AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND AUTHENTICATION DATA GENERATION PROGRAM

US 20090239502A1
Filed: 12/05/2005
Published: 09/24/2009
Est. Priority Date: 12/08/2004
Status: Active Grant

First Claim

Patent Images

1-40. -40. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication system according to the present invention includes an AAA server configured to be connected to the mobile network; a terminal device configured to be connected to the mobile network and be authenticated by the AAA server; and a PC configured to be connected to the terminal device through a short distance radio communication network. The PC transmits an identification data for identifying the PC itself to the terminal device through the short distance radio communication network. The terminal device authenticates the PC to access the mobile network on the basis of the identification data, and transmits an authentication data for accessing the mobile network to the AAA server. The AAA server performs an authentication that the PC accesses to the mobile network by using the authentication data. The authenticated PC accesses the mobile network through the Internet.

91 Citations

View as Search Results

80 Claims

1-40. -40. (canceled)

41. An authentication system comprising;
- an authentication server;
  
  a terminal device configured to be connected to said authentication server and be authenticated by said authentication server; and
  
  a peripheral device configured to be connected to said terminal device, wherein ‘
  
  said peripheral device transmits an identification data for identifying said peripheral device itself to said terminal device, said terminal device performs a first authentication on the basis of said identification data, and transmits an authentication data to said authentication server if said terminal device determines that said peripheral device is authenticated, and said authentication server performs a second authentication with respect to said peripheral device by using said authentication data.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 53, 54)
- - 42. The authentication system according to claim 41, further comprising:
    - a personal group management server configured to be connected to said terminal device, wherein said personal group management server relates said terminal device to a peripheral device which is authenticated in said first authentication of said terminal device so as to register and store as a personal group list, and transmits said personal group list to said terminal device.
  - 43. The authentication system according to claim 42, wherein said authentication server notifies a peripheral device which is authenticated of a personal group management server address which is an address of said personal group management server on said basis of said authentication data, said peripheral device transmits a peripheral device identifying data for identifying said peripheral device and a terminal device identifying data for identifying said terminal device to said personal group management server on said basis of said personal group management server address, and said personal group management server generates said personal group list by relating said peripheral device identifying data to said terminal device identifying data.
  - 44. The authentication system according to claim 41, wherein said peripheral device transmits a peripheral device identifying data for identifying itself to said terminal device when said peripheral device accesses to a terminal device, said terminal device performs said first authentication on the basis of said peripheral device identifying data, generates an authentication data by using said peripheral device identifying data if determining that said peripheral device is said authenticated, and transmits said authentication data to said authentication server and said peripheral device, and said authentication server performs said second authentication by comparing an authentication data stored in said peripheral device with said authentication data transmitted from said terminal device.
  - 45. The authentication system according to claim 44, wherein said peripheral device transmits a peripheral device name which is a name of said peripheral device itself and a peripheral device address which is an address of said peripheral device itself as said peripheral device identifying data to said terminal device when said peripheral device accesses to said terminal device, and said terminal device generates said authentication data by using said peripheral device name and said peripheral device address of said peripheral device which is authenticated.
  - 46. The authentication system according to claim 45, wherein said terminal device relates an peripheral device ID for identifying a peripheral device which is authenticated in a first authentication to an authentication data generated on the basis of said peripheral device identifying data so as to transmit to said peripheral device and said authentication server, said peripheral device transmits an authentication data to which said peripheral device ID is added to said authentication server, and said authentication server executes said second authentication by comparing an authentication data owned with an authentication data received from said peripheral device ID on the basis of said peripheral device ID.
  - 47. The authentication system according to claim 41, wherein said peripheral device transmits an authentication data owned by itself as said identification data to said terminal device, when said peripheral device accesses said terminal device, said terminal device executes said first authentication on the basis of an authentication data transmitted by said peripheral device, and if an authentication data which is consistent with said authentication data exists, said terminal device is authenticated and transmits said authentication data to said authentication server, and said authentication server executes said second authentication with respect to said peripheral device by using an authentication data transmitted by said terminal device.
  - 48. The authentication system according to claim 47, wherein said terminal device transmits a peripheral device address and said authentication data to said authentication server, said authentication server refers to said peripheral device address, accesses said peripheral device to obtain said authentication data, and executes second authentication by comparing said authentication data with said authentication data obtained from said terminal device.
  - 49. The authentication system according to claim 41, wherein said terminal device and said peripheral device are connected by radio channels.
  - 50. The authentication system according to claim 41, wherein said terminal device is a mobile terminal, which is mobile.
  - 53. The authentication system according to claim 41, further comprising:
    - a first communication system configured to be accessible by said terminal device, wherein said authentication server is connected to said first communication system, and executes said second authentication for allowing said peripheral device to access said first communication system by using said authentication data, said peripheral device which is authenticated to access in said second authentication accesses said first communication system.
  - 54. The authentication system according to claim 53, further comprising:
    - a second communication system configured to be connected to said first communication system, wherein said peripheral device is connected to said second communication system and receives said second authentication for access to said first communication system via said second communication system.

