User information management system; user information management method; program, and recording medium on which it is recorded, for management server; program, and recording medium on which it is recorded, for user terminal; and program, and recording medium on which it is recorded, for service server

US 10,382,430 B2
Filed: 06/23/2015
Issued: 08/13/2019
Est. Priority Date: 07/28/2014
Status: Active Grant

First Claim

Patent Images

1. A user information management system comprising:

a management server for managing information on a group of users;

user terminals respectively corresponding to the users; and

a service server for providing services to the users;

wherein the management server, the service server, and the user terminals are connected via a network to enable mutual transmission and reception of data;

the management server and the service server are enabled for cryptographic communications with each other, wherein;

each of the user terminals includes a user side storage storing user identification information for identifying each of the users, a management authentication key used by the management server to authenticate each of the users, and a unique key that is unique to one of the users to carry out cryptographic communications with the management server and that is not provided to the service server;

the management server includes a user information storage storing user identification information for respectively identifying the users belonging to the group, the unique key, and the management authentication key, and decrypts encryption information encrypted by each of the user terminals, based on the unique key of the user, the unique key being stored in the user information storage;

each of the user terminals executes a first step of encrypting, based on the unique key, a session password and the management authentication key, and transmits the session password and the management authentication key to the service server;

the service server includes a storage device and a decryption request processor that receives the encrypted session password and the encrypted management authentication key from the user terminal, and transmits the encrypted session password and the encrypted management authentication key to the management server by means of the cryptographic communications;

the management server further includes a reply processor that;

causes the management server to decrypt, based on the unique key, the management authentication key and the session password which are transmitted from the decryption request processor;

compares the decrypted management authentication key with the management authentication key stored in the user information storage to perform authentication of the users; and

performs one of i) notifying an error of the authentication to the service server when the authentication fails, and ii) sending back the decrypted session password to the service server by means of cryptographic communications when the authentication succeeds;

the service server generates a service authentication key to allow each of the user terminals to receive provision of service;

the service server encrypts the generated service authentication key using the decrypted session password, and transmits to each of the user terminals the service authentication key;

each of the user terminals carries out a second step of acquiring the service authentication key by decrypting the encrypted service authentication key by means of the session password; and

each of the user terminals uses the acquired service authentication key to access the service server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A management server, a service server, and a plurality of user terminals are connected to each other via a network so as to be capable of transmitting and receiving data. The management server includes a user information storage unit that stores user identification information for identifying users belonging to a group, and an identification information notification processor that, each time a service to be provided to the users of the group is newly added, transmits the user identification information of the plurality of users belonging to the group to the service server by cryptographic communication, corresponding to the newly added service. The service server includes a service information storage unit for storing the user identification information of the plurality of users corresponding to the service, received from the identification information notification processor.

Citations

3 Claims

1. A user information management system comprising:
- a management server for managing information on a group of users;
  
  user terminals respectively corresponding to the users; and
  
  a service server for providing services to the users;
  
  wherein the management server, the service server, and the user terminals are connected via a network to enable mutual transmission and reception of data;
  
  the management server and the service server are enabled for cryptographic communications with each other, wherein;
  
  each of the user terminals includes a user side storage storing user identification information for identifying each of the users, a management authentication key used by the management server to authenticate each of the users, and a unique key that is unique to one of the users to carry out cryptographic communications with the management server and that is not provided to the service server;
  
  the management server includes a user information storage storing user identification information for respectively identifying the users belonging to the group, the unique key, and the management authentication key, and decrypts encryption information encrypted by each of the user terminals, based on the unique key of the user, the unique key being stored in the user information storage;
  
  each of the user terminals executes a first step of encrypting, based on the unique key, a session password and the management authentication key, and transmits the session password and the management authentication key to the service server;
  
  the service server includes a storage device and a decryption request processor that receives the encrypted session password and the encrypted management authentication key from the user terminal, and transmits the encrypted session password and the encrypted management authentication key to the management server by means of the cryptographic communications;
  
  the management server further includes a reply processor that;
  
  causes the management server to decrypt, based on the unique key, the management authentication key and the session password which are transmitted from the decryption request processor;
  
  compares the decrypted management authentication key with the management authentication key stored in the user information storage to perform authentication of the users; and
  
