Authentication system based on address, device thereof, and program
First Claim
1. In an authentication system in which an authentication server which authenticates a user, a user terminal which transmits a user authentication information, and an application server which provides a service to the user through the user terminal are connected together to enable a communication therebetween through a network;
- an address based authentication system in which the authentication server comprises authentication means for authenticating a user based on the user authentication information transmitted as an authentication request from the user terminal;
an address allocating means for allocating an address to the user terminal for a successful authentication of the user;
a ticket issuing means for issuing a ticket containing the address allocated by the address allocating means;
and a ticket transmitting means for transmitting the ticket issued by the ticket issuing means to the user terminal;
the user terminal comprises a user authentication information transmitting means for transmitting a user authentication information to the authentication server for purpose of an authentication request;
a ticket reception means for receiving a ticket transmitted from the authentication server;
means for setting up an address contained in the ticket as a source address for a packet which is to be transmitted from the user terminal;
means for transmitting a packet including the ticket to the application server for establishing a session;
and a service request means for transmitting a packet requesting a service to the application server;
and the application server comprises a ticket memory means for storing the ticket transmitted from the user terminal;
an address comparison means for determining whether or not the address contained in the ticket which is stored in the ticket memory means coincides with the source address of the service request packet which is transmitted from the user terminal through the session;
and a service providing means for transmitting to the user a packet which provides a service to the user when a coincidence between the addresses is determined by the address comparison means.
1 Assignment
0 Petitions
Accused Products
Abstract
An address allocated to a user by an authentication server is used as an IP address of a packet which is transmitted from a user terminal, preventing an illicit use if the IP address were eavesdropped. An authentication server 100 performs an authentication of a user based on a user authentication information which is transmitted from the user terminal, and upon a successful authentication, allocates an address to the user terminal, and issues a ticket containing the address to be returned to the user terminal. The user terminal sets up the address contained in the ticket as a source address, and transmits the ticket to the application server 300, requesting a session to be established. After verifying that the ticket is authentic, the server 300 stores the ticket and establishes a session with the user terminal. The user terminal transmits a service request packet containing the source address to the server 300 utilizing the session. If the source address coincides with the address contained in the stored ticket, the server 300 provides a service to the user.
-
Citations
23 Claims
-
1. In an authentication system in which an authentication server which authenticates a user, a user terminal which transmits a user authentication information, and an application server which provides a service to the user through the user terminal are connected together to enable a communication therebetween through a network;
- an address based authentication system in which
the authentication server comprises authentication means for authenticating a user based on the user authentication information transmitted as an authentication request from the user terminal;
an address allocating means for allocating an address to the user terminal for a successful authentication of the user;
a ticket issuing means for issuing a ticket containing the address allocated by the address allocating means;
and a ticket transmitting means for transmitting the ticket issued by the ticket issuing means to the user terminal;
the user terminal comprises a user authentication information transmitting means for transmitting a user authentication information to the authentication server for purpose of an authentication request;
a ticket reception means for receiving a ticket transmitted from the authentication server;
means for setting up an address contained in the ticket as a source address for a packet which is to be transmitted from the user terminal;
means for transmitting a packet including the ticket to the application server for establishing a session;
and a service request means for transmitting a packet requesting a service to the application server;
and the application server comprises a ticket memory means for storing the ticket transmitted from the user terminal;
an address comparison means for determining whether or not the address contained in the ticket which is stored in the ticket memory means coincides with the source address of the service request packet which is transmitted from the user terminal through the session;
and a service providing means for transmitting to the user a packet which provides a service to the user when a coincidence between the addresses is determined by the address comparison means. - View Dependent Claims (2, 3, 4, 5, 6)
- an address based authentication system in which
-
7. An authentication server in an authentication system in which an authentication of a user utilizing a user terminal is performed through the user terminal by an authentication server and a request is made to an application server to provide a service on the basis of the authentication;
- comprising
a user authentication information reception means for receiving an authentication request inclusive of a user authentication information transmitted from the user terminal;
an authentication means to which the user authentication information of the received authentication request is input and which authenticates the user on the basis of the user authentication information and providing a signal indicating a successful authentication upon a successful authentication;
an address allocating means for allocating an address to the user terminal in response to an input of the signal indicating a successful authentication of the user;
a ticket issuing means to which the allocated address is input and which issues a ticket containing the address;
and a ticket transmitting means to which the ticket is input and which transmits the ticket to the user terminal. - View Dependent Claims (8, 9, 10, 11, 21)
- comprising
-
12. A user terminal in an authentication system in which an authentication of a user utilizing a user terminal is performed by an authentication server and a request to provide a service is made to an application server on the basis of the authentication, comprising
a user authentication information transmitting means for transmitting a user authentication information which is input to an authentication server for purpose of an authentication request; -
a ticket reception means for receiving a ticket transmitted from the authentication server;
a source address set-up means to which the received ticket is input and which sets up an address contained in the ticket as a source address of the user terminal;
a session establishing means to which the ticket is input and which transmits a packet including the ticket to an application server for establishing a session with the application server;
and a service request means for transmitting a packet representing a service request to the application server through the established session. - View Dependent Claims (13, 14, 22)
-
-
15. An application server in an authentication system in which an authentication of a user utilizing a user terminal is performed by an authentication server and a request to provide a service is made to an application server on the basis of the authentication;
- comprising
a session establishing means for establishing a session with a user terminal;
a ticket memory means in which a ticket transmitted from the user terminal is stored;
an address comparison means to which a source address of a service request packet which is transmitted from the user terminal and received through the established session is input and which determines whether or not the source address coincides with an address contained in the ticket stored in the ticket memory means;
and a service providing means to which an output indicating a coincidence from the address comparison means is input and which transmits packets for providing a service to the user to the user terminal. - View Dependent Claims (16, 17, 18, 19, 20, 23)
- comprising
Specification