System, apparatus, program, and method for authentication

US 20060005025A1
Filed: 06/24/2005
Published: 01/05/2006
Est. Priority Date: 06/25/2004
Status: Active Grant

First Claim

Patent Images

1. An authentication system comprising:

a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process; and

a verification device which verifies the authentication process executed by the each authentication entity device, wherein the each authentication entity device includes;

a confidential information memory module configured to store confidential information for verification by the verification device;

an authenticator generating module configured to generate an authenticator on executed contents of the authentication subprocess using the confidential information;

a specific context generating module configured to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and

a specific context output module configured to output the specific context, and the verification device comprises;

a communication module which is provided with a function of conducting communication with an external device; and

a context verifying module configured to verify each context, the each context being generated by the each authentication entity device and received by the communication module.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to an aspect of the invention, a management of each authentication subprocess assures the each authentication subprocess, and assurance contents can be verified by verification side, so that trustworthiness of the whole authentication process can be improved. An authentication system includes authentication entity devices which separately execute authentication subprocesses P1 and P2 and a verification device which verifies the executed contents of each of the authentication subprocesses P1 and P2. The entity device includes a confidential information management unit which manages confidential information, an authenticator generating unit which generates an authenticator using the confidential information, and a context generating unit which generates a specific context pursuant to a specific format from the authenticator and the executed contents.

Citations

44 Claims

1. An authentication system comprising:
- a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process; and
  
  a verification device which verifies the authentication process executed by the each authentication entity device, wherein the each authentication entity device includes;
  
  a confidential information memory module configured to store confidential information for verification by the verification device;
  
  an authenticator generating module configured to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
  
  a specific context generating module configured to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
  
  a specific context output module configured to output the specific context, and the verification device comprises;
  
  a communication module which is provided with a function of conducting communication with an external device; and
  
  a context verifying module configured to verify each context, the each context being generated by the each authentication entity device and received by the communication module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The authentication system according to claim 1, wherein at least one authentication entity device of the authentication entity devices comprises:
    - an overall authenticator generating module configured to generate an overall authenticator on all the specific contexts using the confidential information, all the specific contexts being outputted from other authentication entity devices in association with the authentication process;
      
      a generic context generating module configured to generate a generic context pursuant to the specific format from the overall authenticator and the all specific contexts; and
      
      a generic context output module configured to output the generic context toward the verification device.
  - 3. The authentication system according to claim 1, wherein the each authentication entity device comprises a specific context verifying module configured to verify the specific context inputted from other authentication entity devices.
  - 4. The authentication system according to claim 1, wherein the context verifying module comprises a verifying unit configured to verify each context using confidential information identical to the confidential information or corresponding confidential information, the each context being generated by the each authentication entity device.
  - 5. The authentication system according to claim 1, wherein at least one authentication entity device of the authentication entity devices comprises a context information associating module configured to generate the specific context of the authentication entity device in order to express a hierarchical structure between specific contexts associated with dependence of the authentication subprocess such that the specific context of the authentication entity device includes the specific contexts inputted from other authentication entity devices.
  - 6. The authentication system according to claim 1, wherein at least one authentication entity device of the authentication entity devices comprises a context information associating module configured to generate the specific context of the authentication entity device in order to express a hierarchical structure between specific contexts associated with dependence of the authentication subprocess such that the specific context of the authentication entity device includes reference information of the specific contexts inputted from other authentication entity devices.
  - 7. The authentication system according to claim 4, wherein the verification device has an authentication request module configured to transmit a execution request of the authentication process, and at least one authentication entity device of the authentication entity devices comprises:
    - a transmission module configured to transmit the execution request to the other authentication entity device based on the execution request of the authentication process such that the other authentication entity device executes the corresponding authentication subprocess; and
      
      an authentication response module configured to send back the specific context replied from the other authentication entity device and at least the specific context generated by the authentication entity device.
  - 8. The authentication system according to claim 1, further comprising a client device which transfers the communication between the verification device and the authentication entity device, wherein the client device comprises:
    - a profile query module configured to ask a profile to the each authentication entity device, execution environment contents of the authentication subprocess being defined in the profile; and
      
      a profile management module configured to store the profiles replied from the each authentication entity device in association with each authentication entity device; and
      
      a control module configured to decide profiles with which client environment is compatible based on the stored profiles.
  - 9. The authentication system according to claim 8, wherein the verification device comprises a profile specifying module configured to specify the profile to the client device, and the client device comprises a control module configured to cause the authentication entity devices having the corresponding profile to execute the authentication subprocess based on the specification.
  - 10. The authentication system according to claim 1, wherein the confidential information memory module has a private key memory unit configured to store a private key in a public key cryptography as the confidential information, and the authenticator generating module comprises a signature generating unit configured to generate the authenticator as a digital signature in the public key cryptography using the private key.