  performs one of i) notifying an error of the authentication to the service server when the authentication fails, and ii) sending back the decrypted session password to the service server by means of cryptographic communications when the authentication succeeds;
  
  the service server generates a service authentication key to allow each of the user terminals to receive provision of service;
  
  the service server encrypts the generated service authentication key using the decrypted session password, and transmits to each of the user terminals the service authentication key;
  
  each of the user terminals carries out a second step of acquiring the service authentication key by decrypting the encrypted service authentication key by means of the session password; and
  
  each of the user terminals uses the acquired service authentication key to access the service server.
- View Dependent Claims (2)
- - 2. The user information management system according to claim 1, wherein:
    - the management server further comprises a service server information storage storing service-server identification information for identifying the service server;
      
      the service server, when carrying out communications with the management server, transmits to the management server service-server identification information identifying the service server itself;
      
      each of the user terminals receives the service-server identification information from the management server;
      
      each of the user terminals, in the first step, further encrypts the service-server identification information based on the unique key and transmits to the service server, the service-server identification information;
      
      the decryption request processor of the service server further receives the encrypted service-server identification information from a user terminal, and transmits the encrypted service-server identification information to the management server by means of the cryptographic communications; and
      
      the reply processor of the management serverdecrypts the service-server identification information transmitted from the decryption request processor based on the unique key,checks whether or not the decrypted service-server identification information matches the service-server identification information for that service server from which the service-server identification information has been transmitted, andwhen the decrypted service-server identification information does not match the service-server identification information, the decrypted session password is not transmitted to the service server even when the authentication succeeds as a result of comparison of the decrypted management authentication key with the management authentication key stored in the user information storage.

3. A user information management method for managing user information on a group of users and corresponding user terminals comprising:
- storing, in a user side storage of each of the user terminals corresponding to the users, user identification information for identifying one of the users, a management authentication key used by a management server to authenticate one of the users, and a unique key that is unique to one of the users to carry out cryptographic communications with the management server, wherein the service server provides service to the users and is enabled for cryptographic communications with the management server, the management server manages information on the group of users and the unique key is not provided to the service server;
  
  storing, in a user information storage of the management server, user identification information for respectively identifying the users belonging to the group, the unique key, and the management authentication key;
  
  decrypting, by the management server, encryption information encrypted by each of the user terminals, based on the unique key of each of the users, the unique key being stored in the user information storage;
  
  executing by each of the user terminals a first step of encrypting, based on the unique key, a session password and the management authentication key and transmitting the session password and the authentication key to the service server;
  
  receiving at a decryption request processor of the service server the encrypted session password and the encrypted management authentication key from the user terminal and transmitting the encrypted session password and the encrypted management authentication key to the management server by means of the cryptographic communications with the service server;
  
  decrypting by a reply processor of the management server, based on the unique key, the management authentication key and the session password which are transmitted from the decryption request processor, where the reply processor of the management server further performs the following;
  
  comparing the decrypted management authentication key with the management authentication key stored in the user information storage to perform authentication of the users; and
  
  performing one of i) notifying an error of the authentication to the service server when the authentication fails, and ii) sending back the decrypted session password to the service server by means of cryptographic communications when the authentication succeeds;
  
  generating, by the service server, a service authentication key to allow the user terminal to receive provision of the service;
  
  encrypting, by the service server, using the decrypted session password, the generated service authentication key, and transmitting the service authentication key to each of the user terminals;
  
  executing a second step by each of the user terminals of acquiring a service authentication key by decrypting the encrypted service authentication key by means of the session password; and
  
  accessing the service server by each of the user terminals using the acquired service authentication key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Encryptier Co., Ltd.
Original Assignee
Encryptier Co., Ltd.
Inventors
Taguchi, Haruyoshi
Primary Examiner(s)
Lynch, Sharon S

Application Number

US15/326,668
Publication Number

US 20170201510A1
Time in Patent Office

1,512 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 2221/2115   Third party

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/083   using passwords cryptograph...

H04L 63/104   Grouping of entities

H04L 9/3226   using a predetermined code,...

H04L 9/3228   One-time or temporary data,...

H04W 12/06   Authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links