[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

WO2007029849A1 - Personal password management method, personal password association assistance apparatus, personal password association assistance program, personal password management system and authentication server - Google Patents

Personal password management method, personal password association assistance apparatus, personal password association assistance program, personal password management system and authentication server Download PDF

Info

Publication number
WO2007029849A1
WO2007029849A1 PCT/JP2006/317943 JP2006317943W WO2007029849A1 WO 2007029849 A1 WO2007029849 A1 WO 2007029849A1 JP 2006317943 W JP2006317943 W JP 2006317943W WO 2007029849 A1 WO2007029849 A1 WO 2007029849A1
Authority
WO
WIPO (PCT)
Prior art keywords
association
identification information
inducing
user
user identification
Prior art date
Application number
PCT/JP2006/317943
Other languages
French (fr)
Inventor
Haruyoshi Suzuki
Original Assignee
Fuji Film Corporation
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fuji Film Corporation filed Critical Fuji Film Corporation
Publication of WO2007029849A1 publication Critical patent/WO2007029849A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • PERSONAL PASSWORD MANAGEMENT METHOD PERSONAL PASSWORD ASSOCIATION ASSISTANCE APPARATUS
  • PERSONAL PASSWORD ASSOCIATION ASSISTANCE PROGRAM PERSONAL PASSWORD MANAGEMENT SYSTEM AND AUTHENTICATION SERVER
  • the present invention relates to technology whereby an individual person can easily manage a plurality of passwords.
  • the password may have to be changed periodically due to system requirements, and this is another factor which increases the volume of passwords that have to be managed by the individual.
  • One method of managing a plurality of passwords is to store a table indicating which password to be entered in which login screen, inside the computer, or to make a memorandum on paper, and to rewrite and update the table each time a password is added, or an invalid password occurs.
  • Japanese Patent Application Laid-OpenNo. 2004-295711 discloses that information on network system users is managed centrally on an authentication server, and a password management section creates and manages device-specific-passwords which combine a basic password designated by the user with a token that can be recognized easily by the user. Furthermore, a function is provided for storing password information in a portable terminal and presenting a password corresponding to a server desired by the user.
  • 2004-295711 concerns a system which creates specific passwords for a plurality of devices present in a single well-defined and managed system, by taking a basic password and adding information (tokens) such as a device specific name or fixed IP address, before or after the basic password. In other words, it can only be applied to a single well managed system, and it cannot be used for the management of a plurality of passwords corresponding to a plurality of independently designed systems having different owners.
  • Japanese Patent Application Laid-Open No. 2004-295711 merely provides user convenience from the system side, and it does not make any reference to the fundamental problem of how one user is able to cope with an infinite variety of separately designed systems.
  • the present invention has been contrived in view of such circumstances, an object thereof being to provide technology whereby passwords required by a wide variety of different systems can be managed centrally on the user side.
  • the present invention is directed to a personal password management method, comprising the steps of: accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services; retrieving one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and notifying the one of the association-inducing words retrieved from the database.
  • the present invention is also directed to a personal password management method, comprising the steps of: accepting registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for a particular user, a password for a particular authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the particular user in the particular authentication service; storing the association-inducing word for which the registration has been accepted, in a database, in association with the user identification information for the particular authentication service; accepting entering of the user identification information for the particular authentication service through a login screen of the particular authentication service; retrieving the association-inducing word corresponding to the entered user identification information for the particular authentication service through the login screen, from the database; and notifying the association-inducing word retrieved from the database.
  • the present invention is also directed to a personal password management method, comprising the steps of: accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; retrieving, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered through the prescribed single login screen; and notifying the one of the association-inducing words retrieved from the database.
  • a particular authentication service is used from a plurality of authentication services that exist, then when user identification information is entered through a login screen, the association-inducing word that is registered as desired by the user is notified to the user. The user is then able, uniquely him or herself, to associate the notified association-inducing word with the password to be used in that authentication service. Consequently, the user is able to reconstruct and use, easily and accurately, a plurality of passwords that he or she has set previously with respect to a plurality of different authentication services.
  • the passwords that are the objects of the present invention include items having similar characteristics, such as a PIN (Personal Identification Number), a code number, or the like.
  • association-inducing words may be registered in the servers of the respective authentication services, or they may be registered in the user terminal. In particular, if the association-inducing words are registered in the user terminal, then it is not necessary to especially provide a set-up for registering association-inducing words in the servers of the authentication services.
  • each of the passwords is composed of a password stem which is a prescribed character string common to the passwords, and a corresponding one of the association-inducing words.
  • an authentication server for an authentication service comprising: a registration section which accepts, through a terminal used by a user, registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for the user, a password for the authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the user in the authentication service; a database which stores the association-inducing word for which the registration has been accepted by the registration section, in association with the user identification information; a login screen presenting section which presents a login screen in which entering of the user identification information and the password is accepted, to the terminal in accordance with a request from the terminal; a user identification information entering section which accepts entering of the user identification information for the authentication service, through the login screen; a retrieving section which retrieves, from the database, the association-inducing word corresponding to the user identification information entered through the login screen; and a notifying section which notifies the
  • the present invention is also directed to a personal password association assistance apparatus, comprising: a registration section which accepts, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a database which stores the association-inducing words for which the registration has been accepted for the desired authentication services by the registration section, in association with the pieces of the user identification information for the desired authentication services; a user identification information entering section which accepts entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; a retrieving section which retrieves, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered to the user identification information entering section; and
  • the present invention is also directed to a personal password management system, comprising: a registration section which accepts, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a database which stores the association-inducing words for which the registration has been accepted by the registration section, in association with the pieces of the user identification information for the desired authentication services; a user identification information entering section which accepts entering of one of the pieces of the user identification information for one of the authentication services; a retrieving section which retrieves one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and a notifying section which notifies the one of the association-inducing words retrieved from the
  • the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a second code segment for a step of storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; a third code segment for a step of accepting entering of one of the pieces of the user identification information for one of the authentication services; a fourth code segment for a step of retrieving one of the association-inducing words corresponding to the entered one of the pieces of the user
  • the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for a particular user, a password for a particular authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the particular user in the particular authentication service; a second code segment for a step of storing the association-inducing word for which the registration has been accepted, in a database, in association with the user identification information for the particular authentication service; a third code segment for a step of accepting entering of the user identification information for the particular authentication service through a login screen of the particular authentication service; a fourth code segment for a step of retrieving the association-inducing word corresponding to the entered user identification information for the particular authentication service through the login screen, from the database; and a fifth code segment for a step
  • the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a second code segment for a step of storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; a third code segment for a step of accepting entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; a fourth code segment for a step of retrieving, from the database, one of the association-inducing
  • the present invention when using a particular authentication service from a plurality of authentication services that exist, if user identification information is entered through a login screen, an association-inducing word that is registered as desired by the user is notified. The user is then able, uniquely, to associate the notified association-inducing word with the password to be used in that authentication service. Consequently, the user is able to recompose and use, easily and accurately, a plurality of passwords that he or she has set previously with respect to a plurality of different authentication services.
  • Fig. 1 is a block diagram of an authentication system according to a first embodiment of the present invention
  • Fig. 2 is a diagram showing a registration form according to the first embodiment
  • Fig. 3 is a diagram showing an authentication form according to the first embodiment
  • Fig. 4 is an illustrative schematic drawing of information stored in an authentication database according to the first embodiment
  • Fig. 5 is a block diagram of an authentication system according to a second embodiment of the present invention.
  • Fig. 6 is an illustrative schematic drawing of information stored in an authentication database according to the second embodiment