11. The authentication entity device used in an authentication system comprising a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device which verifies the authentication process executed by the each authentication entity device, the authentication entity device comprising:
- a confidential information memory module configured to store confidential information for verification by the verification device;
  
  an authenticator generating module configured to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
  
  a specific context generating module configured to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
  
  a specific context output module configured to output the specific context.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The authentication entity device according to claim 11, further comprising:
    - an overall authenticator generating module configured to generate an overall authenticator on all the specific contexts using the confidential information, all the specific contexts being outputted from other authentication entity devices in association with the authentication process;
      
      a generic context generating module configured to generate a generic context pursuant to the specific format from the overall authenticator and the all specific contexts; and
      
      a generic context output module configured to output the generic context toward the verification device.
  - 13. The authentication entity device according to claim 11, further comprising a specific context verifying module configured to verify the specific context inputted from other authentication entity devices using the confidential information.
  - 14. The authentication entity device according to claim 11, further comprising a context information associating module configured to generate the specific context of the authentication entity device in order to express a hierarchical structure between specific contexts associated with dependence of the authentication subprocess such that the specific context of the authentication entity device includes the specific contexts inputted from other authentication entity devices.
  - 15. The authentication entity device according to claim 11, further comprising a context information associating module configured to generate the specific context of the authentication entity device in order to express a hierarchical structure between specific contexts associated with dependence of the authentication subprocess such that the specific context of the authentication entity device includes reference information of the specific contexts inputted from other authentication entity devices.
  - 16. The authentication entity device according to claim 14, further comprising:
    - a transmission module configured to transmit the execution request to the other authentication entity device based on the execution request of the authentication process transmitted from the verification device such that the other authentication entity device executes the corresponding authentication subprocess; and
      
      an authentication response module configured to send back the specific context replied from the other authentication entity device and at least the specific context generated by the authentication entity device.
  - 17. The authentication entity device according to claim 11, wherein the confidential information memory module has a private key memory unit configured to store a private key in a public key cryptography as the confidential information, and the authenticator generating module comprises a signature generating unit configured to generate the authenticator as a digital signature in the public key cryptography using the private key.

18. A verification device which verifies a authentication process executed by each of a plurality of authentication entity devices which separately executes an authentication subprocess constituting the authentication process, the verification device comprising a context verifying module configured to verify each context using confidential information identical to the confidential information or corresponding confidential information, the each context being generated by the each authentication entity device, the each context including execution contents of the authentication subprocess and an authenticator on the execution contents using predetermined confidential information.

19. A client device which transfers communication between a plurality of authentication entity devices and a verification device, the plurality of authentication entity devices separately executing a authentication subprocess constituting an authentication process, the verification device verifying the authentication process executed by the each authentication entity device, the client device comprising:
- a profile query module configured to ask profiles to the each authentication entity device, execution environment contents of the authentication subprocess being defined in the profiles;
  
  a profile management module configured to store the profiles replied from the each authentication entity device in association with each authentication entity device; and
  
  a control module configured to decide profiles with which client environment is compatible based on the stored profiles.
- View Dependent Claims (20)
- - 20. The client device according to claim 19, further comprising a control module configured to cause the authentication entity devices having a corresponding profile to execute the authentication subprocess based on the specification, when the profile is specified from the verification device.

