System and method for authentication

US 20030084294A1
Filed: 08/30/2002
Published: 05/01/2003
Est. Priority Date: 10/30/2001
Status: Abandoned Application

First Claim

Patent Images

1. An authentication system comprising a management apparatus that manages private information and a service providing apparatus that provides service to an information terminal, wherein:

said management apparatus comprises;

a private information database in which private information is registered, associating the private information with personal identification information therein;

a providing condition database in which service providing conditions required for private information are registered when said service providing apparatus provides the service therein;

a determination processing unit that reads the private information associated with personal identification information sent from said service providing apparatus, from said private information database, makes a judgment on whether said private information satisfies the service providing conditions registered in said providing condition database, and determines approval or denial of providing the service depending on a result of the judgment; and

a notification processing unit that notifies said service providing apparatus of approval or denial information indicating the judgment result of said determination processing unit, and said service providing apparatus comprises;

a personal identification information acquisition processing unit that acquires personal identification information from said information terminal;

an approval or denial information acquisition processing unit that sends the personal identification information acquired by said personal identification information acquisition processing unit to said management apparatus, to acquire approval or denial information from said management apparatus; and

a service providing processing unit that provides the service to said information terminal when the approval or denial information acquired by said approval or denial information acquisition processing unit indicates permission to provide the service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that can reduce possibility of outflow of private information in authentication of a user of an information terminal. A management apparatus has a user certificate DB in which a user certificate is registered in association with certificate identification information. Further, the management apparatus reads the user certificate associated with the certificate identification information sent from a service providing apparatus, from the user certificate DB, and judges whether the user certificate satisfies certain Web browsing conditions, to determine approval or denial of browsing the Web page concerned. Then, the management apparatus sends the service providing apparatus approval or denial information indicating the determination result. On the other hand, the service providing apparatus receives the certificate identification information from the information terminal, sends the certificate identification information to the management apparatus, and acquires the approval or denial information from the management apparatus. When the acquired approval or denial information indicates permission to browse the Web page, the service providing apparatus permits the information terminal to browse the Web page.

52 Citations

View as Search Results

15 Claims

1. An authentication system comprising a management apparatus that manages private information and a service providing apparatus that provides service to an information terminal, wherein:
- said management apparatus comprises;
  
  a private information database in which private information is registered, associating the private information with personal identification information therein;
  
  a providing condition database in which service providing conditions required for private information are registered when said service providing apparatus provides the service therein;
  
  a determination processing unit that reads the private information associated with personal identification information sent from said service providing apparatus, from said private information database, makes a judgment on whether said private information satisfies the service providing conditions registered in said providing condition database, and determines approval or denial of providing the service depending on a result of the judgment; and
  
  a notification processing unit that notifies said service providing apparatus of approval or denial information indicating the judgment result of said determination processing unit, and said service providing apparatus comprises;
  
  a personal identification information acquisition processing unit that acquires personal identification information from said information terminal;
  
  an approval or denial information acquisition processing unit that sends the personal identification information acquired by said personal identification information acquisition processing unit to said management apparatus, to acquire approval or denial information from said management apparatus; and
  
  a service providing processing unit that provides the service to said information terminal when the approval or denial information acquired by said approval or denial information acquisition processing unit indicates permission to provide the service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The authentication system according to claim 1, wherein:
    - said private information database of said management apparatus, in which the private information together with a public key certificate is registered, associating said private information and said public key certificate with the personal identification information;
      
      said determination processing unit of said management apparatus verifies signature information added to the personal identification information sent from said service providing apparatus, using the public key certificate registered in association with said personal identification information in said private information database;
      
      performs said judgment when the verification is successful;
      
      determines approval or denial of providing the service depending on the result of the judgment; and
      
