摘要 |
PROBLEM TO BE SOLVED: To restrict unauthorized accesses, in which a third person deceives as a regular user, even if user authentication or information used for holding sessions is leaked. SOLUTION: An Web client transmits first session information, which is noticed from an Web server when the session is started, and second session information, which is stored in an Web page received from the Web server, to the Web server. Subsequently, the Web server generates verification information using reverse generation procedures from the received first and second session information to the first and second session information, and determines whether or not a user of the session is authenticated by comparing the verification information with prerecorded session holding information. COPYRIGHT: (C)2005,JPO&NCIPI |