並不存在有同樣之資料的情況時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊。(4) The present invention is a comparison server for solving the above-mentioned problems. The server includes a communication unit, which is a communication unit that communicates with the outside, and receives a login history from the outside. And send the message to the control department; and the aforementioned control department is registered in the login history database from the login history sent from the aforementioned communication department; and the aforementioned login history database is to maintain the aforementioned login history; and The blacklist database is used to keep information of malicious hackers; and the whitelist database is used to keep information of formal users. The comparison server is characterized by the aforementioned control unit when the aforementioned is sent. When the log-in history is a successful one, the aforementioned log-in history is compared with the log-in content of the aforementioned blacklist database, and when there is the same information, the message representing the content as a malicious hacker will be Send the message through the aforementioned communication department. When the result of comparison with the registered content of the blacklist database does not exist the same information, the aforementioned login history is compared with Compare the log-in history held in the log-in history database, and compare the log-in history with the log-in content in the log-in history database, if the log-in behavior and the log-in behavior so far are not the same, Compared with the registered content of the aforementioned white list database, when compared with the registered content of the aforementioned white list database, when the same information exists, it will be a message representing the content of the official user Send the message through the aforementioned communication department. When the same information does not exist, the message representing the content that does not look like me will be sent through the aforementioned communication department.

(5)又,本發明,係在(2)或(4)所記載之比對伺服器中,具備有下述特徵:亦即是,前述通訊部,係從外部而受訊黑名單登錄要求,並對於前述控制部作送訊,前述控制部,係將在從前述通訊部所送訊來之黑名單登錄要求中所包含的惡意駭客之資訊,登錄在前述黑名單資料庫中。(5) In the present invention, the comparison server described in (2) or (4) has the following characteristics: That is, the aforementioned communication unit receives a blacklist registration request from the outside. And send a message to the aforementioned control department, which is to register the information of the malicious hacker included in the blacklist registration request sent from the aforementioned communications department to the aforementioned blacklist database.

(6)又,本發明,係在(3)或(4)所記載之比對伺服器中,具備有下述特徵:亦即是,前述通訊部,係從外部而受訊白名單登錄要求,並對於前述控制部作送訊,前述控制部,係將在從前述通訊部所送訊來之白名單登錄要求中所包含的正式之使用者之資訊,登錄在前述白名單資料庫中。(6) In the present invention, the comparison server described in (3) or (4) has the following characteristics: That is, the aforementioned communication unit receives a whitelist registration request from the outside. And send a message to the aforementioned control department. The aforementioned control department will register the official user information included in the whitelist registration request sent from the aforementioned communications department to the aforementioned whitelist database.

(7)本發明,係為了解決上述課題,而身為一種比對方法,其係使用比對伺服器,來比對登入履歷是否像是本人,該比對伺服器,係具備有:通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和前述登入歷史資料庫,係保持前述登入履歷,該比對方法,其特徵為,係包含有:使前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較,當前述登入與至今為止之登入的行為並非為相同之行為時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊之步驟。(7) The present invention is a comparison method in order to solve the above-mentioned problem. It uses a comparison server to compare whether the login history looks like the person. The comparison server includes: a communication department. , Is the communication department for communication with the outside, and receives the login history from the outside, and sends it to the control department; and the aforementioned control department, is the login history sent from the aforementioned communication department It is registered in the login history database; and the aforementioned login history database is to maintain the aforementioned login history, and the comparison method is characterized in that: the aforementioned control unit, when the aforementioned login history is sent, In the case of a successful resume, compare the previous login history with the previous login history maintained in the previous login history database. When the previous login and the previous login are not the same behavior, the representative will not look like himself The information of the content is sent through the aforementioned communication department.

(8)本發明,係為了解決上述課題,而身為一種比對方法,其係使用比對伺服器,來比對登入履歷是否像是本人,該比對伺服器,係具備有:通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和前述登入歷史資料庫,係保持前述登入履歷;和黑名單資料庫,係保持惡意之駭客的資訊;和白名單資料庫,係保持正式之使用者的資訊,該比對伺服器,其特徵為,係包含有:使前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,將前述登入履歷,與前述黑名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為惡意駭客的內容之訊息,經由前述通訊部來作送訊之步驟;和使前述控制部,當與前述黑名單資料庫之登錄內容作比較後的結果,係並不存在有同樣之資料的情況時,將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較之步驟;和使前述控制部,當與前述登入歷史資料庫之登錄內容作比較後的結果,前述登入與至今為止之登入的行為並非為相同之行為時,將前述登入履歷,與前述白名單資料庫之登錄內容作比較之步驟;和使前述控制部,當與前述白名單資料庫之登錄內容作比較後的結果,係存在有同樣之資料的情況時,將代表身為正式之使用者的內容之訊息,經由前述通訊部來作送訊,當並不存在有同樣之資料的情況時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊之步驟。(8) The present invention is a comparison method in order to solve the above-mentioned problems. It uses a comparison server to compare whether the login history looks like himself. The comparison server includes: a communication department , Is the communication department for communication with the outside, and receives the login history from the outside, and sends it to the control department; and the aforementioned control department, is the login history sent from the aforementioned communication department Registered in the login history database; and the aforementioned login history database, which maintains the aforementioned login history; and the blacklist database, which maintains information of malicious hackers; and the whitelist database, which maintains information of formal users The comparison server is characterized in that it includes: enabling the foregoing control unit to, when the login history sent from the message is a successful history, compare the login history with the blacklist database. The registered content is compared. When the same information exists, the message representing the content as a malicious hacker will be sent through the aforementioned communication department; and the aforementioned control department should be compared with the aforementioned information. The result of comparing the registered contents of the list database is the step of comparing the aforementioned log-in history with the log-in history held by the aforementioned log-in history database when the same information does not exist; and the aforementioned control unit When comparing with the login content of the aforementioned login history database, when the aforementioned login and the previous login behavior are not the same, compare the aforementioned login history with the aforementioned login content of the whitelist database. Steps; and when the aforementioned control unit compares the registered content with the aforementioned white list database, when the same information exists, it will send a message representing the content as a formal user via the aforementioned communication If the same information does not exist, it will be a message that does not look like the content of the person, and the communication step will be used to send the message.

(9)本發明,係為了解決上述課題,而身為一種電腦程式,其係使電腦作為比對伺服器而動作,該比對伺服器,係具備有:通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和前述登入歷史資料庫,係保持前述登入履歷,該電腦程式,其特徵為,係使前述電腦實行下述程序:使前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較,當前述登入與至今為止之登入的行為並非為相同之行為時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊之程序。(9) The present invention is a computer program for solving the above-mentioned problems, and it is a computer program that operates a computer as a comparison server. The comparison server is provided with a communication unit for performing communication with an external device. The communication department of the intermediary communication, and receives the login history from the outside, and sends it to the control department; and the aforementioned control department, the login history sent from the aforementioned communication department is registered in the login history database ; And the aforementioned login history database, which maintains the aforementioned login history, the computer program is characterized by causing the aforementioned computer to execute the following procedure: making the aforementioned control unit, when the aforementioned logged-in history is sent, a successful resume In the case of the above, compare the aforementioned log-in history with the log-in history held by the aforementioned log-in history database. When the aforementioned log-in behavior and the previous log-in behavior are not the same behavior, the representative does not look like the content The message is transmitted through the aforementioned communication department.

(10)本發明,係為了解決上述課題,而身為一種電腦程式,其係使電腦作為比對伺服器而動作,該比對伺服器,係具備有:通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和前述登入歷史資料庫,係保持前述登入履歷;和黑名單資料庫,係保持惡意之駭客的資訊;和白名單資料庫,係保持正式之使用者的資訊,該電腦程式,其特徵為,係使前述電腦實行下述程序:使前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,將前述登入履歷,與前述黑名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為惡意駭客的內容之訊息,經由前述通訊部來作送訊之程序;和使前述控制部,當與前述黑名單資料庫之登錄內容作比較後的結果,係並不存在有同樣之資料的情況時,將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較之程序;和使前述控制部,當與前述登入歷史資料庫之登錄內容作比較後的結果,前述登入與至今為止之登入的行為並非為相同之行為時,將前述登入履歷,與前述白名單資料庫之登錄內容作比較之程序;和使前述控制部,當與前述白名單資料庫之登錄內容作比較後的結果,係存在有同樣之資料的情況時,將代表身為正式之使用者的內容之訊息,經由前述通訊部來作送訊,當並不存在有同樣之資料的情況時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊之程序。 [發明之效果](10) The present invention is a computer program for solving the above-mentioned problems, and it is a computer program that operates a computer as a comparison server. The comparison server is provided with a communication unit for performing communication with an external device. The communication department of the intermediary communication, and receives the login history from the outside, and sends it to the control department; and the aforementioned control department, the login history sent from the aforementioned communication department is registered in the login history database ; And the aforementioned login history database, which maintains the aforementioned login history; and the blacklist database, which maintains information of malicious hackers; and the whitelist database, which maintains information of formal users, the computer program, its characteristics In order to make the aforementioned computer execute the following procedure: to make the aforementioned control unit compare the aforementioned logged-in history with the logged-in content of the blacklist database when the logged-in history sent by it is a successful one. , When the same information exists, the message representing the content as a malicious hacker will be transmitted through the aforementioned communication department; and the aforementioned control unit shall be The result of comparing the registered contents of the list database is a procedure for comparing the aforementioned log-in history with the log-in history held by the aforementioned log-in history database when the same information does not exist; and the aforementioned control department When comparing with the login content of the aforementioned login history database, when the aforementioned login and the previous login behavior are not the same, compare the aforementioned login history with the aforementioned login content of the whitelist database. Procedures; and when the aforementioned control unit compares the registered content with the aforementioned white list database, when the same information exists, it will send a message representing the content as a formal user through the aforementioned communication If the same information does not exist, it will represent the information that does not look like the content of the person, and the communication process will be performed through the aforementioned communication department. [Effect of the invention]

如此這般,若依據本發明,則由於係建構出使用登入歷史而判斷是否身為正式之使用者的架構,因此,係成為能夠將由被判斷為並非為正式之使用者的使用者所致之存取更有效率地檢測出來。In this way, according to the present invention, since it is a framework for judging whether the user is a formal user using the login history, it is possible to be caused by a user who is judged as not being a formal user. Accesses are detected more efficiently.

以下,根據圖面,對本發明之合適之實施形態作說明。 實施形態1 1-1.基本構成   本實施形態1,係對於複數之網站利用共通之比對伺服器來判斷對於自身網站進行存取的使用者是否為正式之使用者的例子作說明。在圖1中,係對於此種複數之網站(例如購物商場)對於共通之比對伺服器20作利用的例子作展示。Hereinafter, a preferred embodiment of the present invention will be described with reference to the drawings. Embodiment 1 1-1. Basic Structure This embodiment 1 describes an example in which a common comparison server is used for a plurality of websites to determine whether a user accessing the own website is an official user. In FIG. 1, an example in which such a plurality of websites (for example, shopping malls) use the common comparison server 20 is shown.

在圖1中,駭客8,係為具有惡意的駭客,而並非為正式之使用者,但是,係使用偽裝成正式之使用者等的不正當之手段,來嘗試對於網站10a、10b、10c、10d等進行存取。In Figure 1, hacker 8 is a malicious hacker, not a formal user. However, it uses unfair means such as masquerading as a formal user to try for websites 10a, 10b, 10c, 10d, etc. for access.

駭客8,係對於經由網際網路等之網路所提供的網站10a、10b、10c、10d而嘗試進行不正當的存取。例如,駭客8,係使用清單(list)型攻擊或偽裝等的手法而嘗試進行不正當存取。   偽裝,係為偽裝成他人而對於特定之網站或服務進行存取並奪取的手法,近年來,亦多所利用有被稱作所謂的清單型攻擊的手段。Hacker 8 attempts to gain unauthorized access to the websites 10a, 10b, 10c, and 10d provided through a network such as the Internet. For example, Hacker 8 uses a list-type attack or disguise to attempt unauthorized access. Masquerading is a method of accessing and capturing specific websites or services in order to disguise as others. In recent years, a method called a so-called list-type attack has also been used.

清單型攻擊,係為對於各種的網站或服務而奪取其之使用者之帳戶的攻擊手法之其中一種。例如,係為使用從其他的服務或系統所流出的帳戶資訊來對於該服務或網站嘗試進行登入的手法。此係為對於多數的使用者會在複數之網站或服務中利用相同的帳戶名稱與密碼一事作了利用的攻擊手法,而為使用從某一個的網站所流出的帳戶名稱(ID)和密碼來對於其他網站嘗試侵入的手法。若是使用有相同的帳戶名稱(ID)和密碼,則在該其他網站中,使用者的帳戶會被奪取。清單型攻擊,係亦被稱作密碼清單攻擊、清單型帳戶駭侵、帳戶清單攻擊等。List-type attacks are one of the methods of attacking users' accounts against various websites or services. For example, it is a method of using the account information from other services or systems to try to log in to that service or website. This is an attack method in which most users use the same account name and password on multiple websites or services, and use the account name (ID) and password issued from a certain website to For other websites trying to hack. If the same account name (ID) and password are used, the user's account will be seized from other websites. List-type attacks are also known as password list attacks, list-type account hacking, and account-list attacks.

1-2.動作   在圖1之例中,駭客8,係獲取正式之使用者的ID和密碼(PW),並使用此資訊來利用清單型攻擊而對於網站10a、10b、10c、10d嘗試進行不正當的存取。   比對伺服器20,係從各網站10(a~d)而受訊在各網站10a、10b、10c、10d處的登入之資訊(登入履歷),並記憶在內部的登入歷史中。在本實施形態1中之特徵性的構成,係在於此比對伺服器20,由於係藉由將從各網站10(a~c)而來之登入履歷作積蓄,來代替各網站10(a~c)而判斷進行了存取的人物作為正式使用者是否有所疑慮(並不像是本人),因此,對於各網站10(a~c)而言係為便利。1-2. Action In the example in Figure 1, Hacker 8 obtains the official user ID and password (PW), and uses this information to use a list-type attack to try on websites 10a, 10b, 10c, and 10d. Make unauthorized access. The comparison server 20 receives the login information (login history) of each of the websites 10a, 10b, 10c, and 10d from each website 10 (a to d), and stores it in the internal login history. The characteristic structure in the first embodiment lies in the comparison server 20, because the login history from each website 10 (a to c) is accumulated instead of each website 10 (a ~ c) to determine whether or not the person who has accessed has any doubt as a regular user (not like himself). Therefore, it is convenient for each website 10 (a to c).