  • Fig. 7 is an illustrative schematic drawing of information stored in an association-inducing word database according to the second embodiment
  • Fig. 8 is a diagram showing an authentication form according to the second embodiment.
  • Fig. 1 is a block diagram of a personal authentication system according to a preferred embodiment of the present invention.
  • a client 1 constituted by a personal computer or an information terminal, and a plurality of authentication servers 2a and 2b (also referred to generally as “authentication server 2") are connected together through a network 3, such as the Internet.
  • a network 3 such as the Internet.
  • the authentication server 2 is used to authenticate specific users for a variety of services, such as community websites and commercial websites.
  • a web browser 11 provided in the client 1 receives and displays a web page sent by web servers 21a and 21b (also referred to generally as "web server 21") provided in the authentication servers 2.
  • the web server 21 sends a registration form (registration screen) which is a web page for registering a password, or an authentication form (login screen) which is a web page for user authentication, to the client 1, and at the client 1, the user enters a user ID and a password into the registration form or authentication form, by operating an operating section 12 including an input device such as a keyboard and a mouse, and then sends same to the web server 21.
  • the registration form sent by the web server 21a and the registration form sent by the web server 21b are independent and have absolutely no relation to each other. In order to distinguish between them, the registration form sent by the web server 21a is referred to as RFl, and the registration form sent by the web server 21b is referred to as RF2.
  • the authentication form sent by the web server 21a and the authentication form sent by the web server 21b are independent and have absolutely no relation to each other. In order to distinguish between them, the authentication form sent by the web server 21a is referred to as AFl, and the authentication form sent by the web server 21b is referred to as AF2.
  • the authentication servers 2a and 2b respectively comprise: authentication databases (DB) 23a and 23b (also referred to generally as “authentication database 23”), which store a unique user ID set independently for each user and a password determined as desired by each user; authentication sections 22a and 22b (also referred to generally as “authentication section 22") which compare the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23, and authenticate the user depending on whether or not the user IDs and the passwords are matching; and password and association-inducing word registration sections 24a and 24b (also referred to generally as “registration sections 24a and 24b” or “registration section 24") which record desired passwords and association-inducing words (described hereinafter) entered by the user, in the authentication databases 23a and 23b.
  • DB authentication databases
  • two authentication servers 2a and 2b are shown as examples of a plurality of authentication servers; however, it is also possible to adopt a mode in which three or more authentication servers are connected to, or are connectable to, the client 1.
  • the authentication servers 2a and 2b are depicted as having the same compositions, and the respective blocks which constitute each server are denoted with the suffix "a" or "b" only when it is especially necessary to distinguish between them.
  • the authentication servers 2a and 2b, and the blocks which constitute them are mutually independent and have no relationship with each other.
  • the web browser 11 of the client 1 also has functions for sending information entered through the operating section 12, to the authentication server 2, and transferring this information to the authentication section 22 and the registration section 24 of the web server 21, which are constituted by CGI (Common Gateway Interface) programs, for example.
  • CGI Common Gateway Interface
  • Fig. 2 shows one embodiment of a registration form (registration screen).
  • the registration form is a graphical user interface on which the user can enter and specify items required for registering a password, by performing operations through the operating section 12.
  • the registration form contains: a user ID input box 201, to which a user ID that is unique identification information set previously for the user is entered; a password input box 202, to which any desired character string to be recorded as the password is entered; and an association-inducing word input box 203, to which an association-inducing word that is uniquely associated with the password by the user is entered.
  • a register button 210 is provided on the registration forms RFl and RF2.
  • the procedure for registering a new password in the authentication server 2a is described (since the procedure for registration in the authentication server 2b is exactly the same, then description thereof is omitted here).
  • the register button 210 on the registration form RFl is pressed, the web browser 11 sends the user ID entered in the user ID input box 201 , the password entered in the password input box 202 and the association-inducing word (which is normally a portion of a new password to be registered excluding a stem portion of the new password, which is described hereinafter) entered in the association-inducing word input box 203, are sent to the web server 21a.
  • the web server 21a transfers the user ID, the password and the association-inducing word received from the registration form RFl, to the registration section 24a.
  • the registration section 24a stores the user ID, the password and the association-inducing word transferred from the web server 21a, in a mutually associated fashion, in the authentication database 23 a.
  • Fig. 3 shows one embodiment of an authentication form (login screen).
  • the authentication form is a user interface on which the user can enter items required to receive authentication, in other words, the user ID and the password. More specifically, the authentication form contains: a user ID input box 204, to which the user ID is entered; and a password input box 205, to which the password is entered. Furthermore, an association-inducing word display box 206 in which the association-inducing word having been registered through the registration form is displayed is also provided.
  • a login button 220 is provided on the authentication forms AFl and AF2.
  • the procedure for logging in to the authentication server 2a is described (since the procedure for logging in to the authentication server 2b is exactly the same, then description thereof is omitted here).
  • the authentication form AF 1 firstly, when a user ID is entered to the user ID input box 204, the association-inducing word is sent from the system side to the association-inducing word display box 206. Upon seeing this association-inducing word, the user reconstructs the password that should be entered to the login screen, by combining the password stem and the association-inducing word, and the user enters the password to the password input box 205 and then presses the login button 220.
  • the login button 220 is pressed on the authentication form AFl , the web browser 11 sends the user ID entered in the user ID input box 204 and the password entered in the password input box 205, to the web server 21a.
  • the web server 21a transfers the user ID and the password received from the authentication form AFl, to the authentication section 22a.
  • the authentication section 22a compares the user ID and the password transferred from the web server 21a with the user ID and the password having been stored in the authentication database 23 a, and if the two are matching, the user is authenticated as a legitimate user.
  • Fig. 4 shows an illustrative schematic drawing of information stored in the authentication databases 23a and 23b.
  • An authentication table which mutually associates a "user ID", "password” and “association-inducing word”, is stored in the authentication databases 23 a and 23b.
  • the authentication table is created, stored and managed individually for each user.
  • the user ID corresponding to a particular user is stated as "XYZOl” in the authentication database 23a, and "UVWq" in the authentication database 23b, and the services run by the respective authentication servers 2a and 2b are set to be completely independent of each other.
  • the passwords "haruOOl” and “haru002” corresponding to the user ID are set as desired by the user, and a portion of the character strings of the passwords, "haru”, is common to both passwords.
  • "haru” corresponds to the password stem.
  • a user who accesses the authentication server 2 from the client 1 manages the password group used in the authentication server 2 in the following way.
  • the user designates a password stem which is simple and which he or she does not disclose to anyone at all, for the password group that is to be managed. For example, a string composed of five characters: x(l)x(2)x(3)x(4)x(5) is set as the password stem.
  • the password stem may be set to any desired length. The user then bears only the password stem in his or her mind.
  • the authentication server 2 stores the user ID, the password and the association-inducing word entered in the registration form, in a mutually associated fashion, in the authentication database 23.
  • the user ID and the password are managed in a mutually associated fashion, similarly to the related art, but the association-inducing word only needs to be stored in the authentication database 23 on the authentication server 2 side, in an associated fashion with the ID and the password.
  • the user enters the user ID to the user ID input box 204.
  • the web browser 11 judges whether or not entering of the user ID has completed. This judgment is made, for example, when the return key of the operating section 12 is pressed, or when the cursor is moved to a separate location, or the like. Alternatively, it is also possible that a separate button for indicating the end of the user ID entering is provided, and by pressing this button, the end of the user ID entering is reported to the system side.
  • the authentication section 22 retrieves the association-inducing word corresponding to the entered user ID, from the authentication database 23, and the authentication section 22 sends the retrieved association-inducing word to the client 1.
  • the web browser 11 Upon receiving the association-inducing word from the authentication server 2, the web browser 11 displays this association-inducing word in the association-inducing word display box 206. 7. The user sees the association-inducing word displayed in the association-inducing word display box 206, and he or she enters, into the password input box 205, the password stem x(l)x(2)x(3)x(4)x(5) kept in only his or her mind, and then continuously entering the association-inducing word a(l)a(2)a(3). In this case, the user has his or her own rule (in other words, a combination rule between the password stem and the association-inducing word) for creating the password "by adding the association-inducing word onto the end of the password stem".
  • the user can retrieve the association-inducing word from the authentication server 2 in the authentication step, and can immediately enter the whole of password without making any errors.
  • the key point of this method is that even if a third party finds out the association-inducing word a(l)a(2)a(3) only, then provided that the password stem x(l)x(2)x(3)x(4)x(5) remains unknown, and/or provided that the user's combination rule remains unknown, the third party is unable to break and reach the password.
  • the user designates one password stem (since there is only one password stem, then there is very little possibility of forgetting it), and association-inducing words which are to be appended to the password stem are then recorded in the authentication server 2. Therefore, the user in question is able to recompose the complete form of an individual password whenever it is required, while being able to keep the password secret from third parties.
