(19) Japan Patent Office (JP)
`
`(19) Japanese Unexamined Patent
`Application Publication (A)
`
`(11) Japanese Unexamined Patent
`Application Publication No.
`
`2010-262532
` (P2010-262532A)
`
`(43) Publication date 18 Nov. 2010
`
`(51) Int. Cl.
`
`G06F 21/20
`
`(2006.01)
`
`FI
`
`G06F 15/00 330B
`
` Themed code
`
` 5B285
`
`Request for examination Yes Number of claims 10 OL (Total of 14 pages)
`
`(21) Japanese Patent
`Application
`
`Japanese Patent
`Application 2009-113810
`(P2009-113810)
`
`(71) Applicant
`
`(22) Date of application
`
`8 May 2009
`
`(74) Agent
`
`(72) Inventor
`
`(72) Inventor
`
`(72) Inventor
`
`500257300
`Yahoo Japan Corp., 9-7-1 Akasaka,
`Minato-Ku, Tokyo, Japan
`100106002,
`Masayuki Shobayashi, Patent attorney
`
`TOSHINAMI YASUSHI;
`c/o Yahoo Japan Corp., 9-7-1 Akasaka,
`Minato-Ku, Tokyo, Japan
`FUSE KENTARO;
`c/o Yahoo Japan Corp., 9-7-1 Akasaka,
`Minato-Ku, Tokyo, Japan
`OTSUKA YASUHIRO
`c/o Yahoo Japan Corp., 9-7-1 Akasaka,
`Minato-Ku, Tokyo, Japan
`
`(Continued on the last page)
`
`(54) [TITLE OF THE INVENTION] SERVER, METHOD AND PROGRAM FOR MANAGING LOGIN
`
`(57) [ABSTRACT]
`[PROBLEM TO BE SOLVED] To provide a server,
`a method and a program which makes a user himself
`(or herself) easily notice occurrence of unauthorized
`login and surely perform personal authentication for
`following login lock operation.
`[SOLUTION] A management server 10 includes: a
`login management DB 17 for recording the mail
`address in relation with the user ID of each user; a
`notification mail generation means 12 for generating
`a notification mail including a message for notifying
`the reception of a login request and a URL for
`identifying
`the message; a notification mail
`transmission means 13 for transmitting the generated
`notification mail; a lock/unlock control reception
`means 14 for accessing the URL and accepting a
`login
`suppression
`instruction;
`a
`personal
`authentication means 15 for performing personal
`authentication by collating the user ID with user ID
`corresponding to the URL of the access; and a
`lock/unlock control means 16 for suppressing login
`using the authenticated user ID to a predetermined
`service.
`[Representative Figure] Fig. 3
`
`Page 1 of 27
`
`GOOGLE EXHIBIT 1009
`
`

`

`
`
`(2)
`
`
`
`[SCOPE OF PATENT CLAIMS]
`[CLAIM 1]
`A server managing the login of users to a specific service,
`characterized by comprising:
`a recording means recording at least one mail address related to the user ID of said user,
`and a generation means generating a notification mail, in response to the receipt of a login request using
`said user ID, including a message notifying the fact that there had been said request and a URL identifying said
`message,
`and a transmission means transmitting the notification mail generated by means of said generation means to
`the mail address recorded by means of said recording means,
`and a reception means not only accessing to said URL included in the notification mail transmitted by said
`transmission means, but also receiving suppression instructions for login using said user ID,
`and a verification means conducting verification by comparing with the user ID corresponding to said
`URL, in correspondence with the reception of access from said reception means,
`and a suppression means suppressing login to said specific service using a user ID verified by means of
`said verification means, when there is receipt of suppression instructions of said login.
`[CLAIM 2]
`The server claimed in claim 1 characterized by said suppression means additionally invalidating a session logged
`into using the user ID verified by means of said verification means.
`[CLAIM 3]
`The server claimed in claim 1 or claim 2 characterized by said generation means generating a notification mail
`including said URL notifying of the fact of the occurrence of said request and identifying said message, in
`correspondence with the receipt of a request using said user ID, in order to eliminate the suppressed condition of the
`login by means of said suppression means,
`and said reception means is in receipt of access to said URL included in said notification mail, as well as
`instructions for the release of the suppressed condition of the login using said user ID,
`and said suppression means releases the suppressed condition of the login to said specific service using the
`user ID verified by means of said verification means, when in receipt of release instructions of said login suppressed
`state.
`[CLAIM 4]
`The server claimed in claim 3 characterized by said reception means additionally receiving input modifications of
`the password related to said user ID, when in receipt of instructions to release the suppressed state of said login,
`and said suppression means modifies said password, in correspondence with input modifications of a password
`received from said reception means.
`[CLAIM 5]
`The server claimed in any one of claims 1 to 4, characterized by when said login request is received, before a
`notification mail is transmitted by means of said transmission means, the information representing said mail address
`which is the transmission destination of said notification mail additionally comprises a first notification means
`notifying said login request source.
`[CLAIM 6]
`The server claimed in any one of claims 1 to 5, characterized by when there is receipt of a request for the release of
`the suppress state of said login, before said notification mail is transmitted by means of said transmission means,
`information representing said mail address which is the transmission destination of said notification mail
`additionally provides a second notification means notifying said request source.
` [CLAIM 7]
`The server claimed in any one of claims 1 to 6, characterized by said generation means generating modifications
`each time of said URL, on the occasion of generation of said notification mail.
`[CLAIM 8]
`The server claimed in any one of claims 1 to 7, characterized by said generation means generating said message
`including identification information of the terminal that said user ID employed.
`[CLAIM 9]
`
`
`
`Page 2 of 27
`
`