      , on the other hand, determines rejection of providing the service when the verification fails;
      
      said personal identification information acquisition processing unit of said service providing apparatus acquires the personal identification information added with the signature information, from said information terminal; and
      
      said approval or denial information acquisition processing unit of said service providing apparatus sends said management apparatus the personal identification information added with the signature information, which is acquired by said personal identification information acquisition processing unit, to acquire the approval or denial information from said management apparatus.
  - 3. The authentication system according to claim 2, wherein:
    - said information terminal has a function as a Web browser;
      
      said service providing apparatus has a function as a Web server;
      
      said service providing processing unit of said service providing apparatus permits said information terminal to browse a certain Web page, when the approval or denial information acquired by said approval or denial information acquisition processing unit indicates permission to provide the service.
  - 4. The authentication system according to claim 2, wherein:
    - said information terminal has a function as a Web browser;
      
      said service providing apparatus has a network connecting function for connecting said information terminal to Web server through a network; and
      
      said service providing processing unit of said service providing apparatus permits said information terminal to browse a certain Web page provided by said Web server, when the approval or denial information acquired by said approval or denial information acquisition processing unit indicates permission to provide the service.
  - 5. The authentication system according to claim 4, wherein:
    - said certain Web page is a pay content;
      
      said service providing processing unit of said service providing apparatus performs accounting for use of said certain Web page by said information terminal that is permitted to browse said certain Web page.
  - 6. The authentication system according to claim 5, wherein:
    - said Web server, holding said certain Web page, holds a Web page including image information to which said certain Web page is set, in a state that said information terminal can browse said Web page including the image information.
  - 7. The authentication system according to claim 6, wherein:
    - said image information is set with a link, such that a select action of said image information of an operator of said information terminal causes the identification information of said certain Web page is sent together with identification information of said Web page including the image information under browsing by said information terminal, from said information terminal to said service providing apparatus;
      
      said service providing apparatus further comprises;
      
      a relation information acquisition processing unit that sends said management apparatus the identification information of said certain Web page and the identification information of said Web page including the image information;
      
      acquires information on a relation between said certain Web page and said Web page including the image information; and
      
      sends the acquired information to said information terminal; and
      
      said management apparatus further comprises;
      
      a Web page identification information database, in which the identification information of said certain Web page is registered, associating said identification information with the identification information of said Web page including the image information to which said identification information of said certain Web page is set; and
      
      a verification processing unit that verifies the relation between said certain Web page and said Web page including the image information, by examining whether the identification information of said certain Web page and the identification information of said Web page including the image information (both sent from said service providing apparatus) are registered in association with each other in said Web page identification information database; and
      
      notifies said service providing apparatus of a result of verification.
  - 8. The authentication system according to claim 2, wherein:
    - said service providing apparatus further comprises;
      
      a settlement request acquisition processing unit that receives a settlement request (which includes seller identification information, transaction amount information and a management identification information) from a seller terminal;
      
      a consumer account management database in which an account is registered, associating the account with personal identification information; and
      
      a seller account management database in which an account is registered, associating the account with seller identification information;
      
      said personal identification information acquisition processing unit of said service providing apparatus acquires the personal identification information together with management identification information from said information terminal; and
      
      when the approval or denial information acquired by said approval or denial information acquisition processing unit indicates permission to provide the service, then, with respect to a settlement request that is acquired by said settlement request acquisition processing unit and that includes the management identification information acquired together with said personal identification information by said personal identification information acquisition processing unit, said service providing processing unit of said service providing apparatus draws an amount of money indicated by the transaction amount information included in said settlement request, from an account registered in said consumer account management database in association with the personal identification information acquired by said personal identification information acquisition processing unit;
      
      transfers the drawn amount of money to an account registered in said seller account management database in association with the seller identification information included in said settlement request; and
      
      notifies said seller terminal of a transfer result.
  - 9. The authentication system according to claim 2, wherein:
    - said service providing apparatus further comprises;
      
      a consumer account management database in which an account is registered, associating the account with personal identification information; and
      
      a seller account management database in which an account is registered, associating the account with seller identification information;
      
      said personal identification information acquisition processing unit of said service providing apparatus acquires a settlement request that includes the personal identification information, seller identification information and transaction amount information, from said information terminal; and
      
      when the approval or denial information acquired by said approval or denial information acquisition processing unit indicates permission to provide the service, then, said service providing processing unit of said service providing apparatus draws an amount of money indicated by the transaction amount information included in the settlement request acquired by said personal information acquisition processing unit, from an account registered in said consumer account management database in association with the personal identification information included in said settlement request;
      
      transfers the drawn amount of money to an account registered in said seller account management database in association with the seller identification included in said settlement information; and
      
      notifies said information terminal of a transfer result.

