JP2014085919A - User authentication device, user authentication method and user authentication program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To perform personal authentication using information whose settings and reproduction are easy and which has high security strength.SOLUTION: In a user database 15 stored in a hard disk 12C of a bank system 12, application IDs of applications which a customer selects are registered in association with a user ID of the customer according to a start order of the applications which the customer arbitrarily selects. When the customer sequentially starts applications of a prescribed number through a touch panel 21 of a user terminal 18, a list of the running applications which records the application IDs of the started applications in association with the start order is sent to the bank system 12 from the user terminal 18. In the bank system 12, a user authentication server 13 performs authentication of the customer on the basis of the fact that the application ID of a password application registered in association with the user ID of the customer and its start order match the application ID and its start order included in the list of the running applications received from the user terminal 18.

Description

The present invention relates to a user authentication device, a method, and a program, and in particular, a user authentication device and a user authentication method for authenticating whether or not an operator operating a user terminal is a registered user, and The present invention relates to a user authentication program for causing a computer to function as the user authentication device.

In a website that provides a predetermined service online to a pre-registered user, the user terminal operator who has accessed the website via the user terminal inputs a user ID and password, and the entered user ID and It is common to adopt a user authentication method that confirms whether or not the operator of the accessing user terminal is a pre-registered user based on whether or not a combination of passwords is registered in the database. is there.

  However, since the above user authentication method does not depend on the individuality of the user terminal held and operated by the user, if the user ID and password are leaked to others, before the user notices the leak, There is a drawback that a person who knows the user ID and password can impersonate a legitimate user and gain unauthorized access.

In this connection, in Patent Document 1, an IP address (and link source URL) that allows the use of a service is stored in a database together with an ID and a password, and in addition to authentication based on the ID and password, an access source IP address A technique for determining whether or not to permit use of a service by determining whether or not is registered in a database is disclosed.

  In the above-mentioned Patent Document 1, it is easily conceivable to use the MAC address or individual identification number of the terminal or the identification number of the hardware key attached to the terminal instead of the access source IP address.

As a technique for preventing spoofing and improving security, a technique for authenticating a user terminal using an electronic certificate prior to user authentication based on a user ID and a password is also known. If this technology is applied, even if the user ID and password are leaked to others, as long as the person who knows the user ID and password does not operate the user terminal on which the regular electronic certificate is installed, It can prevent fraud.

JP-A-2001-325229

The technique described in Patent Document 1 uses an IP address to determine whether an access source user terminal is a user terminal that is held and operated by a legitimate user. Is operating (whether or not a third party is impersonating a legitimate user). However, although the IP address is always constant as long as it is a global IP address fixedly assigned to a specific user terminal, there are very few user terminals to which such a global IP address is assigned. Most user terminals that are used differ every time they access the Internet. This is a random IP address selected from a large number of global IP addresses held by an Internet service provider (Internet service provider, hereinafter simply referred to as “provider”) when accessing the Internet. This is because the user terminal is automatically assigned. For this reason, as in the technique described in Patent Document 1, when the user confirmation or authentication is performed based on whether or not the IP addresses match, access by a legitimate user is erroneously determined as unauthorized access, There is a risk of misjudging an unauthorized user as an authorized user.

  In addition, when the MAC address or the user terminal individual identification device or hardware key is used instead of the IP address, the same network environment is restored using another terminal in the event that these devices fail. There is a problem that it is difficult.

  In addition, when using the digital certificate technology, there is a problem that a burden on the user is heavy because it is necessary to perform a complicated work of installing the electronic certificate in the user terminal in advance.

The present invention has been made in consideration of the above facts, and the problem is that a user authentication device that can perform personal authentication as authentication information that replaces a password with high security strength while being easy to set and reproduce, It is to obtain a user authentication method and a user authentication program.

