System, apparatus, program, and method for authentication
First Claim
1. An authentication system comprising:
- a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process; and
a verification device which verifies the authentication process executed by the each authentication entity device, wherein the each authentication entity device includes;
a confidential information memory module configured to store confidential information for verification by the verification device;
an authenticator generating module configured to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
a specific context generating module configured to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
a specific context output module configured to output the specific context, and the verification device comprises;
a communication module which is provided with a function of conducting communication with an external device; and
a context verifying module configured to verify each context, the each context being generated by the each authentication entity device and received by the communication module.
5 Assignments
0 Petitions
Accused Products
Abstract
According to an aspect of the invention, a management of each authentication subprocess assures the each authentication subprocess, and assurance contents can be verified by verification side, so that trustworthiness of the whole authentication process can be improved. An authentication system includes authentication entity devices which separately execute authentication subprocesses P1 and P2 and a verification device which verifies the executed contents of each of the authentication subprocesses P1 and P2. The entity device includes a confidential information management unit which manages confidential information, an authenticator generating unit which generates an authenticator using the confidential information, and a context generating unit which generates a specific context pursuant to a specific format from the authenticator and the executed contents.
-
Citations
44 Claims
-
1. An authentication system comprising:
-
a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process; and
a verification device which verifies the authentication process executed by the each authentication entity device, wherein the each authentication entity device includes;
a confidential information memory module configured to store confidential information for verification by the verification device;
an authenticator generating module configured to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
a specific context generating module configured to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
a specific context output module configured to output the specific context, and the verification device comprises;
a communication module which is provided with a function of conducting communication with an external device; and
a context verifying module configured to verify each context, the each context being generated by the each authentication entity device and received by the communication module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. The authentication entity device used in an authentication system comprising a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device which verifies the authentication process executed by the each authentication entity device, the authentication entity device comprising:
-
a confidential information memory module configured to store confidential information for verification by the verification device;
an authenticator generating module configured to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
a specific context generating module configured to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
a specific context output module configured to output the specific context. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A verification device which verifies a authentication process executed by each of a plurality of authentication entity devices which separately executes an authentication subprocess constituting the authentication process, the verification device comprising a context verifying module configured to verify each context using confidential information identical to the confidential information or corresponding confidential information, the each context being generated by the each authentication entity device, the each context including execution contents of the authentication subprocess and an authenticator on the execution contents using predetermined confidential information.
-
19. A client device which transfers communication between a plurality of authentication entity devices and a verification device, the plurality of authentication entity devices separately executing a authentication subprocess constituting an authentication process, the verification device verifying the authentication process executed by the each authentication entity device, the client device comprising:
-
a profile query module configured to ask profiles to the each authentication entity device, execution environment contents of the authentication subprocess being defined in the profiles;
a profile management module configured to store the profiles replied from the each authentication entity device in association with each authentication entity device; and
a control module configured to decide profiles with which client environment is compatible based on the stored profiles. - View Dependent Claims (20)
-
-
21. A program stored in a storage medium which can be read by a computer, the program being used for an authentication system comprising a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device which verifies the authentication process executed by the each authentication entity device, the program comprising:
-
an authentication program code which is used in the each authentication entity device; and
a verification program code which is used in the verification device, wherein the authentication program code includes;
a confidential information memory code to store confidential information for verification by the verification device;
an authenticator generating code to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
a specific context generating code to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
a specific context output code to output the specific context, and the verification program code includes;
a communication code to conduct communication with an external device; and
a context verifying code to verify each context, the each context being generated by the each authentication entity device and received by the communication. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. A program which can be read by a computer, the program being used for an authentication system including a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device which verifies the authentication process executed by the each authentication entity device, the program comprising:
-
a confidential information memory code to store confidential information for verification by the verification device;
an authenticator generating code to generate an authenticator on executed contents of the authentication subprocess using the confidential information;
a specific context generating code to generate a specific context pursuant to a specific format from the authenticator and the executed contents; and
a specific context output code to output the specific context. - View Dependent Claims (32, 33, 34, 35, 36, 37)
-
-
38. A program stored in a storage medium which can be read by a computer, the program being used for a verification device to verify a verification process executed by each of a plurality of authentication entity devices which separately executes an authentication subprocess constituting an authentication process,
the program comprising a context verifying code to verify each context using confidential information identical to the confidential information or corresponding confidential information, the each context being generated by the each authentication entity device, the each context including execution contents of the authentication subprocess and an authenticator on the execution contents using predetermined confidential information.
-
39. A program stored in a storage medium which can be read by a computer, the program being used for a client device which transfers communication between a plurality of authentication entity devices and a verification device, the plurality of authentication entity devices separately executing a authentication subprocess constituting an authentication process, the verification device verifying the authentication process executed by the each authentication entity device, the program comprising:
-
a profile query code to ask profiles to the each authentication entity device, execution environment contents of the authentication subprocess being defined in the profiles;
a profile management code to store the profiles replied from the each authentication entity device in association with each authentication entity device; and
a control code to decide profiles with which client environment is compatible based on the stored profiles. - View Dependent Claims (40)
-
-
41. An authentication method which is executed by a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device to verify the authentication process executed by the each authentication entity device, the authentication method comprising:
-
storing confidential information for verification by the verification device using the each authentication entity device;
generating an authenticator on executed contents of the authentication subprocess using the confidential information using the each authentication entity device;
generating a specific context pursuant to a specific format from the authenticator and the executed contents using the each authentication entity device;
outputting the specific context using the each authentication entity device;
conducting communication with an external device using the verification device; and
verifying each context using the verification device, the each context being generated by the each authentication entity device and received by the communication.
-
-
42. An authentication method executed by each authentication entity device which is used in an authentication system including a plurality of authentication entity devices which separately execute authentication subprocesses, the authentication subprocess constituting an authentication process, and a verification device which verifies the authentication process executed by the each authentication entity device, the authentication method comprising:
-
storing confidential information for verification by the verification device;
generating an authenticator on executed contents of the authentication subprocess using on the confidential information;
generating a specific context pursuant to a specific format from the authenticator and the executed contents; and
outputting the specific context.
-
-
43. A verification method executed by a verification device which verifies an authentication process executed by each of a plurality of authentication entity devices which separately executes an authentication subprocess constituting an authentication process,
the verification method comprising verifying each context using confidential information identical to the confidential information or corresponding confidential information, the each context being generated by the each authentication entity device, the each context including execution contents of the authentication subprocess and an authenticator on the execution contents using predetermined confidential information.
-
44. An authentication transfer method executed by a client device which transfers communication between a plurality of authentication entity devices and a verification device, the plurality of authentication entity devices separately executing a authentication subprocess constituting an authentication process, the verification device verifying the authentication process executed by the each authentication entity device, the authentication transfer method comprising:
-
asking profiles to the each authentication entity device, execution environment contents of the authentication subprocess being defined in the profiles;
storing the profiles replied from the each authentication entity device in association with each authentication entity device; and
deciding the profile with which client environment is compatible based on the stored profiles.
-
Specification