51. An authentication system comprising:
- an authentication server;
  
  a terminal device configured to be connected to said authentication server and be authenticated by said authentication server; and
  
  a peripheral device configured to be connected to said terminal device, wherein said authentication server performs a second authentication with respect to said peripheral device by using an authentication data which is transmitted to said authentication server by said terminal device.

52. An authentication system comprising:
- an authentication server;
  
  a terminal device configured to be connected to said authentication server and be authenticated by said authentication server; and
  
  a peripheral device configured to be connected to said terminal device, wherein said peripheral device transmits an identification data which identifies itself to said terminal device, and said terminal device performs a first authentication on the basis of said identification data.

55. A handover system comprising:
- an authentication system, wherein said authentication system includes;
  
  an authentication server, a terminal device configured to be connected to said authentication server and be authenticated by said authentication server, a peripheral device configured to be connected to said terminal device, and a first communication system configured to be accessible by said terminal device,; and
  
  a session control device configured to be connected to said first communication system, wherein said peripheral device transmits an identification data for identifying said peripheral device itself to said terminal device, said terminal device performs a first authentication on the basis of said identification data, and transmits an authentication data to said authentication server if said terminal device determines that said peripheral device is authenticated said authentication server, which is connected to said first communication system, performs a second authentication with respect to said peripheral device for allowing said peripheral device to access said first communication system by using said authentication data, and said peripheral device which is authorized to access in said second authentication accesses said first communication system, wherein said session control device switches a session between said terminal device and said first communication system to a session between said peripheral device which is authenticated in said authentication and said first communication system, in response to a connection destination switching request from said terminal device which is communicating with said first communication system.
- View Dependent Claims (56, 57, 58, 59, 60)
- - 56. The handover system according to claim 55, wherein said terminal device issues a connection destination switching request for changing a connection destination to said peripheral device to said session control device, said session control device issues a member confirmation signal to said personal group management server, said personal group management server refers to said personal group list in accordance with said member confirmation signal, and issues an authentication request to said authentication server if said peripheral device is related to said terminal device, said authentication server authenticates said peripheral device by using said authentication data in response to said authentication request, and said session control device switches said session between said first communication system and said terminal device, to said session between said peripheral device which is authenticated in said authentication and said first communication system.
  - 57. The handover system according to claim 55, wherein said terminal device issues a connection destination switching request to said peripheral device, said peripheral device transmits said authentication data to said authentication server in response to said connection destination switching request, said authentication server authenticates said peripheral device by using said authentication data, and said session control device switches said session between said first communication system and said terminal device, to said session between said peripheral device which is authenticated in said authentication and said first communication system on the basis of said authentication.
  - 58. The handover system according to claim 55, further comprising:
    - a data distribution server configured to be connected to said first communication system, and transmit data to said terminal device, wherein said session control device switches a session between a terminal device which is receiving said data and said data distribution server to a session between said peripheral device and said data distribution server in response to said connection destination switching request from said terminal device, and said data distribution server continuously transmits said data to said peripheral device.
  - 59. The handover system according to claim 55, further comprising;
    - a second communication system configured to be connected to said first communication system, wherein said peripheral device is connected to said second communication system, and said session control device switches a connection between said terminal device and said first communication system to a connection between said peripheral device and said communication system through said first communication system and said second communication system in response to said communication destination switching request.
  - 60. The handover system according to claim 55, wherein a connection between said peripheral device and said first communication system is disconnected, when a connection between said terminal device and said peripheral device through said communication channel is disconnected.

