User information management system; user information management method; program, and recording medium on which it is recorded, for management server; program, and recording medium on which it is recorded, for user terminal; and program, and recording medium on which it is recorded, for service server
First Claim
1. A user information management system comprising:
- a management server for managing information on a group of users;
user terminals respectively corresponding to the users; and
a service server for providing services to the users;
wherein the management server, the service server, and the user terminals are connected via a network to enable mutual transmission and reception of data;
the management server and the service server are enabled for cryptographic communications with each other, wherein;
each of the user terminals includes a user side storage storing user identification information for identifying each of the users, a management authentication key used by the management server to authenticate each of the users, and a unique key that is unique to one of the users to carry out cryptographic communications with the management server and that is not provided to the service server;
the management server includes a user information storage storing user identification information for respectively identifying the users belonging to the group, the unique key, and the management authentication key, and decrypts encryption information encrypted by each of the user terminals, based on the unique key of the user, the unique key being stored in the user information storage;
each of the user terminals executes a first step of encrypting, based on the unique key, a session password and the management authentication key, and transmits the session password and the management authentication key to the service server;
the service server includes a storage device and a decryption request processor that receives the encrypted session password and the encrypted management authentication key from the user terminal, and transmits the encrypted session password and the encrypted management authentication key to the management server by means of the cryptographic communications;
the management server further includes a reply processor that;
causes the management server to decrypt, based on the unique key, the management authentication key and the session password which are transmitted from the decryption request processor;
compares the decrypted management authentication key with the management authentication key stored in the user information storage to perform authentication of the users; and
performs one of i) notifying an error of the authentication to the service server when the authentication fails, and ii) sending back the decrypted session password to the service server by means of cryptographic communications when the authentication succeeds;
the service server generates a service authentication key to allow each of the user terminals to receive provision of service;
the service server encrypts the generated service authentication key using the decrypted session password, and transmits to each of the user terminals the service authentication key;
each of the user terminals carries out a second step of acquiring the service authentication key by decrypting the encrypted service authentication key by means of the session password; and
each of the user terminals uses the acquired service authentication key to access the service server.
1 Assignment
0 Petitions
Accused Products
Abstract
A management server, a service server, and a plurality of user terminals are connected to each other via a network so as to be capable of transmitting and receiving data. The management server includes a user information storage unit that stores user identification information for identifying users belonging to a group, and an identification information notification processor that, each time a service to be provided to the users of the group is newly added, transmits the user identification information of the plurality of users belonging to the group to the service server by cryptographic communication, corresponding to the newly added service. The service server includes a service information storage unit for storing the user identification information of the plurality of users corresponding to the service, received from the identification information notification processor.
-
Citations
3 Claims
-
1. A user information management system comprising:
-
a management server for managing information on a group of users; user terminals respectively corresponding to the users; and a service server for providing services to the users; wherein the management server, the service server, and the user terminals are connected via a network to enable mutual transmission and reception of data; the management server and the service server are enabled for cryptographic communications with each other, wherein; each of the user terminals includes a user side storage storing user identification information for identifying each of the users, a management authentication key used by the management server to authenticate each of the users, and a unique key that is unique to one of the users to carry out cryptographic communications with the management server and that is not provided to the service server; the management server includes a user information storage storing user identification information for respectively identifying the users belonging to the group, the unique key, and the management authentication key, and decrypts encryption information encrypted by each of the user terminals, based on the unique key of the user, the unique key being stored in the user information storage; each of the user terminals executes a first step of encrypting, based on the unique key, a session password and the management authentication key, and transmits the session password and the management authentication key to the service server; the service server includes a storage device and a decryption request processor that receives the encrypted session password and the encrypted management authentication key from the user terminal, and transmits the encrypted session password and the encrypted management authentication key to the management server by means of the cryptographic communications; the management server further includes a reply processor that;
causes the management server to decrypt, based on the unique key, the management authentication key and the session password which are transmitted from the decryption request processor;
compares the decrypted management authentication key with the management authentication key stored in the user information storage to perform authentication of the users; and
performs one of i) notifying an error of the authentication to the service server when the authentication fails, and ii) sending back the decrypted session password to the service server by means of cryptographic communications when the authentication succeeds;the service server generates a service authentication key to allow each of the user terminals to receive provision of service; the service server encrypts the generated service authentication key using the decrypted session password, and transmits to each of the user terminals the service authentication key; each of the user terminals carries out a second step of acquiring the service authentication key by decrypting the encrypted service authentication key by means of the session password; and each of the user terminals uses the acquired service authentication key to access the service server. - View Dependent Claims (2)
-
-
3. A user information management method for managing user information on a group of users and corresponding user terminals comprising:
-
storing, in a user side storage of each of the user terminals corresponding to the users, user identification information for identifying one of the users, a management authentication key used by a management server to authenticate one of the users, and a unique key that is unique to one of the users to carry out cryptographic communications with the management server, wherein the service server provides service to the users and is enabled for cryptographic communications with the management server, the management server manages information on the group of users and the unique key is not provided to the service server; storing, in a user information storage of the management server, user identification information for respectively identifying the users belonging to the group, the unique key, and the management authentication key; decrypting, by the management server, encryption information encrypted by each of the user terminals, based on the unique key of each of the users, the unique key being stored in the user information storage; executing by each of the user terminals a first step of encrypting, based on the unique key, a session password and the management authentication key and transmitting the session password and the authentication key to the service server; receiving at a decryption request processor of the service server the encrypted session password and the encrypted management authentication key from the user terminal and transmitting the encrypted session password and the encrypted management authentication key to the management server by means of the cryptographic communications with the service server; decrypting by a reply processor of the management server, based on the unique key, the management authentication key and the session password which are transmitted from the decryption request processor, where the reply processor of the management server further performs the following; comparing the decrypted management authentication key with the management authentication key stored in the user information storage to perform authentication of the users; and performing one of i) notifying an error of the authentication to the service server when the authentication fails, and ii) sending back the decrypted session password to the service server by means of cryptographic communications when the authentication succeeds; generating, by the service server, a service authentication key to allow the user terminal to receive provision of the service; encrypting, by the service server, using the decrypted session password, the generated service authentication key, and transmitting the service authentication key to each of the user terminals; executing a second step by each of the user terminals of acquiring a service authentication key by decrypting the encrypted service authentication key by means of the session password; and accessing the service server by each of the user terminals using the acquired service authentication key.
-
Specification