10. A method of authentication, in which authentication of an information terminal to which service can be provided is performed using an authentication system comprising a management apparatus that manages private information and a service providing apparatus that provides the service to the information terminal, wherein said method comprises:
- a first step in which said service providing apparatus acquires personal identification information from said information terminal, and sends acquired personal identification information to said management apparatus;
  
  a second step in which said management apparatus judges whether private information that the management apparatus manages in association with the personal identification information received from said service providing apparatus satisfies predetermined service providing conditions, and determines approval or denial of providing the service depending on a result of judgment;
  
  a third step in which said management apparatus sends approval or denial information, which indicates a content of the determination of approval or denial of providing the service, to said service providing apparatus; and
  
  a fourth step in which said service providing apparatus provides the service to said information terminal, only when the approval or denial information sent from said management apparatus indicates permission to provide the service.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method of authentication according to claim 10, wherein:
    - said information terminal has a function as a Web browser;
      
      said service providing apparatus has a function as a Web server; and
      
      in said fourth step, a certain Web page is provided to said information terminal, when the approval or denial information sent from said management apparatus indicates permission to provide the service.
  - 12. The method of authentication according to claim 10, wherein:
    - said information terminal has a function as a Web browser;
      
      said service providing apparatus has a network connecting function for connecting said information terminal to a Web server through a network; and
      
      in said fourth step, said information terminal is enabled to browse a certain Web page provided by said Web page, when the approval or denial information sent from said management apparatus indicates permission to provide the service.
  - 13. The method of authentication according to claim 12, wherein:
    - said certain Web page is a pay content; and
      
      said method further comprises;
      
      a fifth step in which said service providing apparatus performs accounting for use of said certain Web page by said information terminal that is permitted to browse said certain Web page.
  - 14. The method of authentication according to claim 10, wherein:
    - said method further comprises;
      
      a fifth step in which said service providing apparatus receives a settlement request (which includes seller identification information, transaction amount information and management identification information) from a seller terminal, prior to said first step;
      
      in said first step, personal identification information is received together with the management identification information from said information terminal;
      
      in said fourth step, when the approval or denial information received from said management apparatus indicates permission to provide the service, then, an amount of money indicated by the transaction amount information included in the settlement request that is received from said seller terminal and that includes the management identification information acquired together with the personal identification information from said information terminal is drawn from an account managed in association with the personal identification information acquired from said information terminal;
      
      said amount of money is transferred to an account managed in association with the seller identification information included in said settlement request; and
      
      a result of transfer is notified to said seller terminal.
  - 15. The authentication method according to claim 10, wherein:
    - in said first step, a settlement request, which includes personal identification information, seller identification information and transaction amount information, is acquired from said information terminal;
      
      in said fourth step, when the approval or denial information acquired from said management apparatus indicates permission to provide the service, then, an amount of money indicated by the transaction amount information included in the settlement request that is acquired from said information terminal is drawn from an account managed in association with the personal identification information included in said settlement request;
      
      said amount of money is transferred to an account managed in association with the seller identification information included in said settlement request; and
      
      a result of transfer is notified to said information terminal.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Matsushima, Hitoshi, Umezawa, Katsuyuki, Yoshiura, Hiroshi, Kaji, Tadashi, Aoshima, Hirokazu, Toyoshima, Hisashi

Application Number

US10/231,254
Publication Number

US 20030084294A1
Time in Patent Office

Days
Field of Search
US Class Current

713/169
CPC Class Codes

G06F 21/6245   Protecting personal data, e...

G06F 21/6263   during internet communicati...

G06F 2221/2149   Restricted operating enviro...

H04L 2209/56   Financial cryptography, e.g...

H04L 63/0823   using certificates cryptogr...

H04L 63/12   Applying verification of th...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

System and method for authentication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

52 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for authentication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

52 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links