  • the association-inducing word forms complete complementary information for the user him or herself, but any other person will not be able to tell what the real password is, from the association-inducing word only.
  • the password character string has a structure in which an association-inducing word composed of a 3-digit number is appended to the password stem; however, in general, there are no limits on the character strings and the character types of the password stem and the association-inducing word. For example, if “saori” is used as the association-inducing word, then “saori” is displayed in the association-inducing word display box 206, and hence following the combination rule of adding the association-inducing word after the password stem, the user should enter "x(l)x(2)x(3)x(4)x(5)saori" as the password.
  • a case is considered here in which a password is formed by placing the first three characters of the association-inducing word before the password stem, and placing the last two characters of the association-inducing word after the password stem.
  • the password will be tj 8x( 1 )x(2)x(3)x(4)x(5)03.
  • the last character of the association-inducing word composed of five characters is set to be a number, then an interpretation is settled in which a number of characters corresponding to this last character number from the start of the association-inducing word are placed in front of the password stem, and the remainder is placed after the password stem.
  • a rule is indicated whereby, of the association-inducing word "tj803", "tj8” is placed before the password stem, and "03" is placed after the password stem.
  • this rule itself is indicated after a hyphen at the very end of the association-inducing word (e.g., tj803-3), for example.
  • the key point is that only the true user who registered the information will be able to immediately remember the combination rule to be used and the password to be reconstructed, from the association-inducing word.
  • the password stem and the character string appended to the password stem can be set to any length, and needless to say, the longer these character strings, the higher the level of security.
  • association-inducing word rather than incorporating the association-inducing word directly into the password, it is also possible to create a one-to-one correspondence between the association-inducing word and the password, provided that the combination rule can be remembered readily by the user. For instance, if “precious” is set as the password stem, "daughter” is set as the association-inducing word, the name of the user's own daughter is “saori”, and “precioussaori” is set as the password, then upon login, the user sees the display of the association-inducing word "daughter”, immediately remembers "saori", which is the name of the user's own daughter, and is able to enter "precioussaori” as the password. This is based on a mapping rule that is set only in the user's own mind, and therefore it further increases the level of security by which the password is protected from other people.
  • the added portion apart from the stem portion of the password can be any character string that the user him or herself can reliably associate with on a one-to-one basis from the association-inducing word, and hence this method has very good general usability. It is also possible to adopt various modifications and adaptations with regard to how the associated character string ("saori", in the aforementioned example) and the password stem are to be combined to compose the password, on the basis of rules decided by the user in his or her own mind (these rules may be calculation by means of a mathematical formula, or the like).
  • association-inducing word display box 206 to display the association-inducing word is not prepared, and the association-inducing word is displayed conveniently in the password input box 205.
  • the association-inducing word may be sent to any electrical equipment carried by the user, such as a mobile telephone and a personal digital assistant (PDA), and displayed on that equipment, or a voice message corresponding to the association-inducing word may be transmitted and reproduced, thereby notifying the word to the user.
  • PDA personal digital assistant
  • any specific composition may be adopted.
  • the present invention is also directed to a program which causes a computing apparatus or a storage apparatus of a personal computer or server to function as the authentication section 22, the authentication database 23, and the registration section 24.
  • each authentication server 2 independently sends a registration form (registration screen) and an authentication form (login screen) to the client 1, and the registration of the association-inducing word entered in the registration form, and the retrieval of the association-inducing word corresponding to the user ID entered in the authentication form, are carried out by each authentication server 2.
  • registration form registration screen
  • authentication form login screen
  • a single pair of registration form and authentication form is managed completely on the client side, and when registering or logging on to an actual website, then the inputs are linked automatically from each form to the prescribed boxes (user ID and password boxes) of the registration screen or the login screen of the actual website.
  • the first embodiment cannot be achieved unless the systems of many different actual websites incorporate the concept of using association-inducing words, whereas the second embodiment provides means of applying the method of the present invention on the user side (client side), even if many different actual websites remain as they are at present (using only user ID and password boxes). Since the registration system is relatively simple, the following description centers on the actions of the authentication system which also includes actions of the registration system.
  • Fig. 5 is a block diagram of an authentication system according to the second embodiment.
  • the client 1 comprises an association-inducing word database 14 and an association-inducing word retrieval section 13.
  • the authentication databases 23 a and 23b of the authentication servers 2a and 2b store the user IDs and the passwords in a mutually associated fashion; however, in contrast to the first embodiment, they do not store the association-inducing words.
  • the authentication database 23a stores "XYZOl” as a user ID and “haruOOl” as a password, in mutually associated fashion
  • the authentication database 23b stores "UVWq" as a user ID and "haruO02" as a password, in a mutually associated fashion
  • Fig. 7 is an illustrative schematic drawing of an association-inducing word management table stored in the association-inducing word database 14. As shown in Fig. 7, the association-inducing word management table stores the items, "website (login screen page)", “user ID” and “association-inducing word”, in a mutually associated fashion.
  • association-inducing word management table may be acquired illegitimately by a third party, then no password is included in this table.
  • the web browser 11 displays a single prescribed authentication form (login screen) which corresponds to all of the authentication servers 2a and 2b to be accessed by the user.
  • Fig. 8 shows an authentication form which is used both as an authentication form Fl for the authentication server 2a of an "Online Bank A", and an authentication form F2 for the authentication server 2b of an "Online Store B". This form is prepared in advance in the client 1, and therefore it does not need to be supplied by the authentication servers 2.
  • the client 1 is provided with the association-inducing word retrieval section 13.
  • the association-inducing word retrieval section 13 retrieves the association-inducing word corresponding to the user ID used in the authentication server 2 accessed by the user, from the association-inducing word database 14, and outputs the retrieved association-inducing word to the web browser 11.
  • the association-inducing word retrieval section 13 judges whether or not entering of the user ID has been completed. If it is judged that the entering of the user ID has been completed, then the association-inducing word retrieval section 13 retrieves the association-inducing word "001" corresponding to the user ID of the "Online Bank A", from the association-inducing word database 14. The association-inducing word retrieval section 13 outputs the retrieved association-inducing word to the web browser 11. The web browser 11 displays the association-inducing word received from the association-inducing word retrieval section 13, to the association-inducing word display box 206a for the "Online Bank A".
  • the user sees the association-inducing word displayed in the association-inducing word display box 206a, recomposes immediately the password, and then enters the password to the password input box 205a.
  • the web browser 11 transfers the user ID entered in the user ID input box 204a and the password entered in the password input box 205a, to the authentication form (login screen, see Fig. 3) prepared by the actual website (the authentication server 2a), and executes an equivalent command as if the actual login button prepared on the original login screen is pressed. Viewed from the website, it can be regarded as the same as if login has been performed at the website.
  • the authentication server 2a authenticates the user by comparing the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23a.
  • the association-inducing word retrieval section 13 judges whether or not entering of the user ID has been completed. If it is judged that the entering of the user ID has been completed, then the association-inducing word retrieval section 13 retrieves the association-inducing word "002" corresponding to the user ID of the "Online Store B", from the association-inducing word database 14. The association-inducing word retrieval section 13 outputs the retrieved association-inducing word to the web browser 11. The web browser 11 displays the association-inducing word received from the association-inducing word retrieval section 13, to the association-inducing word display box 206b for the "Online Store B".
  • the user sees the association-inducing word displayed in the association-inducing word display box 206b, recomposes immediately the password, and then enters the password to the password input box 205b.
  • the web browser 11 transfers the user ID entered in the user ID input box 204b and the password entered in the password input box 205b, to the login screen of the actual website (the authentication server 2b).
  • the authentication server 2b authenticates the user by comparing the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23b.
  • a computing apparatus and a storage apparatus of a personal computer or information terminal to function respectively as an association-inducing word retrieval section 13 and an association-inducing word database 14.
  • Client software of this kind can be regarded as relatively convenient to use, and a software package of this kind could also be marketed. It may be possible to embed this kind of software module as a single ICON in a tool bar of various Internet Browsers.
  • the present invention can be applied not only to Internet home pages, but also more broadly to general login systems using passwords in computers, digital appliances, mobile telephones, embedded devices, information equipment, and the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The personal password management method includes the steps of: accepting, respectively for desired authentication services, registration of association-inducing words composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings and corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services; retrieving one of the association-inducing words corresponding to the entered piece of the user identification information for the authentication service, from the database; and notifying the retrieved association-inducing word.

