| 摘要 |
An authentication server apparatus is capable of simply and accurately assessing whether a user terminal is being operated by a person. In the authentication server apparatus connected to the user terminal, operating instructions for instructing operation by an operator by using objects are associated with operation information and stored. A session ID is imparted for each session with the user terminal, operating instructions are selected for each session, a page provided with the selected operating instructions and the objects is generated, and position information is received corresponding to operations executed at the user terminal that has displayed the page. At authentication time, operating instructions using the session ID of the session are associated with position information received from the terminal, and using the stored operation information associated with the operating instruction that have been associated with the received position information, and the position information, an assessment is made of whether or not the operations were made by an operator. |
| 主权项 |
1. An authentication server apparatus that is connected to a terminal provided with a display through a network, the authentication server apparatus comprising:
at least one hardware processor configured to execute modules comprising: an operation storage that associates and stores an operating instruction and operation information, the operating instruction including text information that instructs an operator of the terminal to perform an operation on the display, the operation information including a position on the display matching the operation and comprising content matching content of the corresponding operating instruction; a session ID assigner that assigns a session ID per session with respect to the terminal that displays a page comprising the operating instruction and an object displayed on the display for the operation; an operation instruction selector that selects the operating instruction per session; a page transmitter that transmits the page, the page comprising the selected operating instruction, the object displayed on the display for the operation matching the operating instruction, the session ID, and a position information transmitter that transmits position information of a pointer from the terminal that displays the page to the authentication server apparatus on a regular basis during the operation in the session, the position information indicating a pointer position in the terminal that displays the page and comprising coordinates representing the pointer position on the display in the terminal, and the position information transmitter beginning transmitting the position information of the pointer when the object displayed on the display for the operation is selected; a position information receiver that receives the position information transmitted from the terminal by the position information transmitter in the page; a position information storage that, every time the position information is received, stores the received position information per session ID and reception time; and a flag setter, when the position information stored in the position information storage and position information stored at a time before the position information are different in the same session ID, sets a manual operation flag indicating that movement of the pointer is operated by the operator of the terminal; an associator that associates the operating instruction provided in the page displayed in the session and the position information received from the terminal in the session, based on the session ID included in an authentication request received from the terminal that displays the page; and a determiner that determines whether or not the operation is performed by the operator, wherein the operator is a person, based on:
(a) whether or not a comparison of (i) the operation information stored in the operation storage and associated with the operating instruction associated with the position information and (ii) object selection information or object selection movement information indicates that the operator of the terminal has performed the operation on the display instructed by the operating instruction, and(b) whether or not the manual operation flag is set, indicating that the operator of the terminal is a person. |