如同圖1中所示一般,比對伺服器20,係具備有通訊部22、和控制部24、和登入歷史資料庫26、以及黑名單資料庫28。登入歷史資料庫26,係為藉由從外部之各種的網站而來之指示、依賴,而記憶對於該網站之登入的歷史(登入履歷)者。登入履歷,係包含登入為成功的情況和失敗的情況地而作記憶。As shown in FIG. 1, the comparison server 20 includes a communication unit 22, a control unit 24, a login history database 26, and a blacklist database 28. The log-in history database 26 is a person who memorizes the log-in history (log-in history) of the log-in to the website through instructions and dependencies from various external websites. The log-in history includes the situations where the login is successful and the failure.

通訊部22,係為經由網際網路等之網路來與外部之各種網站等進行通訊的介面,而亦可利用網際網路以外之通訊手段,亦可為利用所謂的(行動)電話網路之通訊介面。通訊部22,係相當於申請專利範圍之通訊部的合適之其中一例。The communication unit 22 is an interface for communicating with various external websites and the like through a network such as the Internet, and may also use a communication means other than the Internet, or a so-called (mobile) telephone network. Communication interface. The communication unit 22 is an appropriate example of the communication unit corresponding to the scope of patent application.

控制部24,係為掌管比對伺服器20之動作的手段,具體而言,係對於登入歷史資料庫26和黑名單資料庫28之記憶作控制,並實行關連於此些之資料庫的各種之動作。例如,係可由CPU和該CPU所實行之程式來構成。該程式,係為記述有比對伺服器20所實行之處理的程式。又,該程式,係相當於申請專利範圍之電腦程式的合適之其中一例。The control unit 24 is a means for controlling the operation of the comparison server 20, specifically, it controls the memory of the login history database 26 and the blacklist database 28, and implements a variety of related databases. Action. For example, it may be constituted by a CPU and a program executed by the CPU. This program is a program describing the processing executed by the comparison server 20. This program is an appropriate example of a computer program equivalent to the scope of patent application.

登入歷史資料庫26,係為從比對伺服器20所支援的網站10(a~d)而記憶當使用者(或者是惡意的駭客8)進行了登入時的登入之資訊(登入履歷(登入歷史))的資料庫。   黑名單資料庫28,係為記憶被判斷為具有惡意的駭客8之對象之資訊的資料庫。   登入歷史資料庫26和黑名單資料庫28,均可藉由例如硬碟等之記憶手段來構成。又,亦可使用半導體記憶裝置或光學式之記憶裝置來構成。又,登入歷史資料庫26,係相當於申請專利範圍之登入歷史資料庫的合適之其中一例。又,黑名單資料庫28,係相當於申請專利範圍之黑名單資料庫的合適之其中一例。The login history database 26 is for memorizing the login information (login history (login history) when the user (or malicious hacker 8) has logged in from the websites 10 (a to d) supported by the comparison server 20. Login History)). The blacklist database 28 is a database for memorizing the information of the target of the hacker 8 judged to be malicious. (2) Both the log-in history database 26 and the blacklist database 28 can be constituted by a memory means such as a hard disk. It may also be configured using a semiconductor memory device or an optical memory device. The log-in history database 26 is an appropriate example of the log-in history database corresponding to the scope of patent application. The blacklist database 28 is an appropriate example of a blacklist database corresponding to the scope of patent applications.

登入   網站10a,係為使用者有定期性地變更密碼之網站10a,其結果,駭客8,係成為使用對於該網站10a而言為舊的ID和密碼,登入係失敗。如此一來,網站10a,係將該登入為失敗的登入失敗履歷,送訊至比對伺服器20處。比對伺服器20,係將被送訊而來的登入失敗履歷(登入履歷(登入歷史)),記憶在其之內部的登入歷史資料庫26中。Login Website 10a is a website 10a where users regularly change their passwords. As a result, Hacker 8 uses an ID and password that are old for the website 10a, and login fails. In this way, the website 10a sends the login failure history to the comparison server 20. The comparison server 20 stores the log-in failure history (log-in history (log-in history)) sent to the server 20 and stores the log-in history (log-in history) in it.

網站10b,亦與網站10a相同的,係為使用者有頻繁地更新密碼之網站10b,其結果,駭客8,係成為使用對於該網站10b而言為舊的ID和密碼,登入係失敗。如此一來,網站10b,係與網站10a同樣的,將該登入為失敗的登入失敗履歷,送訊至比對伺服器20處。比對伺服器20,係將被送訊而來的登入動作(登入履歷),記憶在其之內部的登入歷史資料庫26中。The website 10b, which is the same as the website 10a, is a website 10b in which users frequently update their passwords. As a result, the hacker 8 uses an ID and password that are old for the website 10b, and login fails. In this way, the website 10b is the same as the website 10a, and sends the login as a failed login failure history to the comparison server 20. The comparison server 20 is a login operation (login history) to be transmitted, and is stored in the login history database 26 therein.

網站10c,係與網站10a、10b相異,使用者並未頻繁地更新密碼,其結果,駭客8,係流用從他處所流出的正式使用者之ID和密碼並適用於該網站10c處,登入係成功。如此一來,在網站10c處,駭客8係成功登入。不論登入為成功或失敗,各網站10(a~d)均係將登入之資訊送訊至比對伺服器20處。網站10c,雖然登入為成功,但是亦與上述網站10a、10b相同地,將由駭客8所致之登入動作送訊至比對伺服器20處,比對伺服器20係將登入履歷記憶在登入歷史資料庫26中。The website 10c is different from the websites 10a and 10b, and the user does not frequently update the password. As a result, the hacker 8 uses the ID and password of the official user flowing out from other places and applies to the website 10c. Login was successful. In this way, at the website 10c, the hacker 8 series successfully logged in. Regardless of whether the login is successful or failed, each website 10 (a ~ d) sends the login information to the comparison server 20. The website 10c, although the login is successful, is also the same as the above websites 10a and 10b, and sends the login action caused by the hacker 8 to the comparison server 20, and the comparison server 20 stores the login history in the login History database 26.

由比對伺服器20所致之登入履歷之檢查   比對伺服器20,不論被送訊而來的登入履歷係為登入失敗履歷或者是成功履歷,均係逐次記憶在登入歷史資料庫26中。   如同於上所述一般,在網站10c處,藉由正確的ID和密碼,本人認證係成功,登入係成功。而,網站10c,係將該登入(成功)履歷送訊至比對伺服器20處。   於圖3、圖4之流程圖中,係記載有當登入履歷被送訊過來的情況時之比對伺服器20之動作。Check of the login history by the comparison server 20 The comparison server 20, regardless of whether the login history sent is a login failure history or a success history, is sequentially stored in the login history database 26. As mentioned above, at the website 10c, with the correct ID and password, my authentication is successful and the login is successful. The website 10c sends the login (success) history to the comparison server 20. The flowcharts in FIGS. 3 and 4 describe the operation of the comparison server 20 when the log-in history is sent.

在圖3之步驟S3-1中,首先,當登入履歷被從特定之網站10(a~c)而送訊過來的情況時,通訊部22係受訊此登入履歷並送至控制部24處。   在步驟S3-2中,控制部24,係將被送來的登入履歷依序儲存在登入歷史資料庫26中。   在步驟S3-3中,控制部24,係觀察被送來的登入履歷,並判斷該登入履歷是否為成功履歷。判斷之結果,當身為成功履歷的情況時,係移行至步驟S3-4,當身為失敗履歷的情況時,則係結束處理。In step S3-1 of FIG. 3, first, when the login history is sent from a specific website 10 (a to c), the communication unit 22 receives the login history and sends it to the control unit 24. . (2) In step S3-2, the control unit 24 sequentially stores the login history sent to the login history database 26. In step S3-3, the control unit 24 observes the login history that is sent and determines whether the login history is a successful history. As a result of the judgment, when it is a case of a successful history, the process proceeds to step S3-4, and when it is a case of a failed history, the process is ended.

在步驟S3-4中,控制部24,係將被送來的登入履歷與黑名單資料庫28之登錄內容作比較。   在步驟S3-5中,當在上述步驟S3-4中之比較的結果,係登錄有相同之資料的情況時,由於係能夠判斷進行了存取的人物係為具有惡意的存取者,因此,係移行至步驟S3-6。另一方面,當並未登錄有相同之資料的情況時,係移行至圖4之步驟S4-1。In step S3-4, the control unit 24 compares the sent login history with the registered content of the blacklist database 28. In step S3-5, when the result of the comparison in the above step S3-4 is the case where the same data is registered, it is possible to determine that the person who has accessed is a malicious accessor, so , Go to step S3-6. On the other hand, when the same data is not registered, the process proceeds to step S4-1 in FIG. 4.

在步驟S3-6中,控制部24,係將代表身為具有惡意的駭客之內容的訊息,經由通訊部22來送訊至將登入履歷送訊過來的網站10(a~d)處。之後,使處理結束。其結果,該網站10(a~d),係能夠實行登入之拒絕,而能夠防止具有惡意的存取。   在圖1所示之例中,針對當網站10c將登入成功履歷送訊過來的情況時,於圖3之步驟S3-5中,同樣的資料尚未被登錄在黑名單資料庫28中的情況之動作作說明。於此情況,在步驟S3-5中,由於在黑名單資料庫28中係並未登錄有與進行了存取的人物相同之資料,因此,係移行至圖4之步驟S4-1。In step S3-6, the control unit 24 sends a message representing the content as a malicious hacker to the website 10 (a to d) that sent the login history via the communication unit 22. After that, the processing is ended. As a result, the website 10 (a to d) is able to perform login rejection and prevent malicious access. In the example shown in FIG. 1, when the website 10c sends the login success history to the case, in step S3-5 of FIG. 3, the same data has not been registered in the blacklist database 28. The action is explained. In this case, in step S3-5, since the same information as the person who has accessed is not registered in the blacklist database 28, the process proceeds to step S4-1 in FIG. 4.

在圖4之步驟S4-1中,控制部24,係從登入歷史資料庫26,而對於送出了被送過來的登入履歷之網站的至今為止之登入履歷作參照。   接著,在步驟S4-2中,係對於所參照的至今為止之登入履歷之登入的模樣,與此次之登入(成功)履歷作比較,並判斷登入動作之行為是否為與至今為止相同。判斷的結果,當與至今為止之登入動作的行為相異的情況時,係判斷為並不像是本人(正式之使用者),並移行至步驟S4-3。另一方面,判斷的結果,當與至今為止之登入動作的行為相同的情況時,係結束登入履歷之檢查的動作,並結束登入履歷之記憶動作。之後,係成為等待下一個的登入履歷被送訊過來之狀態。   行為的判斷,係可利用各種的手法。係亦可將所注目的登入動作與登入歷史資料庫26中之內容作比較,並將一致、類似之參數為多的情況,判斷為行為為相同(共通、類似)。又,若是多數的參數為一致、類似、共通,則就算是發現到1個的大幅相異之參數,亦可判斷為相同的行為。又,係亦可因應於參數的種類來設定權重。In step S4-1 of FIG. 4, the control unit 24 refers to the login history of the website from which the login history has been sent from the login history database 26. Next, in step S4-2, the login appearance of the referenced login history so far is compared with the current login (success) history, and it is determined whether the behavior of the login action is the same as so far. When the result of the judgment is different from the behavior of the login operation so far, it is judged that the person (the official user) does not seem to be the same, and the process proceeds to step S4-3. On the other hand, when the result of the judgment is the same as the behavior of the previous login operation, it is the operation of ending the check of the login history and ending the memory operation of the login history. After that, it is in a state waiting for the next login history to be sent. Judgment of behavior can use various methods. It is also possible to compare the noticed login action with the contents in the login history database 26, and judge that the behavior is the same (common, similar) when there are many consistent and similar parameters. In addition, if the majority of parameters are consistent, similar, and common, even if one parameter that is significantly different is found, the same behavior can be determined. In addition, the weight may be set according to the type of the parameter.

在步驟S4-3中,控制部24,係將並不像是身為正式之使用者的本人一事,通知至網站10c處。例如,係經由通訊部22,而將「並不像是本人」等的訊息對於該網站10c作送訊。In step S4-3, the control unit 24 notifies the website 10c that it does not seem to be a formal user. For example, a message "not like me" is sent to the website 10c via the communication section 22.

如此這般,本實施形態之比對伺服器20,係並不僅是單純地逐次記憶登入履歷,而亦   ・根據被送訊過來的登入履歷,而判斷在黑名單資料庫28中是否登錄有相同的內容。當被登錄在黑名單資料庫28中的情況時,係將此事送訊至該網站10處。   進而,就算是在並未被登錄在黑名單資料庫28中的情況時,亦係判斷登入履歷之行為是否為與登入歷史資料庫26中之該網站10(a~c)之登入履歷相同的行為,當身為與至今為止相異之登入動作之行為的情況時,係將此事(例如,「並不像是本人」等之訊息)送訊至該網站10c處。   藉由此種動作,各網站10,係能夠有效率地判斷進行了存取的人物是否身為正式之使用者(是否身為惡意的存取者),而為便利。As such, the comparison server 20 of this embodiment not only simply memorizes the login history one by one, but also judges whether or not the same is registered in the blacklist database 28 based on the login history sent. Content. When it is registered in the blacklist database 28, the matter is sent to the website 10. Furthermore, even if it is not registered in the blacklist database 28, it is determined whether the behavior of the login history is the same as the login history of the website 10 (a ~ c) in the login history database 26. The behavior, when it is a behavior different from the login action hitherto, is to send the matter (for example, a message such as "it does not look like me") to the website 10c.此种 With this operation, each website 10 can efficiently determine whether or not the person who has accessed is an official user (whether it is a malicious accessor), and it is convenient.