`

`
`
`(3)
`
`
`
`A method of managing a computer which logs in users to a specific service, characterized by comprising a recording
`step recording at least the first mail address related to the user ID of the user,
`and a generation step generating a notification mail including a URL identifying the message notifying that there
`had been said request and said message, in correspondence with the receipt of a login request using said user ID,
`and the transmission step transmitting a notification mail generated by means of said generation step to the mail
`address recorded by means of said recording step,
`and a reception step not only accessing said URL included in the notification mail transmitted by said transmission
`step, but also receiving suppression instructions of the login using said user ID,
`and a verification step verifying by comparing the user ID in correspondence with said URL, in correspondence with
`the reception of access from said reception step,
`and a suppression step suppressing login to said specific service using the user ID verified by means of said
`verification step, when there is receipt of suppression instructions of said login.
`
`[CLAIM 10]
`A program implementing the method claimed in claim 9 on a computer.
`[DETAILED DESCRIPTION OF THE INVENTION]
`[TECHNICAL FIELD]
`[0001]
`The present invention relates to a server managing the login of users to a specific service, a method and a program.
`[Background Art]
`[0002]
`Conventionally, there were multiple usable services provided on the Internet which allowed nonspecific multiple
`users by means of user verification. On the occasion of logging in to these types of services, mostly the verification
`of the subject person was by means of the fixed ID and password of each user. By this means, customized services
`could be provided for use by each user.
`[0003]
`However, there is the risk of usage by third parties other than the users to date with verification by means of ID and
`password only. In that respect, there were investigations into how to prevent illegal login by pretending to be an
`existent user. For example, in patent literature 1, there is the proposal to transmit a notification email of the fact that
`login
`operations
`had
`been
`performed
`to
`the
`email
`of
`the
`user who
`logged
`in.
`[PRIOR ART LITERATURE]
`[0004]
`[Patent Literature 1] Japanese Unexamined Patent Application Publication 2007-94614
`[OUTLINE OF THE INVENTION]
`[PROBLEM TO BE SOLVED BY THE INVENTION]
`[0005]
`The method of patent literature 1, while being useful in order to discover unlawful logins, has was no framework in
`order to suppress logins by a previous user (the subject). In other words, in the event that there was the occurrence of
`unlawful login, it was difficult to securely perform verification of the subject, in respect of the operations of locking
`the login and releasing the lock.
`[0006]
`The aim of this invention is to provide a server, method and program not only enabling easy recognition by the user
`themselves of the occurrence of unlawful login, but also enabling the performance of secure verification of the
`subject, in respect of the operations of a login lock thereafter.
`[MEANS FOR RESOLVING THE PROBLEM]
`
`
`
`Page 3 of 27
`
`