Description

DESCRIPTION
PERSONAL PASSWORD MANAGEMENT METHOD, PERSONAL PASSWORD ASSOCIATION ASSISTANCE APPARATUS, PERSONAL PASSWORD ASSOCIATION ASSISTANCE PROGRAM, PERSONAL PASSWORD MANAGEMENT SYSTEM AND AUTHENTICATION SERVER
Technical Field
The present invention relates to technology whereby an individual person can easily manage a plurality of passwords.
Background Art In recent years, the possibility of accessing various websites through Internet home pages, such as banks, share dealing websites, online shopping contents, program downloads, members' clubs, businesses, schools, government bodies, community organizations, and the like, has increased.
If a user decides to use one password always, when accessing any website, then if that password is stolen, all of that user's authentication operations would become defenseless. Therefore, normally, it is recommended that the user sets different passwords for login screens, respectively. Furthermore, there are many users who seek to distinguish between important access passwords such as those for logging in to an online banking service, and unimportant access passwords such as those for registering membership on homepages that are only used temporarily, for instance.
Moreover, in the case of login from a company computer, for example, there are cases where rules are implemented that require dual security by setting different passwords for login at the BIOS level and login at the OS level.
Furthermore, even in the case of the same login screen, the password may have to be changed periodically due to system requirements, and this is another factor which increases the volume of passwords that have to be managed by the individual.
Therefore, people reluctantly end up in a situation where they have to manage a large number of different passwords, including passwords required to access various types of websites, and passwords for personal computers, storage apparatuses, and the like. If a large number of passwords are required, then the actual user may often forget which password he or she has set for each login operation, which is highly inconvenient. If the user does not quite remember correctly and enters a wrong password, then he or she will be presented with an error message telling him or her to "Check password and re-enter", which is an unpleasant experience.
If the user has forgotten the password, then, in order to get a new password issued and set, it is necessary to carry out tedious tasks of user authentication, and the like.
One method of managing a plurality of passwords is to store a table indicating which password to be entered in which login screen, inside the computer, or to make a memorandum on paper, and to rewrite and update the table each time a password is added, or an invalid password occurs.
However, if the user has to open up the table or bring out the memorandum for logging in, then extra work is required to confirm which password is required. Since the table is managed by the individual user him or herself, then the user may forget to update the table, and it is difficult to keep up strict and accurate management. Furthermore, there is a possibility that access will become impossible, due to a computer fault, or accidental erasure of the table, or the like.
What is more, if the table is illegally viewed and copied by a bad person, then the bad person can easily perform illegal access by disguising him or herself as the actual user. Dangers of this kind arise not only when storing the table in the form of electronic data, but also when it is written down on a sheet of paper, or the like.
There are technologies in the related art, which reduce the burden of password management used for personal authentication in computer systems. For example, Japanese Patent Application Laid-OpenNo. 2004-295711 discloses that information on network system users is managed centrally on an authentication server, and a password management section creates and manages device-specific-passwords which combine a basic password designated by the user with a token that can be recognized easily by the user. Furthermore, a function is provided for storing password information in a portable terminal and presenting a password corresponding to a server desired by the user.
Disclosure of the Invention The technology disclosed in Japanese Patent Application Laid-Open No.
2004-295711 concerns a system which creates specific passwords for a plurality of devices present in a single well-defined and managed system, by taking a basic password and adding information (tokens) such as a device specific name or fixed IP address, before or after the basic password. In other words, it can only be applied to a single well managed system, and it cannot be used for the management of a plurality of passwords corresponding to a plurality of independently designed systems having different owners. Moreover, Japanese Patent Application Laid-Open No. 2004-295711 merely provides user convenience from the system side, and it does not make any reference to the fundamental problem of how one user is able to cope with an infinite variety of separately designed systems.
The present invention has been contrived in view of such circumstances, an object thereof being to provide technology whereby passwords required by a wide variety of different systems can be managed centrally on the user side.
In order to attain the aforementioned object, the present invention is directed to a personal password management method, comprising the steps of: accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services; retrieving one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and notifying the one of the association-inducing words retrieved from the database.
In order to attain the aforementioned object, the present invention is also directed to a personal password management method, comprising the steps of: accepting registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for a particular user, a password for a particular authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the particular user in the particular authentication service; storing the association-inducing word for which the registration has been accepted, in a database, in association with the user identification information for the particular authentication service; accepting entering of the user identification information for the particular authentication service through a login screen of the particular authentication service; retrieving the association-inducing word corresponding to the entered user identification information for the particular authentication service through the login screen, from the database; and notifying the association-inducing word retrieved from the database.
In order to attain the aforementioned object, the present invention is also directed to a personal password management method, comprising the steps of: accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; retrieving, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered through the prescribed single login screen; and notifying the one of the association-inducing words retrieved from the database.
If a particular authentication service is used from a plurality of authentication services that exist, then when user identification information is entered through a login screen, the association-inducing word that is registered as desired by the user is notified to the user. The user is then able, uniquely him or herself, to associate the notified association-inducing word with the password to be used in that authentication service. Consequently, the user is able to reconstruct and use, easily and accurately, a plurality of passwords that he or she has set previously with respect to a plurality of different authentication services. The passwords that are the objects of the present invention include items having similar characteristics, such as a PIN (Personal Identification Number), a code number, or the like.
Here, the association-inducing words may be registered in the servers of the respective authentication services, or they may be registered in the user terminal. In particular, if the association-inducing words are registered in the user terminal, then it is not necessary to especially provide a set-up for registering association-inducing words in the servers of the authentication services.
In order to attain the aforementioned object, it is preferable that each of the passwords is composed of a password stem which is a prescribed character string common to the passwords, and a corresponding one of the association-inducing words.
More specifically, if one password stem has been determined, then by combining the association-inducing words with this password stem, it is possible for the user uniquely to bring to mind and create a group of a plurality of passwords. Therefore, the user is able to handle each of different authentication services (login screens). In order to attain the aforementioned object, the present invention is also directed to an authentication server for an authentication service, comprising: a registration section which accepts, through a terminal used by a user, registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for the user, a password for the authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the user in the authentication service; a database which stores the association-inducing word for which the registration has been accepted by the registration section, in association with the user identification information; a login screen presenting section which presents a login screen in which entering of the user identification information and the password is accepted, to the terminal in accordance with a request from the terminal; a user identification information entering section which accepts entering of the user identification information for the authentication service, through the login screen; a retrieving section which retrieves, from the database, the association-inducing word corresponding to the user identification information entered through the login screen; and a notifying section which notifies the association-inducing word retrieved from the database, to the terminal.
In order to attain the aforementioned object, the present invention is also directed to a personal password association assistance apparatus, comprising: a registration section which accepts, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a database which stores the association-inducing words for which the registration has been accepted for the desired authentication services by the registration section, in association with the pieces of the user identification information for the desired authentication services; a user identification information entering section which accepts entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; a retrieving section which retrieves, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered to the user identification information entering section; and a notifying section which notifies the one of the association-inducing words retrieved from the database.