在網站10c處之2要素認證的實行   而,在圖1所示之例中,網站10c,雖然登入係成功,但是係從比對伺服器20而受訊了「並不像是本人」的訊息(圖4之步驟S4-3)。網站10c,接收到此,例如係能夠實行2要素認證30。   所謂2要素認證,係為基於相異之2個要素而進行認證的方式。例如,網站10c,係對於想要進行登入的「使用者」之行動電話送訊一次性密碼。「使用者」,係從自身之行動電話而讀取一次性密碼,並輸入至網站10c處。網站10c,若是被輸入的一次性密碼係為與自身所送訊的一次性密碼相同的密碼,則係判斷為正當的本人。In the implementation of the two-factor authentication at the website 10c, in the example shown in FIG. 1, although the login of the website 10c was successful, it received a message "not like me" from the comparison server 20. (Step S4-3 in FIG. 4). The website 10c receives this, for example, and can implement the two-factor authentication 30. The so-called two-factor authentication is a method of performing authentication based on two different elements. For example, the website 10c sends a one-time password to the mobile phone of the "user" who wants to log in. The "user" reads the one-time password from his mobile phone and enters it into the website 10c. If the one-time password entered on the website 10c is the same as the one-time password sent by itself, it is judged to be a proper person.

在所謂的用以進行認證之認證資料中,係使用有「僅有本人才知道的事情(物品)(密碼)」、「僅有本人才會持有之物品(金融卡、行動電話)」、「本人自身之特性(生物統計學資料)」等之大略3種的認證資料,但是,使用此些中之相異之2種來進行認證的方式,係被稱作「2要素認證」。在上述所說明之例中,係除了最初的「密碼」以外,亦進而另外將僅有本人會持有的「行動電話」作為第2個的認證資料來使用。此係為基於該電話號碼的行動電話應該只有本人會持有一事所進行者。在本實施形態1中,係使用有此種之2種的認證資料,但是,係亦可使用其他之2種的認證資料。In the so-called authentication data used for authentication, "something (article) (password) only known to this person", "only item (financial card, mobile phone) that this person can hold", There are roughly three types of authentication data such as "my own characteristics (biometric data)". However, the authentication method using two of these different types is called "two-factor authentication". In the example described above, in addition to the original "password", the "mobile phone" that only the person would hold is used as the second authentication information. This is a mobile phone based on the phone number that should only be carried on by me. In the first embodiment, the two types of authentication data are used, but the other two types of authentication data may be used.

在圖1所示之例中,此2要素認證30的結果,由於係判明了並非為本人,因此,係拒絕登入(圖1中,登入拒絕32)。在成為了此登入拒絕32的情況時,係認定為身為惡意的駭客8,並登錄在黑名單資料庫28中。亦即是,網站10c,係對於比對伺服器20而送訊黑名單登錄要求。In the example shown in FIG. 1, the result of the two-element authentication 30 is that it is determined that it is not the person, and therefore, the login is refused (in FIG. 1, the login refuses 32). In the case of this login rejection 32, he was identified as a malicious hacker 8 and registered in the blacklist database 28. That is, the website 10c sends a blacklist registration request to the comparison server 20.

由比對伺服器20所致之對於黑名單資料庫28之登錄   比對伺服器20,若是受訊被送訊而來之黑名單登錄要求,則係將該內容登錄在黑名單資料庫28中。   具體而言,首先,通訊部22係受訊黑名單登錄要求。   接著,通訊部22係將黑名單登錄要求送訊至控制部24處。控制部24,若是受訊黑名單登錄要求,則係依循於該要求,而將關於駭客8的資訊登錄在黑名單資料庫28中。此黑名單資料庫28之登錄內容,只要是能夠對於駭客8作辨識,則不論是何種登錄內容均可。Registration of the blacklist database 28 by the comparison server 20 If the comparison server 20 is a blacklist registration request sent from the receiving party, the content is registered in the blacklist database 28. Specifically, first of all, the Ministry of Communications 22 is subject to blacklist registration requirements. Next, the communication department 22 sends a blacklist registration request to the control department 24. If the control unit 24 receives the blacklist registration request, it will follow the request and register the information about the hacker 8 in the blacklist database 28. The registered content of this blacklist database 28 may be any type of registered content as long as it can identify the hacker 8.

登入歷史資料庫26和黑名單資料庫28之活用   若依據圖1之例,則駭客8,係在網站10d處,亦與其他之網站10a、10b、10c同樣的而被記載有實行清單型攻擊之例子。   網站10d,亦係利用有比對伺服器20,並將登入履歷登錄在比對伺服器20中之登入歷史資料庫26中。又,網站10d,當如同上述一般地而判別出並非為本人的情況時,係對於黑名單資料庫28進行登錄要求。The utilization of the login history database 26 and the blacklist database 28 is based on the example in FIG. 1, and the hacker 8 is located at the website 10d. It is also recorded in the same list as the other websites 10a, 10b, and 10c. Examples of attacks. (2) The website 10d also uses the comparison server 20 and registers the login history in the login history database 26 in the comparison server 20. When it is determined that the website 10d is not the same as the above, the website 10d makes a registration request for the blacklist database 28.

在圖1所示之例中,網站10d,係與網站10a、10b、10c同樣的,首先將登入履歷送訊至比對伺服器20處。於此情況時之伺服器20之動作,係如同在圖3之流程圖中所說明一般。特別是,在圖1中所示之網站10d的情況時,由於由ID和密碼(ID/PW)所致之登入係為成功,因此,處理係如同步驟S3-3、S3-4、S3-5一般地而進行。In the example shown in FIG. 1, the website 10 d is the same as the websites 10 a, 10 b, and 10 c, and first sends the login history to the comparison server 20. In this case, the operation of the server 20 is as described in the flowchart of FIG. 3. In particular, in the case of the website 10d shown in FIG. 1, since the login by the ID and password (ID / PW) is successful, the processing is the same as steps S3-3, S3-4, S3- 5 is generally performed.

特別是,在圖1所示之網站10d處,進行了登入之存取者,係已被登錄在黑名單資料庫28中。亦即是,如同上述一般,駭客8,係經由網站10c所送訊了的黑名單登錄要求(參考圖1),而被登錄在黑名單資料庫28中。故而,對於網站10d之登入履歷,比對伺服器20係在圖3之步驟S3-5中,判別出係存在有同樣的資料。其結果,係移行至步驟S3-6,代表身為被記載於黑名單中之惡意的駭客一事之訊息,係藉由控制部24而(經由通訊部22)送訊至網站10d處。   網站10d,係藉由受訊此訊息,而能夠得知身為存取者之駭客8係為惡意的駭客8,並實行登入之拒絕。In particular, at the website 10d shown in FIG. 1, the registered visitor has been registered in the blacklist database 28. That is, as described above, the hacker 8 is registered in the blacklist database 28 as a blacklist registration request (refer to FIG. 1) sent via the website 10c. Therefore, for the login history of the website 10d, the comparison server 20 is in step S3-5 of FIG. 3, and it is determined that the same data exists. As a result, the process proceeds to step S3-6, and the message representing the malicious hacker recorded in the blacklist is sent to the website 10d via the control unit 24 (via the communication unit 22). The website 10d is able to know that the hacker 8 who is the accessor is a malicious hacker 8 by receiving this message, and the login is refused.

如此這般,在本實施形態1中,網站10d係能夠利用其他之網站10(a~c)所登錄了的登入歷史資料庫26和黑名單資料庫28,而能夠將想要進行不正當之登入的人物有效率地檢測出來。亦即是,係能夠基於其他之網站10(a~c)所記錄了的內容,來判斷進行了存取的人物是否為正當之使用者。As described above, in the first embodiment, the website 10d can use the login history database 26 and the blacklist database 28 registered in other websites 10 (a to c), and can unfairly attempt to make a mistake. Signed-in people are efficiently detected. That is, it is possible to determine whether or not a person who has accessed is a proper user based on the content recorded on the other websites 10 (a to c).

於此,作為所記錄之內容,係可設定各種之種類的內容。作為登入履歷,係可在登錄內容中,包含有進行了存取者之IP位址、時刻、所輸入了的ID和密碼之輸入速度、位置資訊、進行了存取的裝置之種類、所利用的瀏覽器之種類和版本、OS之名稱和版本等的各種之參數。係可僅將此些之中的一部分之資訊作為登錄內容,亦可更進而包含有更多的其他種類之資訊。Here, various types of content can be set as the recorded content. The login history can include the IP address, time, ID, password input speed, location information, type of access device, and usage information in the login content. Various parameters such as the type and version of the browser, the name and version of the OS. Only a part of this information can be used as registration content, and it can further include more other types of information.

又,在登入歷史資料庫26和黑名單資料庫28中,係亦可預先登錄信賴度或者是成為以其為準據之指標的資料。又,例如,當上述之2要素認證30之結果,係判斷為身為惡意的駭客並進行了登入拒絕32的情況時,係亦可在該登入履歷(登入歷史資料庫26內之登入履歷)中,附加判斷為惡意的駭客之旗標。Moreover, the login history database 26 and the blacklist database 28 may be data in which the reliability or an index based on the reliability can be registered in advance. Also, for example, when the result of the two-factor authentication 30 described above is determined to be a malicious hacker and a login rejection 32 is performed, the login history (the login history in the login history database 26 may also be used). ), The flag of a hacker determined to be malicious is added.

另外,在本實施形態中,控制部24,係基於各網站10(a~d)所送訊而來之資料,而對於登入歷史資料庫26中進行檢索,又,係對於黑名單資料庫28進行檢索。但是,係亦可構成為能夠使身為比對伺服器20之使用者的各網站10(a~d)直接對於登入歷史資料庫26和黑名單資料庫28進行存取。又,係亦可構成為能夠使網站10(a~d)自身根據該些之內容來進行判斷。In addition, in the present embodiment, the control unit 24 searches the login history database 26 based on the data sent from each of the websites 10 (a to d), and also refers to the blacklist database 28. Search. However, the system may be configured such that each website 10 (a to d), which is a user of the comparison server 20, can directly access the login history database 26 and the blacklist database 28. In addition, the system may be configured to enable the website 10 (a to d) itself to make a judgment based on these contents.

1-3.總結   如此這般,若依據本實施形態1,則若是利用具備有將登入履歷逐次作積蓄之登入歷史資料庫26的比對伺服器20,則購物商場等之網站10(a~d),由於係能夠對於進行了存取者之存取履歷作參照,因此,係能夠將是否為正當的使用者一事有效率地檢測出來。1-3. In summary, according to the first embodiment, if a comparison server 20 having a log-in history database 26 that accumulates log-in histories is used, websites 10 such as shopping malls (a ~ d) Since it can refer to the access history of the accessor, it can efficiently detect whether it is a proper user.

又,特別是,比對伺服器20,係能夠基於登入歷史資料庫26之內容,而偵測出「並不像是本人」的存取。故而,各網站10(a~d),係能夠得知難以僅靠ID和密碼而判斷出來的「具有疑慮」之存取。特別是,比對伺服器20,由於係能夠基於其他網站10之存取履歷,來判斷出「具有疑慮」、「並不像是本人」的人物,因此,對比對伺服器20作利用之網站10(a~d),係能夠容易地得知「具有疑慮」、「並不像是本人」的人物,並能夠如同上述一般地而實行2要素認證等。Furthermore, in particular, the comparison server 20 is able to detect an access "not like me" based on the contents of the login history database 26. Therefore, each of the websites 10 (a to d) is able to know the "suspected" access that is difficult to judge based on only the ID and password. In particular, the comparison server 20 is able to determine the characters who “have doubts” and “do not look like themselves” based on the access history of other websites 10, and therefore compare the websites used by the server 20 10 (a to d) is a person who can easily know the characters who “have doubts” and “does not look like themselves”, and can perform two-factor authentication as described above.

例如,若是想要僅藉由自身之網站來實行此種動作,則係有必要在自身網站中積蓄有某種程度的使用者之存取履歷。進而,針對初次對於該網站10(a~d)進行存取之使用者,由於係並不存在有存取履歷之積蓄,因此,判斷係為困難。   相對於此,若依據本實施形態1,則由於係能夠從比對伺服器20來得到對於其他網站10(a~d)所積蓄了的存取履歷作了利用之判斷,因此,就算是對於初次對該網站10(a~d)進行存取的使用者,也有著能夠判斷其是否身為正式之使用者的可能性。For example, if you want to perform such an action only by your own website, it is necessary to accumulate a certain degree of user access history in your own website. Furthermore, for users who have accessed the website 10 (a to d) for the first time, since there is no accumulation of access history, it is difficult to judge. On the other hand, according to the first embodiment, since the access server 20 can determine the access history accumulated in other websites 10 (a to d) from the comparison server 20, it is judged that A user who accesses the website 10 (a to d) for the first time may also be able to judge whether he or she is an official user.

進而,若依據本實施形態1,則比對伺服器20,由於係建構(登錄)有黑名單資料庫28,因此,當從該黑名單資料庫28中而發現了相符合之人物的情況時,係能夠立即進行登入拒絕,而能夠更強力地保證有網站之安全性。Furthermore, according to the first embodiment, the comparison server 20 constructs (registers) a blacklist database 28. Therefore, when a matching person is found from the blacklist database 28, , Is able to immediately log in to reject, and can more strongly guarantee the security of the website.

關於在黑名單資料庫28中是否被登錄有相符合之人物一事,係亦可使各網站對於比對伺服器20進行詢問,並由各網站10來進行判斷。又,係亦可構成為當各網站10如同圖1中所示一般地而想要登錄登入履歷時,使比對伺服器20之控制部24,另外對於黑名單資料庫28之登錄內容作確認。於此情況,當在黑名單資料庫28中已被登錄有相符合之內容的情況時,若是使比對伺服器20之控制部24將代表此事之訊息送訊至網站10處,則亦為理想。Regarding whether a matching person is registered in the blacklist database 28, each website may also make an inquiry to the comparison server 20, and each website 10 may determine. In addition, when each website 10 wants to register the login history as shown in FIG. 1, the control unit 24 of the comparison server 20 and the registration content of the blacklist database 28 can be confirmed. . In this case, when the corresponding content has been registered in the blacklist database 28, if the control unit 24 of the comparison server 20 sends the information representing the matter to the website 10, then As ideal.

實施形態2   在上述之實施形態1以及圖1中,係針對具備有登入歷史資料庫26和黑名單資料庫28的比對伺服器20而作了說明。藉由此種構成,係能夠將登入履歷和黑名單作組合並對於不正當的存取有效率地作判斷。   但是,將登入履歷與白名單作組合一事,亦為合適。在本實施形態2中,係針對如此這般地將登入履歷與白名單作組合的例子作說明。Embodiment 2 In Embodiment 1 and FIG. 1 described above, the comparison server 20 including the login history database 26 and the blacklist database 28 has been described. With this configuration, it is possible to combine the log-in history and the blacklist and efficiently judge unauthorized access. However, it is also appropriate to combine login history with white list. In the second embodiment, an example in which the login history and the white list are combined in this way will be described.