`

`
`
`(4)
`
`
`
`[0007]
`The following types of solution means are provided in this invention.
`[0008]
`(1) A server managing the login of a user to a specific service,
`characterized by comprising:
`a recording means recording at least one mail address related to the user ID of said user,
`and a generation means generating a notification mail, in response to the receipt of a login request using said user
`ID, including a message notifying the fact that there had been said request and a URL identifying said message,
`and a transmission means transmitting the notification mail generated by means of said generation means to the mail
`address recorded by means of said recording means,
`and a reception means not only accessing to said URL included in the notification mail transmitted by said
`transmission means, but also receiving suppression instructions for login using said user ID,
`and a verification means conducting verification by comparing with the user ID corresponding to said URL, in
`correspondence with the reception of access from said reception means,
`and a suppression means suppressing login to said specific service using a user ID verified by means of said
`verification means, when there is receipt of suppression instructions of said login.
`[0009]
`By means of this type of configuration, said server transmits a notification mail including a message notifying said
`user to the mail address of the user themselves from whom there was a login request. The user themselves can easily
`be made aware of the occurrence of an unlawful login by means of the notification mail.
`[0010]
`Moreover, because there is a URL identifying the notification message in this notification mail, the user themselves
`who are in receipt of the notification mail may implement a login lock, by means of accessing this URL. On that
`occasion, because the user themselves would be in receipt of login lock instructions in correspondence with access
`to the URL generated by said server, a reduction in the possibility of access by a third party who did not receive the
`notification mail is enabled, enabling secure performance of the verification of the user themselves.
`[0011]
`(2) The server recited in (1) characterized by invalidating a session logged into using the user ID verified by means
`of said verification means.
`[0012]
`By means of this type of configuration, said server suppresses subsequent logins using the verified ID, in response to
`suppression instructions for the login, in other words suppresses the initiation of use of the service, in addition to
`invalidating the current login which used the verified user ID, in other words invalidating the session during use of
`the service. By this means, after setting the login lock, the usage of the service by third parties can be rejected.
`[0013]
`(3) The server recited in (1) or (2) characterized by said generation means generating a notification mail including
`said URL notifying of the fact of the occurrence of said request and identifying said message, in correspondence
`with the receipt of a request using said user ID, in order to eliminate the suppressed condition of the login by means
`of said suppression means,
`and said reception means is in receipt of access to said URL included in said notification mail, as well as instructions
`for the release of the suppressed condition of the login using said user ID,
`and said suppression means releasing the suppressed condition of the login to said specific service using the user ID
`verified by means of said verification means, when in receipt of release instructions of said login suppressed state.
`[0014]
`By means of this type of configuration, said server on being in receipt of release instructions of the login lock,
`transmits a notification mail including a message notifying the fact of the request in respect of the mail address of
`the user themselves who requested it. The user themselves can easily be made aware of the request for release of the
`login lock by means of this notification mail.
`
`
`
`Page 4 of 27
`
`

`

`
`
`(5)
`
`
`
`[0015]
`Moreover, because the URL identifying the notification message is included in this notification mail, the user
`themselves on receipt of this notification mail, in the event that they do want to perform the release, can implement
`the release of the login lock by means of accessing this URL. On that occasion, because a reduction in the possibility
`of access by third parties who have not received the notification mail is enabled because there was receipt of release
`instructions of the log in lock in correspondence with access to the URL generated by said server, the secure
`performance of verification of the user themselves is enabled.
`[0016]
`(4) The server recited in (3) characterized by said reception means additionally receiving input modifications of the
`password related to said user ID, when in receipt of instructions to release the suppressed state of said login, and
`said suppression means modifies said password, in correspondence with input modifications of a password received
`from said reception means.
`[0017]
`By means of this type of configuration, said server modifies the password employed in verifying the user on the
`occasion of releasing the login lock. Therefore, for example, if there was login lock generated by unlawful login, a
`reduction of the possibility of the occurrence of unlawful login once more after the release of this lock is enabled.
`[0018]
`(5) The server recited in any one of (1) to (4), characterized by when said login request is received, before a
`notification mail is transmitted by means of said transmission means, the information representing said mail address
`which is the transmission destination of said notification mail additionally comprises a first notification means
`notifying said login request source.
`[0019]
`By means of this type of configuration, when there is a login request and it is not clear if it is the person themselves
`or a third-party, said server enables a notification to the request source as well as the mail address of the notification
`destination, that the person themselves has been notified.
`[0020]
`Moreover, even when there is a valid login from the person themselves, the user can check as to whether there is an
`erroneous mail address registered or not by means of this notification. Therefore, the suppression of transmission of
`notification mails to third parties other than the person themselves is enabled.
`[0021]
`(6) The server recited in any one of (1) to (5), characterized by when there is receipt of a request for the release of
`the suppress state of said login, before said notification mail is transmitted by means of said transmission means,
`information representing said mail address which is the transmission destination of said notification mail
`additionally provides a second notification means notifying said request source.
`[0022]
`By means of this type of configuration, when there is a request for the release of the login lock from a user when it is
`not clear that they are the person themselves are third-party, said server enables a mail notification of that fact to the
`person themselves, in addition to notifying the request source of the mail address of the destination of the
`notification. Therefore, in the event that there was release request of an unlawful login lock by a third-party, this
`notification could serve as a restraint on third parties.
`[0023]
`Moreover, even when there is a lawful request for release from the person themselves, by means of this notification,
`the user can check as to whether there is an erroneous mail address registered or not. Therefore, suppression of the
`transmission of a mail notification to a third party other than the person themselves is enabled.
`[0024]
`(7) The server recited in any one of (1) to (6), characterized by said generation means generating modifications each
`time of said URL, on the occasion of generation of said notification mail.
`
`
`
`Page 5 of 27
`
`