  In the means devised to solve the above-mentioned problems, identification information for a plurality of applications and their activation order are stored in association with the personal identification information of the user for each user. Then, information is received from the user terminal that has accessed through the network, personal identification information stored in the storage device in association with the information received from the user terminal, identification information about a plurality of applications, and activation thereof It is determined whether any combination with the order is included, and when it is determined that the former includes the latter, the subsequent information from the user terminal is processed as information from the user indicated by the personal identification information. .

According to the user authentication device of the present invention, personal authentication can be performed using information that is easy to set and reproduce but has high security strength as authentication information to replace a password.

A block diagram showing a schematic configuration of a computer system according to the present embodiment Table showing the data structure of some tables that make up the user database The figure which shows the example of a display of the display of a user terminal The flowchart which shows the content of the process which CPU of a user terminal performs according to a bank application program The flowchart which shows the content of the process which CPU of a user terminal performs according to a bank application program The flowchart which shows the content of the process which CPU of a web server performs according to a user authentication program The flowchart which shows the content of the process by the password application registration program performed in S211 of FIG. It is a sequence chart which shows the data exchange between the user terminal which performs the process according to each program, and a server.

Hereinafter, an example of an embodiment of the present invention will be described in detail with reference to the drawings. FIG. 1 shows an online transaction system 10 according to the present embodiment. The online transaction system 10 according to the present embodiment includes a bank system 12 installed in a specific financial institution. The above specified financial institution performs online financial transactions from users through online financial transaction websites as a service that enables users who have opened an account with the specific financial institution to conduct online financial transactions. An online financial transaction acceptance service that accepts instructions is provided. In the financial transaction using this online financial transaction reception service, the user browses the web page of the online financial transaction website via the user terminal 18 and inputs necessary information on the web page, so that the user can Information (financial transaction instruction information) for instructing execution of a desired financial transaction is transmitted from the user terminal 18 to the bank system 12. Then, the financial transaction instruction information is transferred from the bank system 12 to the account system 28 connected to the intranet 26, so that the financial transaction instructed by the user based on the financial transaction instruction information is performed in the account system 28, etc. To be executed by.

The bank system 12 includes a CPU 12A, a memory 12B, a hard disk drive (HDD) 12C, and a network interface (I / F) unit 12D that are connected to each other through a bus B.

The network I / F unit 12D is directly connected to a public computer network (Internet) 16 in which a large number of web servers are connected to each other via a communication line, and further installed in a specific financial institution. An intranet (LAN) 26 is also connected. A billing system 28 is connected to the intranet 26.

A large number of user terminals 18 each consisting of a PC or the like are connected to the Internet 16. A browser is installed in each user terminal 18. Since each user terminal 18 is assumed to have an Internet connection function like a so-called smartphone or tablet terminal, the network I / F unit 12D is connected to each user via the Internet 16. Connected to terminal 18.

  The memory 12B is a storage device composed of a RAM (Random Access Memory), and a work area by the CPU 12B is expanded.

  The CPU 12A is a processing device that executes the program read out on the memory 12B and controls the entire hardware constituting the bank system 12, and includes a part of storage means, determination means, processing means, response means, and registration. It corresponds to the means.

  The HDD 12C is a storage device that includes a computer-readable storage medium that stores various data and programs. The programs stored in the HDD 12C include a user authentication server program 13 and a database server program 14 that are read and executed on the memory 12B by the CPU 12A. In addition, in the various data stored in the HDD 12C, data is registered by the CPU 12A executing the database server program 14, and a user database 15 from which data is read is registered.

The database server program 14 and the user database 15 are a part of storage means, and are stored in a storage device of a separate computer that can communicate with the computer executing the user authentication server program 13 through the intranet 26. It may be executed by the CPU 17 of the computer. Hereinafter, the CPU that executes the user authentication server program 13 may be abbreviated as “user authentication server 13”, and the CPU that executes the database server program 14 may be abbreviated as “database server 14”.