本實施形態2,係與實施形態1相同的,對於複數之網站利用共通之比對伺服器40來判斷對於自身網站進行存取的使用者是否為正式之使用者的例子作說明。在圖2中,係對於此種複數之網站(例如購物商場)對於共通之比對伺服器40作利用的例子作展示。The second embodiment is similar to the first embodiment, and an example in which a plurality of websites use a common comparison server 40 to determine whether a user accessing the own website is an official user will be described. In FIG. 2, an example in which such a plurality of websites (for example, shopping malls) use the common comparison server 40 is shown.

在圖1中,使用者18,係為一般使用者或者是進行了正式的登錄之正式使用者。使用者18,係藉由通常之登入動作,而想要對於網站10a、10b、10c、10d等進行存取。In FIG. 1, the user 18 is a general user or a regular user who has officially registered. The user 18 wants to access the websites 10a, 10b, 10c, 10d, etc. through a normal login operation.

使用者18,係對於經由網際網路等之網路所提供的網站10a、10b、10c、10d而實行通常的登入。The user 18 performs a normal login to the websites 10a, 10b, 10c, and 10d provided through a network such as the Internet.

2-2.動作   在圖2之例中,當使用者18係為初次進行存取之使用者的情況時,係在該網站處進行登錄並設定ID與密碼而獲取之。當身為已有所登錄之正式使用者的情況時,係使用該正式之使用者的ID與密碼(PW),來對於網站10a、10b、10c、10d而實行存取(登入)。   比對伺服器40,係從各網站10(a~d)而受訊在各網站10a、10b、10c、10d處的登入之資訊(登入履歷),並記憶在內部的登入歷史中。在本實施形態2中,亦係與實施形態1相同的,此比對伺服器40,由於係藉由將從各網站10(a~d)而來之登入履歷作積蓄,來代替各網站10(a~d)而判斷進行了存取的人物作為正式使用者是否有所疑慮(並不像是本人),因此,對於各網站10(a~d)而言係為便利。關連於登入歷史之動作,係與上述之實施形態1略相同。2-2. Operation In the example shown in FIG. 2, when the user 18 is a user who is accessing for the first time, he or she obtains it by logging in to the website and setting an ID and password. In the case of a registered regular user, the user ID and password (PW) of the regular user are used to access (login) the websites 10a, 10b, 10c, and 10d. The comparison server 40 receives the login information (login history) of each of the websites 10a, 10b, 10c, and 10d from each website 10 (a to d), and stores it in the internal login history. In the second embodiment, it is also the same as the first embodiment. The comparison server 40 saves the login history from each website 10 (a to d) instead of each website 10 (a to d) to determine whether or not the person who accessed the site has any doubt as a regular user (it does not look like himself). Therefore, it is convenient for each website 10 (a to d). The action related to the login history is slightly the same as the first embodiment described above.

如同圖2中所示一般,比對伺服器40,係具備有通訊部42、和控制部44、和登入歷史資料庫46、以及白名單資料庫48。   登入歷史資料庫46,係為與實施形態1(圖1)之登入歷史資料庫26相同的資料庫。通訊部42,亦係為與實施形態1(圖1)之通訊部22相同的通訊介面。通訊部42,亦係相當於申請專利範圍之通訊部的合適之其中一例。As shown in FIG. 2, the comparison server 40 includes a communication unit 42, a control unit 44, a login history database 46, and a white list database 48. (2) The login history database 46 is the same database as the login history database 26 of the first embodiment (FIG. 1). The communication unit 42 is also the same communication interface as the communication unit 22 of the first embodiment (Fig. 1). The communication section 42 is also a suitable example of the communication section corresponding to the scope of patent application.

控制部44,係為掌管比對伺服器40之動作的手段,具體而言,係對於對登入歷史資料庫46和白名單資料庫48所進行之寫入、讀出作控制,並實行關連於此些之資料庫的各種之動作。例如,係可由CPU和該CPU所實行之程式來構成。該程式,係為記述有比對伺服器40所實行之處理的程式。又,該程式,係相當於申請專利範圍之電腦程式的合適之其中一例。The control unit 44 is a means for managing the operation of the comparison server 40. Specifically, the control unit 44 controls the writing and reading of the login history database 46 and the white list database 48, and is related to Various actions of these databases. For example, it may be constituted by a CPU and a program executed by the CPU. This program is a program describing the processing performed by the comparison server 40. This program is an appropriate example of a computer program equivalent to the scope of patent application.

白名單資料庫48,係為記憶被判斷為身為正式之使用者之對象之資訊的資料庫。本實施形態2,係為有關於能夠使登入履歷與此白名單協同動作並提供有效率的判斷之比對伺服器40的實施形態。   白名單資料庫48,係與登入歷史資料庫46相同的,可藉由例如硬碟等之記憶手段來構成。又,亦可使用半導體記憶裝置或光學式之記憶裝置來構成。又,登入歷史資料庫46,係相當於申請專利範圍之登入歷史資料庫的合適之其中一例。又,白名單資料庫48,係相當於申請專利範圍之白名單資料庫的合適之其中一例。The white list database 48 is a database that stores information determined to be an object of a formal user. The second embodiment is an embodiment of the comparison server 40 that can make the login history cooperate with this white list and provide efficient judgment. The white list database 48 is the same as the log-in history database 46, and may be formed by a memory means such as a hard disk. It may also be configured using a semiconductor memory device or an optical memory device. The login history database 46 is an appropriate example of the login history database corresponding to the scope of patent application. The white list database 48 is an appropriate example of a white list database corresponding to the scope of patent applications.

登入網站10a,係為將使用者18作為正式使用者而作登錄並正式地取得有ID和密碼之網站10a,使用者18,係藉由通常的手續而成功進行登入。如此一來,網站10a,係將該登入為成功的登入成功履歷,送訊至比對伺服器40處。比對伺服器40,係將被送訊而來的登入成功履歷(登入履歷(登入歷史)),記憶在其之內部的登入歷史資料庫46中。The login website 10a is a website 10a for which the user 18 is registered as an official user and an ID and password are formally obtained. The user 18 is successfully logged in through normal procedures. In this way, the website 10a sends the login as a successful login success history to the comparison server 40. The comparison server 40 stores the login success history (login history (login history)) sent to it, and stores it in the log-in history database 46 therein.

網站10b,亦與網站10a相同的,係為使用者18有頻繁地更新密碼之網站10b,其結果,使用者18,係藉由使用對於該網站10b而言為正確的ID和密碼,而成功進行登入。如此一來,網站10b,係與網站10a同樣的,將該登入為成功的登入成功履歷,送訊至比對伺服器40處。比對伺服器40,係將被送訊而來的登入動作(登入履歷),記憶在其之內部的登入歷史資料庫46中。The website 10b, which is the same as the website 10a, is a website 10b where the user 18 frequently updates the password. As a result, the user 18 succeeds by using the ID and password which are correct for the website 10b. Sign in. In this way, the website 10b is the same as the website 10a, and sends the login as a successful login success history to the comparison server 40. The comparison server 40 is a log-in operation (log-in history) to be transmitted, and is stored in a log-in history database 46 therein.

網站10c,係與網站10a、10b相同的,使用者18能夠使用正確的ID和密碼來正常地進行登入。其結果,網站10c亦係將登入之資訊送訊至比對伺服器40處。網站10c,亦係將由使用者18所致之登入動作送訊至比對伺服器40處,比對伺服器40係將登入履歷逐次登錄在登入歷史資料庫46中。   接著,基於流程圖,來對於登入履歷被送訊過來時之比對伺服器40之動作作說明。The website 10c is the same as the websites 10a and 10b, and the user 18 can log in normally using the correct ID and password. As a result, the website 10c also sends the login information to the comparison server 40. The website 10c also sends the login action caused by the user 18 to the comparison server 40. The comparison server 40 successively registers the login history in the login history database 46. Next, based on a flowchart, the operation of the comparison server 40 when the login history is transmitted will be described.

由比對伺服器40所致之登入履歷之檢查   比對伺服器40,不論被送訊而來的登入履歷係為登入失敗履歷或者是成功履歷,均係登錄在登入歷史資料庫46中。   於圖5、圖6之流程圖中,係記載有當登入履歷被送訊過來的情況時之比對伺服器40之動作。Check of the login history by the comparison server 40 不论 The comparison server 40 is registered in the login history database 46 regardless of whether the login history sent is a login failure history or a success history. (5) The flowcharts in FIG. 5 and FIG. 6 describe the operation of the comparison server 40 when the log-in history is sent.

在圖5之步驟S5-1中,首先,當登入履歷被從特定之網站10(a~c)而送訊過來的情況時,通訊部42係受訊此,並送至控制部44處。   在步驟S5-2中,控制部44,係將被送來的登入履歷依序登錄在登入歷史資料庫46中。In step S5-1 of FIG. 5, first, when the log-in history is sent from a specific website 10 (a to c), the communication unit 42 receives this and sends it to the control unit 44. In step S5-2, the control unit 44 sequentially registers the sent log-in history in the log-in history database 46.

在步驟S5-3中,控制部44,係觀察被送來的登入履歷,並判斷該登入履歷是否為成功履歷。判斷之結果,當身為成功履歷的情況時,係移行至步驟S5-4。另一方面,當身為失敗履歷的情況時,比對伺服器40,係結束對於該登入履歷之處理,並成為等待下一個的登入履歷之送訊的狀態。圖2中所示之情況,由於係代表由正式之使用者18所致之通常的登入動作,因此,於此情況,處理係移行至步驟S5-4處。In step S5-3, the control unit 44 observes the login history sent and determines whether the login history is a successful history. As a result of the judgment, when it is a case of successful history, the process proceeds to step S5-4. On the other hand, in the case of a failure history, the comparison server 40 ends the processing of the login history and waits for the transmission of the next login history. The situation shown in FIG. 2 represents a normal login operation by a formal user 18, and therefore, in this case, the processing moves to step S5-4.

在步驟S5-4中,控制部44,係從登入歷史資料庫46,而對於送出了被送過來的登入履歷之網站10(a~c)的至今為止之登入履歷作參照。   在步驟S5-5中,控制部44,係對於所參照的至今為止之登入履歷之登入的模樣,與此次之登入(成功)履歷作比較,並判斷登入動作之行為是否為與至今為止相同。判斷的結果,當與至今為止之登入動作的行為相異的情況時,係判斷為並不像是本人(正式之使用者)的行為,並移行至步驟S5-6。In step S5-4, the control unit 44 refers to the login history database 46 from the login history database 46, and refers to the login history of the website 10 (a to c) to which the login history has been sent. In step S5-5, the control unit 44 compares the login appearance of the referenced login history so far with the current login (success) history, and determines whether the behavior of the login action is the same as so far. . If the result of the judgment is different from the behavior of the login operation so far, it is judged that it is not the behavior of the person (official user), and the process proceeds to step S5-6.

另一方面,判斷的結果,當與至今為止之登入動作的行為相同的情況時,係結束登入履歷之檢查的動作,並結束登入履歷之記憶動作。之後,係成為等待下一個的登入履歷被送訊過來之狀態。   在圖2中所示之網站10c之例的情況時,係被進行有並不像是本人的登入。例如,係為進行有從與平常相異之終端而進行了登入或者是從新的位置(地理性位置)而進行了登入等的與至今為止相異之登入的例子。此種情況,係如同上述一般,移行至步驟S5-6。On the other hand, when the result of the judgment is the same as the behavior of the previous login operation, it is the operation of ending the check of the login history and ending the memory operation of the login history. After that, it is in a state waiting for the next login history to be sent.时 In the case of the website 10c example shown in FIG. 2, the login is not performed as if it were performed. For example, it is an example of a login that is different from the conventional one, such as a login from a terminal different from usual, or a login from a new location (geographical location). In this case, as described above, the process proceeds to step S5-6.

在步驟S5-6中,控制部44,係將此次所記憶了的登入履歷與白名單資料庫48之登錄內容作比較。之後,移行至圖6之步驟S6-1處。   在圖6之步驟S6-1中,當在上述步驟S5-6中之比較的結果,係登錄有相同之資料的情況時,由於係能夠判斷進行了存取的人物係為具有正當之權限的存取者,因此,係移行至步驟S6-2。另一方面,當並未登錄有相同之資料的情況時,係移行至圖6之步驟S6-3。In step S5-6, the control unit 44 compares the login history memorized this time with the registration content of the white list database 48. After that, the process proceeds to step S6-1 in FIG. 6. In step S6-1 of FIG. 6, when the result of the comparison in the above step S5-6 is the case where the same data is registered, it can be determined that the person who has accessed is a person with proper authority. The accessor therefore proceeds to step S6-2. On the other hand, when the same information is not registered, the process proceeds to step S6-3 in FIG. 6.

在步驟S6-2中,控制部44,例如係將「係身為在白名單中有所記載的正式之使用者」等的訊息,經由通訊部42來送訊至該網站(a~d)處。之後,使該登入履歷之處理結束。其結果,該網站10(a~d),係能夠辨識出雖然以並不像是本人的行為來進行有存取但是已確認到其係身為正式之使用者18。In step S6-2, the control unit 44 sends, for example, a message such as "the user is an official user recorded in the white list" to the website (a to d) via the communication unit 42. Office. After that, the processing of the login history is ended. As a result, the website 10 (a to d) is able to recognize that the user is an official user 18 even though the website 10 is accessed in a behavior that does not resemble himself.

在步驟S6-3中,控制部44,例如係將「並不像是本人」等的訊息,經由通訊部42來送訊至將登入履歷送訊過來的網站10(a~d)處。之後,使處理結束。其結果,該網站10(a~d),係能夠辨識出雖然ID密碼為正確但是係以並不像是本人的行為來進行有存取一事。In step S6-3, the control unit 44 sends, for example, a message such as "it does not look like me" to the website 10 (a to d) where the log-in history is transmitted via the communication unit 42. After that, the processing is ended. As a result, the website 10 (a to d) can recognize that although the ID password is correct, the access is performed in a manner that does not resemble itself.

