System for authenticating access to a network, storage medium, program and method for authenticating access to a network

US 20020026590A1
Filed: 03/13/2001
Published: 02/28/2002
Est. Priority Date: 03/13/2000
Status: Abandoned Application

First Claim

Patent Images

1. An access authentication system for providing a client with a service of connection to a second terminal server via a first terminal server, characterized by comprising:

a first authentication server for determining whether or not the client should be connected to the first terminal server, on the basis of personal information input by the client to the first terminal server, the first authentication server creating first ticket data by encoding a client parameter, which includes part of the personal information, on the basis of a predetermined formula, and transferring the first ticket data to the second terminal server; and

a second authentication server for detecting whether or not the client parameter is valid and whether or not the first ticket data has been used, creating second ticket data by encoding the client parameter on the basis of a predetermined formula, comparing the first and second ticket data, and supplying the second terminal server with data indicative of whether or not the second terminal server should be connected to the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention comprises a first authentication server for determining whether or not a client terminal should be connected to a first terminal server, on the basis of personal information input from the client terminal, creating first ticket data by encoding a client parameter, and transferring the first ticket data to the second terminal server, and a second authentication server for detecting whether or not the client parameter is valid and whether or not the first ticket data has been used, creating second ticket data by encoding the client parameter, comparing the first and second ticket data, and supplying the second terminal server with data indicative of whether or not the second terminal server should be connected to the client.

Citations

20 Claims

1. An access authentication system for providing a client with a service of connection to a second terminal server via a first terminal server, characterized by comprising:
- a first authentication server for determining whether or not the client should be connected to the first terminal server, on the basis of personal information input by the client to the first terminal server, the first authentication server creating first ticket data by encoding a client parameter, which includes part of the personal information, on the basis of a predetermined formula, and transferring the first ticket data to the second terminal server; and
  
  a second authentication server for detecting whether or not the client parameter is valid and whether or not the first ticket data has been used, creating second ticket data by encoding the client parameter on the basis of a predetermined formula, comparing the first and second ticket data, and supplying the second terminal server with data indicative of whether or not the second terminal server should be connected to the client.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The access authentication system according to claim 1, characterized in that the predetermined formula is summarization using a one-way function.
  - 3. The access authentication system according to claim 1, characterized in that the client parameter includes at least one of ID information of the client, an access-originator IP address and an expiration date set for the first ticket data.
  - 4. The access authentication system according to claim 1, characterized in that the first and second authentication servers include a predetermined common character string in the first and second ticket data, respectively.
  - 5. The access authentication system according to claim 4, characterized in that the common character string is changed at a predetermined point in time.

6. An access authentication system for providing a client with a service of connection to a second terminal server via a first terminal server, characterized by comprising:
- a first authentication server for determining whether or not the client should be connected to the first terminal server, on the basis of ID information and a password input by the client to the first terminal server, the first authentication server creating first ticket data by encoding client parameters, which include the ID information, an access-originator IP address of the client, a predetermined expiration date and a common character string, on the basis of a predetermined formula, and transferring the first ticket data to the second terminal server; and
  
  a second authentication server for comparing an access-originator IP address input by the client to the second terminal server with the access-originator IP address of the client included in the client parameter, thereby determining whether or not access by the client has been executed on or before the expiration date, determining whether or not the first ticket data has been used, creating second ticket data by encoding the client parameters on the basis of a predetermined formula, comparing the first and second ticket data, and supplying the second terminal server with data indicative of whether or not the second terminal server should be connected to the client.

7. An access authentication system for providing a client with a service of connection to a second terminal server via a first terminal server, characterized by comprising:
- first personal information acquiring means for acquiring personal information input by the client to the first terminal server;
  
  first authentication means for determining whether or not the client should be connected to the first terminal server, on the basis of the personal information;
  
  first ticket data creating means for creating first ticket data by encoding a client parameter, which includes part of the personal information, on the basis of a predetermined formula;
  
  transfer means for transferring data to the second terminal server;
  
  second personal information acquiring means for acquiring personal information input by the client to the second terminal server; and
  
  second authentication means for creating second ticket data by encoding the client parameter, which contains the part of the personal information, on the basis of a predetermined formula, comparing the first and second ticket data, and supplying the second terminal server with data indicative of whether or not the second terminal server should be connected to the client.
- View Dependent Claims (8, 9, 10, 11)
- - 8. The access authentication system according to claim 7, characterized in that the predetermined formula is summarization using a one-way function.
  - 9. The access authentication system according to claim 7, characterized in that the first and second ticket creating means include a predetermined common character string in the first and second ticket data, respectively.
  - 10. The access authentication system according to claim 7, characterized in that the second authentication means judges validity of the first ticket data.
  - 11. The access authentication system according to claim 7, characterized in that the second authentication means judges legality of the client parameter.

12. An access authentication system for providing a client with a service of connection via a first terminal server, characterized by comprising:
- first personal information acquiring means for acquiring personal information from the client;
  
  first authentication means for determining whether or not the client should be connected to the first terminal server, on the basis of the personal information;
  
  first ticket data creating means for creating first ticket data by encoding a client parameter, which includes at least part of the personal information, on the basis of a predetermined formula if the first authentication means determines that the client should be connected to the first terminal server; and
  
  transfer means for transferring the first ticket data.