  In addition, the user database 15 stores the address or address, name or name, user ID (contract number), password, account, etc. for all customers who have signed an account opening contract with the specific financial institution by the user data server 14. A database in which types and account numbers are recorded and managed. Furthermore, the password database registration table shown in FIG. 2 is stored in the user database 15 as a configuration unique to the present embodiment. As shown in FIG. 2, this password application registration table registers a user ID for linking with another table and an application program for user authentication (hereinafter referred to as “password application”) to be described later. A flag about whether or not (hereinafter, “password application registered flag”), identification information (hereinafter referred to as “application ID”) of a predetermined number (four in the example of FIG. 2) and activation order, respectively. It is a table to be registered. Note that application IDs are registered in the order of activation. That is, the application ID of the password application to be activated first should be activated third in the “password application 2” field, and the application ID of the password application to be activated second should be activated in the “password application 2” field. An application ID of the password application is registered in the “password application 3” field, and an application ID of the password application to be activated fourth is registered in the “password application 4” field.

  Returning to FIG. 1, the user terminal 18 includes a CPU 19, a memory 20, a touch panel 21, a communication module 22, and a display 23 that are connected to each other through a bus B so as to exchange data.

The CPU 19 is a processing device that controls the entire user terminal 18 by reading and executing a program.

  The memory 20 is developed by a program that is read and executed by the CPU 19, a nonvolatile rewritable memory such as a ROM (Read Only Memory) and flash memory storing various data, and a temporary storage area as a work area of the CPU 19. RAM. The program includes a basic program for controlling the basic operation of the user terminal 18 and an application program (hereinafter referred to as “application”) for adding a desired function arbitrarily used by the user using the user terminal 18 to the CPU 19. Abbreviated).

  The communication module 22 terminates various wireless network protocols that can be used by the user using the user terminal 18, and performs wireless communication with a base station of the wireless network in a data format according to the protocol. A wireless device.

  The display 23 is a liquid crystal panel, an EL (electroluminescence) panel, or the like on which visible information such as various images, screens, and messages is displayed by the CPU 19. The visible information displayed on the display 23 includes a software keyboard.

  The touch panel 21 is a transparent member that is placed over the entire area of the display 23, and is a pointing device that detects a position where the operator's finger or touch pen has touched and inputs coordinate values indicating the position to the CPU 19.

  The basic program that the CPU 19 reads from the memory 20 and executes is input with items (icons, characters, buttons, etc.) displayed on the display 23 overlapping the position indicated by the coordinate value input from the touch panel 21. And a module that gives the CPU 19 a function of recognizing that the software keyboard is operated and recognizing an input character string. The basic program includes a list of icons 100 and 101 associated with a function for starting an application installed in the memory 20, as shown in FIG. When the displayed screen (hereinafter referred to as “home screen”) is displayed and any of the icons 100 and 101 is input, the CPU 19 is provided with a function of starting an application associated with the icon 100 or 101. Module is included.

  In the present embodiment, as a unique configuration, a “bank application” that shows a part of the processing contents in the flowcharts of FIGS. 4 and 5 is installed in the memory 20. In this bank application, it is detected based on the coordinate data from the touch panel 21 that the user has input the icon displayed on the display 23 (the icon 101 displayed as “silver” in FIG. 3). Triggered by that. Then, the CPU 19 executing the bank application accesses the bank system 12 according to the operation content input through the touch panel 21 and receives various services by the bank system 12. Then, when executing an important transaction (transfer or the like) while receiving various services, the CPU 19 executing the bank application executes the process of FIG. 4 in response to a request from the bank system 12. .

  In the first S001, the CPU 19 displays an ID input field and an OK button (not shown) on the display 23, and in the next S002, the user operates the above-described software keyboard to display a predetermined format in the ID input field. A character string satisfying the above condition is input and waiting for an OK button to be input. Then, when the user operates the software keyboard described above to input a character string satisfying a predetermined format in the ID input field and inputs an OK button, the CPU 19 advances the process to S003.

  In S003, the CPU 19 instructs the display 23 to start up according to the startup order in which the application registered in advance in the password application registration table (FIG. 2) of the user database 15 as the password application is registered. Display a message.

