U.S. patent application number 09/116921 was filed with the patent office on 2001-10-25 for terminal device and method for requesting user certification from host computer.
Invention is credited to HASHIKURA, HIDEKI.
Application Number | 20010034832 09/116921 |
Document ID | / |
Family ID | 16291756 |
Filed Date | 2001-10-25 |
United States Patent
Application |
20010034832 |
Kind Code |
A1 |
HASHIKURA, HIDEKI |
October 25, 2001 |
TERMINAL DEVICE AND METHOD FOR REQUESTING USER CERTIFICATION FROM
HOST COMPUTER
Abstract
A terminal device generates and transmits to a host computer a
user certification code formed by combining a unique password input
by a user and a unique code stored in the terminal device when the
host computer requests a password from the terminal device. The
host computer uses the certification code to perform user
certification. Thereby, if a password assigned to one user is used,
the host computer cannot be accessed by a terminal device other
than the user's terminal device. Thus, security can be maintained,
even if another person knows the password.
Inventors: |
HASHIKURA, HIDEKI;
(YOKOHAMA-SHI, JP) |
Correspondence
Address: |
FITZPATRICK CELLA HARPER & SCINTO
30 ROCKEFELLER PLAZA
NEW YORK
NY
10112
US
|
Family ID: |
16291756 |
Appl. No.: |
09/116921 |
Filed: |
July 17, 1998 |
Current U.S.
Class: |
713/156 ;
713/183; 726/6 |
Current CPC
Class: |
G06F 21/34 20130101;
G06F 21/31 20130101 |
Class at
Publication: |
713/156 ;
713/183; 713/202 |
International
Class: |
H04L 009/32 |
Foreign Application Data
Date |
Code |
Application Number |
Jul 17, 1997 |
JP |
192465/19977 |
Claims
What is claimed is:
1. A terminal device capable of accessing a host computer which
performs user certification based on a certification code received
from said terminal device, comprising: input means for inputting a
password assigned to a user; storage means for holding unique
information about said terminal device; generating means for
generating a certification code based on said password and said
unique information; and transmitting means for transmitting said
certification code to the host computer.
2. A terminal device according to claim 1, wherein said unique
information is an identification code for said terminal device.
3. A terminal device according to claim 2, wherein said generating
means combines said password and said identification code to
generate said certification code.
4. A terminal device according to claim 2, wherein said generating
means generates said certification code by using a predetermined
computation for processing said password and said identification
code.
5. A terminal device according to claim 2, wherein said generating
means generates as said certification code a combination of said
password and said identification code.
6. A terminal device according to claim 1, wherein said unique
information is a process for processing said password, and said
generating means generates said certification code by processing
said password based on the process.
7. A terminal device according to claim 1, wherein said terminal
device further comprises detection means for detecting a password
request from the host computer, and when said password request is
detected by said detection means, said generating means generates
said certification code.
8. A terminal device according to claim 7, wherein said detection
means detects said password request by detecting a predetermined
code from information received from the host computer.
9. A method for a terminal device to request user certification
from a host computer which performs user certification based on a
certification code received from said terminal device, said method
comprising the steps of: inputting a password assigned to a user;
reading unique information stored in said terminal device;
generating a certification code based on said password and said
unique information; and transmitting said certification code to the
host computer.
10. A method according to claim 9, wherein said unique information
is an identification code for said terminal device.
11. A method according to claim 10, wherein, in the generating
step, said password and said identification code are combined to
generate said certification code.
12. A method according to claim 10, wherein, in the generating
step, said password and said identification code are processed by a
predetermined computation to generate said certification code.
13. A method according to claim 10, wherein, in the generating
step, a combination of said password and said identification code
is generated as said certification code.
14. A method according to claim 9, wherein said unique information
means a process for processing said password, and in the generating
step said password is processed based on the process to generate
said certification code.
15. A method according to claim 9, wherein said method further
comprises the step of detecting a password request from the host
computer, and when said password request is detected in the
detecting step, the generating step is performed.
16. A method according to claim 15, wherein, in the detecting step,
said password request is detected by detecting a predetermined code
from information received from the host computer.
17. A user certification system comprising a host computer and a
plurality of terminal devices capable of accessing the host
computer, in which said plurality of terminal devices each include:
input means used to input a password assigned to a user; storage
means for holding unique information about said terminal device;
generating means for generating a certification code based on said
password and said unique information; and transmitting means for
transmitting said certification code to the host computer, and the
host computer includes: receiving means for receiving said
certification code; and certification means for performing user
certification based on the received certification code.