In order to attain the aforementioned object, the present invention is also directed to a personal password management system, comprising: a registration section which accepts, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a database which stores the association-inducing words for which the registration has been accepted by the registration section, in association with the pieces of the user identification information for the desired authentication services; a user identification information entering section which accepts entering of one of the pieces of the user identification information for one of the authentication services; a retrieving section which retrieves one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and a notifying section which notifies the one of the association-inducing words retrieved from the database.
In order to attain the aforementioned object, the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a second code segment for a step of storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; a third code segment for a step of accepting entering of one of the pieces of the user identification information for one of the authentication services; a fourth code segment for a step of retrieving one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and a fifth code segment for a step of notifying the one of the association-inducing words retrieved from the database. In order to attain the aforementioned object, the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for a particular user, a password for a particular authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the particular user in the particular authentication service; a second code segment for a step of storing the association-inducing word for which the registration has been accepted, in a database, in association with the user identification information for the particular authentication service; a third code segment for a step of accepting entering of the user identification information for the particular authentication service through a login screen of the particular authentication service; a fourth code segment for a step of retrieving the association-inducing word corresponding to the entered user identification information for the particular authentication service through the login screen, from the database; and a fifth code segment for a step of notifying the association-inducing word retrieved from the database.
In order to attain the aforementioned object, the present invention is also directed to a computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a second code segment for a step of storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; a third code segment for a step of accepting entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; a fourth code segment for a step of retrieving, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered through the prescribed single login screen; and a fifth code segment for a step of notifying the one of the association-inducing words retrieved from the database.
As described above, according to the present invention, when using a particular authentication service from a plurality of authentication services that exist, if user identification information is entered through a login screen, an association-inducing word that is registered as desired by the user is notified. The user is then able, uniquely, to associate the notified association-inducing word with the password to be used in that authentication service. Consequently, the user is able to recompose and use, easily and accurately, a plurality of passwords that he or she has set previously with respect to a plurality of different authentication services.
Brief Description of the Drawings
Fig. 1 is a block diagram of an authentication system according to a first embodiment of the present invention;
Fig. 2 is a diagram showing a registration form according to the first embodiment; Fig. 3 is a diagram showing an authentication form according to the first embodiment;
Fig. 4 is an illustrative schematic drawing of information stored in an authentication database according to the first embodiment; Fig. 5 is a block diagram of an authentication system according to a second embodiment of the present invention;
Fig. 6 is an illustrative schematic drawing of information stored in an authentication database according to the second embodiment; Fig. 7 is an illustrative schematic drawing of information stored in an association-inducing word database according to the second embodiment; and
Fig. 8 is a diagram showing an authentication form according to the second embodiment.
Description of Symbols 1 ... client
11 ... web browser
12 ... operating section
2a, 2b ... authentication server 21a, 21b ... web server 22a, 22b ... authentication section 23a, 23b ... authentication database 24a, 24b ... password and association-inducing word registration section
Best Mode for Carrying out the Invention
In the following, preferred embodiments of the present invention are described in detail with reference to the attached drawings.
Fig. 1 is a block diagram of a personal authentication system according to a preferred embodiment of the present invention. In this system, a client 1 constituted by a personal computer or an information terminal, and a plurality of authentication servers 2a and 2b (also referred to generally as "authentication server 2") are connected together through a network 3, such as the Internet.
The authentication server 2 is used to authenticate specific users for a variety of services, such as community websites and commercial websites.
A web browser 11 provided in the client 1 receives and displays a web page sent by web servers 21a and 21b (also referred to generally as "web server 21") provided in the authentication servers 2.
In particular, the web server 21 sends a registration form (registration screen) which is a web page for registering a password, or an authentication form (login screen) which is a web page for user authentication, to the client 1, and at the client 1, the user enters a user ID and a password into the registration form or authentication form, by operating an operating section 12 including an input device such as a keyboard and a mouse, and then sends same to the web server 21. Here, the registration form sent by the web server 21a and the registration form sent by the web server 21b are independent and have absolutely no relation to each other. In order to distinguish between them, the registration form sent by the web server 21a is referred to as RFl, and the registration form sent by the web server 21b is referred to as RF2. Moreover, the authentication form sent by the web server 21a and the authentication form sent by the web server 21b are independent and have absolutely no relation to each other. In order to distinguish between them, the authentication form sent by the web server 21a is referred to as AFl, and the authentication form sent by the web server 21b is referred to as AF2. The authentication servers 2a and 2b respectively comprise: authentication databases (DB) 23a and 23b (also referred to generally as "authentication database 23"), which store a unique user ID set independently for each user and a password determined as desired by each user; authentication sections 22a and 22b (also referred to generally as "authentication section 22") which compare the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23, and authenticate the user depending on whether or not the user IDs and the passwords are matching; and password and association-inducing word registration sections 24a and 24b (also referred to generally as "registration sections 24a and 24b" or "registration section 24") which record desired passwords and association-inducing words (described hereinafter) entered by the user, in the authentication databases 23a and 23b.
In Fig. 1, for the purpose of the description, two authentication servers 2a and 2b are shown as examples of a plurality of authentication servers; however, it is also possible to adopt a mode in which three or more authentication servers are connected to, or are connectable to, the client 1. Moreover, for the purpose of the description, the authentication servers 2a and 2b are depicted as having the same compositions, and the respective blocks which constitute each server are denoted with the suffix "a" or "b" only when it is especially necessary to distinguish between them. However, the authentication servers 2a and 2b, and the blocks which constitute them, are mutually independent and have no relationship with each other. In addition to a web page viewing function, the web browser 11 of the client 1 also has functions for sending information entered through the operating section 12, to the authentication server 2, and transferring this information to the authentication section 22 and the registration section 24 of the web server 21, which are constituted by CGI (Common Gateway Interface) programs, for example.
Fig. 2 shows one embodiment of a registration form (registration screen). For the purpose of this description, it is supposed that the layouts and designs of the registration forms RFl and RF2 are the same. However, the layouts and designs of the forms do not concern the present invention. The registration form is a graphical user interface on which the user can enter and specify items required for registering a password, by performing operations through the operating section 12. More specifically, the registration form contains: a user ID input box 201, to which a user ID that is unique identification information set previously for the user is entered; a password input box 202, to which any desired character string to be recorded as the password is entered; and an association-inducing word input box 203, to which an association-inducing word that is uniquely associated with the password by the user is entered. A register button 210 is provided on the registration forms RFl and RF2.
Below, the procedure for registering a new password in the authentication server 2a is described (since the procedure for registration in the authentication server 2b is exactly the same, then description thereof is omitted here). When the register button 210 on the registration form RFl is pressed, the web browser 11 sends the user ID entered in the user ID input box 201 , the password entered in the password input box 202 and the association-inducing word (which is normally a portion of a new password to be registered excluding a stem portion of the new password, which is described hereinafter) entered in the association-inducing word input box 203, are sent to the web server 21a.
The web server 21a transfers the user ID, the password and the association-inducing word received from the registration form RFl, to the registration section 24a. The registration section 24a stores the user ID, the password and the association-inducing word transferred from the web server 21a, in a mutually associated fashion, in the authentication database 23 a.
