Authentication method, authentication system, and authentication server

US 20070044146A1
Filed: 05/18/2004
Published: 02/22/2007
Est. Priority Date: 08/11/2003
Status: Active Grant

First Claim

Patent Images

1. An authentication method in a system in which a plurality of authentication terminals subjected to authentication and operated by users, a common authentication server, and a plurality of service provider'"'"'s servers are connected via a network, said authentication method comprising:

a first authentication step in which the authentication server which has received a request of user authentication from the authentication terminal performs authentication of the user operating said authentication terminal, and returns data generated as the authentication result to said authentication terminal;

a second authentication step in which said authentication server which has received data of an authentication ticket request from said authentication terminal performs authentication for issuing an authentication ticket, and returns data including the authentication ticket generated as the authentication result to said authentication terminal; and

a third authentication step performed so that said service provider'"'"'s server which has received data of a service providing request including said authentication ticket from said authentication terminal discriminates whether said authentication ticket is authorized;

said third authentication step comprising the steps of;

transmitting to said authentication server, an authentication ticket authentication request including data for certifying the authenticity of said service provider itself, determining the authenticity of the authentication ticket by receiving the result of authentication performed by said authentication server; and

returning data generated in said determination step to said authentication terminal.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A user authentication processing is performed and an authentication session ID is returned to a terminal 500 (A14). An authentication server 600 issues and stores an authentication ticket (A17). The authentication ticket and authentication session are returned to the terminal 500 (A18). A user 100 transmits a request of service provision and the authentication ticket to a service provider'"'"'s server 700, and the service provider'"'"'s server 700 transmits the authentication ticket to the authentication server 600 (A20). The authentication server 600 performs an authentication processing of the authentication ticket (A21), and the authentication result is notified (A22). In the case of the authentication approval, a service session ID is issued together with the notification of authorization (A23). When receiving the notification of the authentication approval, the terminal 500 performs an establishment processing of the session using the received service session ID, and stores the service session ID (A27).

Citations

20 Claims

1. An authentication method in a system in which a plurality of authentication terminals subjected to authentication and operated by users, a common authentication server, and a plurality of service provider'"'"'s servers are connected via a network, said authentication method comprising:
- a first authentication step in which the authentication server which has received a request of user authentication from the authentication terminal performs authentication of the user operating said authentication terminal, and returns data generated as the authentication result to said authentication terminal;
  
  a second authentication step in which said authentication server which has received data of an authentication ticket request from said authentication terminal performs authentication for issuing an authentication ticket, and returns data including the authentication ticket generated as the authentication result to said authentication terminal; and
  
  a third authentication step performed so that said service provider'"'"'s server which has received data of a service providing request including said authentication ticket from said authentication terminal discriminates whether said authentication ticket is authorized;
  
  said third authentication step comprising the steps of;
  
  transmitting to said authentication server, an authentication ticket authentication request including data for certifying the authenticity of said service provider itself, determining the authenticity of the authentication ticket by receiving the result of authentication performed by said authentication server; and
  
  returning data generated in said determination step to said authentication terminal.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The authentication method of claim 1, wherein said authentication ticket is unique and issued only to said authentication terminal and does not include the user authentication information.
  - 3. The authentication method of claim 1, wherein said authentication ticket is allowed to be used only once.
  - 4. The authentication method of claim 1, wherein said authentication ticket is provided with a validity period set for a time period from the time when the authentication ticket is generated in said first authentication step to the time when the authentication of said authentication ticket is performed in said third authentication step, and is invalidated upon expiration of said validity period.
  - 5. The authentication method of claim 1, wherein said authentication server is further provided with a database of user'"'"'s preference information extracted from user'"'"'s use history information, wherein the service provider'"'"'s server transmits advertisement information and an advertising request to said authentication server, and wherein said authentication server compares said advertisement information with said preference information, so as to transmit said advertisement information only to the user with a coincident result in the comparison.
  - 6. The authentication method of claim 1, wherein said authentication server is further provided with a database of user'"'"'s preference information extracted from user'"'"'s use history information, and returns to said authentication terminal, said preference information in said database, together with said authentication ticket, when issuing said authentication ticket in said second step, and transmits said preference information when the user accesses said service provider'"'"'s server.