`

`
`
`(6)
`
`
`
`[0025]
`By means of this type of configuration, on the occasion of login lock or release instructions, because said server
`generates a different URL on each occasion for access, such that the URL included in the notifications which may
`be transmitted are different. Therefore, because there is a great reduction in the possibility of the third-party, other
`than the person themselves who is in receipt of the notification mail, becoming aware of the URL.
`[0026]
`(8) The server recited in any one of (1) to (7), characterized by said generation means generating said message
`including identification information of the terminal that said user ID employed.
`[0027]
`By means of this type of configuration, said server can notify the user themselves of the identification information of
`the terminal making the login request or login lock release request. Therefore, in the event that there was a request
`by a third-party, a means to identify the request source is enabled.
`[0028]
`(9) A method of managing a computer which logs in users to a specific service, characterized by comprising a
`recording step recording at least the first mail address related to the user ID of the user,
`and a generation step generating a notification mail including a URL identifying the message notifying that there
`had been said request and said message, in correspondence with the receipt of a login request using said user ID,
`and the transmission step transmitting a notification mail generated by means of said generation step to the mail
`address recorded by means of said recording step,
`and a reception step not only accessing said URL included in the notification mail transmitted by said transmission
`step, but also receiving suppression instructions of the login using said user ID,
`and a verification step verifying by comparing the user ID in correspondence with said URL, in correspondence with
`the reception of access from said reception step,
`and a suppression step suppressing login to said specific service using the user ID verified by means of said
`verification step, when there is receipt of suppression instructions of said login.
`[0029]
`By means of this type of configuration, the same benefits as in (1) can be expected by means of the implementation
`of said method
`[0030]
`(10) A program implementing the method recited in (9) on a computer.
`[0031]
`By means of this type of configuration, the same benefits as in (1) can be expected by means of executing said
`program on a computer.
`[Effects of the Invention]
`[0032]
`By means of the present invention, the user themselves may easily be made aware of the occurrence of unlawful
`logins, in addition to enabling the performance of secure verification of the user themselves in respect of the login
`lock thereafter.
`[Brief Description of the Drawings]
`[0033]
`Figure 1: a drawing representing the overall configuration of a system including the related elements to a
`management server relating to an embodiment of the present invention.
`Figure 2: a drawing representing the hardware configuration of a management server of an embodiment of the
`present invention.
`Figure 3: a drawing representing the functional configuration of the management server of an embodiment of the
`present invention.
`Figure 4: a drawing representing the login management table of an embodiment of the present invention.
`Figure 5: a flowchart representing the processes in the control means of an embodiment of the present invention.
`Figure 6: a content example of the notification mail transmitted when there is receipt of a login request during the
`lock release currently in progress by the management server of an embodiment of the present invention.
`
`
`
`Page 6 of 27
`
`