  In the next S004, the CPU 19 monitors input to each application icon (or activation of each application) on the home screen, and the application ID of the application corresponding to the input icon (or application ID of the activated application). Are stored in the temporary storage area on the memory 20 in the order of activation.

  In next step S005, the CPU 19 determines whether or not the user has started the password application. For example, if the number of passwords that can be registered in the password application registration table (FIG. 2) of the user database 15 is fixed (four in the example of FIG. 2), the same number of icons are input. This is performed based on whether or not the same number of applications have been activated. Alternatively, an “input completion” button may be displayed on the display 23, and it may be determined that activation of the password application has been completed by input to the “input completion” button.

  If it is determined in S005 that activation of the password application by the user has not yet been completed, the CPU 19 returns the process to S004. On the other hand, when determining that the activation of the password application by the user has been completed, the CPU 19 advances the processing to S006.

  In S006, the CPU 19 accesses the bank system 12 and makes a password application registration inquiry regarding the character string input in S001. Upon completion of S006, the CPU 19 waits for a response (S203, S210) from the bank system 12 in the next S007.

  As shown in FIG. 6, in the bank system 12 that has received this password application registration inquiry, the user authentication server 13 interrupts and starts the process shown in FIG. 6, and receives a character string related to the inquiry as a user ID in S201. (According to receiving means).

  In the next S202, the user authentication server 13 determines whether or not the password application has been registered for the user ID accepted in S201 through the database server 14, in accordance with the user ID, the password application registration table of the user database 15. The determination is made based on whether or not the password application registered flag is set in FIG. If the password application registered flag is set in the password application registration table (FIG. 2) of the user database 15 corresponding to the user ID, it is determined that the password application has been registered for the user ID. In step S203, the inquiry source user terminal 18 is responded that it has been registered, and then the process proceeds to step S204. On the other hand, if the password application registered flag is not set in the password application registration table (FIG. 2) of the user database 15 corresponding to the user ID, the password application has not been registered for the user ID. In step S210, the inquiry source user terminal 18 is responded to the fact that it is not registered, and then the process proceeds to step S211.

  Returning to FIG. 4, if the response from the bank system 1 is “registered” in S <b> 007, the CPU 19 of the requesting user terminal 18 advances the process to S <b> 008, and if “not registered”, advances the process to S <b> 011.

  In S008, based on the application IDs recorded in the activation order in the temporary storage area of the memory 20, the CPU 19 generates data (list of activated applications) that lists these application IDs in the activation order.

  In next S009, the CPU 19 transmits the activated application list created in S008 to the bank system 12. When S009 is completed, the CPU 19 waits for a response from the bank system 12 in S010.

  Returning to FIG. 6, in S <b> 204 executed after responding “Registered” in S <b> 203, the user authentication server 13 receives the active application list transmitted by the inquiry source user terminal 18 in S <b> 009 (reception means). Equivalent).

  In next step S205, the CPU 19 determines whether or not all password applications are activated. That is, the CPU 19 corresponds to the user ID received in S201, and the application IDs of all password applications registered in the password application registration table (FIG. 2) of the user database 15 are received in the active application list received in S204. It is determined whether or not it is included. Then, all or part of the password application IDs registered in the password application registration table (FIG. 2) of the user database 15 corresponding to the user ID received in S201 are received in S204. If it is not included in the list, the user authentication server 13 returns an authentication failure to the inquiry source user terminal 19 in S208, and then ends the interrupt processing.

  On the other hand, the application IDs of all password applications registered in the password application registration table (FIG. 2) of the user database 15 corresponding to the user ID received in S201 are the active application list received in S204. If it is included, the user authentication server 13 determines whether the activation order of the password applications is correct in S206. That is, the CPU 19 corresponds to the user ID received in S201, and the activation order of the password application IDs registered in the password application registration table (FIG. 2) of the user database 15 and the activation being received in S204. It is determined whether the activation order of application IDs in the application list matches. If the former activation order is different from the latter activation order, the user authentication server 13 returns an authentication failure response to the inquiry source user terminal 19 in S208, and ends the interrupt processing.