Fig. 3 shows one embodiment of an authentication form (login screen). For the purpose of this description, it is supposed that the layouts and designs of the authentication forms AFl and AF2 are the same. However, the layouts and designs of the forms do not concern the present invention. The authentication form is a user interface on which the user can enter items required to receive authentication, in other words, the user ID and the password. More specifically, the authentication form contains: a user ID input box 204, to which the user ID is entered; and a password input box 205, to which the password is entered. Furthermore, an association-inducing word display box 206 in which the association-inducing word having been registered through the registration form is displayed is also provided. A login button 220 is provided on the authentication forms AFl and AF2.
Below, the procedure for logging in to the authentication server 2a is described (since the procedure for logging in to the authentication server 2b is exactly the same, then description thereof is omitted here). In the authentication form AF 1 , firstly, when a user ID is entered to the user ID input box 204, the association-inducing word is sent from the system side to the association-inducing word display box 206. Upon seeing this association-inducing word, the user reconstructs the password that should be entered to the login screen, by combining the password stem and the association-inducing word, and the user enters the password to the password input box 205 and then presses the login button 220. When the login button 220 is pressed on the authentication form AFl , the web browser 11 sends the user ID entered in the user ID input box 204 and the password entered in the password input box 205, to the web server 21a.
The web server 21a transfers the user ID and the password received from the authentication form AFl, to the authentication section 22a. The authentication section 22a compares the user ID and the password transferred from the web server 21a with the user ID and the password having been stored in the authentication database 23 a, and if the two are matching, the user is authenticated as a legitimate user.
Fig. 4 shows an illustrative schematic drawing of information stored in the authentication databases 23a and 23b. An authentication table which mutually associates a "user ID", "password" and "association-inducing word", is stored in the authentication databases 23 a and 23b. The authentication table is created, stored and managed individually for each user. In Fig. 4, the user ID corresponding to a particular user is stated as "XYZOl" in the authentication database 23a, and "UVWq" in the authentication database 23b, and the services run by the respective authentication servers 2a and 2b are set to be completely independent of each other. On the other hand, the passwords "haruOOl" and "haru002" corresponding to the user ID are set as desired by the user, and a portion of the character strings of the passwords, "haru", is common to both passwords. In the present example, "haru" corresponds to the password stem. Stated in more general terms, a user who accesses the authentication server 2 from the client 1 manages the password group used in the authentication server 2 in the following way.
1. The user designates a password stem which is simple and which he or she does not disclose to anyone at all, for the password group that is to be managed. For example, a string composed of five characters: x(l)x(2)x(3)x(4)x(5) is set as the password stem. Here, the password stem may be set to any desired length. The user then bears only the password stem in his or her mind.
2. Next, individual passwords which are actually used at the respective login screens are designated with respect to this password stem, by adopting a structure in which a three-digit number, a(l)a(2)a(3) is appended after the password stem, to give, for example, the format: x(l)x(2)x(3)x(4)x(5)a(l)a(2)a(3). This added part (in the present example, a(l)a(2)a(3)) is referred to as the association-inducing word.
3. In this way, it becomes possible to create 1000 different individual passwords, such as x(l)x(2)x(3)x(4)x(5)000, x(l)x(2)x(3)x(4)x(5)001, x(l)x(2)x(3)x(4)x(5)002, and so on, based on the password stem.
4. In the registration form (registration screen), after entering the user ID to the user ID input box 201, the user enters "x(l)x(2)x(3)x(4)x(5)a(l)a(2)a(3)" to the password input box 202, and enters "a(l)a(2)a(3)" to the association-inducing word input box 203. 5. The authentication server 2 stores the user ID, the password and the association-inducing word entered in the registration form, in a mutually associated fashion, in the authentication database 23. The user ID and the password are managed in a mutually associated fashion, similarly to the related art, but the association-inducing word only needs to be stored in the authentication database 23 on the authentication server 2 side, in an associated fashion with the ID and the password.
6. On the authentication form (login screen), firstly, the user enters the user ID to the user ID input box 204. The web browser 11 then judges whether or not entering of the user ID has completed. This judgment is made, for example, when the return key of the operating section 12 is pressed, or when the cursor is moved to a separate location, or the like. Alternatively, it is also possible that a separate button for indicating the end of the user ID entering is provided, and by pressing this button, the end of the user ID entering is reported to the system side. When the web browser 11 judges that the user ID entering has finished, then the authentication section 22 retrieves the association-inducing word corresponding to the entered user ID, from the authentication database 23, and the authentication section 22 sends the retrieved association-inducing word to the client 1. Upon receiving the association-inducing word from the authentication server 2, the web browser 11 displays this association-inducing word in the association-inducing word display box 206. 7. The user sees the association-inducing word displayed in the association-inducing word display box 206, and he or she enters, into the password input box 205, the password stem x(l)x(2)x(3)x(4)x(5) kept in only his or her mind, and then continuously entering the association-inducing word a(l)a(2)a(3). In this case, the user has his or her own rule (in other words, a combination rule between the password stem and the association-inducing word) for creating the password "by adding the association-inducing word onto the end of the password stem". In other words, by registering a portion of the password as the association-inducing word in the authentication server 2 in advance, then the user can retrieve the association-inducing word from the authentication server 2 in the authentication step, and can immediately enter the whole of password without making any errors. The key point of this method is that even if a third party finds out the association-inducing word a(l)a(2)a(3) only, then provided that the password stem x(l)x(2)x(3)x(4)x(5) remains unknown, and/or provided that the user's combination rule remains unknown, the third party is unable to break and reach the password. In this way, in order that an individual person can manage a plurality of passwords, the user designates one password stem (since there is only one password stem, then there is very little possibility of forgetting it), and association-inducing words which are to be appended to the password stem are then recorded in the authentication server 2. Therefore, the user in question is able to recompose the complete form of an individual password whenever it is required, while being able to keep the password secret from third parties. The association-inducing word forms complete complementary information for the user him or herself, but any other person will not be able to tell what the real password is, from the association-inducing word only.
In the above-described embodiment, the password character string has a structure in which an association-inducing word composed of a 3-digit number is appended to the password stem; however, in general, there are no limits on the character strings and the character types of the password stem and the association-inducing word. For example, if "saori" is used as the association-inducing word, then "saori" is displayed in the association-inducing word display box 206, and hence following the combination rule of adding the association-inducing word after the password stem, the user should enter "x(l)x(2)x(3)x(4)x(5)saori" as the password.
For example, a case is considered here in which a password is formed by placing the first three characters of the association-inducing word before the password stem, and placing the last two characters of the association-inducing word after the password stem. In this case, if "tj803" is displayed in the association-inducing word display box 206, then the password will be tj 8x( 1 )x(2)x(3)x(4)x(5)03. Moreover, another case is considered in which the last character of the association-inducing word composed of five characters, is set to be a number, then an interpretation is settled in which a number of characters corresponding to this last character number from the start of the association-inducing word are placed in front of the password stem, and the remainder is placed after the password stem. In the case of this interpretation, a rule is indicated whereby, of the association-inducing word "tj803", "tj8" is placed before the password stem, and "03" is placed after the password stem. Furthermore, an adaptation is also possible in which this rule itself is indicated after a hyphen at the very end of the association-inducing word (e.g., tj803-3), for example. In any case, the key point is that only the true user who registered the information will be able to immediately remember the combination rule to be used and the password to be reconstructed, from the association-inducing word. The password stem and the character string appended to the password stem can be set to any length, and needless to say, the longer these character strings, the higher the level of security.
As a more advanced approach, rather than incorporating the association-inducing word directly into the password, it is also possible to create a one-to-one correspondence between the association-inducing word and the password, provided that the combination rule can be remembered readily by the user. For instance, if "precious" is set as the password stem, "daughter" is set as the association-inducing word, the name of the user's own daughter is "saori", and "precioussaori" is set as the password, then upon login, the user sees the display of the association-inducing word "daughter", immediately remembers "saori", which is the name of the user's own daughter, and is able to enter "precioussaori" as the password. This is based on a mapping rule that is set only in the user's own mind, and therefore it further increases the level of security by which the password is protected from other people.
