Method and system for authenticating user and providing service

US 20030200177A1
Filed: 04/22/2003
Published: 10/23/2003
Est. Priority Date: 04/23/2002
Status: Active Grant

First Claim

Patent Images

1. A service providing method which uses a user terminal which stores an encryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, comprising:

an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key;

a transmission step of transmitting the encrypted authentication data from the authentication apparatus to the user terminal through the service providing apparatus;

a decryption step of decrypting the encrypted authentication data in the user terminal using the encryption key stored in the user terminal;

a return step of returning the authentication data decrypted in the decryption step to the authentication apparatus through the service providing apparatus;

an authentication step of executing authentication in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal with the authentication data before encryption; and

a service providing step of causing the service providing apparatus to provide a service to the user in accordance with an authentication result in the authentication step.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service providing method which uses a user terminal, a service providing apparatus, and an authentication apparatus is disclosed. In the method, authentication data is generated and encrypted by using an encryption key which is stored in the user terminal. The encrypted authentication data is transmitted from the authentication apparatus to the user terminal through the service providing apparatus.

The encrypted authentication data is decrypted in the user terminal by using the encryption key. The decrypted authentication data is returned to the authentication apparatus through the service providing apparatus, and an authentication is executed in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal with the authentication data before encryption. The service providing apparatus provides a service to the user in accordance with a result of the authentication.

29 Citations

View as Search Results

20 Claims

1. A service providing method which uses a user terminal which stores an encryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, comprising:
- an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key;
  
  a transmission step of transmitting the encrypted authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
  
  a decryption step of decrypting the encrypted authentication data in the user terminal using the encryption key stored in the user terminal;
  
  a return step of returning the authentication data decrypted in the decryption step to the authentication apparatus through the service providing apparatus;
  
  an authentication step of executing authentication in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal with the authentication data before encryption; and
  
  a service providing step of causing the service providing apparatus to provide a service to the user in accordance with an authentication result in the authentication step.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein in the authentication data generation step, the authentication data is generated using user specifying information which specifies a user.
  - 3. The method according to claim 2, wherein in the authentication data generation step, the authentication data is generated also using service specifying information that specifies the service to be provided.
  - 4. The method according to claim 2, further comprising, before the authentication data generation step, a specifying information transmission step of transmitting information that specifies the user specifying information from the user terminal to the authentication apparatus through the service providing apparatus.
  - 5. The method according to claim 2, wherein the authentication data generation step includes a random number generation step of generating a random number in the authentication apparatus, and the authentication data is generated using the user specifying information and the generated random number.
  - 6. The method according to claim 1, wherein the encryption key used in the authentication data generation step is a public key corresponding to the user, and the encryption key used in the decryption step is a private key unique to the user.
  - 7. The method according to claim 1, wherein the user terminal is a portable information terminal.

8. A service providing method which uses a user terminal which stores an encryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, comprising:
- an authentication data generation step of generating authentication data;
  
  a transmission step of transmitting the authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
  
  an encryption step of encrypting the authentication data in the user terminal using the encryption key stored in the user terminal;
  
  a return step of returning the authentication data encrypted in the encryption step to the authentication apparatus through the service providing apparatus;
  
  an authentication step of executing authentication in the authentication apparatus by decrypting the encrypted authentication data transmitted from the user terminal using an encryption key stored in the authentication apparatus and comparing the authentication data with the authentication data transmitted in the transmission step; and
  
  a service providing step of causing the service providing apparatus to provide a service to the user in accordance with an authentication result in the authentication step.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method according to claim 8, wherein in the encryption step, the authentication data is converted into hash data and then encrypted, and in the authentication step, authentication is executed by comparing hash data decrypted using the encryption key with hash data generated from the authentication data transmitted in the transmission step.
  - 10. The method according to claim 8, wherein the encryption key used in the encryption step is a private key unique to the user, and the encryption key used in the authentication step is a public key corresponding to the user.
  - 11. The method according to claim 8, wherein in the authentication data generation step, the authentication data is generated using user specifying information which specifies a user.
  - 12. The method according to claim 11, further comprising, before the authentication data generation step, a specifying information transmission step of transmitting information that specifies the user specifying information from the user terminal to the authentication apparatus through the service providing apparatus.
  - 13. The method according to claim 11, wherein the authentication data generation step includes a random number generation step of generating a random number in the authentication apparatus, and the authentication data is generated using the user specifying information and the generated random number.
  - 14. The method according to claim 8, wherein the user terminal is a portable information terminal.