13. An access authentication system for providing a client with a service of connection to a second terminal server, characterized by comprising:
- first ticket data acquiring means for acquiring first ticket data created by encoding a client parameter, which includes part of personal information of the client, on the basis of a predetermined formula;
  
  second personal information acquiring means for acquiring personal information from the client;
  
  second ticket creating means for creating second ticket data by encoding a client parameter, which includes part of personal information acquired by the second personal information acquiring means, on the basis of a predetermined formula; and
  
  judging means for comparing the first and second ticket data, and judging whether or not the client should be connected to the second terminal server.

14. A computer-readable storage medium that stores a program for operating a computer, the program being characterized by comprising:
- first personal information acquiring means for acquiring personal information from a client in a first terminal server;
  
  first authentication means for determining whether or not the client should be connected to the first terminal server, on the basis of the personal information;
  
  first ticket data creating means for creating first ticket data by encoding a client parameter, which includes at least part of the personal information, on the basis of a predetermined formula if the first authentication means determines that the client should be connected to the first terminal server;
  
  transfer means for transferring the first ticket data to a second terminal server;
  
  first ticket data acquiring means for acquiring the first ticket data in the second terminal server;
  
  second personal information acquiring means for acquiring personal information from the client in the second terminal server;
  
  second ticket creating means for creating second ticket data by encoding a client parameter, which includes part of personal information, on the basis of the predetermined formula; and
  
  second authentication means for comparing the first and second ticket data, thereby determining whether or not the client should be connected to the second terminal server.

15. A computer-readable storage medium that stores a program for operating a computer, the program being characterized by comprising:
- first personal information acquiring means for acquiring personal information from the client in a first terminal server;
  
  first authentication means for determining whether or not the client should be connected to the first terminal server, on the basis of the personal information;
  
  first ticket data creating means for creating first ticket data by encoding a client parameter, which includes at least part of the personal information, on the basis of a predetermined formula if the first authentication means determines that the client should be connected to the first terminal server; and
  
  transfer means for transferring the first ticket data.

16. A computer-readable storage medium that stores a program for operating a computer, the program being characterized by comprising:
- first ticket data acquiring means for acquiring first ticket data created by encoding a client parameter, which includes part of personal information of the client, on the basis of a predetermined formula in a second terminal server;
  
  second personal information acquiring means for acquiring personal information from the client in the second terminal server;
  
  second ticket creating means for creating second ticket data by encoding a client parameter, which includes part of the personal information, on the basis of the predetermined formula; and
  
  second authentication means for comparing the first and second ticket data, thereby determining whether or not the client should be connected to the second terminal server.

17. A program for operating a computer, comprising:
- first personal information acquiring means for acquiring personal information from a client in a first terminal server;
  
  first authentication means for determining whether or not the client should be connected to the first terminal server, on the basis of the personal information;
  
  first ticket data creating means for creating first ticket data by encoding a client parameter, which includes at least part of the personal information, on the basis of a predetermined formula if the first authentication means determines that the client should be connected to the first terminal server;
  
  transfer means for transferring the first ticket data to a second terminal server;
  
  first ticket data acquiring means for acquiring the first ticket data in the second terminal server;
  
  second personal information acquiring means for acquiring personal information from the client in the second terminal server;
  
  second ticket creating means for creating second ticket data by encoding a client parameter, which includes part of personal information, on the basis of the predetermined formula; and
  
  second authentication means for comparing the first and second ticket data, thereby determining whether or not the client should be connected to the second terminal server.

18. A program for operating a computer, comprising:
- first personal information acquiring means for acquiring personal information from the client in a first terminal server;
  
  first authentication means for determining whether or not the client should be connected to the first terminal server, on the basis of the personal information;
  
  first ticket data creating means for creating first ticket data by encoding a client parameter, which includes at least part of the personal information, on the basis of a predetermined formula if the first authentication means determines that the client should be connected to the first terminal server; and
  
  transfer means for transferring the first ticket data.

19. A program for operating a computer, comprising:
- first ticket data acquiring means for acquiring first ticket data created by encoding a client parameter, which includes part of personal information of the client, on the basis of a predetermined formula in a second terminal server;
  
  second personal information acquiring means for acquiring personal information from the client in the second terminal server;
  
  second ticket creating means for creating second ticket data by encoding a client parameter, which includes part of the personal information, on the basis of the predetermined formula; and
  
  second authentication means for comparing the first and second ticket data, thereby determining whether or not the client should be connected to the second terminal server.

20. An access authentication method for providing a client with a service of connection to a second terminal server via a first terminal server, characterized by comprising:
- a first authentication step of determining whether or not the client should be connected to the first terminal server;
  
  a first ticket data creating step of creating first ticket data by encoding a client parameter, which includes at least part of personal information input by the client, on the basis of a predetermined formula;
  
  a data transfer step of transferring the client parameter and the first ticket data to the second terminal server;
  
  a detection step of detecting whether or not the client parameter in the first terminal server is valid, and whether or not the first ticket data has been used;
  
  a second ticket data creating step of creating a second ticket data by encoding the client parameter on the basis of a predetermined formula;
  
  a ticket data comparison step of comparing the second ticket data with the first ticket data; and
  
  a second authentication step of determining whether or not the client should be connected to the second terminal server, on the basis of results obtained at the determination step and the comparison step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yahoo Japan Corporation (A Holdings Corp.)
Original Assignee
Yahoo Japan Corporation (A Holdings Corp.)
Inventors
Kusunoki, Masanori

Application Number

US09/805,284
Publication Number

US 20020026590A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

G06F 21/335   for accessing specific reso...

G06F 2221/2115   Third party

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

System for authenticating access to a network, storage medium, program and method for authenticating access to a network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for authenticating access to a network, storage medium, program and method for authenticating access to a network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links