`

`
`
`(7)
`
`
`
`Figure 7: a content example of the notification mail transmitted when there is receipt of a release request of the lock
`during a login lock by the management server of an embodiment of the present invention.
`[Embodiments of the invention]
`[0034]
`Hereafter, one example of an embodiment of the present invention is explained while referring to the drawings
`[0035]
`[Overall system configuration]
`Figure 1 is a drawing representing the overall configuration of a system including the related elements to a
`management server 10 relating to this embodiment. This system comprises the management server 10, the non-
`specified user terminal 20, and the terminal 30 of the user themselves who are registered for use of a specific
`service. The terminal 20 and terminal 30 can be connected to the management server 10 via a network such as the
`Internet.
`[0036]
`When management server 10 is in receipt of a login request from terminal 20, a notification mail is transmitted to
`the mail address of the user themselves who is previously registered, notifying the user of the terminal 30 in receipt
`of the notification mail of the login request. Then, the login is locked using the user ID of the person themselves, in
`correspondence with access from the URL (uniform resource locator) included in the notification mail.
`[0037]
`Moreover, when the management server 10 is in receipt of a release request from lock in lock from terminal 20, a
`notification mail is transmitted in the same manner as when login is requested, notifying the user themselves of the
`terminal 30 who received the notification mail of the fact that there had been a request for release of the log in lock.
`Then, the login lock is released using the user ID of the person themselves, in correspondence with access to the
`URL included in the notification mail.
`[0038]
`Now, with this system, when there is the provision of services requiring user verification, the login management of
`this invention is explained implementing a configuration with a single management server 10, but this invention is
`not limited to that configuration. In other words, each function may be distributed over multiple servers.
`[0039]
`[Hardware configuration]
`Figure 2 is a drawing representing the hardware configuration of a management server 10 of this embodiment. The
`management server 10 comprises he the control means 300 configuring the CPU (central processing unit) 310 (in
`multiprocessor configurations, multiple CPUs may be added such as CPU 320), bus line 200, communications I/F
`(I/F: interface) 330, main memory 340, BIOS (basic input output system) 350, I/oh controller 360, hard disk 370,
`optical disk drive 380, and the semiconductor memory 390. Now, the totality of the hard disk 370, the optical disk
`drive 380 and the semiconductor memory 390 are termed the recording device 410.
`[0040]
`The control means 300 is the part comprehensively controlling the management server 10, and operates
`cooperatively with the above described hardware, to implement all the kinds of functions of the present invention,
`by means of appropriately reading out and executing all kinds of programs recorded in the hard disk 370 (described
`later).
`[0041]
`The communications I/F 330 is the network adapter when the management server 10 transmits and receives
`information to and from terminal 20, terminal 30 of figure 1 or other information terminals and the like via the
`network. The communications I/F 330 may include modems, cable/modem and an Ethernet (registered trade
`name)/adapter.
`[0042]
`BIOS 350 records the booting program implemented by CPU 310 when the management server 10 is started up, and
`programs on the like on which the hardware of the management server 10 depend.
`
`
`
`Page 7 of 27
`
`

