User authentication method and system for implementing same

US 10,574,647 B2
Filed: 08/31/2015
Issued: 02/25/2020
Est. Priority Date: 09/01/2014
Status: Active Grant

First Claim

Patent Images

1. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:

an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;

a synchronization server that generates at least one token code based on the token ID included in the user account information; and

an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request, and transmits an authentication determination result to the usage target system,wherein, if the authentication server receives an authentication request prior notification from the information communication terminal being in a communicative condition, before receiving the user authentication request, the authentication server performs the authentication determination on the user authentication request based on comparison of a first token code generated by the synchronization server with a password included in the user authentication request, andwherein, if the authentication server receives the user authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the user authentication request based on comparison of a set of at least the first token code and a second token code generated by the synchronization server with a set of a password and an additional code included in the user authentication request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new user authentication method which prevents illicit access to a system includes an authentication system which authenticates a user. The authentication system includes a database which manages user account information including a token ID which identifies a security token; a synchronization server which generates token codes on the basis of the token ID; and an authentication server which carries out an authentication determination transmitted from the system, and transmits the result to the system subject to use. If a prior notification of an authentication request is received prior to receiving the user authentication request, the authentication server carries out the authentication determination using a first token code. Alternatively, if the user authentication request is received without prior notification of the authentication request being received, the authentication server carries out the authentication determination using the first token code and a second token code.

28 Citations

13 Claims

1. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
- an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
  
  a synchronization server that generates at least one token code based on the token ID included in the user account information; and
  
  an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request, and transmits an authentication determination result to the usage target system,wherein, if the authentication server receives an authentication request prior notification from the information communication terminal being in a communicative condition, before receiving the user authentication request, the authentication server performs the authentication determination on the user authentication request based on comparison of a first token code generated by the synchronization server with a password included in the user authentication request, andwherein, if the authentication server receives the user authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the user authentication request based on comparison of a set of at least the first token code and a second token code generated by the synchronization server with a set of a password and an additional code included in the user authentication request.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The authentication system according to claim 1, wherein, if the authentication server receives the authentication request prior notification from the information communication terminal of a user, the authentication server performs control to set an authentication request flag associated with the user at a value indicating that the authentication request flag is enabled, andif the value of the authentication request flag indicates that the authentication request flag is enabled, the authentication server performs the authentication determination on the user authentication request by comparing a password included in the user authentication request with the first token code.
  - 3. The authentication system according to claim 2, wherein the authentication server resets the value of the authentication request flag to a value indicating that the authentication request flag is disabled when a predetermined time elapses following reception of the authentication request prior notification.
  - 4. The authentication system according to claim 2, wherein, if the user authentication request does not include an additional code and the value of the authentication request flag indicates that the authentication request flag is disabled, the authentication server transmits an authentication determination result indicating that the user authentication request is not permitted to the usage target system.
  - 5. The authentication system according to claim 1, wherein the authentication server performs control to register the authentication determination result in the authentication database as authentication history information, andwherein the authentication database manages the authentication history information for each user.
  - 6. The authentication system according to claim 1, wherein the authentication database manages a password derivation pattern for each user, the password derivation pattern being constituted by specific elements selected from a plurality of elements forming a geometric pattern.

7. An information communication terminal used in authentication by an authentication system that authenticates a user who uses a usage target system, comprising:
- a memory configured to store a password derivation pattern constituted by specific elements selected from a plurality of elements forming a geometric pattern;
  
  a communication module configured to transmit an authentication request prior notification to the authentication system; and
  
  a processor configured toobtain at least one token code that is in synchronization with at least one token code generated by the authentication system from a security token of the user;
  
  generate a code table by assigning a first token code obtained to the specific elements forming the password derivation pattern within the geometric pattern, and assign an arbitrary code to remaining elements of the geometric pattern;
  
  generate an additional code based on a second token code obtained; and
  
  display a reference screen on a user interface,wherein, in a communicative condition, the processor displays the reference screen on the user interface so as to include the code table generated, and the communication module transmits the authentication request prior notification to the authentication system, so that if an authentication server of the authentication system receives the authentication request prior notification from the information communication terminal being in the communicative condition, before receiving the authentication request, the authentication server performs an authentication determination on the authentication request based on comparison of the first token code generated by a synchronization server of the authentication system with a password included in the authentication request, and if the authentication server receives the authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the authentication request based on comparison of a set of at least the first token code and the second token code generated by the synchronization server with a set of a password and an additional code included in the authentication request, andin a non-communicative condition, the processor displays the reference screen on the user interface so as to include the code table generated and the additional code generated.
- View Dependent Claims (8)
- - 8. The information communication terminal according to claim 7, wherein, if the information communication terminal is in the communicative condition, the processor displays the reference screen on the user interface so as to also include the additional code generated.

9. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
- an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
  
  a synchronization server that generates at least one token code based on the token ID included in the user account information;
  
  a prior authentication server that receives an authentication request prior notification transmitted from the information communication terminal of a user, and manages a prior notification condition of the user based on the authentication request prior notification; and
  
  an authentication server which, upon reception of a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request in accordance with an authentication request state of the user, which is managed by the prior authentication server, and transmits an authentication determination result to the usage target system,wherein, if the prior notification condition of the user is active, the authentication server performs the authentication determination on the user authentication request based on comparison of a first token code generated by the synchronization server with a password included in the user authentication request, andwherein, if the user authentication request is received while the prior notification condition of the user is inactive, the authentication server performs the authentication determination on the user authentication request based on comparison of a set of the first token code and a second token code generated by the synchronization server with a set of a password and an additional code included in the user authentication request.

10. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
- an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
  
  a synchronization server that generates at least one token code based on the token ID included in the user account information;
  
  a prior authentication server that receives an authentication request prior notification transmitted from the information communication terminal of a user, and manages a prior notification condition of the user based on the authentication request prior notification; and
  
  an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request based on the at least one token code, and transmits an authentication determination result to the usage target system,wherein the authentication server performs control to register the authentication determination result in the authentication database as authentication history information, andwherein, if the authentication determination result registered in the authentication database indicates successful authentication to a first usage target system, the authentication server makes, based on the at least one token code, an authentication determination on a user authentication request transmitted from a second usage target system.
- View Dependent Claims (13)
- - 13. The authentication system according to claim 10, wherein the authentication server transmits the authentication history information to the second usage target system.

11. A user authentication method executed by an authentication system in order to authenticate a user who uses a usage target system, comprising:
- managing user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
  
  generating at least one token code based on the token ID included in the user account information;
  
  receiving a user authentication request transmitted from the usage target system and performing an authentication determination on the user authentication request; and
  
  transmitting an authentication determination result to the usage target system,wherein the authentication determination includes, if an authentication request prior notification, which is transmitted while an information communication terminal of the user is in a communicative condition, is received before receiving the user authentication request, performing authentication determination on the user authentication request based on comparison of a first token code with a password included in the user authentication request, andwherein the authentication determination includes, if the user authentication request is received without receiving the authentication request prior notification, performing authentication determination on the user authentication request based on comparison of a set of the first token code and a second token code with a set of a password and an additional code included in the user authentication request.

12. A product comprising a non-transitory computer-readable medium storing a program for authenticating, by an authentication system, a user who uses a usage target system,wherein, the program being executed under control of a processor of an information communication terminal causes the information communication terminal to perform to:
- store a password derivation pattern constituted by specific elements selected from a plurality of elements forming a geometric pattern;
  
  transmit an authentication request prior notification to the authentication system;
  
  obtain at least one token code that is in synchronization with at least one token code generated by the authentication system from a security token of the user;
  
  generate a code table by assigning a first token code obtained to the specific elements forming the password derivation pattern within the geometric pattern, and assigning an arbitrary code to remaining elements of the geometric pattern;
  
  generate an additional code based on a second token code obtained;
  
  display a reference screen on a user interface; and
  
  in a communicative condition, display the reference screen on the user interface so as to include the code table generated, and transmit the authentication request prior notification to the authentication system, so that if an authentication server of the authentication system receives the authentication request prior notification from the information communication terminal being in the communicative condition, before receiving the authentication request, the authentication server performs an authentication determination on the authentication request based on comparison of the first token code generated by a synchronization server of the authentication system with a password included in the authentication request, and if the authentication server receives the authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the authentication request based on comparison of a set of at least the first token code and the second token code generated by the synchronization server with a set of a password and an additional code included in the authentication request, and in a non-communicative condition, display the reference screen on the user interface so as to include the code table generated and the additional code generated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Passlogy Co.,Ltd.
Original Assignee
Passlogy Co.,Ltd.
Inventors
Ogawa, Hideharu
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Almaghayreh, Khalid M

Application Number

US15/507,016
Publication Number

US 20170257359A1
Time in Patent Office

1,639 Days
Field of Search

726 2, 726 4- 7, 726 9- 10, 726 17- 21, 726 27- 29, 713150, 713185
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/30   Authentication, i.e. establ...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 9/3226   using a predetermined code,...

User authentication method and system for implementing same

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

28 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

User authentication method and system for implementing same

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links