21. A program stored in a storage medium which can be read by a computer, the program being used for an authentication system comprising a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device which verifies the authentication process executed by the each authentication entity device, the program comprising:
- an authentication program code which is used in the each authentication entity device; and
  
  a verification program code which is used in the verification device, wherein the authentication program code includes;
  
  a confidential information memory code to store confidential information for verification by the verification device;
  
  an authenticator generating code to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
  
  a specific context generating code to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
  
  a specific context output code to output the specific context, and the verification program code includes;
  
  a communication code to conduct communication with an external device; and
  
  a context verifying code to verify each context, the each context being generated by the each authentication entity device and received by the communication.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The program according to claim 21, wherein the authentication program code of at least one authentication entity device of the authentication entity devices comprises:
    - an overall authenticator generating code to generate an overall authenticator on all the specific contexts using the confidential information, all the specific contexts being outputted from other authentication entity devices in association with the authentication process;
      
      a generic context generating code to generate a generic context pursuant to the specific format from the overall authenticator and the all specific contexts; and
      
      a generic context output code to output the generic context toward the verification device.
  - 23. The program according to claim 21, wherein the authentication program code of the each authentication entity device comprises a specific context verifying code to verify the specific context inputted from other authentication entity devices.
  - 24. The program according to claim 21, wherein the context verifying code comprises a verifying code to verify each context using confidential information identical to the confidential information or corresponding confidential information, the each context being generated by the each authentication entity device.
  - 25. The program according to claim 21, wherein the authentication program code used in at least one authentication entity device of the authentication entity devices comprises a context information associating code to generate the specific context of the authentication entity device in order to express a hierarchical structure between specific contexts associated with dependence of the authentication subprocess such that the specific context of the authentication entity device includes the specific contexts inputted from other authentication entity devices.
  - 26. The program according to claim 21, wherein the authentication program code used in at least one authentication entity device of the authentication entity devices comprises a context information associating code to generate the specific context of the authentication entity device in order to express a hierarchical structure between specific contexts associated with dependence of the authentication subprocess such that the specific context of the authentication entity device includes reference information of the specific contexts inputted from other authentication entity devices.
  - 27. The program according to claim 24, wherein the verification program code has an authentication request code transmit an execution request of the authentication process, and the authentication program code used in at least one authentication entity device of the authentication entity devices comprises:
    - a transmission code to transmit the execution request to the other authentication entity device based on the execution request of the authentication process such that the other authentication entity device executes the corresponding authentication subprocess; and
      
      an authentication response code to send back the specific context replied from the other authentication entity device and at least the specific context generated by the authentication entity device.
  - 28. The program according to claim 21, further comprising a client program code used in a client device which transfers the communication between the verification device and the authentication entity device, wherein the client program code comprises:
    - a profile query code which asks profiles to the each authentication entity device, execution environment contents of the authentication subprocess being defined in the profiles; and
      
      a profile management code to store the profiles replied from the each authentication entity device in association with each authentication entity device; and
      
      a control code to decide profiles with which client environment is compatible based on the stored profiles.
  - 29. The program according to claim 28, wherein the verification program code comprises a profile specifying code to specify the profile to the client device, and the client program code comprises a control code to cause the authentication entity devices having the corresponding profile to execute the authentication subprocess based on the specification.
  - 30. The program according to claim 21, wherein the confidential information memory code has a private key memory code to store a private key in a public key cryptography as the confidential information, and the authenticator generating code comprises a signature generating code to generate the authenticator as a digital signature in the public key cryptography using the private key.

31. A program which can be read by a computer, the program being used for an authentication system including a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device which verifies the authentication process executed by the each authentication entity device, the program comprising:
- a confidential information memory code to store confidential information for verification by the verification device;
  
  an authenticator generating code to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
  
  a specific context generating code to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
  
  a specific context output code to output the specific context.
- View Dependent Claims (32, 33, 34, 35, 36, 37)
- - 32. The program according to claim 31, further comprising:
    - an overall authenticator generating code to generate an overall authenticator on all the specific contexts using the confidential information, all the specific contexts being outputted from other authentication entity devices in association with the authentication process;
      
      a generic context generating code to generate a generic context pursuant to the specific format from the overall authenticator and the all specific contexts; and
      
      a generic context output code to output the generic context toward the verification device.
  - 33. The program according to claim 31, further comprising a specific context verifying code to verify the specific context inputted from other authentication entity devices using the confidential information.
  - 34. The program according to claim 31, further comprising a context associating code to generate the specific context of the authentication entity device in order to express a hierarchical structure between specific contexts associated with dependence of the authentication subprocess such that the specific context of the authentication entity device includes the specific contexts inputted from other authentication entity devices.
  - 35. The program according to claim 31, further comprising a context associating code to generate the specific context of the authentication entity device in order to express a hierarchical structure between specific contexts associated with dependence of the authentication subprocess such that the specific context of the authentication entity device includes reference information of the specific contexts inputted from other authentication entity devices.
  - 36. The program according to claim 31, further comprising:
    - a transmission code to transmit the execution request to the other authentication entity device based on the execution request of the authentication process transmitted from the verification device such that the other authentication entity device executes the corresponding authentication subprocess; and
      