  On the other hand, if the former activation order matches the latter activation order, the user authentication server 13 returns a successful authentication response to the inquiry source user terminal 19 in S207 and advances the process to S208. In S208, the user authentication server 13 recognizes that the message from the inquiry source user terminal 19 is from the user corresponding to the user ID received in S201, and performs a serious transaction according to the content of the message. Perform the process.

  In other words, S205 and S206 are the identification of a plurality of applications and personal identification information stored in the storage means (user database 15) in association with the information received by the receiving means from the user terminal. This corresponds to determination means for determining whether any combination of information and its activation order is included, and S209 is stored in the storage means (user database 15) in association with the information received by the reception means. Personal identification information received from the user terminal 18 in step S201 when it is determined that any combination of personal identification information, identification information for a plurality of applications, and their activation order is included. Corresponds to processing means for processing as information from the user. Further, S207 is any combination of the personal identification information stored in the storage means (user database 15) in association with the information received by the receiving means, the identification information for a plurality of applications, and the activation order thereof. Corresponds to response means for responding that the authentication has been holed.

  Returning to FIG. 4, if the response from the bank system 1 is “authentication failure” in S 010, the CPU 19 of the inquiry source user terminal 18 returns the process to S 001 and repeats the authentication process. If so, proceed to processing for a critical transaction that requires user authentication.

  In contrast, in S011 executed when it is determined in S007 that the response received from the bank system 12 is “unregistered”, the CPU 19 displays a password entry field and an OK button (not shown) on the display 23. After the display, in the next S012, the user waits until the user operates the above-described software keyboard to input a character string satisfying a predetermined format in the password input field and input the OK button. When the user operates the software keyboard described above to input an arbitrary character string in the password input field and inputs the OK button, the CPU 19 advances the process to S013.

  In S013, the CPU 19 transmits the character string input in the contract number input field to the bank system 12 as a password. After completing S013, the CPU 19 waits for a response from the bank system 12 in the next S014.

  At this time, in the bank system 12, the user authentication server 13 starts the password application registration process shown in FIG. 7 in S211 of FIG. Then, when the user authentication server 13 receives the password from the inquiry source user terminal 18 in the first S301, it is determined whether or not the password is registered in the user database 15 in association with the user iD received in S201. ,To check. When the received password is not registered in the user database 15 in association with the user iD received in S201, the user authentication server 13 registers the inquiry source user terminal 18 in S303. The password application registration process is terminated in response to the failure. On the other hand, when the received password is registered in the user database 15 in association with the user iD received in S201, the user authentication server 13 sends the inquiry user terminal 18 to the inquiry source user terminal 18 in S304. In response to the fact that registration is possible, the next step S305 waits for reception of a list of active applications from the inquiry source user terminal 18.

  Returning to FIG. 5, if the response from the bank system 12 is “registration impossible” in S <b> 014, the CPU 19 of the inquiry source user terminal 18 ends the processing by the bank application. On the other hand, if the response from the bank system 12 is “registration possible”, the CPU 19 displays the password application as a password application on the display 23 in S015 in the password application registration table (FIG. 2) of the user database 15. A message for instructing to start applications for registration in a desired order is displayed.

  In the next S016, the CPU 19 monitors the input to each application icon (or activation of each application) on the home screen, and the application ID of the application corresponding to the input icon (or application ID of the activated application). Are stored in the temporary storage area on the memory 20 in the order of activation.

  In the next S017, the CPU 19 determines whether or not the activation of the password application by the user has been completed. This determination is performed in the same manner as in S005. If it is determined in S005 that activation of the password application by the user has not yet been completed, the CPU 19 returns the process to S016. In contrast, if it is determined that the password application has been activated by the user, the CPU 19 advances the process to step S018.