如此這般,本實施形態之比對伺服器40,係並不僅是單純地逐次記憶登入履歷,而亦   ・將被送訊過來的登入履歷,與至今為止之登入履歷作比較,當並非為相同之行為的情況時,判斷在白名單資料庫48中是否登錄有相同的內容。當已被登錄在白名單資料庫48中的情況時,係將此事送訊至該網站10處。   進而,就算是在並未被登錄在白名單資料庫48中的情況時,亦由於登入履歷之行為係身為與至今為止相異之登入動作的行為,因此,係將此事(例如,「並不像是本人」等之訊息)送訊至該網站10(在上述之例中,係為10c)處。   藉由此種動作,各網站10,係能夠有效率地判斷進行了存取的人物是否身為正式之使用者(是否身為惡意的存取者),而為便利。In this way, the comparison server 40 of this embodiment is not only simply memorizing the login history one by one, but also compares the login history sent to the previous login history, which is not the same In the case of behavior, it is determined whether or not the same content is registered in the white list database 48. When the situation has been registered in the white list database 48, the matter is sent to the website 10. Furthermore, even when it is not registered in the white list database 48, the behavior of the login history is a behavior different from the login operation so far. Therefore, it is necessary to take this matter (for example, " "It's not like me" and so on) to the website 10 (in the above example, it is 10c).此种 With this operation, each website 10 can efficiently determine whether or not the person who has accessed is an official user (whether it is a malicious accessor), and it is convenient.

在網站10c處之2要素認證的實行   而,在圖2所示之例中,網站10c,雖然登入係成功,但是係從比對伺服器40而受訊了「並不像是本人」的訊息(圖6之步驟S6-1)。網站10c,接收到此,例如係能夠實行2要素認證50。關於2要素認證,係如同在實施形態1中所說明一般。In the implementation of the two-factor authentication at the website 10c, in the example shown in FIG. 2, although the login of the website 10c was successful, it received a message "not like me" from the comparison server 40. (Step S6-1 in FIG. 6). The website 10c receives this, for example, and can implement the two-factor authentication 50. The two-factor authentication is as described in the first embodiment.

在圖2所示之例中,此2要素認證50的結果,由於係判明了身為本人,因此,係許可登入(圖2中,登入許可52)。在成為此登入許可52的情況時,係認定其身為正當的正式使用者18,網站10c,係對於比對伺服器40而送訊白名單登錄要求。In the example shown in FIG. 2, the result of the two-factor authentication 50 is that the person is identified as the person, and therefore, the login is permitted (the login permission 52 in FIG. 2). In the case of this login permission 52, it is determined that it is a legitimate official user 18, and the website 10c sends a whitelist registration request to the comparison server 40.

由比對伺服器40所致之對於白名單資料庫48之登錄   比對伺服器40,若是受訊被送訊而來之白名單登錄要求,則係將該內容登錄在白名單資料庫48中。   具體而言,首先,通訊部42係受訊白名單登錄要求。   接著,通訊部42係將白名單登錄要求送訊至控制部44處。   控制部44,若是受訊白名單登錄要求,則係依循於該要求,而將關於使用者18的資訊登錄在白名單資料庫48中。此白名單資料庫48之登錄內容,只要是能夠對於使用者18作辨識,則不論是何種登錄內容均可。Registration of the white list database 48 by the comparison server 40 The comparison server 40, if it is a white list registration request sent from the receiver, sends the content to the white list database 48. Specifically, first of all, the communication department 42 is required to receive a whitelist registration. Next, the communication unit 42 sends a whitelist registration request to the control unit 44. The control unit 44 registers the information about the user 18 in the white list database 48 in accordance with the request for receiving the white list registration request. As long as the registered content of the whitelist database 48 can identify the user 18, any registered content may be used.

登入歷史資料庫46和白名單資料庫48之活用(在網站10d之情況時的動作)   若依據圖2之例,則使用者18,係在網站10d處,亦與其他之網站10a、10b、10c同樣的而被記載有使用正式之ID和密碼而實行通常的登入動作之例子。   網站10d,亦係利用有比對伺服器40,並將登入履歷登錄在比對伺服器40中之登入歷史資料庫46中。又,網站10d,當如同上述一般地藉由2要素認證而判別出身為本人的情況時,係對於白名單資料庫48進行登錄要求。Utilization of login history database 46 and white list database 48 (action in the case of website 10d) If the example in FIG. 2 is used, user 18 is at website 10d, and also works with other websites 10a, 10b, 10c is similar to the example in which a normal login operation is performed using a formal ID and password. (1) The website 10d also uses the comparison server 40 and registers the login history in the login history database 46 in the comparison server 40. In addition, when the website 10d judges that the person is his own person through the two-factor authentication as described above, the website 10d makes a registration request to the white list database 48.

在圖2所示之例中,網站10d,係與網站10a、10b、10c同樣的,首先將登入履歷送訊至比對伺服器40處。於此情況時之伺服器40之動作,係如同在圖5之流程圖中所說明一般。特別是,在圖2中所示之網站10d的情況時,由於由ID和密碼(ID/PW)所致之登入係為成功,因此,處理係如同步驟S5-3、S5-4、S5-5一般地而進行。In the example shown in FIG. 2, the website 10 d is the same as the websites 10 a, 10 b, and 10 c, and first sends the login history to the comparison server 40. In this case, the operation of the server 40 is as described in the flowchart of FIG. 5. In particular, in the case of the website 10d shown in FIG. 2, since the login by the ID and password (ID / PW) is successful, the processing is the same as steps S5-3, S5-4, S5- 5 is generally performed.

在步驟S5-5中,若是在與登入履歷之間的比較中係身為相同的行為,則在比對伺服器40處之處理係結束,但是,當在與登入履歷之間的比較中而身為相異之行為的情況時,在步驟S5-6處係被實行有與白名單資料庫48之間之比較處理。In step S5-5, if the behavior is the same in the comparison with the login history, the processing at the comparison server 40 ends, but when it is compared with the login history, In the case of a different behavior, a comparison process with the white list database 48 is performed at step S5-6.

在圖2所示之網站10d處,進行了登入之存取者,係已被登錄在白名單資料庫48中。亦即是,如同上述一般,使用者18,係經由網站10c所送訊了的白名單登錄要求(參考圖2),而被登錄在白名單資料庫48中。At the website 10d shown in FIG. 2, the logged-in visitor has been registered in the white list database 48. That is, as described above, the user 18 is registered in the white list database 48 based on the white list registration request (refer to FIG. 2) sent via the website 10c.

故而,對於網站10d之登入履歷,比對伺服器40係在圖6之步驟S6-1中,判別出係存在有同樣的資料。其結果,在步驟S6-2中,控制部44,例如係將「係在白名單中有所登錄」等的訊息,經由通訊部42來送訊至網站10d處。如此這般,在比對伺服器40處之處理係結束。Therefore, for the log-in history of the website 10d, the comparison server 40 is in step S6-1 of FIG. 6, and it is determined that the same data exists. As a result, in step S6-2, the control unit 44 sends a message such as "registered in the white list" to the website 10d via the communication unit 42, for example. Thus, the processing at the comparison server 40 ends.

如此這般,在本實施形態2中,網站10d係能夠利用其他之網站10(a~c)所登錄了的登入歷史資料庫46和白名單資料庫48,而能夠將身為正式之使用者18一事有效率地檢測出來。亦即是,係能夠基於其他之網站10所記錄了的內容,來判斷進行了存取的人物是否為正當之使用者。   於此,所記錄之內容,係可設定各種之內容。作為登入履歷,係可在登錄內容中,包含有進行了存取者之IP位址、時刻、所輸入了的ID和密碼之輸入速度、位置資訊、進行了存取的裝置之種類、所利用的瀏覽器之種類和版本、OS之名稱和版本等的各種之參數。As such, in the second embodiment, the website 10d can use the login history database 46 and the whitelist database 48 registered in other websites 10 (a to c), and can be a formal user. The 18 incident was detected efficiently. That is, it is possible to determine whether or not the accessed person is a proper user based on the content recorded on the other website 10. At this point, the recorded content can be set in a variety of content. The login history can include the IP address, time, ID, password input speed, location information, type of access device, and usage information in the login content. Various parameters such as the type and version of the browser, the name and version of the OS.

又,在登入歷史資料庫46和白名單資料庫48中,係亦可預先登錄信賴度或者是成為以其為準據之指標的資料。又,例如,當上述之2要素認證50之結果,係判斷為身為正式之使用者18並進行了登入許可52的情況時,係亦可在該登入履歷(登入歷史資料庫46內之登入履歷)中,附加判斷為正式之使用者18之旗標。Further, the login history database 46 and the white list database 48 may be data in which the reliability or an index based on the reliability is registered in advance. In addition, for example, when the result of the above-mentioned two-factor authentication 50 is judged to be a formal user 18 and the login permission 52 is obtained, the login history (login in the login history database 46) may also be used. (Resume), a flag judged as a formal user 18 is added.

另外,在本實施形態2中,控制部44,係基於各網站10(a~d)所送訊而來之資料,而對於登入歷史資料庫46中進行檢索,又,係對於白名單資料庫48進行檢索。但是,係亦可構成為能夠使身為比對伺服器40之使用者的各網站10(a~d)直接對於登入歷史資料庫46和白名單資料庫48進行存取。又,係亦可構成為能夠使網站10(a~d)自身根據該些之內容來進行判斷。In addition, in the second embodiment, the control unit 44 searches the log-in history database 46 based on the information sent from each of the websites 10 (a to d), and also refers to the white list database. 48 to search. However, the system may be configured such that each website 10 (a to d) who is a user of the comparison server 40 can directly access the login history database 46 and the white list database 48. In addition, the system may be configured to enable the website 10 (a to d) itself to make a judgment based on these contents.

2-3.總結   如此這般,若依據本實施形態2,則由於係利用具備有將登入履歷逐次作積蓄之登入歷史資料庫46的比對伺服器40,因此,購物商場等之網站10(a~d),係能夠對於進行了存取者之存取履歷作參照。其結果,各網站10(a~d),係能夠有效率地檢測出進行了存取的人物是否為正當之使用者。2-3. In summary, according to the second embodiment, since the comparison server 40 is provided with a login history database 46 that accumulates the login history one by one, the websites 10 of shopping malls and the like ( a to d) can refer to the access history of the accessor. As a result, each of the websites 10 (a to d) can efficiently detect whether or not the person who accessed the website is a proper user.

又,與實施形態1相同的,比對伺服器40,係能夠基於登入歷史資料庫46之內容,而偵測出「並不像是本人」的存取。故而,各網站10(a~d),係能夠得知難以僅靠ID和密碼而判斷出來的「具有疑慮」之存取。特別是,比對伺服器40,由於係能夠基於其他網站10之存取履歷,來判斷出「具有疑慮」、「並不像是本人」的人物,因此,對比對伺服器40作利用之網站10(a~d),係能夠容易地得知「具有疑慮」、「並不像是本人」的人物,並能夠基於比對伺服器之判斷,來適宜如同上述一般地而實行2要素認證等。In addition, as in the first embodiment, the comparison server 40 can detect access "that does not look like me" based on the contents of the login history database 46. Therefore, each of the websites 10 (a to d) is able to know the "suspected" access that is difficult to judge based on only the ID and password. In particular, the comparison server 40 is able to determine the characters who “have doubts” and “do not look like themselves” based on the access history of other websites 10, and therefore compare the websites that use the server 40. 10 (a to d) is a person who can easily know the characters who “have doubts” and “does not look like themselves”, and based on the judgment of the comparison server, it is appropriate to implement two-factor authentication as described above. .

例如,若是想要僅藉由自身之網站來實行此種動作,則係有必要在自身網站中積蓄有某種程度的使用者之存取履歷。進而,針對初次對於該網站10(a~d)進行存取之使用者,由於係並不存在有存取履歷之積蓄,因此,判斷係為困難。   相對於此,若依據本實施形態2,則由於係能夠從比對伺服器40來得到對於其他網站10(a~d)所積蓄了的存取履歷作了利用之判斷,因此,就算是對於初次對該網站10(a~d)進行存取的使用者,也有著能夠判斷其是否身為正式之使用者的可能性。For example, if you want to perform such an action only by your own website, it is necessary to accumulate a certain degree of user access history in your own website. Furthermore, for users who have accessed the website 10 (a to d) for the first time, since there is no accumulation of access history, it is difficult to judge. On the other hand, according to the second embodiment, since the access server 40 can use the access history accumulated in other websites 10 (a to d) to judge from the comparison server 40, the A user who accesses the website 10 (a to d) for the first time may also be able to judge whether he or she is an official user.

進而,若依據本實施形態2,則比對伺服器40,由於係建構(登錄)有白名單資料庫48,因此,當從該白名單資料庫48中而發現了相符合之人物的情況時,網站10(a~d)(就算是該存取者對於自身網站而言係為初次的存取者,亦)係能夠立即進行登入許可。Furthermore, according to the second embodiment, the comparison server 40 constructs (registers) a white list database 48. Therefore, when a matching person is found from the white list database 48, The website 10 (a to d) (even if the visitor is a first-time visitor to the own website) is able to perform login permission immediately.

關於在白名單資料庫48中是否被登錄有相符合之人物一事,係亦可使各網站對於比對伺服器40進行詢問,並由各網站10來個別進行判斷。又,係亦可構成為當各網站10如同圖1中所示一般地而想要登錄登入履歷時,使比對伺服器40之控制部44,另外對於白名單資料庫48之登錄內容作確認。於此情況,當在白名單資料庫48中已被登錄有相符合之內容的情況時,若是使比對伺服器40之控制部44將代表此事之訊息送訊至網站10處,則亦為理想。Regarding whether a matching person is registered in the whitelist database 48, each website may make an inquiry to the comparison server 40, and each website 10 may make an individual judgment. In addition, when each website 10 wants to register a login history as shown in FIG. 1, the control unit 44 of the comparison server 40 and the registration content of the white list database 48 may be confirmed. . In this case, when the corresponding content has been registered in the white list database 48, if the control unit 44 of the comparison server 40 sends the information representing the matter to the website 10, then As ideal.

實施形態1、2之總結 (1)效果   如此這般,在實施形態1、2中,由於係建構有登入歷史資料庫26、46,並能夠將此在複數之網站10之間而作共有(藉由比對伺服器20、40來共有),因此,係能夠將與至今為止相異之行為的存取有效率地檢測出來。Summary of the first and second embodiments (1) The effect is so. In the first and second embodiments, the login history databases 26 and 46 are constructed, and this can be shared among the plural websites 10 ( It is shared by the comparison servers 20 and 40. Therefore, the system can efficiently detect accesses that are different from hitherto different behaviors.