7. An authentication system in which a plurality of authentication terminals subjected to authentication and operated by users, a common authentication server and a plurality of service provider'"'"'s servers are connected via a network, said authentication system comprising:
- first authentication means in which the authentication server which has received a request of user authentication from the authentication terminal performs authentication of the user operating said authentication terminal, and returns data generated as the authentication result to said authentication terminal;
  
  second authentication means in which said authentication server which has received data of an authentication ticket request from said authentication terminal performs authentication for issuing an authentication ticket, and returns data, including the authentication ticket, generated as the authentication result to said authentication terminal; and
  
  third authentication means performed so that the service provider'"'"'s servers which have received data of a service providing request including said authentication ticket from said authentication terminal discriminates whether said authentication ticket is authorized, said third authentication means comprising;
  
  transmitting means for transmitting to said authentication server, an authentication ticket authentication request including data for certifying the authenticity of said service provider itself;
  
  determining means for determining the authenticity of the authentication ticket by receiving the authentication result performed by said authentication server; and
  
  means for returning data generated by said determining means to said authentication terminal.

8. An authentication server which is connected, by way of a network, with a plurality of authentication terminals subjected to authentication and operated by users, and with a plurality of service provider'"'"'s servers, and which is common to said authentication terminals and said service provider'"'"'s servers, said authentication server comprising:
- first authentication means for receiving a request of user authentication from the authentication terminal, and for performing authentication of the user operating said authentication terminal, so as to return data generated as the authentication result to said authentication terminal;
  
  second authentication means for receiving data of an authentication ticket request from said authentication terminal, and for performing authentication for issuing the authentication ticket, so as to return data, including the authentication ticket, generated as the authentication result to said authentication terminal;
  
  third authentication means performed so that the service provider'"'"'s server which has received, from said authentication terminal, data of a service providing request including said authentication ticket from said authentication terminal, discriminates the authenticity of said authentication ticket, said third authentication means comprising;
  
  means for receiving, from said service provider'"'"'s server, an authentication ticket authentication request including data for certifying the authenticity of said service provider itself;
  
  determining means for determining the authenticity of said authentication ticket; and
  
  means for transmitting data generated by said determining means to said service provider'"'"'s server, said service provider'"'"'s server returning the data generated by said determining means to said authentication terminal.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The authentication server of claim 8, wherein said authentication ticket is unique and issued only to said authentication terminal and does not include user authentication information.
  - 10. The authentication server of claim 8, wherein said authentication ticket is used only once.
  - 11. The authentication server of claim 8, wherein said authentication ticket is provided with a validity period set for a time period from the time when the authentication ticket is generated in said first authentication step to the time when the authentication of said authentication ticket is performed in said third authentication step, and is invalidated upon expiration of said validity period.
  - 12. The authentication server of claim 8, wherein said authentication server is further provided with a database of user'"'"'s preference information extracted from user'"'"'s use history information, wherein the service provider'"'"'s server transmits advertisement information and an advertising request to said authentication server, and wherein said authentication server compares said advertisement information with said preference information, so as to transmits said advertisement information only to the user with a coincident result in the comparison.
  - 13. The authentication server of claim 8, wherein said authentication server is further provided with a database of user'"'"'s preference information extracted from user'"'"'s use history information, and returns to said authentication terminal, said preference information in said database, together with said authentication ticket, when issuing said authentication ticket in said second authentication means, and transmits said preference information when said user accesses said service provider'"'"'s server.

14. A communication method in which a terminal unit connected with an authentication server and a plurality of service provider'"'"'s servers via a network makes a request for authentication to each server, said communication method comprising:
- transmitting an authentication request information for requiring user authentication to said authentication server;
  
  receiving an authentication reply from said authentication server;
  
  transmitting, in accordance with said authentication reply, authentication ticket request information for requiring an authentication ticket for accessing the specific service provider'"'"'s server, to said authentication server;
  
  receiving an authentication reply including said authentication ticket from said authentication server;
  
  transmitting service request information for requiring a service provision, together with said received authentication ticket, to said specific service provider'"'"'s server; and
  