In this way, the added portion apart from the stem portion of the password can be any character string that the user him or herself can reliably associate with on a one-to-one basis from the association-inducing word, and hence this method has very good general usability. It is also possible to adopt various modifications and adaptations with regard to how the associated character string ("saori", in the aforementioned example) and the password stem are to be combined to compose the password, on the basis of rules decided by the user in his or her own mind (these rules may be calculation by means of a mathematical formula, or the like).
According to the method described above, simply by having the password registration screens and the login screens of the relevant homepages support a function for entering and displaying association-inducing words, individual user password management becomes highly functional and convenient.
Moreover, it is possible that the association-inducing word display box 206 to display the association-inducing word is not prepared, and the association-inducing word is displayed conveniently in the password input box 205. Alternatively, the association-inducing word may be sent to any electrical equipment carried by the user, such as a mobile telephone and a personal digital assistant (PDA), and displayed on that equipment, or a voice message corresponding to the association-inducing word may be transmitted and reproduced, thereby notifying the word to the user. Provided that a device for notifying the association-inducing word to the user is provided, any specific composition may be adopted.
Furthermore, the present invention is also directed to a program which causes a computing apparatus or a storage apparatus of a personal computer or server to function as the authentication section 22, the authentication database 23, and the registration section 24. <Second embodiment
In the first embodiment, each authentication server 2 independently sends a registration form (registration screen) and an authentication form (login screen) to the client 1, and the registration of the association-inducing word entered in the registration form, and the retrieval of the association-inducing word corresponding to the user ID entered in the authentication form, are carried out by each authentication server 2. However, it is also possible to manage a single pair of registration form (registration screen) and authentication form (login screen) corresponding to any system, on the client 1 side, in such a manner that the registration and retrieval of the association-inducing word corresponding to the user ID is performed locally by the client 1. More specifically, in the second embodiment, a single pair of registration form and authentication form is managed completely on the client side, and when registering or logging on to an actual website, then the inputs are linked automatically from each form to the prescribed boxes (user ID and password boxes) of the registration screen or the login screen of the actual website. The first embodiment cannot be achieved unless the systems of many different actual websites incorporate the concept of using association-inducing words, whereas the second embodiment provides means of applying the method of the present invention on the user side (client side), even if many different actual websites remain as they are at present (using only user ID and password boxes). Since the registration system is relatively simple, the following description centers on the actions of the authentication system which also includes actions of the registration system.
Fig. 5 is a block diagram of an authentication system according to the second embodiment. In contrast to the first embodiment, the client 1 comprises an association-inducing word database 14 and an association-inducing word retrieval section 13.
Furthermore, the authentication databases 23 a and 23b of the authentication servers 2a and 2b store the user IDs and the passwords in a mutually associated fashion; however, in contrast to the first embodiment, they do not store the association-inducing words.
For example, as shown in Fig. 6, the authentication database 23a stores "XYZOl" as a user ID and "haruOOl" as a password, in mutually associated fashion, and the authentication database 23b stores "UVWq" as a user ID and "haruO02" as a password, in a mutually associated fashion. Fig. 7 is an illustrative schematic drawing of an association-inducing word management table stored in the association-inducing word database 14. As shown in Fig. 7, the association-inducing word management table stores the items, "website (login screen page)", "user ID" and "association-inducing word", in a mutually associated fashion. The user specifies through the operating section 12 which association-inducing word is to be stored in connection with which user ID, as he or she desires. Since there is a possibility that the association-inducing word management table may be acquired illegitimately by a third party, then no password is included in this table.
As shown in Fig. 8, the web browser 11 displays a single prescribed authentication form (login screen) which corresponds to all of the authentication servers 2a and 2b to be accessed by the user. Fig. 8 shows an authentication form which is used both as an authentication form Fl for the authentication server 2a of an "Online Bank A", and an authentication form F2 for the authentication server 2b of an "Online Store B". This form is prepared in advance in the client 1, and therefore it does not need to be supplied by the authentication servers 2.
The client 1 is provided with the association-inducing word retrieval section 13. The association-inducing word retrieval section 13 retrieves the association-inducing word corresponding to the user ID used in the authentication server 2 accessed by the user, from the association-inducing word database 14, and outputs the retrieved association-inducing word to the web browser 11.
For example, it is supposed that the user ID "XYZOl" is entered to the user ID input box 204a of the authentication form F 1. The association-inducing word retrieval section 13 then judges whether or not entering of the user ID has been completed. If it is judged that the entering of the user ID has been completed, then the association-inducing word retrieval section 13 retrieves the association-inducing word "001" corresponding to the user ID of the "Online Bank A", from the association-inducing word database 14. The association-inducing word retrieval section 13 outputs the retrieved association-inducing word to the web browser 11. The web browser 11 displays the association-inducing word received from the association-inducing word retrieval section 13, to the association-inducing word display box 206a for the "Online Bank A".
The user sees the association-inducing word displayed in the association-inducing word display box 206a, recomposes immediately the password, and then enters the password to the password input box 205a. In response to pressing the login button 220, the web browser 11 transfers the user ID entered in the user ID input box 204a and the password entered in the password input box 205a, to the authentication form (login screen, see Fig. 3) prepared by the actual website (the authentication server 2a), and executes an equivalent command as if the actual login button prepared on the original login screen is pressed. Viewed from the website, it can be regarded as the same as if login has been performed at the website. Since the website processes login using the user ID and the password in the normal way, without knowing that processing involving the association-inducing word has been performed on the client side, then there is no need to change the system on the actual website side. The authentication server 2a authenticates the user by comparing the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23a.
For example, it is supposed that the user ID "UVWq" is entered to the user ID input box 204b of the authentication form F2. The association-inducing word retrieval section 13 then judges whether or not entering of the user ID has been completed. If it is judged that the entering of the user ID has been completed, then the association-inducing word retrieval section 13 retrieves the association-inducing word "002" corresponding to the user ID of the "Online Store B", from the association-inducing word database 14. The association-inducing word retrieval section 13 outputs the retrieved association-inducing word to the web browser 11. The web browser 11 displays the association-inducing word received from the association-inducing word retrieval section 13, to the association-inducing word display box 206b for the "Online Store B".
The user sees the association-inducing word displayed in the association-inducing word display box 206b, recomposes immediately the password, and then enters the password to the password input box 205b. In response to pressing the login button 220, the web browser 11 transfers the user ID entered in the user ID input box 204b and the password entered in the password input box 205b, to the login screen of the actual website (the authentication server 2b). The authentication server 2b authenticates the user by comparing the user ID and the password received from the client 1 with the user ID and the password stored in the authentication database 23b. As described above, since it is possible to achieve the present method in the individual terminal, without requiring any changes in the websites (the authentication servers 2a and 2b), then from the viewpoint of the individual password management, it becomes possible freely to manage and control a plurality of login functions through a single screen, at the client 1 side. For instance, screen software called "MyLOGIN" is prepared on the client side, and all of the login boxes for the organizations to which the user belongs ("Online Bank 1", "Online Bank 2", "Online Store", "XX Association", etc.) are laid out on this screen. It is also possible to register, retrieve and tell the association-inducing words for the login boxes, in the client 1. This is achieved by causing a computing apparatus and a storage apparatus of a personal computer or information terminal, to function respectively as an association-inducing word retrieval section 13 and an association-inducing word database 14. After entering the correct password, the required data is transferred from the login box to the actual login screen presented by the prescribed original system. Client software of this kind can be regarded as relatively convenient to use, and a software package of this kind could also be marketed. It may be possible to embed this kind of software module as a single ICON in a tool bar of various Internet Browsers.
The present invention can be applied not only to Internet home pages, but also more broadly to general login systems using passwords in computers, digital appliances, mobile telephones, embedded devices, information equipment, and the like.

