{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00234267","sets":["581:11492:11498"]},"path":["11498"],"owner":"44499","recid":"234267","title":["多点観測認証:物理イベントの多点観測による利便性と安全性を両立した認証/認可方式"],"pubdate":{"attribute_name":"公開日","attribute_value":"2024-05-15"},"_buckets":{"deposit":"60551822-5cb7-4701-b60c-90ea0b84a03c"},"_deposit":{"id":"234267","pid":{"type":"depid","value":"234267","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"多点観測認証:物理イベントの多点観測による利便性と安全性を両立した認証/認可方式","author_link":["638132","638128","638137","638138","638135","638136","638127","638134","638131","638139","638133","638130","638129","638140"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"多点観測認証:物理イベントの多点観測による利便性と安全性を両立した認証/認可方式"},{"subitem_title":"Multi-observed Authentication: A Secure and Usable Authentication/Authorization Based on Multi-point Observation of Physical Events","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"[特集:情報システム論文] 認証/認可,多要素認証,ユーザブルセキュリティ,物理事象の多点観測","subitem_subject_scheme":"Other"}]},"item_type_id":"2","publish_date":"2024-05-15","item_2_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"三菱電機株式会社"},{"subitem_text_value":"三菱電機株式会社"},{"subitem_text_value":"静岡大学"},{"subitem_text_value":"静岡大学"}]},"item_2_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Mitsubishi Electric Corporation","subitem_text_language":"en"},{"subitem_text_value":"Mitsubishi Electric Corporation","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"},{"subitem_text_value":"Shizuoka University","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/234267/files/IPSJ-JNL6505002.pdf","label":"IPSJ-JNL6505002.pdf"},"date":[{"dateType":"Available","dateValue":"2026-05-15"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-JNL6505002.pdf","filesize":[{"value":"3.3 MB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"8"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"bed97b3e-3864-4872-9fd2-c9ec53679d58","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2024 by the Information Processing Society of Japan"}]},"item_2_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"野崎, 真之介"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉平, 瑞穂"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"芹澤, 歩弥"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"藤田, 真浩"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"吉村, 礼子"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"大木, 哲史"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"西垣, 正勝"}],"nameIdentifiers":[{}]}]},"item_2_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Shinnosuke, Nozaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Mizuho, Yoshihira","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ayumi, Serizawa","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masahiro, Fujita","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Ayako, Yoshimura","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Tetsushi, Ohki","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Masakatsu, Nishigaki","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_2_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN00116647","subitem_source_identifier_type":"NCID"}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_6501","resourcetype":"journal article"}]},"item_2_publisher_15":{"attribute_name":"公開者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"item_2_source_id_11":{"attribute_name":"ISSN","attribute_value_mlt":[{"subitem_source_identifier":"1882-7764","subitem_source_identifier_type":"ISSN"}]},"item_2_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"業務形態の変化にともない,PCのマルウェア感染による被害が拡大し,従来の認証方式や認可方式によるセキュリティ対策では守りきれない現状になりつつある.この問題への解決策として多要素認証があるが,認証の度に複数のクレデンシャルを提示する手間が生じる.認証後に得られる認証トークンに有効期限を設けることで再認証を免除する利便性向上策も考えられるものの,ユーザのPC内にマルウェアが感染している場合,認証トークンを用いて情報資産へアクセスされる.マルウェアではなくユーザの意思によって情報資産へのアクセスが行われたことを確認したいのであれば,ユーザにスマートフォンの操作を要求せずとも,ユーザ自身による情報資産へのアクセスのアクションを確認すれば十分だと考えられる.そこで我々は,「クレデンシャル(PWあるいは認証トークン)の正当性に加え,ユーザによる物理的な認証/認可のアクションの発生を確認する」というコンセプトに基づく新たな方式として,多点観測認証を提案する.","subitem_description_type":"Other"}]},"item_2_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"As business practices evolve, the damage caused by PC malware infections is expanding. Accordingly, individuals and companies are increasingly finding that traditional authentication and authorization security measures are insufficient to protect them. One solution to this problem is multi-factor authentication, but it requires presenting multiple credentials every time authentication is required, which can be cumbersome. While a convenience improvement strategy is to set an expiration date for the authorization token obtained after authentication to exempt users from re-authentication, if malware is present on the user's PC, the information assets can still be accessed using the authorization token. If we want to confirm that access to information assets was made by the user's intention, rather than by malware, it is sufficient to confirm the user's physical authentication/authorization action rather than asking the user to operate a smartphone. Therefore, we propose a new method called Multi-observed Authentication based on the concept of “confirming the legitimacy of credentials (passwords or authorization tokens) as well as the occurrence of physical authentication/authorization actions by the user”.","subitem_description_type":"Other"}]},"item_2_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"902","bibliographic_titles":[{"bibliographic_title":"情報処理学会論文誌"}],"bibliographicPageStart":"888","bibliographicIssueDates":{"bibliographicIssueDate":"2024-05-15","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"5","bibliographicVolumeNumber":"65"}]},"relation_version_is_last":true,"item_2_identifier_registration":{"attribute_name":"ID登録","attribute_value_mlt":[{"subitem_identifier_reg_text":"10.20729/00234150","subitem_identifier_reg_type":"JaLC"}]},"weko_creator_id":"44499"},"id":234267,"updated":"2025-01-19T09:49:44.150552+00:00","links":{},"created":"2025-01-19T01:36:00.659814+00:00"}