又,特別是,在實施形態1中,由於係建構有黑名單資料庫28,因此係能夠將身為惡意的駭客一事有效率地判斷出來。特別是,由於係能夠使複數之網站將該資訊經由比對伺服器20來作共有,因此,係能夠更有效率地防止不正當之存取。   另外,惡意的駭客8,係有由人類自身來進行操作並實行存取的情況,也會有使電腦等機械性地偽裝成該正當之使用者並實行存取的情況。In particular, in the first embodiment, since the blacklist database 28 is constructed, the system can efficiently judge a malicious hacker. In particular, since a plurality of websites can share the information via the comparison server 20, the system can prevent unauthorized access more efficiently. In addition, the malicious hacker 8 may be operated and accessed by human beings, and may also be a computer such as a computer to disguise itself as a proper user and perform access.

在實施形態2中,由於係建構有白名單資料庫48,因此係能夠將被判斷為已進行過正當之存取的使用者,無關於其之行為地而判斷出來。特別是,由於係能夠使複數之網站將該資訊經由比對伺服器40來作共有,因此,係能夠更有效率地判斷出係身為正當的使用者。In the second embodiment, since the whitelist database 48 is constructed, users who are judged to have been properly accessed can be judged without regard to their behavior. In particular, since a plurality of websites can share the information via the comparison server 40, the system can more effectively determine that the users are legitimate users.

(2)追加認證(風險基礎認證:Risk Based Authentication)之採用   在實施形態1、2中,雖係對於使用有2要素認證之例來作了說明,但是,除此之外,係亦可實行各種的追加認證(風險基礎認證:Risk Based Authentication)。(2) The use of additional authentication (Risk Based Authentication) In Embodiments 1 and 2, although the example of using two-factor authentication has been described, it can also be implemented in addition to this. Various additional authentications (Risk Based Authentication).

(3)登入歷史資料庫26、46之內容   登入歷史資料庫26、46,係可記錄各種的登入資訊。   例如,係可針對每次的登入,而分別登錄如同圖7中所示一般之各種類別的資料。   在圖7中,係對於展示有登入歷史資料庫26、46之登錄例的說明圖作展示。在此圖中,係對於在1次的登入中所被作登錄的資訊之例作展示,實際上,係可在每次的登入時均分別使此些之資訊被登錄在登入歷史資料庫26、46中。   如同該圖中所示一般,被記錄在登入歷史資料庫26、46中之內容,例如,係可被區分成5個種類。(3) Contents of login history database 26, 46 Login history database 26, 46 can record various login information. For example, each type of data can be registered separately for each login, as shown in FIG. 7.图 In FIG. 7, an explanatory diagram showing a login example with login history databases 26 and 46 is shown. This figure shows an example of the information that was registered during a single login. In fact, each of these information can be registered in the login history database 26 each time. , 46 in. As shown in the figure, the contents recorded in the login history databases 26 and 46 can be divided into five categories, for example.

第1種的資訊,係為使用者資訊,主要係為ID和密碼。此使用者資訊,係為對於身為動作之主體的使用者作特定之資訊。   作為此ID和密碼,例如係亦可記錄被作了雜湊化的ID以及被作了雜湊化的密碼。此係為了將資料之量緊緻化並使比較演算等成為容易,而進行者,又,係為了防止使個人被完全性地特定出來並減少個人資訊之洩漏的可能性,而進行者,The first type of information is user information, mainly ID and password. This user information is specific to the user who is the subject of the action. As this ID and password, for example, a hashed ID and a hashed password may be recorded. This is for the purpose of compacting the amount of data and facilitating comparative calculations, etc., and for preventing individuals from being completely identified and reducing the possibility of leakage of personal information,

第2種的資訊,係為終端資訊,並為使用者在對於網站10進行了存取時所使用的終端之資訊,而被記錄有所使用的終端之種類和OS之種類等。又,係亦可記錄關連於所使用之語言的資訊。The second type of information is terminal information and information of the terminal used by the user when accessing the website 10, and the type of the terminal used and the type of the OS are recorded. It is also possible to record information related to the language used.

第3種的資訊,係為使用者所正使用的瀏覽器等之資訊。此瀏覽器之資訊,亦係針對所使用之各終端的每一者而被記錄。當所使用的瀏覽器為複數種類的情況時,亦係被記錄有複數之瀏覽器之資訊。於此,雖係稱作「瀏覽器」,但是,係可概略包含有用以對於該網站10進行存取之所有的手段、程式。The third type of information is information such as the browser being used by the user. The information of this browser is also recorded for each of the terminals used. When plural browsers are used, information of plural browsers is also recorded. Although it is referred to herein as a "browser", it may roughly include all means and programs for accessing the website 10.

第4種的資訊,係為進行存取之使用者的IP位址。係能夠根據此IP位址來得知使用者之位置。   第5種的資訊,係為頁面之遷移。此資訊,如同圖7中所示一般,例如係為參照位址URL等,並代表是從何處而遷移至該網站。The fourth type of information is the IP address of the user who made the access. Can know the user's location based on this IP address. The fifth kind of information is the migration of the page. This information, as shown in FIG. 7, is, for example, a reference address URL, etc., and represents where it is migrated to the website.

此些,係為登入履歷之其中一例,而亦可構成為將更少的資訊作為登入履歷來作登錄。在上述之說明和圖7中,雖係針對種類而展示有5個種類的例子,但是,種類的數量係可更少(例如亦可為1種),亦可更多。又,依存於所利用之網站,被登錄的登入履歷之內容亦可為相異。在登入歷史資料庫26、46中,在每次的登入時,此些之登入履歷均係被作登錄並逐漸積蓄。These are one example of the log-in history, and may be configured to use less information as the log-in history for registration. In the above description and FIG. 7, although five types of examples are shown for the types, the number of types may be smaller (for example, one type may be used) or more. Also, depending on the website used, the content of the registered log-in history may be different. In each of the login history databases 26 and 46, each login history is registered and gradually accumulated.

(4)白名單資料庫48和黑名單資料庫28之內容   在本實施形態1、2中所建構之白名單資料庫48和黑名單資料庫28之內容,係可包含有各種的參數。   兩者,作為所記錄之內容,係可為相同之內容,亦可為相異之內容。   在圖8中,係對於展示有將被判斷為係身為正式之使用者之使用者的資訊之白名單資料庫48之記錄例和記錄有偽裝成正式之使用者的具有惡意之駭客的資訊之黑名單資料庫28的記錄例之說明圖作展示。   如同該圖中所示一般,被記錄在白名單資料庫48(以及黑名單資料庫28)中之內容,係與圖7中所示之登入歷史資料庫26、46的登錄內容略相同,例如,係被區分成5個種類。(4) Contents of the white list database 48 and the black list database 28 The contents of the white list database 48 and the black list database 28 constructed in the first and second embodiments may include various parameters. (2) As recorded content, both can be the same content or different content. In FIG. 8, a record example of a whitelist database 48 showing information of a user judged to be a formal user and a malicious hacker who disguised as a formal user are recorded. An illustration of a record example of the information blacklist database 28 is shown. As shown in the figure, the contents recorded in the white list database 48 (and the black list database 28) are slightly the same as the login contents of the login history databases 26 and 46 shown in FIG. 7, for example The department is divided into 5 categories.

第1種的資訊~第4種的資訊,係如同上述一般。   第5種的資訊,係為頁面之遷移。此資訊,亦如同圖7中所示一般,例如係為參照位址URL等。特別是,在白名單資料庫48和黑名單資料庫28中,除此之外,係亦可包含有代表在web網站10上而對於何種頁面進行了閱覽之資訊。例如,在圖8之例中,係為展示有白名單資料庫48之正式之使用者在進行了登入之後,於在購入履歷頁面處而對於購入履歷作了確認後,對於點數確認頁面進行閱覽並對於可利用的點數進行確認~等的閱覽履歷的情況。又,黑名單資料庫之偽裝成正式之使用者的具有惡意之駭客,係亦會有身為在登入之後,立即前進至點數交換頁面處並想要進行點數交換之閱覽履歷的情況。如此這般,係可經驗性地得知,在web網站10處而進行閱覽之頁面,在正式之使用者和進行了偽裝的惡意的駭客之間,係會有大幅度的差異。The first kind of information to the fourth kind of information are as described above. The fifth kind of information is the migration of the page. This information is also as shown in FIG. 7, for example, it is a reference address URL. In particular, in addition to the white list database 48 and the black list database 28, information on which pages have been viewed on the web site 10 may also be included. For example, in the example of FIG. 8, after the formal user who has displayed the whitelist database 48 has logged in, after confirming the purchase history at the purchase history page, the point confirmation page is performed. Viewing and reviewing available resumes, etc. In addition, a malicious hacker who masquerades as a formal user in the blacklist database may have a history of viewing the credit exchange page immediately after logging in and wanting to exchange credits. . In this way, it can be learned empirically that there is a big difference between a regular user and a malicious hacker who disguised the page viewed on the web site 10.

進而,在頁面遷移的資訊中,係亦可被記錄有在web網站10處所停留的時間。一般而言,相較於正式之使用者,具有惡意的駭客之在web網站10處所停留的時間係為短,此事係為周知。作為此種時間之資訊,進而,係亦可記錄在作了閱覽的各頁面處所停留的時間。Furthermore, the time of staying in the web site 10 may be recorded in the page migration information. Generally speaking, compared with formal users, a malicious hacker spends less time in the web site 10, which is well known. As such time information, it is also possible to record the time spent on each page where the page was viewed.

另外,惡意的駭客,係有由身為人類的情況,也會有身為偽裝成正當之使用者之機械(電腦)的情況。在此種電腦偽裝成正式之使用者的情況時,多會有不論是web網站10全體之停留時間或者是各頁面之停留時間均為非常短的情況,而亦有能夠基於停留時間來與人類作區別的情況。又,亦有能夠基於文字輸入之速度為異常快一事來與人類作區別的情況。In addition, malicious hackers may be humans, and may also be machines (computers) disguised as legitimate users. When such a computer is disguised as an official user, there are many cases where the stay time of the entire web site 10 or the stay time of each page is very short, and it is also possible to communicate with humans based on the stay time. Make a difference. In addition, there are cases in which it can be distinguished from humans based on the fact that the speed of text input is abnormally fast.

除了上述資訊之外,亦可包含有各種之資訊。例如,係亦可包含有文字輸入之速度等。在經驗上係可得知,偽裝成人類的惡意之程式,其按鍵輸入係為異常的快。In addition to the above information, it can also contain a variety of information. For example, the system can also include the speed of text input. It can be known from experience that the key input of a malicious program disguised as a human is abnormally fast.

於此所作了說明的記錄內容,係僅為其中一例,而亦可記錄更多的各式各樣之種類的資訊。又,於此所作了說明的記錄內容,係為對於標準性的例子作展示者,亦可使用更少之種類的資訊來構成白名單資料庫和黑名單資料庫。又,在上述之說明和圖8中,雖係針對種類而展示有5個種類的例子,但是,種類的數量係可更少,又,亦可在黑名單和白名單之中而種類的數量為相異。依存於用途,就算僅有1種類,亦為有用。The content of the records described here is just one example, and more various kinds of information can also be recorded. In addition, the content of the records described here is for the purpose of showing standard examples, and it is also possible to use less types of information to form the white list database and the black list database. In the above description and FIG. 8, although five types are shown as examples for the types, the number of types may be smaller, and the number of types may be included in the black list and the white list. Are different. Depending on the use, even if there is only one type, it is useful.

實施形態3比對伺服器20、40之細部構成、關連技術 (1)比對伺服器   於上所作了說明的比對伺服器20、40,係為被複數之網站10所利用並逐漸積蓄登入履歷之伺服器。相較於使個別的網站10以自身來積蓄登入履歷,由於係能夠將某一使用者18之登入履歷作更多的積蓄,因此,係能夠根據登入之行為來更有效率地判斷該存取是否為與至今為止相同之行為,並將該結果對於各網站10作通知。Detailed structure and related technologies of the comparison server 20 and 40 in the third embodiment (1) The comparison servers 20 and 40 explained above are used by the plurality of websites 10 and gradually accumulate and log in Resume server. Rather than allowing individual websites 10 to accumulate log-in histories by themselves, since the log-in histories of a certain user 18 can be made to accumulate more, it is possible to judge the access more efficiently based on the behavior of log-in Whether the behavior is the same as before and the results are notified to each website 10.

其結果,各網站10,係能夠對於使用者18而實行2要素認證30等之正當性之更進一步的認證,而能夠有效率地檢測出不正當之存取。   進而,各網站10,係能夠基於進行了更進一步之正當性之認證後的結果,來對於黑名單資料庫28和白名單資料庫48而進行登錄要求。故而,若是被登錄在黑名單資料庫28或白名單資料庫48中,則係能夠(使比對伺服器20、40(之控制部24、44))更確實地判斷該存取者是否身為正當的使用者,並將該結果提供給各網站10。As a result, each website 10 can perform further authentication of the legitimacy such as two-factor authentication 30 for the user 18, and can efficiently detect unauthorized access. Further, each of the websites 10 is capable of making a registration request to the blacklist database 28 and the whitelist database 48 based on the results of the further legitimacy authentication. Therefore, if it is registered in the blacklist database 28 or the whitelist database 48, it is possible (to make the comparison servers 20, 40 (the control units 24, 44)) to determine more accurately whether the accessor Are legitimate users, and the results are provided to each website 10.

(2)登入歷史資料庫   本實施形態1、2之登入歷史資料庫26、46,不論是在登入成功的情況或者是登入失敗的情況時,均係逐次積蓄登入履歷。積蓄之方法,係可採用各種之方法,但是,由於該日誌(log)係為有限,因此,將舊的資料適時刪除一事,亦為理想。(2) Login history database The login history databases 26 and 46 of this embodiment mode 1 and 2 all accumulate login histories, regardless of whether the login was successful or failed. Various methods can be used for the accumulation. However, since the log is limited, it is also desirable to delete old data in a timely manner.

登入歷史資料庫26、46,係只要將上述圖7之資訊於每次登入時逐次進行積蓄即可,但是,相同之使用者18的登錄成功履歷,若是僅作最新之特定個數的積蓄,並從較舊者起而依序作刪除,則亦為理想。   此種動作,係可由控制部24、44來實行。The login history databases 26 and 46 only need to accumulate the information in FIG. 7 one by one each time they log in. However, if the same user 18 has successfully logged in, only the latest specific number of accumulations are made. It is also desirable to delete sequentially from the older ones. Such operations can be performed by the control units 24 and 44.