Claims

1. A personal password management method, comprising the steps of: accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services; retrieving one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and notifying the one of the association-inducing words retrieved from the database.
2. A personal password management method, comprising the steps of: accepting registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for a particular user, a password for a particular authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the particular user in the particular authentication service; storing the association-inducing word for which the registration has been accepted, in a database, in association with the user identification information for the particular authentication service; accepting entering of the user identification information for the particular authentication service through a login screen of the particular authentication service; retrieving the association-inducing word corresponding to the entered user identification information for the particular authentication service through the login screen, from the database; and notifying the association-inducing word retrieved from the database.
3. A personal password management method, comprising the steps of: accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; accepting entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; retrieving, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered through the prescribed single login screen; and
: notifying the one of the association-inducing words retrieved from the database.
4. The personal password management method as defined in claim 1 or 3, wherein each of the passwords is composed of a password stem which is a prescribed character string common to the passwords, and a corresponding one of the association-inducing words.
5. An authentication server for an authentication service, comprising: a registration section which accepts, through a terminal used, by a user, registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for the user, a password for the authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the user in the authentication service; a database which stores the association-inducing word for which the registration has been accepted by the registration section, in association with the user identification information; a login screen presenting section which presents a login screen in which entering of the user identification information and the password is accepted, to the terminal in accordance with a request from the terminal; a user identification information entering section which accepts entering of the user identification information for the authentication service, through the login screen; a retrieving section which retrieves, from the database,. the association-inducing word corresponding to the user identification information entered through the login . screen; and a notifying section which notifies the association-inducing word retrieved from the database, to the terminal.
6. A personal password association assistance apparatus, comprising: a registration section which accepts, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order, to identify the particular user in the . authentication services; a database which stores the association-inducing words for which the registration has been accepted for the desired authentication services by the registration section, in association with the pieces of the user identification information for the desired authentication services; a user identification information entering section which accepts entering of one of the pieces of the user identification information for one'of the authentication services, through a prescribed single login screen; a retrieving section which retrieves, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered to the user identification information entering section; and a notifying section which notifies the one of the association-inducing words retrieved from the database.
7. A personal password management system, comprising: a registration section which accepts, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a database which stores the association-inducing words for which the registration has been accepted by the registration section, in association with the pieces of the user identification information for the desired authentication services; a user identification information entering section which accepts entering of one of the pieces of the user identification information for one of the authentication services; a retrieving section which retrieves one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and a notifying section which notifies the one of the association-inducing words retrieved from the database.
8. A computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to aplurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a second code segment for a step of storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; a third code segment for a step of accepting entering of one of the pieces of the user identification information for one of the authentication services; a fourth code segment for a step of retrieving one of the association-inducing words corresponding to the entered one of the pieces of the user identification information for the one of the authentication services, from the database; and a fifth code segment for a step of notifying the one of the association-inducing words retrieved from the database.
9. A computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting registration of an association-inducing word which is composed of an arbitrary character string that brings to mind, uniquely for a particular user, a password for a particular authentication service, the password comprising an arbitrary character string, the password corresponding to user identification information previously established in order to identify the particular user in the particular authentication service; a second code segment for a step of storing the association-inducing word for which the registration has been accepted, in a database, in association with the user identification information for the particular authentication service; a third code segment for a step of accepting entering of the user identification information for the particular authentication service through a login screen of the particular authentication service; a fourth code segment for a step of retrieving the association-inducing word corresponding to the entered user identification information for the particular authentication service through the login screen, from the database; and a fifth code segment for a step of notifying the association-inducing word retrieved from the database.
10. A computer readable medium having embodied thereon a personal password association assistance program, the program comprising: a first code segment for a step of accepting, respectively for desired authentication services, registration of association-inducing words which are composed of arbitrary character strings that bring to mind, uniquely for a particular user, a plurality of passwords for the authentication services, the passwords comprising arbitrary character strings, the passwords corresponding to a plurality of pieces of user identification information previously established in order to identify the particular user in the authentication services; a second code segment for a step of storing the association-inducing words for which the registration has been accepted for the desired authentication services, in a database, in association with the pieces of the user identification information for the desired authentication services; a third code segment for a step of accepting entering of one of the pieces of the user identification information for one of the authentication services, through a prescribed single login screen; a fourth code segment for a step of retrieving, from the database, one of the association-inducing words corresponding to the one of the pieces of the user identification information for the one of the authentication services entered through the prescribed single login screen; and a fifth code segment for a step of notifying the one of the association-inducing words retrieved from the database.
PCT/JP2006/317943 2005-09-06 2006-09-05 Personal password management method, personal password association assistance apparatus, personal password association assistance program, personal password management system and authentication server WO2007029849A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2005-258153 2005-09-06
JP2005258153A JP4623293B2 (en) 2005-09-06 2005-09-06 Personal password management method, personal password association support device, personal password association support program, personal password management system

Publications (1)

Publication Number Publication Date
WO2007029849A1 true WO2007029849A1 (en) 2007-03-15

Family

ID=37835960

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2006/317943 WO2007029849A1 (en) 2005-09-06 2006-09-05 Personal password management method, personal password association assistance apparatus, personal password association assistance program, personal password management system and authentication server

Country Status (2)

Country Link
JP (1) JP4623293B2 (en)
WO (1) WO2007029849A1 (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5259275B2 (en) * 2008-07-01 2013-08-07 京セラドキュメントソリューションズ株式会社 Password processing apparatus, image forming apparatus, and password processing program
JP2010102637A (en) * 2008-10-27 2010-05-06 Kddi Corp Number string conversion device, user authentication system, number string conversion method, and program
CN112346793B (en) * 2020-09-18 2024-05-07 长沙市到家悠享网络科技有限公司 Data processing method, device, electronic equipment and computer readable medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002342282A (en) * 2001-05-16 2002-11-29 Komu Square:Kk Personal authentication method and personal authentication system
JP2004013865A (en) * 2002-06-12 2004-01-15 Hitachi Ltd Personal identification method by associative memory

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH0656610B2 (en) * 1986-08-06 1994-07-27 沖電気工業株式会社 Identity verification method
JP3122549B2 (en) * 1993-02-17 2001-01-09 シャープ株式会社 Password forgetting prevention system
JP2000267958A (en) * 1999-03-18 2000-09-29 Fujitsu Ltd Repeater and recording medium
JP2003288322A (en) * 2002-03-28 2003-10-10 Fujitsu Ltd Identification information managing method, identification information management system, computer, and computer program

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002342282A (en) * 2001-05-16 2002-11-29 Komu Square:Kk Personal authentication method and personal authentication system
JP2004013865A (en) * 2002-06-12 2004-01-15 Hitachi Ltd Personal identification method by associative memory

Also Published As

Publication number Publication date
JP4623293B2 (en) 2011-02-02
JP2007072702A (en) 2007-03-22

Similar Documents

Publication Publication Date Title
US8140854B2 (en) User authentication method and user authentication system
US7103912B2 (en) User authorization management system using a meta-password and method for same
US7428750B1 (en) Managing multiple user identities in authentication environments
KR100816629B1 (en) Member information registration method and system, and member verification method and system
US8520848B1 (en) Secure password management using keyboard layout
US20080154774A1 (en) Systems and methods for managing access to real estate content
CN106416125A (en) Automatic directory join for virtual machine instances
CN104428785A (en) Icon password setting apparatus and icon password setting method using keyword of icon
CN113326488A (en) Personal information protection system and method
JP2008097207A (en) Authentication system, authentication method, and program
JPWO2010050406A1 (en) Service provision system
WO2007029849A1 (en) Personal password management method, personal password association assistance apparatus, personal password association assistance program, personal password management system and authentication server
JP2003085141A (en) Single sign-on corresponding authenticating device, network system and program
JP2002016694A (en) Telephone number management system for portable telephone set using internet
JP4633458B2 (en) ID management system on network
CN114995717B (en) Multi-front-end middle station management method and system
JP2002032372A (en) Method and system for managing personal information and recording medium
JP4993083B2 (en) Session management apparatus, program, and storage medium
KR20040000713A (en) User authentication apparatus and method using internet domain information
JP2004054929A (en) Personal information management method, system, and recording medium
JP4300778B2 (en) Personal authentication system, server device, personal authentication method, program, and recording medium.
TWI768307B (en) Open source software integration approach
JP2003288343A (en) Nominal list system
JP2008097205A (en) Authentication system and authentication method
JP2002063493A (en) Method, system and program for managing member

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 06797769

Country of ref document: EP

Kind code of ref document: A1