18. A computer-readable storage medium holding an information
processing program for controlling a computer in a terminal device
to request user certification from a host computer, said program
comprising codes for causing the computer to perform the steps of:
inputting a password assigned to a user; reading unique information
stored in said terminal device; generating a certification code
based on said password and said unique information; and
transmitting said certification code to the host computer.
Description
BACKGROUND OF THE INVENTION
[0001] 1. Field of the Invention
[0002] The present invention relates to a terminal device and
method for requesting user certification from a host computer when
accessing the host computer.
[0003] 2. Description of the Related Art
[0004] According to conventional user certification used when a
server host computer is accessed from a terminal device, it is
common for the host computer to request a user to input a password
and to identify the user as authentic if the input password is the
same as a registered password.
[0005] Therefore, there is a serious problem in that, if another
person knows the user's password, the person can use it to access
the host computer.
SUMMARY OF THE INVENTION
[0006] Accordingly, it is-an object of the present invention to
provide a user certification system for preventing a host computer
from being accessed by a person other than a user, even if the
person knows the user's password, and a terminal device for
requesting user certification from the host computer.
[0007] In addition, it is another object of the present invention
to provide a user certification system capable of preventing access
to a host computer from a terminal device other than that of the
user operated by a person impersonating the user, and a terminal
device for use with the system.
[0008] To these ends, according to an aspect of the present
invention, the foregoing objects have been achieved through
provision of a terminal device capable of accessing a host computer
which performs user certification based on a certification code
received from the terminal device, including: input means for
inputting a password assigned to a user; storage means for holding
unique information about the terminal device; generating means for
generating a certification code based on the password and the
unique information; and transmitting means for transmitting the
certification code to the host computer.
[0009] According to another aspect of the present invention, the
foregoing objects have been achieved through provision of a method
for a terminal device to request user certification from a host
computer which performs user certification based on a certification
code received from the terminal device, the method including the
steps of: inputting a password assigned to a user; reading unique
information stored in the terminal device; generating a
certification code based on the password and the unique
information; and transmitting the certification code to the host
computer.
[0010] According to a further aspect of the present invention, the
foregoing objects have been achieved through provision of a user
certification system including a host computer and a plurality of
terminal devices capable of accessing the host computer, in which
the plurality of terminal devices each include: input means used to
input a password assigned to a user; storage means for holding
unique information about the terminal device; generating means for
generating a certification code based on the password and the
unique information; and transmitting means for transmitting the
certification code to the host computer, and the host computer
includes: receiving means for receiving the certification code; and
certification means for performing user certification based on the
received certification code.
[0011] According to yet another aspect of the present invention,
the foregoing objects have been achieved through provision of a
computer-readable storage medium holding an information processing
program for controlling a computer in a terminal device to request
user certification from a host computer, the program including
codes for causing the computer to perform the steps of: inputting a
password assigned to a user; reading unique information stored in
the terminal device; generating a certification code based on the
password and the unique information; and transmitting the
certification code to the host computer.
[0012] Other objects and advantages besides those discussed above
shall be apparent to those skilled in the art from the description
of a preferred embodiment of the invention which to follows. In the
description, reference is made to accompanying drawings, which form
a part thereof, and which illustrate an example of the invention.
Such example, however, is not exhaustive of the various embodiments
of the invention, and therefore reference is made to the claims
which follow the description for determining the scope of the
invention.
BRIEF DESCRIPTION OF THE DRAWINGS
[0013] FIG. 1 is a functional block diagram showing a terminal
device according to an embodiment of the present invention.
[0014] FIG. 2 is a hardware block diagram showing the terminal
device shown in FIG. 1.FIG.
[0015] FIG. 3 is an example of an image displayed when a password
is requested. FIG.
[0016] FIG. 4 is a drawing showing an example of a certification
code.
[0017] FIG. 5 is a flowchart showing a process for password
combining.
[0018] FIG. 6 is an example of the format of an identification
code.
[0019] FIG. 7 is a flowchart showing a process for detecting a
password request.
[0020] FIG. 8 is an example of the format of a password request
command.
[0021] FIG. 9 is another example of the format of a password
request command.
DESCRIPTION OF THE PREFERRED EMBODIMENT
[0022] One preferred embodiment of the present invention will be
described below, with reference to the attached drawings.