  In S018, the CPU 19 displays on the display 23 a confirmation dialog (not shown) that lists the application names corresponding to the application IDs stored in the temporary storage area on the memory 20 in the order of activation. This confirmation dialog includes an NG button and an OK button. When the NG button is input, the CPU 19 resets the application ID stored in the temporary storage area on the memory 20 in step S020, and then returns to step S015. On the other hand, when the OK button is input, the CPU 19 advances the process to S021.

  In S021, the CPU 19 generates data (list of activated applications) that lists these application IDs in the order of activation based on the application IDs recorded in the temporary storage area of the memory 20 in the order of activation.

  In next S022, the CPU 19 transmits the activated application list created in S021 to the bank system 12. When S022 is completed, the CPU 19 proceeds to processing for a serious transaction requiring user authentication.

Returning to FIG. 7, in S <b> 305 executed after responding “Registered” in S <b> 304, the user authentication server 13 receives the active application list transmitted by the inquiry user terminal 18 in S <b> 022.

  In next S306, the user authentication server 13 associates the user ID received in S201 with the application ID in the active application list received in S305 in the password application registration table (FIG. 2) of the user database 15. Are registered in the order of their activation. In other words, the user authentication server 13 includes any combination of the personal identification information and the password stored in the storage unit in association with each other in the information received by the reception unit from the user terminal. Registration information for storing a plurality of applications included in the information received by the receiving means and their activation order in the storage means (user database 15) in association with the personal identification information received in S201. Corresponds to means.

In next S307, the user authentication server 13 sets a password application registered flag in the password application registration table (FIG. 2) of the user database 15 in association with the user ID received in S201. When S307 is completed, the user authentication server 13 advances the process to S209.

  Next, the operation of each component of the present embodiment configured as described above will be described with reference to the sequence diagram of FIG.

  A user who uses an online financial transaction acceptance service applies to a specific financial institution in advance to use the service. When the user applies for the use of the service, the specific financial institution assigns a user ID to the user, and the assigned user ID together with the password set by the customer and other information related to the customer's account, the bank system 12 Registered in the user database 15 stored in the HDD 12C. In addition, the user authentication server 13 registers the application IDs of a desired predetermined number of applications selected to be activated by the customer according to a desired order in the password application registration table (FIG. 2) of the user database 15 as a password application.

  Thereafter, the user operates the user terminal 18 held and used by the user, and accesses various services provided by the bank system 12 using the bank application. Then, when performing an important procedure (for example, transfer or settlement) in any service, the customer is registered in the password application registration table (FIG. 2) of the user database 15 in accordance with an instruction from the bank application. Are activated in the registered activation order (S004, S005, S401 to S404). Then, according to the bank application, the CPU 19 of the user terminal issues a password application registration inquiry (S006, S405).

Then, in the bank system 12, the database server 14 reads out information about the customer from the password application registration table (FIG. 2) of the user database 15 and outputs it to the user authentication server 13 (S406). Then, the user authentication server 13 checks whether or not the password application has been registered based on the value of the password application registration flag included in the information notified from the database server 14 (S202, S407). In this case, the user authentication server 13 determines that the password application has been registered, and responds to that effect to the user terminal 18 (S203).

  Then, the user terminal 18 creates a list of activated applications based on the application ID and activation order of each password application that has been activated in advance (S008, S408), and transmits the created activated application list to the bank system 12. (S009, S409).

  Then, in the bank system 12, the user authentication server 13 confirms that all application IDs included in the information notified from the database server 14 are included in the active application list (S410), and is included in the active application list. Confirm that the activation order of each application ID matches the activation order of the application IDs in the information notified from the database server 14 (S205, S206, S411), and notify the user terminal 13 of successful authentication (S207, S412).

  Then, the user terminal 13 continues the process (S413), and can execute a serious transaction with the bank system 12 (S209).