15. An information processing system comprising a user terminal which stores an encryption key, a service providing apparatus which can communicate with said user terminal, and an authentication apparatus which can communicate with said service providing apparatus, wherein said authentication apparatus comprises authentication data generation means for generating authentication data and encrypting the generated authentication data, and transmission means for transmitting the encrypted authentication data from said authentication apparatus to said user terminal through said service providing apparatus, said user terminal comprises storage means for storing the encryption key, decryption means for decrypting the encrypted authentication data using the encryption key stored in said storage means, and return means for returning the authentication data decrypted by said decryption means to said authentication apparatus through said service providing apparatus, said authentication apparatus comprises authentication means for executing authentication by comparing the decrypted authentication data transmitted from said user terminal with the authentication data before encryption, and said service providing apparatus provides a service to the user in accordance with an authentication result in said authentication means.

16. An information processing system comprising a user terminal which stores an encryption key, a service providing apparatus which can communicate with said user terminal, and an authentication apparatus which can communicate with said service providing apparatus, wherein said authentication apparatus comprises authentication data generation means for generating authentication data, and transmission means for transmitting the authentication data from said authentication apparatus to said user terminal through said service providing apparatus, said user terminal comprises storage means for storing the encryption key, encryption means for encrypting the authentication data using the encryption key stored in said user terminal, and return means for returning the authentication data encrypted by said encryption means to said authentication apparatus through said service providing apparatus, said authentication apparatus comprises storage means for storing an encryption key, and authentication means for executing authentication by decrypting the encrypted authentication data transmitted from said user terminal using the encryption key stored in said authentication apparatus and comparing the decrypted authentication data with the authentication data transmitted by said transmission means, and said service providing apparatus provides a service to the user in accordance with an authentication result in said authentication means.

17. An authentication apparatus which can communicate with a user terminal through a service providing apparatus, comprising:
- authentication data generation means for generating authentication data and encrypting the generated authentication data using an encryption key corresponding to the user;
  
  transmission means for transmitting the encrypted authentication data to the user terminal through the service providing apparatus;
  
  reception means for receiving, through the service providing apparatus, authentication data obtained by decrypting the encrypted authentication data in the user terminal using an encryption key stored in the user terminal;
  
  authentication means for executing authentication by comparing the decrypted authentication data received by said reception means with the authentication data before encryption; and
  
  notification means for notifying the service providing apparatus of an authentication result by said authentication means.

18. An authentication apparatus which can communicate with a user terminal through a service providing apparatus, comprising:
- authentication data generation means for generating authentication data;
  
  transmission means for transmitting the generated authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
  
  reception means for receiving, through the service providing apparatus, authentication data obtained by encrypting the authentication data in the user terminal using an encryption key stored in the user terminal;
  
  decryption means for decrypting the encrypted authentication data received by said reception means using an encryption key corresponding to the user;
  
  authentication means for executing authentication by comparing the decrypted authentication data with the authentication data transmitted by said transmission means; and
  
  notification means for notifying the service providing apparatus of an authentication result by said authentication means.

19. A control program for a computer which functions as an authentication apparatus which can communicate with a user terminal through a service providing apparatus, the control program causing the computer to execute:
- an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key corresponding to the user;
  
  a transmission step of transmitting the encrypted authentication data to the user terminal through the service providing apparatus;
  
  a reception step of receiving, through the service providing apparatus, authentication data obtained by decrypting the encrypted authentication data in the user terminal using an encryption key stored in the user terminal;
  
  an authentication step of executing authentication by comparing the decrypted authentication data received in the reception step with the authentication data before encryption; and
  
  a notification step of notifying the service providing apparatus of an authentication result in the authentication step.

20. A control program for a computer which functions as an authentication apparatus which can communicate with a user terminal through a service providing apparatus, the control program causing the computer to execute:
- an authentication data generation step of generating authentication data;
  
  a transmission step of transmitting the generated authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
  
  a reception step of receiving, through the service providing apparatus, authentication data obtained by encrypting the authentication data in the user terminal using an encryption key stored in the user terminal;
  
  a decryption step of decrypting the encrypted authentication data received in the reception step using an encryption key corresponding to the user;
  
  an authentication step of executing authentication by comparing the decrypted authentication data with the authentication data transmitted in the transmission step; and
  
  a notification step of notifying the service providing apparatus of an authentication result in the authentication step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Ayutthaya Limited (Canon Inc.)
Original Assignee
Canon Ayutthaya Limited (Canon Inc.)
Inventors
Kugai, Masami

Granted Patent

US 6,799,271 B2
Time in Patent Office

Days
Field of Search
US Class Current

705/51
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06Q 20/3674 involving authentication

Method and system for authenticating user and providing service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and system for authenticating user and providing service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others