[0023] An outline of the embodiment is that, with unique
identification codes (e.g., serial numbers) assigned to terminal
devices, each terminal device sends one identification code
together with a password input by a user in response to a password
request from a host computer, and the host computer uses the sent
identification code and password to perform user certification. In
this manner, if a certain user's password was leaked to another
person, the person cannot be authenticated unless the person inputs
the user's password from the user's terminal device to the host
computer. In other words, access to the host computer using the
leaked password is impossible.
[0024] FIG. 1 shows a block diagram of a terminal device 10
according to the embodiment. A display unit 1 displays information
such as a message. A keyboard 2 is used to input ordinary character
strings, commands and passwords. A password request detector 3
detects a password request from information received from a host
computer 11. An identification code memory 5 holds as non-volatile
information an identification code unique to the terminal device
10. A password combining unit 4 combines a password input from the
keyboard 2 and the identification code stored in the identification
code memory 5. A communication unit 6 receives the password request
etc. from the host computer 11, and transmits a communication
request and a password to the host computer 11.
[0025] FIG. 2 shows a hardware block diagram of the terminal device
10. A central processing unit (CPU) 21 controls the units of the
terminal device 10, and executes various programs stored in a read
only memory (ROM) 23 and a hard disk drive (HDD) 25. In particular,
the CPU 21 realizes the functions of the password request detector
3 and the password combining unit 4. A communication interface
(I/F) 22 realizes communication with the communication unit 6
between the terminal device 10 and the host computer 11. The ROM 23
holds fixed data and programs so that they cannot be rewritten, and
includes an area to be used as the identification code memory 5. A
random access memory (RAM) 24 is used as a work area for the CPU
21, and temporarily holds data such as an input password. The HDD
25 holds various data and programs as non-volatile information.
Also programs corresponding to processes (described below with
flowcharts) are stored in either the ROM 23 or the HDD 25. In place
of the HDD 25 as a non-volatile storage unit, a floppy disk drive
or the like may be provided, or all necessary programs may be
stored in the ROM 23 without particularly providing a non-volatile
storage unit like the HDD 25.
[0026] A user certification process will be described below.
Initially, when the communication between the terminal device 10
and the host computer 11 is established in response to an access
request from the user of the terminal 10, the host computer 11
transmits an input request to the terminal device 10 for a user
name and a password.
[0027] The password request issued from the host computer 11 is
input to the password request detector 3 via the communication unit
6. As described below, the password request detector 3 sends
ordinary characters unchanged to the display unit 1 when receiving
them, while the password request detector 3 sends a password
request message to the display unit 1 for setting a password mode
and informs the password combining unit 4 of a password request
when the request is received. An example of an image displayed on
the display unit 1 in accordance with the password request is shown
in FIG. 3. When a password is input from the keyboard 2 in response
to the password request, the password combining unit 4 reads an
identification code from the identification code memory 5, and
combines the identification code and the password.
[0028] One example of password combining is shown in FIG. 4. In
this example, a composite password is formed by adding the input
password to the end of the identification code. The composite
password formed by the password combining unit 4 is transmitted to
the host computer 11 via the communication unit 6. The host
computer 11 performs user certification, based on the composite
password. In the host computer 11, passwords formed in the above
manner by combining the identification codes of terminal devices
and the passwords of the terminal devices' users have been
registered beforehand.
[0029] FIG. 5 shows a flowchart illustrating a password combining
process. In-step S1, a character string input from the keyboard 2
by the user is acquired. In step S2, it is determined whether or
not the present mode is a password mode. If the present mode is not
a password mode, the process proceeds to step S5. If the present
mode is a password mode, the process proceeds to step S3, in which
the identification code stored in the identification code memory 5
is read. In step S4, the acquired character string and the
identification code are combined. In step S5, the composite
character string formed in the password mode, or a character string
input in non-password mode is transmitted by the communication unit
6.
[0030] FIG. 6 shows one example of the format of the identification
code stored in the identification code memory 5. The terminal
device 11 can be uniquely identified based on the identification
code. The identification code memory 5 is formed at specific
addresses of the ROM 23 etc.
[0031] FIG. 7 shows a flowchart illustrating a process for
detecting a password request. Data (characters) transmitted from
the host computer 11 are received by the communication unit 6, and
the data are sent to the password request detector 3. In step S10,
the communication unit 6 is used to acquire data from the host
computer 11. In step S11, the password request detector 3
determines whether the received data are a password request or
ordinary data. If the received data is ordinary data, the password
mode is released in step S13. If the received data is a password
request, the process proceeds to step S12, in which the password
mode is set.