又,登入歷史資料庫26、46,針對登入失敗履歷,亦係將上述圖7之資訊於每次登入時逐次進行積蓄,但是,此些係難以判斷出哪些履歷是身為相同的駭客8。因此,針對登入失敗履歷,若是全體性地將其之最大積蓄資料量預先決定為特定之量,並當超過了該特定之量之記憶容量的情況時,從舊的登入失敗履歷起來逐次刪除,則亦為理想。此種動作,亦係可由控制部24、44來實行。In addition, the login history databases 26 and 46 are also used to accumulate the information of FIG. 7 for each failed login history, but it is difficult to determine which resumes are the same hacker 8 . Therefore, for the log-in failure history, if the maximum amount of accumulated data is determined in advance as a specific amount, and when the memory capacity of the specific amount is exceeded, the old log-in failure history is deleted one by one, It is also ideal. Such operations can also be performed by the control units 24 and 44.

或者是,亦可針對各網站之每一者而分別預先決定積蓄資料量。若是對於各網站10而預先決定積蓄登入失敗履歷之最大積蓄資料量,並當超過了該量的情況時,從舊的登入失敗履歷起來逐次刪除,則亦為理想。   或者是,亦可構成為預先決定積蓄時間,並將超過該時間的舊的登入履歷逐次刪除。   此種動作,亦係可由控制部24、44來實行。Alternatively, the amount of accumulated data may be determined in advance for each of the websites. It is also desirable to determine the maximum amount of accumulated data for storing the log-in failure history for each website 10 in advance, and if it exceeds this amount, it is desirable to delete the log-in history from the old log-in failure history one by one. Alternatively, it may be configured such that the accumulation time is determined in advance, and old log-in histories that exceed this time are successively deleted. This kind of operation can also be performed by the control units 24 and 44.

(3)黑名單資料庫28和白名單資料庫48之共存   在上述之實施形態1、2中,雖係針對具備有黑名單資料庫28之比對伺服器20和具備有白名單資料庫48之比對伺服器40而作了說明,但是,係亦可構成一同具備有黑名單資料庫28和白名單資料庫48之比對伺服器。(3) The coexistence of the blacklist database 28 and the whitelist database 48 in the above-mentioned embodiments 1, 2 is aimed at the comparison server 20 having the blacklist database 28 and the whitelist database 48 The comparison server 40 has been described, but it may also constitute a comparison server that includes a blacklist database 28 and a whitelist database 48 together.

在此種構成的情況時,係可構成為依序實行   ・與黑名單資料庫28之登錄內容之間的比較   ・與登入履歷之間的比較   ・與白名單資料庫48之登錄內容之間的比較。   具體而言,係只要以在圖3之步驟S3-5處接續於「否」側而移行至圖5之步驟S5-4處的方式來進行處理即可。In the case of such a structure, it may be structured to be performed sequentially. Comparison with the registered contents of the blacklist database 28. Comparison with the login history. Compare. Specifically, the processing may be performed in a manner of continuing to the "No" side at step S3-5 in Fig. 3 and moving to step S5-4 in Fig. 5.

4.意義、效果   近年來,具有惡意的第3者使用所獲取之1組的ID和密碼而連續進行對於複數之網站10的不正當存取之情況,係發現有多數的例子。對於此種連續性的不正當存取,本實施形態中之比對伺服器20、40係能夠成為特別有效的對抗手段。又,在本實施形態1、2中,係提供有下述一般之架構:亦即是,係並不僅是使用者18之ID和密碼,而亦將使用者18和駭客8之動作的登入履歷作記錄並建構出登入歷史資料庫26、46,且將此在複數之網站間而作共有。故而,相較於單純地使1個的網站自身來對於使用者之履歷作管理的情況,係能夠更有效率地進行使用者18之認定、駭客8之檢測。4. Significance and Effects In recent years, a malicious third party has used the acquired ID and password to continuously perform unauthorized access to the plurality of websites 10, and there are many examples. With regard to such continuous improper access, the comparison servers 20 and 40 in this embodiment can be a particularly effective countermeasure. In addition, in the first and second embodiments, the following general structure is provided: that is, not only the ID and password of the user 18, but also the login of the actions of the user 18 and the hacker 8 The resume is recorded and the login history databases 26 and 46 are constructed, and this is shared among plural websites. Therefore, it is possible to more effectively perform the identification of the user 18 and the detection of the hacker 8 compared with the case where only one website itself manages the user's resume.

5.其他變形例   (1)在上述之實施形態中,比對伺服器20、40,只要是能夠從各網站10而進行存取的場所,則不論是位置在網際網路上之何處均可。例如,係亦可位置在與特定之網站10(例如10a)相同之伺服器內。於此情況,係能夠構成比對伺服器+網站之組合的附有比對伺服器之網站。5. Other Modifications (1) In the embodiment described above, as long as the comparison servers 20 and 40 are places that can be accessed from each website 10, they may be located anywhere on the Internet. . For example, it may be located on the same server as a specific website 10 (for example, 10a). In this case, it is a website with a comparison server that can constitute a combination of a comparison server + a website.

(2)係可將白名單資料庫48中之同一之使用者的資訊(record)的記錄數量設定為固定(例如n個(n為自然數)),但是,係亦可為更少的數量,又,亦可為更多的數量。又,係亦可構成為因應於狀況來對於登錄數量作動態調整。(2) It is possible to set the number of records of the same user information (record) in the white list database 48 to be fixed (for example, n (n is a natural number)), but it may be a smaller number. And again, for larger quantities. In addition, the system may be configured to dynamically adjust the number of registrations in accordance with the situation.

(3)在上述之實施形態中,黑名單資料庫28中之記錄數量雖並未設置限制,但是,係亦可對於比較比對之演算速度等作考慮,而對於最大登錄數量設置限制。於此情況,例如,係亦可進行從舊的記錄起來逐漸刪除等的處理。(3) In the above-mentioned embodiment, although the number of records in the blacklist database 28 is not limited, the calculation speed and the like of the comparison and comparison may be considered, and the maximum number of registrations may be set. In this case, for example, processing such as gradual deletion from the old record may be performed.

(4)在上述之實施形態中,白名單資料庫48中之資料雖係基於實際的存取來作記錄,但是,係亦可人為性地預先記錄有典型性之正式的資料。又,在黑名單資料庫28中,係亦可人為性地預先記錄有已判別出之不正當的存取之例。(4) In the above-mentioned embodiment, although the data in the white list database 48 is recorded based on actual access, it is also possible to artificially record typical formal data in advance. In addition, the blacklist database 28 may be an example in which unauthorized accesses that have been identified are recorded in advance artificially.

(5)在上述之實施形態中,白名單資料庫48中之資料雖係在每次之新的存取時被作更新,並使舊的資料被刪除,但是,係亦可預先指定人為性地作了固定的記錄。此係為對於存取之頻率為低的使用者18有所考慮的措施。(5) In the above-mentioned embodiment, although the data in the white list database 48 is updated every time a new access is made, and the old data is deleted, the system can also designate humanity in advance. The land has a fixed record. This is a measure that is considered for users 18 whose access frequency is low.

(6)又,白名單資料庫48、黑名單資料庫28之記錄,係亦可藉由人為性之手段或其他之手段來適宜施加微調,又,亦可由人來手動將並不是太重要的記錄刪除。係亦可施加各種的人為性之作業。(6) In addition, the records of the white list database 48 and the black list database 28 can also be fine-tuned by human means or other means. It is not too important to manually adjust the records. Record deletion. Departments can also perform various artificial tasks.

(7)在上述實施形態中,雖係將被作了雜湊化的ID和被作了雜湊化的密碼記錄在白名單資料庫48、黑名單資料庫28中,但是,係亦可使用並未被作雜湊化的資料,又,亦可利用被施加有特定之加密的ID和密碼。(7) In the above-mentioned embodiment, although the hashed ID and hashed password are recorded in the white list database 48 and the black list database 28, the system may also use The hashed data may also use an ID and a password to which a specific encryption is applied.

又,雖係針對本發明之實施形態而詳細地作了說明,但是,前述之實施形態,係僅為對於實施本發明時之具體例作了展示。本發明之技術性範圍,係並不被限定於上述之實施形態。本發明,在不脫離其之要旨的範圍內,係可進行各種之變更,並且該些變更亦係被包含在本發明之技術性範圍中。In addition, although the embodiment of the present invention has been described in detail, the above-mentioned embodiment is only a specific example for implementing the present invention. The technical scope of the present invention is not limited to the embodiments described above. The present invention can be modified in various ways without departing from the gist thereof, and these changes are also included in the technical scope of the present invention.

8‧‧‧駭客8‧‧‧ hacker

10、10a、10b、10c、10d‧‧‧網站10, 10a, 10b, 10c, 10d

18‧‧‧使用者18‧‧‧ users

20、40‧‧‧比對伺服器20, 40‧‧‧ match server

22、42‧‧‧通訊部22, 42‧‧‧ Ministry of Communications

24、44‧‧‧控制部24, 44‧‧‧ Control Department

26、46‧‧‧登入歷史資料庫26, 46‧‧‧Log into history database

28‧‧‧黑名單資料庫28‧‧‧Blacklist database

30、50‧‧‧2要素認證(之實行)30, 50‧‧‧2 element certification (implementation)

32‧‧‧登入拒絕32‧‧‧Login Rejected

48‧‧‧白名單資料庫48‧‧‧Whitelist database

52‧‧‧登入許可52‧‧‧Login permission

[圖1] 係為對於在本實施形態1中具有惡意的駭客對於複數之網站進行存取的模樣作展示之說明圖。   [圖2] 係為對於在本實施形態2中正當的使用者18對於複數之網站進行存取的模樣作展示之說明圖。   [圖3] 係為對於在本實施形態1中之比對伺服器20的動作作表現之流程圖。   [圖4] 係為對於在本實施形態1中之比對伺服器20的動作作表現之流程圖的後續內容。   [圖5] 係為對於在本實施形態2中之比對伺服器40的動作作表現之流程圖。   [圖6] 係為對於在本實施形態2中之比對伺服器40的動作作表現之流程圖的後續內容。   [圖7] 係為對於被登錄在本實施形態1、2中之登入歷史資料庫26、46中的內容之例作展示之說明圖。   [圖8] 係為對於被登錄在本實施形態1、2中之白名單資料庫48、黑名單資料庫28中的內容之例作展示之說明圖。[Fig. 1] It is an explanatory diagram showing how a malicious hacker in the first embodiment accesses a plurality of websites. [Fig. 2] It is an explanatory diagram showing how a legitimate user 18 accesses a plurality of websites in the second embodiment. [Fig. 3] is a flowchart showing the operation of the comparison server 20 in the first embodiment. [Fig. 4] is the subsequent content of the flowchart showing the operation of the comparison server 20 in the first embodiment. [Fig. 5] is a flowchart showing the operation of the comparison server 40 in the second embodiment. [FIG. 6] It is the subsequent content of the flowchart showing the operation of the comparison server 40 in the second embodiment. [Fig. 7] It is an explanatory diagram showing an example of the contents registered in the login history databases 26 and 46 in the first and second embodiments. [Fig. 8] It is an explanatory diagram showing examples of contents registered in the white list database 48 and the black list database 28 in the first and second embodiments.

Claims (10)

