Authentication method, authentication system, and authentication server
First Claim
1. An authentication method in a system in which a plurality of authentication terminals subjected to authentication and operated by users, a common authentication server, and a plurality of service provider'"'"'s servers are connected via a network, said authentication method comprising:
- a first authentication step in which the authentication server which has received a request of user authentication from the authentication terminal performs authentication of the user operating said authentication terminal, and returns data generated as the authentication result to said authentication terminal;
a second authentication step in which said authentication server which has received data of an authentication ticket request from said authentication terminal performs authentication for issuing an authentication ticket, and returns data including the authentication ticket generated as the authentication result to said authentication terminal; and
a third authentication step performed so that said service provider'"'"'s server which has received data of a service providing request including said authentication ticket from said authentication terminal discriminates whether said authentication ticket is authorized;
said third authentication step comprising the steps of;
transmitting to said authentication server, an authentication ticket authentication request including data for certifying the authenticity of said service provider itself, determining the authenticity of the authentication ticket by receiving the result of authentication performed by said authentication server; and
returning data generated in said determination step to said authentication terminal.
1 Assignment
0 Petitions
Accused Products
Abstract
A user authentication processing is performed and an authentication session ID is returned to a terminal 500 (A14). An authentication server 600 issues and stores an authentication ticket (A17). The authentication ticket and authentication session are returned to the terminal 500 (A18). A user 100 transmits a request of service provision and the authentication ticket to a service provider'"'"'s server 700, and the service provider'"'"'s server 700 transmits the authentication ticket to the authentication server 600 (A20). The authentication server 600 performs an authentication processing of the authentication ticket (A21), and the authentication result is notified (A22). In the case of the authentication approval, a service session ID is issued together with the notification of authorization (A23). When receiving the notification of the authentication approval, the terminal 500 performs an establishment processing of the session using the received service session ID, and stores the service session ID (A27).
-
Citations
20 Claims
-
1. An authentication method in a system in which a plurality of authentication terminals subjected to authentication and operated by users, a common authentication server, and a plurality of service provider'"'"'s servers are connected via a network, said authentication method comprising:
-
a first authentication step in which the authentication server which has received a request of user authentication from the authentication terminal performs authentication of the user operating said authentication terminal, and returns data generated as the authentication result to said authentication terminal;
a second authentication step in which said authentication server which has received data of an authentication ticket request from said authentication terminal performs authentication for issuing an authentication ticket, and returns data including the authentication ticket generated as the authentication result to said authentication terminal; and
a third authentication step performed so that said service provider'"'"'s server which has received data of a service providing request including said authentication ticket from said authentication terminal discriminates whether said authentication ticket is authorized;
said third authentication step comprising the steps of;
transmitting to said authentication server, an authentication ticket authentication request including data for certifying the authenticity of said service provider itself, determining the authenticity of the authentication ticket by receiving the result of authentication performed by said authentication server; and
returning data generated in said determination step to said authentication terminal. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An authentication system in which a plurality of authentication terminals subjected to authentication and operated by users, a common authentication server and a plurality of service provider'"'"'s servers are connected via a network, said authentication system comprising:
-
first authentication means in which the authentication server which has received a request of user authentication from the authentication terminal performs authentication of the user operating said authentication terminal, and returns data generated as the authentication result to said authentication terminal;
second authentication means in which said authentication server which has received data of an authentication ticket request from said authentication terminal performs authentication for issuing an authentication ticket, and returns data, including the authentication ticket, generated as the authentication result to said authentication terminal; and
third authentication means performed so that the service provider'"'"'s servers which have received data of a service providing request including said authentication ticket from said authentication terminal discriminates whether said authentication ticket is authorized, said third authentication means comprising;
transmitting means for transmitting to said authentication server, an authentication ticket authentication request including data for certifying the authenticity of said service provider itself;
determining means for determining the authenticity of the authentication ticket by receiving the authentication result performed by said authentication server; and
means for returning data generated by said determining means to said authentication terminal.
-
-
8. An authentication server which is connected, by way of a network, with a plurality of authentication terminals subjected to authentication and operated by users, and with a plurality of service provider'"'"'s servers, and which is common to said authentication terminals and said service provider'"'"'s servers, said authentication server comprising:
-
first authentication means for receiving a request of user authentication from the authentication terminal, and for performing authentication of the user operating said authentication terminal, so as to return data generated as the authentication result to said authentication terminal;
second authentication means for receiving data of an authentication ticket request from said authentication terminal, and for performing authentication for issuing the authentication ticket, so as to return data, including the authentication ticket, generated as the authentication result to said authentication terminal;
third authentication means performed so that the service provider'"'"'s server which has received, from said authentication terminal, data of a service providing request including said authentication ticket from said authentication terminal, discriminates the authenticity of said authentication ticket, said third authentication means comprising;
means for receiving, from said service provider'"'"'s server, an authentication ticket authentication request including data for certifying the authenticity of said service provider itself;
determining means for determining the authenticity of said authentication ticket; and
means for transmitting data generated by said determining means to said service provider'"'"'s server, said service provider'"'"'s server returning the data generated by said determining means to said authentication terminal. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A communication method in which a terminal unit connected with an authentication server and a plurality of service provider'"'"'s servers via a network makes a request for authentication to each server, said communication method comprising:
-
transmitting an authentication request information for requiring user authentication to said authentication server;
receiving an authentication reply from said authentication server;
transmitting, in accordance with said authentication reply, authentication ticket request information for requiring an authentication ticket for accessing the specific service provider'"'"'s server, to said authentication server;
receiving an authentication reply including said authentication ticket from said authentication server;
transmitting service request information for requiring a service provision, together with said received authentication ticket, to said specific service provider'"'"'s server; and
receiving an authentication reply indicating the authentication approval from the service providet'"'"'s server when said authentication ticket is determined as authorized by said service provider'"'"'s server. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A terminal unit which is connected with an authentication server and a plurality of service provider'"'"'s servers via a network, said terminal unit comprising:
-
first transmitting means for transmitting authentication request information requiring user authentication to said authentication server;
first receiving means for receiving an authentication reply from said authentication server;
second transmitting means, in accordance with said authentication reply, transmitting, to said authentication server, authentication ticket request information for requiring an authentication ticket for accessing a specific service provider'"'"'s server;
second receiving means for receiving an authentication reply including said authentication ticket from said authentication server, third transmitting means for transmitting service request information requiring a service provision together with said received authentication ticket, to said specific service provider'"'"'s server, third receiving means for receiving an authentication reply indicating the authentication approval from the service provider'"'"'s server, when said authentication ticket is determined as authorized by said service provider'"'"'s server.
-
-
20. A program for effecting functions of a terminal unit which is connected with an authentication server and a plurality of service provider'"'"'s servers via a network, said program effecting functions of the terminal unit in such a manner that said terminal unit
transmits authentication request information requiring user authentication to said authentication server, receives an authentication reply from said authentication server, transmits to said authentication server, in accordance with said authentication reply, authentication ticket request information requiring an authentication ticket for accessing a specific service provider'"'"'s server, receives an authentication reply including said authentication ticket from said authentication server, transmits service request information requiring a service provision, together with said received authentication ticket, to said specific service provider'"'"'s server, receives an authentication reply indicating the authentication approval from said service provider'"'"'s server, when said authentication ticket is determined as authorized by said service provider'"'"'s server.
Specification