`

`
`
`(8)
`
`
`
`[0043]
`The I/O controller 360 may be connected to the recording device 410 such as the hard disk 370, the optical disk
`drive 380, and the semiconductor memory 390 and the like.
`[0044]
`All kinds of programs in order for the management server 10 to cause this hardware to function, and programs
`implementing the functions of this invention are recorded in the hard disk 370. Now, the management server 10 may
`avail of external recording devices incorporating separately provided hard disks in the exterior means (not illustrated
`in the figures).
`[0045]
`As the optical disk drive 380, for example, DVD-ROM drives, CD-ROM drives, DVD-RAM drives and CD-RAM
`drives may be employed in that event, an optical disk 400 is employed in correspondence with each drive. Programs
`or data are read out from the optical disk 400 by means of the optical disk drive 380, and may be provided to the
`main memory 340 or the hard disk 370 fire the ice/oh controller 360.
`[0046]
`Now, what is referred to as a computer in this invention refers to an information processing device comprising
`memory devices, controlled means, and the like, and the management server 10 is configured from an information
`processing device comprising the recording devices 410, the control means 300 and the like, and this information
`processing device includes the concept of the computer of the present invention.
`[0047]
`[Functional Configuration]
`Figure 3 is a drawing representing the functional configuration of the management server 10 of this embodiment.
`The control means 300 of the management server 10 comprises the login reception/control means 11 (first
`notification means, second notification means), and the notification mail generation means 12 (generation means),
`and the notification mail transmission means 13 (transmission means), and the lock/release control reception means
`14 (reception means), and the verification of the person means 15 (verification means), and the lock/release control
`means 16 (suppression means). Moreover the recording device 410 of the management server 10 comprises a login
`management database 17 (recording means).
`[0048]
`The login reception/control means 11 is in receipt of login requests for the service provided to the management
`server 10 from the terminal 20. Specifically, the login reception/control means 11 is in receipt of the input of a user
`ID and password from terminal 20, and performs verification by means of comparing them with the user information
`recorded in the login management database 17.
`[0049]
`Moreover, when the login lock is set, the login reception/control means 11 may be in receipt of release requests of
`this login lock. Now, the release requests of login lock may be by the same input as the login requests. In that event,
`the login reception/control means 11 may determine that it is a release request if already locked, in correspondence
`with the current login lock status.
`[0050]
`In addition, the login reception/control means 11 (first notification means) on receiving a login request, before
`transmitting the later described notification mail, notifies the login request source which is terminal 20 of the
`information representing the mail address of the transmission source of this notification mail. Moreover, the login
`reception/control means 11 (second notification means) in the event of receiving a release a request of the login
`lock, before transmitting a similar notification mail, notifies the request source which is the terminal 20 of the
`information representing the mail address of the transmission destination of this notification mail.
`[0051]
`The notification mail generation means 12, in correspondence with the receipt of a login request by the login
`reception/control means 11, generates a message for the notification of the occurrence of this request. Moreover, the
`notification mail generation means 12 generates a link between the URL (a one-time URL) identifying this
`notification message and the user ID. Then, the notification mail generation means 12 generates a notification mail
`including the generated message and one-time URL.
`
`
`
`Page 8 of 27
`
`

`

`
`
`(9)
`
`
`
`[0052]
`Here, the one-time URL may be generated afresh on each occasion of generation of a notification mail. By this
`means, because the URLs included in notification mails are mutually distinct, they guarantee a high probability of
`access from the terminal 30 in receipt of this notification mail.
`[0053]
`Figure 4 is a drawing representing the login management database 17 of this embodiment. This login management
`table records the password, user status, mail address, URL and lock-in status related to the user ID.
`[0054]
`The status is the current status of the user, in other words, represents whether they are currently logged in or logged
`out. The mail address is an email address at which the user can receive messages, and is preferably for example a
`mail address and the like of a mobile telephone which only the user can frequently check. The URL is the above
`described one-time URL, and is a one-time identification code in order to receive instructions for login lock or login
`lock release. Moreover, the lock status represents, for example, distinguishing between currently a lock request in
`progress, already locked, currently a request for release on progress, currently released, and the like as the login lock
`status of said user ID.
`[0055]
`Returning to figure 3, the notification mail transmission means 13 transmits the notification mail generated by
`means of the notification mail generation means 12 to the mail address recorded in the login management table as
`the consignee. Because the transmitted notification mail is received by means of terminal 30, it can be recognized by
`the user themselves as the receipt of a login request by the login reception/control means 11.
`[0056]
`The lock/release control reception means 14 is in receipt of access by means of the one-time URL included in the
`notification mail from the terminal 30 receiving the notification mail. This access refers to login lock instructions are
`login lock release instructions. For example, when the login reception/control means 11 is in receipt of a login
`request, and the lock status of the login management table (figure 4) is a lock currently being applied for, the one-
`time URL included in the notification mail becomes the link to the page instructing the login lock. Moreover, when
`the login reception/control means 11 is in receipt of a login lock release request, and the lock status of the login
`management table is a lock release currently being applied for, the one-time URL included in the notification mail
`links to the page instructing the login lock release.
`[0057]
`Furthermore, the lock/release control reception means 14 receives the user ID and password from the terminal 30, in
`the event of a login lock release instruction, it is additionally in receipt of the input of a new password, for use in
`password update.
`[0058]
`The individual verification means 15 performs a verification of the user ID of the user receiving access from the
`lock/release control reception means 14. Specifically, the individual verification means 15 performs verification by
`means of comparing the user ID and password received from the block/release control reception means 14 with the
`user information registered in the login management database 17.
`[0059]
`When the lock/release control means 16 completes the check that they are instructions from the actual person by
`means of the individual verification means 15, it performs login lock or login lock release. In other words, it
`modifies the lock status of the login management table (fi