一種比對伺服器,係具備有:   通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和   前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和   前述登入歷史資料庫,係保持前述登入履歷,   該比對伺服器,其特徵為:   前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,係將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較,當前述登入與至今為止之登入的行為並非為相同之行為時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊。A comparison server includes: (1) a communication section, which is a communication section for communicating with the outside, and receives a login history from the outside, and sends the information to the control section; and the aforementioned control section, which The login history sent from the aforementioned communication department is registered in the login history database; and the aforementioned login history database is to maintain the aforementioned login history. The comparison server is characterized by: The aforementioned control unit, when the aforementioned is When the log-in history sent from the message is a successful one, the aforementioned log-in history is compared with the log-in history held by the aforementioned log-in history database. When the aforementioned log-in behavior is not the same as the previous log-in At that time, the information that does not look like my content will be sent through the aforementioned communication department. 如申請專利範圍第1項所記載之比對伺服器,其中,係更進而具備有:   黑名單資料庫,係保持惡意之駭客的資訊,   前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,係將前述登入履歷,與前述黑名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為惡意駭客的內容之訊息,經由前述通訊部來作送訊。The comparison server described in item 1 of the scope of the patent application, which further includes: a blacklist database, which maintains information of malicious hackers, the aforementioned control department, when the aforementioned log-in is sent to log in When the resume is a successful resume, the aforementioned login resume is compared with the registered contents of the aforementioned blacklist database. When the same information exists, the message representing the content as a malicious hacker is transmitted through The aforementioned communication department is to send the message. 如申請專利範圍第1項所記載之比對伺服器,其中,係更進而具備有:   白名單資料庫,係保持正式之使用者的資訊,   前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,係將前述登入履歷,與前述白名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為正式之使用者的內容之訊息,經由前述通訊部來作送訊。The comparison server described in item 1 of the scope of patent application, which further includes: a whitelist database, which maintains the information of formal users, the aforementioned control department, when the aforementioned login is sent by the login When the resume is a successful resume, the aforementioned login resume is compared with the registered content of the aforementioned whitelist database, and when the same information exists, it will be a message representing the content of the official user. Send the message through the aforementioned communication department. 一種比對伺服器,係具備有:   通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和   前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和   前述登入歷史資料庫,係保持前述登入履歷;和   黑名單資料庫,係保持惡意之駭客的資訊;和   白名單資料庫,係保持正式之使用者的資訊,   該比對伺服器,其特徵為:   前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,係將前述登入履歷,與前述黑名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為惡意駭客的內容之訊息,經由前述通訊部來作送訊,   當與前述黑名單資料庫之登錄內容作比較後的結果,係並不存在有同樣之資料的情況時,係將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較,   當與前述登入歷史資料庫所保持之登錄內容作比較後的結果,前述登入與至今為止之登入的行為並非為相同之行為時,將前述登入履歷,與前述白名單資料庫之登錄內容作比較,   當與前述白名單資料庫之登錄內容作比較後的結果,係存在有同樣之資料的情況時,將代表身為正式之使用者的內容之訊息,經由前述通訊部來作送訊,當並不存在有同樣之資料的情況時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊。A comparison server includes: (1) a communication section, which is a communication section for communicating with the outside, and receives a login history from the outside, and sends the information to the control section; and the aforementioned control section, which The login history sent from the aforementioned communication department is registered in the login history database; and the aforementioned login history database is to maintain the aforementioned login history; and the blacklist database is to maintain information of malicious hackers; and white The list database is to maintain official user information. The comparison server is characterized by: The aforementioned control unit, when the login history sent from the above is a successful one, the aforementioned login history is Compared with the registered content of the aforementioned blacklist database, when the same information exists, the message representing the content as a malicious hacker will be sent through the aforementioned communication department, and it should be compared with the aforementioned blacklist data The result of the comparison of the registered contents of the library is the case where the same information is not available. Compared with the login history maintained in the aforementioned login history database, When compared with the login content maintained in the aforementioned login history database, when the behavior of the aforementioned login and the login so far are not the same, The aforementioned login history is compared with the registered content of the aforementioned white list database. 比较 When compared with the registered content of the aforementioned white list database, when the same information exists, the representative will be a formal user. The information of the content is transmitted through the aforementioned communication department. When the same information does not exist, the information representing the content that does not look like me will be transmitted through the aforementioned communication department. 如申請專利範圍第2項或第4項所記載之比對伺服器,其中,   前述通訊部,係從外部而受訊黑名單登錄要求,並對於前述控制部作送訊,   前述控制部,係將在從前述通訊部所送訊來之黑名單登錄要求中所包含的惡意駭客之資訊,登錄在前述黑名單資料庫中。For example, the comparison server described in item 2 or item 4 of the scope of the patent application, wherein: the aforementioned communication department receives the blacklist registration request from the outside and sends a message to the aforementioned control department; The information of the malicious hacker included in the blacklist registration request sent from the aforementioned Ministry of Communications is registered in the aforementioned blacklist database. 如申請專利範圍第3項或第4項所記載之比對伺服器,其中,   前述通訊部,係從外部而受訊白名單登錄要求,並對於前述控制部作送訊,   前述控制部,係將在從前述通訊部所送訊來之白名單登錄要求中所包含的正式之使用者之資訊,登錄在前述白名單資料庫中。For example, the comparison server described in item 3 or item 4 of the scope of the patent application, wherein: the aforementioned communication department receives the whitelist registration request from the outside, and sends a message to the aforementioned control department, the aforementioned control department, the Register the official user information contained in the whitelist registration request sent from the aforementioned Ministry of Communications in the aforementioned whitelist database. 一種比對方法,係使用比對伺服器,來比對登入履歷是否像是本人,   該比對伺服器,係具備有:   通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和   前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和   前述登入歷史資料庫,係保持前述登入履歷,   該比對方法,其特徵為,係包含有:   使前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較,當前述登入與至今為止之登入的行為並非為相同之行為時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊之步驟。A comparison method is to use a comparison server to compare whether the login history looks like me. The comparison server is equipped with: Communication section, which is a communication section for communicating with the outside, and from The login history is received externally and sent to the control department; and the aforementioned control department is registered in the login history database from the login history sent from the aforementioned communication department; and the aforementioned login history database is The aforementioned login history is maintained. The comparison method is characterized in that it includes: The aforementioned control unit is configured to, when the aforementioned logged-in history sent by the message is a successful history, compare the aforementioned login history with the aforementioned login history. The log-in history maintained in the database is compared. When the aforementioned log-in behavior is not the same as the previous log-in behavior, the message representing the content that does not look like me will be sent through the aforementioned communication department. 一種比對方法,係使用比對伺服器,來比對登入履歷是否像是本人,   該比對伺服器,係具備有:   通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和   前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和   前述登入歷史資料庫,係保持前述登入履歷;和   黑名單資料庫,係保持惡意之駭客的資訊;和   白名單資料庫,係保持正式之使用者的資訊,   該比對伺服器,其特徵為,係包含有:   使前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,將前述登入履歷,與前述黑名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為惡意駭客的內容之訊息,經由前述通訊部來作送訊之步驟;和   使前述控制部,當與前述黑名單資料庫之登錄內容作比較後的結果,係並不存在有同樣之資料的情況時,將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較之步驟;和   使前述控制部,當與前述登入歷史資料庫所保持之登錄內容作比較後的結果,前述登入與至今為止之登入的行為並非為相同之行為時,將前述登入履歷,與前述白名單資料庫之登錄內容作比較之步驟;和   使前述控制部,當與前述白名單資料庫之登錄內容作比較後的結果,係存在有同樣之資料的情況時,將代表身為正式之使用者的內容之訊息,經由前述通訊部來作送訊,當並不存在有同樣之資料的情況時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊之步驟。A comparison method is to use a comparison server to compare whether the login history looks like me. The comparison server is equipped with: Communication section, which is a communication section for communicating with the outside, and from The login history is received externally and sent to the control department; and the aforementioned control department is registered in the login history database from the login history sent from the aforementioned communication department; and the aforementioned login history database is Maintain the aforementioned log-in history; and the blacklist database, which keeps information of malicious hackers; and the whitelist database, which keeps information of formal users, The comparison server, which is characterized by: The aforementioned control unit compares the aforementioned log-in history with the log-in content of the aforementioned blacklist database when the log-in history sent from the above is a successful one, and when the same information exists, it will The message representing the content as a malicious hacker is transmitted through the aforementioned communication department; and the aforementioned control department When the result of comparison with the registration content of the aforementioned blacklist database does not exist the same information, a step of comparing the aforementioned login history with the login history maintained by the aforementioned login history database; and When the foregoing control unit compares with the login content maintained in the aforementioned login history database, when the aforementioned login behavior is not the same as the previous login behavior, the aforementioned login history is compared with the aforementioned white list database Steps for comparing the registered contents; and when the control section compares with the registered contents of the white list database as described above, it will represent the contents as a formal user when the same information exists. The information is transmitted through the aforementioned communication department. When the same information does not exist, the information representing the content that does not look like me will be transmitted through the aforementioned communication department. 一種電腦程式,係使電腦作為比對伺服器而動作,   該比對伺服器,係具備有:   通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和   前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和   前述登入歷史資料庫,係保持前述登入履歷,   該電腦程式,其特徵為,係使前述電腦實行下述程序:   使前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較,當前述登入與至今為止之登入的行為並非為相同之行為時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊之程序。A computer program that makes a computer act as a comparison server. The comparison server is equipped with: a communication unit, which is a communication unit that communicates with the outside, and receives a log-in history from the outside. And send the message to the control department; and the aforementioned control department, which logs in the login history sent from the aforementioned communications department, into the login history database; and the aforementioned login history database, which keeps the aforementioned login history, the computer The program is characterized in that the aforementioned computer executes the following procedures: (1) The aforementioned control unit is configured to, when the login history sent from the communication is a successful history, combine the aforementioned login history with the aforementioned login history database. For comparison of the maintained login history, when the aforementioned login and the previous login are not the same behavior, the message representing the content that does not look like me will be transmitted through the aforementioned communication department. 一種電腦程式,係使電腦作為比對伺服器而動作,   該比對伺服器,係具備有:   通訊部,係為進行與外部之間之通訊的通訊部,並從外部而受訊登入履歷,且送訊至控制部處;和   前述控制部,係將從前述通訊部所送訊而來之登入履歷登錄在登入歷史資料庫中;和   前述登入歷史資料庫,係保持前述登入履歷;和   黑名單資料庫,係保持惡意之駭客的資訊;和   白名單資料庫,係保持正式之使用者的資訊,   該電腦程式,其特徵為,係使前述電腦實行下述程序:   使前述控制部,當前述被送訊而來之登入履歷係為成功履歷的情況時,將前述登入履歷,與前述黑名單資料庫之登錄內容作比較,當存在有同樣之資料的情況時,將代表身為惡意駭客的內容之訊息,經由前述通訊部來作送訊之程序;和   使前述控制部,當與前述黑名單資料庫之登錄內容作比較後的結果,係並不存在有同樣之資料的情況時,將前述登入履歷,與前述登入歷史資料庫所保持的登入履歷作比較之程序;和   使前述控制部,當與前述登入歷史資料庫所保持之登錄內容作比較後的結果,前述登入與至今為止之登入的行為並非為相同之行為時,將前述登入履歷,與前述白名單資料庫之登錄內容作比較之程序;和   使前述控制部,當與前述白名單資料庫之登錄內容作比較後的結果,係存在有同樣之資料的情況時,將代表身為正式之使用者的內容之訊息,經由前述通訊部來作送訊,當並不存在有同樣之資料的情況時,將代表並不像是本人的內容之訊息,經由前述通訊部來作送訊之程序。A computer program that makes a computer act as a comparison server. The comparison server is equipped with: a communication unit, which is a communication unit that communicates with the outside, and receives a log-in history from the outside. And send a message to the control department; and the aforementioned control department, which logs in the login history sent from the aforementioned communications department, in the login history database; and the aforementioned login history database, which maintains the aforementioned login history; and The list database is used to keep information of malicious hackers; and the white list database is used to keep information of formal users. The computer program is characterized by causing the aforementioned computer to perform the following procedures: enabling the aforementioned control unit, When the log-in history sent from the above is a successful one, the log-in history is compared with the log-in content of the blacklist database. When the same information exists, the representative will be malicious. The information of the contents of the hacker is transmitted through the aforementioned communication department; The result of comparison with the registration content of the aforementioned blacklist database is a procedure for comparing the aforementioned log-in history with the log-in history held by the aforementioned log-in history database when the same information does not exist; and The foregoing control unit compares the above login history with that of the white list database when, as a result of comparison with the above-mentioned login content maintained in the above login history database, the previous login behavior is not the same as the previous login behavior. Procedures for comparing registered contents; and when the aforementioned control section compares the registered contents with the aforementioned white list database with the same information, it will represent the contents of the user as a formal user. The message is transmitted through the aforementioned communication department. When the same information does not exist, the message representing the content that does not look like itself will be transmitted through the aforementioned communication department.
TW107112974A 2017-12-23 2018-04-17 Comparison server, comparison method and computer program TWI769240B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2017247098A JP6564841B2 (en) 2017-12-23 2017-12-23 Verification server, verification method and computer program
JP2017-247098 2017-12-23

Publications (2)

Publication Number Publication Date
TW201928750A true TW201928750A (en) 2019-07-16
TWI769240B TWI769240B (en) 2022-07-01

Family

ID=66993193

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107112974A TWI769240B (en) 2017-12-23 2018-04-17 Comparison server, comparison method and computer program

Country Status (3)

Country Link
JP (1) JP6564841B2 (en)
TW (1) TWI769240B (en)
WO (1) WO2019123665A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108632348B (en) * 2018-03-19 2020-02-18 阿里巴巴集团控股有限公司 Service checking method and device
JP2021101281A (en) * 2019-12-24 2021-07-08 日本電気株式会社 Biometric authentication system, biometric authentication method, and computer program
CN111010402B (en) * 2019-12-24 2022-09-30 深信服科技股份有限公司 Account login method, device, equipment and computer readable storage medium
TWI815715B (en) * 2022-10-27 2023-09-11 英業達股份有限公司 System and method for judging situation of server according to server log data
TWI815722B (en) * 2022-11-07 2023-09-11 英業達股份有限公司 System and method for pre-judging situation of server before test according to server log data

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8359632B2 (en) * 2008-05-30 2013-01-22 Microsoft Corporation Centralized account reputation
JP2010097467A (en) * 2008-10-17 2010-04-30 Nomura Research Institute Ltd Risk-based authentication system and risk-based authentication method
US9639678B2 (en) * 2012-06-29 2017-05-02 Microsoft Technology Licensing, Llc Identity risk score generation and implementation
JP2017076185A (en) * 2015-10-13 2017-04-20 富士通株式会社 Network monitoring apparatus, network monitoring method, and network monitoring program
JP6347557B2 (en) * 2016-05-03 2018-06-27 株式会社カウリス Service providing system, service providing method, verification device, verification method, and computer program
JP6564137B2 (en) * 2016-06-01 2019-08-21 日本電信電話株式会社 Detection device, detection method, detection system, and detection program
TWI621342B (en) * 2016-06-08 2018-04-11 Chunghwa Telecom Co Ltd Voice for Internet Protocol (VoIP) calls and systems in which the calling and called users are accommodated in the same Talk Edge Controller (SBC) and method thereof

Also Published As

Publication number Publication date
JP2019114061A (en) 2019-07-11
WO2019123665A1 (en) 2019-06-27
JP6564841B2 (en) 2019-08-21
TWI769240B (en) 2022-07-01

Similar Documents

Publication Publication Date Title
US10558797B2 (en) Methods for identifying compromised credentials and controlling account access
US9853983B2 (en) Preventing phishing attacks based on reputation of user locations
CN108293050B (en) Method and system for detecting unauthorized access to cloud applications based on speed events
US10764316B2 (en) Malware detection system based on stored data
US9942220B2 (en) Preventing unauthorized account access using compromised login credentials
TWI718291B (en) Service provision system, service provision method, and computer program
US20200358798A1 (en) Systems and methods for mediating access to resources
KR101721032B1 (en) Security challenge assisted password proxy
US9838384B1 (en) Password-based fraud detection
US8850567B1 (en) Unauthorized URL requests detection
US10176318B1 (en) Authentication information update based on fraud detection
TWI769240B (en) Comparison server, comparison method and computer program
US10445514B1 (en) Request processing in a compromised account
CN111382422B (en) System and method for changing passwords of account records under threat of illegally accessing user data
US11616774B2 (en) Methods and systems for detecting unauthorized access by sending a request to one or more peer contacts
JP6506384B2 (en) Service providing system, service providing method, verification apparatus, verification method, and computer program
JP5743822B2 (en) Information leakage prevention device and restriction information generation device
JP6842951B2 (en) Unauthorized access detectors, programs and methods
US11853443B1 (en) Systems and methods for providing role-based access control to web services using mirrored, secluded web instances
Bhavnani et al. An extensive review of data security infrastructure and legislature
JP6506451B2 (en) Service providing system, service providing method, verification apparatus, verification method, and computer program
JP4979127B2 (en) Account information leak prevention service system
KR101594315B1 (en) Service providing method and server using third party&#39;s authentication
JP2015162225A (en) Web relay server device and web page browsing system
KR101445817B1 (en) Method and apparatus for controlling use of service