[0032] FIG. 8 shows one example of the format of a password request
command. Based on the format, the password request detector 3
determines whether the data from the host computer 11 are password
data or ordinary data. In FIG. 8, the character string has at its
start a code ("03" in hexadecimal) that is different from a
character code, which allows the character string to be
discriminated from ordinary data. FIG. 9 shows another example of
the format of the password request command. In FIG. 9, "03" in
hexadecimal represents the start of a password request command, and
"04" in hexadecimal represents the end of the password request
command.
[0033] As described above, according to this embodiment, a user's
password and a code unique to each terminal device are used to form
a composite password, and the composite password is used for user
certification. Thus, if a person other than the user knows the
user's password, that person cannot access a host computer unless
using the user's terminal device, thereby preventing serious damage
and security breaches.
[0034] The type of the terminal device 10 is not limited to a
desktop type but may be-a portable type. Concerning the portable
type of terminal device 10, when it is carried by its user, a
person other than the user cannot access the host computer 11, even
if that person knows the password.
[0035] In the case where an identical user uses a plurality of
terminal devices, composite passwords formed by combining the
identification codes of the terminal devices and the user's
password are registered in a host computer, whereby the user can
use the plurality of terminal devices with the same password, and
the host computer cannot be accessed from the other terminal
devices, using the same password. Thus, if the password was leaked
to a person other than the user, the host computer cannot be
accessed by the person.
[0036] In the foregoing embodiment, the terminal device 10 combines
an input password and a read identification code to generate a new
password, and transmits it to the host computer 10. However, with
the password and the identification code transmitted to the host
computer 11, they may be combined by the host computer 11.
Otherwise, the host computer 11 may perform user certification by
independently verifying the password and the identification
code.
[0037] In the foregoing embodiment, password combining is performed
by simply combining an input password and a read identification
code. However, logical operations such as a logical sum and an
exclusive OR, a transpose, and a permutation may be properly
combined. In addition, such a type of combining process may be
stored as a unique process in the ROM 23 of each terminal device.
In this case, without using the identification code, only the
password may be processed by the unique process.
[0038] In the foregoing embodiment, a user inputs a password from a
keyboard whenever a host computer transmits a password request.
However, in the case where the user's terminal device cannot be
used by a person other than the user, in order that time for
inputting the password may be omitted, by once inputting the
password from the keyboard so that the password can be stored in
the hard disk drive of the terminal device, the stored password may
be read in response to the password request.
[0039] According to the foregoing embodiment, if a person other
than a user knows the user's password, a host computer cannot be
accessed with the password by a terminal device other than the
user's device, whereby serious damage and security breaches are
prevented.
[0040] According to the present invention, main necessary units are
realized by software, whereby they can be inexpensively formed.
[0041] The present invention may be applied to a system composed of
plurality of apparatuses (e.g., main computer unit, interface unit,
and display) and to a one-unit apparatus as far as the functions of
the embodiment are realized.
[0042] In addition, the present invention includes also a system in
which, in order that each unit may operate to realize the functions
of the embodiment, a software program code that realizes the
functions of the embodiment is supplied to a computer (CPU or
microprocessor unit) in an apparatus or system connected to each
unit, and each unit is controlled to operate by the computer in the
apparatus or system in accordance with the supplied code. In this
case, the program code read from a storage medium realizes the
functions of the embodiment. Accordingly, the program code, means
for supplying the program code to the computer, such as a storage
medium holding the program, constitute the present invention.
[0043] Concerning the storage medium for supplying the program
code, for example, a floppy disk, a hard disk, an optical disk, a
magneto-optical disk, a CD-ROM, a CD-R, a magnetic tape, a
non-volatile memory card, a ROM, and so forth, may be used.
[0044] In a system in which a computer executes a read program
code, whereby the functions of the embodiment are realized and
based on the program code, the functions of the embodiment are
realized in association with an operating system or application
software functioning in the computer, needless to say, the program
code is included in the scope of the present invention.
[0045] Needless to say, the present invention includes a system in
which a program code read from a storage medium is written in a
memory of a feature expansion board provided on a computer or
feature expansion unit connected to the computer, and based on the
program code, all or part of actual processing is performed by a
CPU provided on the feature expansion board or feature expansion
unit, whereby realizing the functions of the embodiment.
[0046] When the present invention is applied to the storage medium,
a program code corresponding to the above-described flowcharts may
be stored in the storage medium.
[0047] Although the present invention has been described in its
preferred form with a certain degree of paricularity, many
apparently widely different embodiments of the invention can be
made without departing from the spirit and the scope thereof. It is
to be understood that the invention is not limited to the specific
embodiment thereof except as defined in the appended claims.
* * * * *