  As described above, according to the present embodiment, a customer can be authenticated by activating an application registered in advance as a password application in the order of registration instead of a password. The number of apps that can be registered as such password apps is much larger than the number or number of characters. Therefore, it is very unlikely that the same combination as the combination of a predetermined number of applications registered as a password application by a customer is installed in a terminal held and used by another person. Furthermore, the probability that the password applications will be activated in the order of registration from among a large number of installed applications including the password application is reasonably lower. Therefore, the strength of security is higher than that of a normal password, and the risk of impersonation is correspondingly lower than that of a normal password. Nevertheless, since applications that can be registered as password applications are generally distributed, even if the user changes the user terminal 18, the user before the change can be obtained by installing the same password application. The environment of the terminal 18 can be restored properly.

  In the above embodiment, the activation of the password application is recorded in the temporary storage area of the memory 20 by the bank application being activated before the activation of the password application. However, the basic program (not shown) records the activation history of the application. If the bank application has a function to do this, the bank application may read the activation history of the application recorded by the basic program and create a list of activated applications based on the read activation history.

10 Online transaction system 12 Bank system 12A CPU
12C HDD
13 User Authentication Server Program 14 Database Server Program 15 User Database 16 Internet 18 User Terminal 19 CPU
20 Memory 21 Touch Panel 22 Communication Module 23 Display

Claims (6)

A user authentication device for authenticating that an operator operating a user terminal accessed through a network is a pre-registered user,
Storage means for storing, for each user, identification information about a plurality of applications and their activation order in association with the personal identification information of the user;
Receiving means for receiving information from a user terminal accessed through the network;
The information received from the user terminal by the receiving means includes any combination of personal identification information stored in the storage means in association with each other, identification information about a plurality of applications, and their activation order. Determination means for determining whether or not,
The information received by the receiving unit by the determining unit includes any combination of personal identification information stored in the storage unit in association with each other, identification information about a plurality of applications, and the activation order thereof. And a processing unit for processing information from the user terminal as information from the user indicated by the personal identification information when it is determined that the personal identification information is received. Either the personal identification information stored in the storage means in association with the information received by the receiving means from the user terminal by the determination means, the identification information for a plurality of applications, and the activation order thereof. The user authentication apparatus according to claim 1, further comprising response means for responding that the authentication has been successful when it is determined that the combination is included. The storage means further stores a password in association with the personal identification information,
The reception means receives the information received from the user terminal when the reception means includes any combination of the personal identification information and the password stored in the storage means in association with each other. 2. The user authentication apparatus according to claim 1, further comprising registration means for storing identification information about a plurality of applications included in the information and the activation order thereof in the storage means in association with the personal identification information. . 2. The user authentication apparatus according to claim 1, wherein the user terminal records identification information of an activated application and an activation order thereof, and transmits the information together with the personal identification information as the information through a network. . A user authentication method for authenticating that an operator operating a user terminal that has accessed a server device via a network is a pre-registered user,
For each user, the identification information for a plurality of applications and the activation order thereof are stored in the storage device of the server in association with the personal identification information of the user,
Receiving information from user terminals that have accessed through the network;
Judgment whether or not the information received from the user terminal includes any combination of personal identification information stored in the storage device in association with each other, identification information about a plurality of applications, and their activation order And
When it is determined that the information received by the receiving unit includes any combination of personal identification information stored in the storage device in association with each other, identification information about a plurality of applications, and the activation order thereof And processing the subsequent information from the user terminal as information from the user indicated by the personal identification information. By being executed by a computer capable of communicating with a user terminal through a network, the computer is
Storage means for storing, for each user, identification information about a plurality of applications and their activation order in association with the personal identification information of the user;
Receiving means for receiving information from a user terminal accessed through the network;
The information received from the user terminal by the receiving means includes any combination of personal identification information stored in the storage means in association with each other, identification information about a plurality of applications, and their activation order. Determination means for determining whether or not,
The information received by the receiving unit by the determining unit includes any combination of personal identification information stored in the storage unit in association with each other, identification information about a plurality of applications, and an activation order thereof. A user authentication program that functions as processing means for processing information from the user terminal as information from the user indicated by the personal identification information when it is determined that

Images