  receiving an authentication reply indicating the authentication approval from the service providet'"'"'s server when said authentication ticket is determined as authorized by said service provider'"'"'s server.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The communication method of claim 14, wherein said terminal unit transmits to said service provider'"'"'s server, page request information for requiring page information, and upon receipt of an authentication reply indicating an authentication error from said service provider'"'"'s server, transmits to said authentication server authentication ticket issuance request information for requiring issuance of said authentication ticket, upon receipt of an authentication reply indicating an authentication error from said authentication server, transmits to said authentication server, authentication request information for requiring user authentication, receives from said authentication server, an authentication reply indicating an authentication approval, in accordance with said authentication reply, transmits authentication ticket request information for requiring an authentication ticket allowing an access to the specific service provider'"'"'s server, receives an authentication reply including said authentication ticket from said authentication server, transmits service request information for requiring a service provision from said specific service provider'"'"'s server together with said received authentication ticket, and when said authentication ticket is determined as authorized by said service provider'"'"'s server, receives an authentication reply indicating the authentication approval from the service provider'"'"'s server, and retransmits said page request information to said service provider'"'"'s server and receives the page information from said service provider'"'"'s server.
  - 16. The communication method of claim 15, wherein said terminal unit, upon receipt of an authentication reply indicating an authentication error from said authentication server, transmits to said authentication server, authentication request information requiring the user authentication, together with at least the user'"'"'s identification information and password, and receives from said authentication server, an authentication reply indicating the authentication approval, said authentication reply including, authentication session information for accessing the authentication server for a predetermined period of time.
  - 17. The communication method of claim 16, wherein said terminal unit, in accordance with said authentication reply, transmits to said authentication server, authentication ticket request information for requiring an authentication ticket for accessing a specific service provider'"'"'s server, together with said authentication session information, receives an authentication reply including said authentication ticket from said authentication server, transmits, together with the said received authentication ticket, service request information for requiring a service provision to said specific service provider'"'"'s server, receives an authentication reply indicating the authentication approval from the service provider'"'"'s server, when said authentication ticket is determined as authorized by said service provider'"'"'s server, said authentication reply including service session information for accessing the service provider'"'"'s server for a predetermined period of time, retransmits said page request information together with said service session information to said service provider'"'"'s server, and receives the page information from said service provider'"'"'s server.
  - 18. The communication method of claim 15, wherein said terminal unit comprises a first module and a second module, said first module transmits page request information for requiring page information to said second module, said second module transmits said page request information to said service provider'"'"'s server, when said second module receives an authentication reply indicating an authentication error from said service provider'"'"'s server, said second module, after transmitting authentication ticket issuance request information for requiring issuance of said authentication ticket to said authentication server, and when receiving an authentication reply indicating an authentication error from said authentication server, transmits authentication request information for requiring the user authentication to said authentication server, said second module, receives an authentication reply indicating the authentication approval from said authentication server, said second module, in accordance with said authentication reply, transmits, to said authentication server, authentication ticket request information for requiring an authentication ticket for accessing a specific service provider'"'"'s server, said second module receives an authentication reply including said authentication ticket from said authentication server, second module transmits, together with said received authentication ticket, service request information for requiring a service provision to said specific service provider'"'"'s server, said second module, when said authentication ticket is determined as authorized by said service provider'"'"'s server, receives an authentication reply indicating the authentication approval from the service provider'"'"'s server, said second module retransmits said page request information to said service provider'"'"'s server, said second module receives the page information from said service provider'"'"'s server, and transmits the page information to said first module, and said first module generates image information from the received page information.

19. A terminal unit which is connected with an authentication server and a plurality of service provider'"'"'s servers via a network, said terminal unit comprising:
- first transmitting means for transmitting authentication request information requiring user authentication to said authentication server;
  
  first receiving means for receiving an authentication reply from said authentication server;
  
  second transmitting means, in accordance with said authentication reply, transmitting, to said authentication server, authentication ticket request information for requiring an authentication ticket for accessing a specific service provider'"'"'s server;
  
  second receiving means for receiving an authentication reply including said authentication ticket from said authentication server, third transmitting means for transmitting service request information requiring a service provision together with said received authentication ticket, to said specific service provider'"'"'s server, third receiving means for receiving an authentication reply indicating the authentication approval from the service provider'"'"'s server, when said authentication ticket is determined as authorized by said service provider'"'"'s server.

20. A program for effecting functions of a terminal unit which is connected with an authentication server and a plurality of service provider'"'"'s servers via a network, said program effecting functions of the terminal unit in such a manner that said terminal unit transmits authentication request information requiring user authentication to said authentication server, receives an authentication reply from said authentication server, transmits to said authentication server, in accordance with said authentication reply, authentication ticket request information requiring an authentication ticket for accessing a specific service provider'"'"'s server, receives an authentication reply including said authentication ticket from said authentication server, transmits service request information requiring a service provision, together with said received authentication ticket, to said specific service provider'"'"'s server, receives an authentication reply indicating the authentication approval from said service provider'"'"'s server, when said authentication ticket is determined as authorized by said service provider'"'"'s server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sony Corporation (Sony Group Corp.)
Original Assignee
Sony Corporation (Sony Group Corp.)
Inventors
Iwatsu, Takeshi, Sakoh, Noriyuki, Murase, Yasuhiro, Moriya, Jun

Granted Patent

US 7,802,295 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/10
CPC Class Codes

G06F 21/33   using certificates

G06Q 30/06   Buying, selling or leasing ...

H04L 63/08   for authentication of entit...

Authentication method, authentication system, and authentication server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication method, authentication system, and authentication server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links