      an authentication response code to send back the specific context replied from the other authentication entity device and at least the specific context generated by the authentication entity device.
  - 37. The program according to claim 31, wherein the confidential information memory code has a private key memory code to store a private key in a public key cryptography as the confidential information, and the authenticator generating code comprises a signature generating code to generate the authenticator as a digital signature in the public key cryptography using the private key.

38. A program stored in a storage medium which can be read by a computer, the program being used for a verification device to verify a verification process executed by each of a plurality of authentication entity devices which separately executes an authentication subprocess constituting an authentication process, the program comprising a context verifying code to verify each context using confidential information identical to the confidential information or corresponding confidential information, the each context being generated by the each authentication entity device, the each context including execution contents of the authentication subprocess and an authenticator on the execution contents using predetermined confidential information.

39. A program stored in a storage medium which can be read by a computer, the program being used for a client device which transfers communication between a plurality of authentication entity devices and a verification device, the plurality of authentication entity devices separately executing a authentication subprocess constituting an authentication process, the verification device verifying the authentication process executed by the each authentication entity device, the program comprising:
- a profile query code to ask profiles to the each authentication entity device, execution environment contents of the authentication subprocess being defined in the profiles;
  
  a profile management code to store the profiles replied from the each authentication entity device in association with each authentication entity device; and
  
  a control code to decide profiles with which client environment is compatible based on the stored profiles.
- View Dependent Claims (40)
- - 40. The program according to claim 39, further comprising a control code to cause the authentication entity devices having a corresponding profile to execute the authentication subprocess based on the specification, when the is specified from the verification device.

41. An authentication method which is executed by a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device to verify the authentication process executed by the each authentication entity device, the authentication method comprising:
- storing confidential information for verification by the verification device using the each authentication entity device;
  
  generating an authenticator on executed contents of the authentication subprocess using the confidential information using the each authentication entity device;
  
  generating a specific context pursuant to a specific format from the authenticator and the executed contents using the each authentication entity device;
  
  outputting the specific context using the each authentication entity device;
  
  conducting communication with an external device using the verification device; and
  
  verifying each context using the verification device, the each context being generated by the each authentication entity device and received by the communication.

42. An authentication method executed by each authentication entity device which is used in an authentication system including a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device which verifies the authentication process executed by the each authentication entity device, the authentication method comprising:
- storing confidential information for verification by the verification device;
  
  generating an authenticator on executed contents of the authentication subprocess using on the confidential information;
  
  generating a specific context pursuant to a specific format from the authenticator and the executed contents; and
  
  outputting the specific context.

43. A verification method executed by a verification device which verifies an authentication process executed by each of a plurality of authentication entity devices which separately executes an authentication subprocess constituting an authentication process, the verification method comprising verifying each context using confidential information identical to the confidential information or corresponding confidential information, the each context being generated by the each authentication entity device, the each context including execution contents of the authentication subprocess and an authenticator on the execution contents using predetermined confidential information.

44. An authentication transfer method executed by a client device which transfers communication between a plurality of authentication entity devices and a verification device, the plurality of authentication entity devices separately executing a authentication subprocess constituting an authentication process, the verification device verifying the authentication process executed by the each authentication entity device, the authentication transfer method comprising:
- asking profiles to the each authentication entity device, execution environment contents of the authentication subprocess being defined in the profiles;
  
  storing the profiles replied from the each authentication entity device in association with each authentication entity device; and
  
  deciding the profile with which client environment is compatible based on the stored profiles.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Toshiba Solutions Corporation (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Solutions Corporation (Toshiba Corporation)
Inventors
Takamizawa, Hidehisa, Okada, Koji, Ikeda, Tatsuro

Granted Patent

US 7,770,207 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40145   Biometric identity checks

G06Q 20/40975   using encryption therefor

G07C 9/37   using biometric data, e.g. ...

G07F 7/1008   Active credit-cards provide...

H04L 9/3247   involving digital signatures

System, apparatus, program, and method for authentication

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

System, apparatus, program, and method for authentication

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links