61. A terminal device which is authenticated by an authentication server, comprising:
- an HA transmitting and receiving section configured to receive a peripheral device data which identifies a peripheral device from said peripheral device;
  
  a device data database configured to store peripheral device data of accessible peripheral devices an access determining section configured to output said peripheral device data when said peripheral device data received at said HA transmitting and receiving section coincides with any of said peripheral device data stored in said device data database; and
  
  an authentication data generating section configured to generate an authentication data used for authentication of said peripheral device by said authentication server on the basis of said peripheral device data outputted by said access determining section.

62. A terminal device which is authenticated by an authentication server, comprising:
- an HA transmitting and receiving section configured to receive peripheral device data which identify peripheral devices from said peripheral devices;
  
  a display section configured to display said peripheral device data;
  
  a device data database configured to store said peripheral device data;
  
  an input unit configured to select an accessible peripheral device from said displayed peripheral device data;
  
  an access determining section configured to extract a displayed peripheral device data corresponding to said selected displayed peripheral device from said device data database; and
  
  an authentication data generating section configured to generate an authentication data used for authentication of said peripheral device by said authentication server on the basis of said peripheral device data.
- View Dependent Claims (63)
- - 63. The terminal device according to claim 62, further comprising:
    - an input device; and
      
      a random number generating section, wherein said authentication data generating section generates an authentication data by using an authentication key supplied by said input device, a random number outputted by said random number generating section and said peripheral device data.

64. A terminal device which is authenticated by an authentication server, comprising:
- an HA transmitting and receiving section configured to receive a first authentication data and a peripheral device data which identifies a peripheral device from said peripheral device; and
  
  an authentication data database configured to store second authentication data used for authentication by said authentication server and peripheral device data of peripheral devices, said second authentication data and said peripheral device data are related to each other, wherein a peripheral device data and a first authentication data received from a peripheral device are compared with said peripheral device data and said second authentication data stored in said authentication data database to output identical peripheral device data and authentication data.

65. An authentication method, comprising:
- a terminal device, which is authenticated by an authentication server, connecting to a peripheral device;
  
  said peripheral device transmitting an identification data for identifying itself to said terminal device;
  
  said terminal device determining whether or not it is authenticated in a first authentication on the basis of said identification data;
  
  said terminal device transmitting an authentication data for performing a second authentication to said authentication server when determining it is authenticated in said first authentication; and
  
  said authentication server performing a second authentication with respect to said peripheral device by using said authentication data.
- View Dependent Claims (66, 67, 68, 69, 70)
- - 66. The authentication method according to claim 65, further comprising:
    - said peripheral device accessing to said terminal device;
      
      said peripheral device transmitting a peripheral device name which is a name of said peripheral device itself and a peripheral device address which is an address of said peripheral device itself to said terminal device;
      
      said terminal device generating said authentication data on the basis of said peripheral device name and said peripheral device address, and transmitting said authentication data to said authentication server and said peripheral device.
  - 67. The authentication method according to claim 66, further comprising:
    - said peripheral device transmitting an authentication data owned by itself, a peripheral device name which is a name of said peripheral device itself and a peripheral device address which is an address of said peripheral device itself to said terminal device, when said peripheral device accesses said terminal device;
      
      said terminal device comparing an authentication data owned by itself with an authentication data received from said peripheral device; and
      
      said terminal device transmitting an authentication data which is consistent in said comparison.
  - 68. The authentication method according to claim 65, further comprising:
    - said peripheral device accessing a communication system, wherein said peripheral device which is authenticated in said second authentication.
  - 69. The authentication method according to claim 65, further comprising:
    - registering a personal group list in said communication side, wherein said personal group list relates a peripheral device which is authenticated in said determination whether or not it is authenticated in said first authentication to a terminal device which authenticates said peripheral device;
      
      transmitting said personal group list related to said terminal device to said terminal device; and
      
      said terminal device storing said personal group list.
  - 70. The authentication method according to claim 69, further comprising:
    - a peripheral device, which is authenticated in said determination whether or not it Is authenticated in said first authentication, transmitting data for identifying said peripheral device and data for identifying a terminal device which authenticates said peripheral device;
      
      generating said personal group list by relating data for identifying said peripheral device to data for identifying a terminal device which authenticates said peripheral device.

71. A method of generating an authentication data, comprising:
- acquiring a peripheral device data for identifying a peripheral device from said peripheral device;
  
  determining whether or not it is authenticated in a first authentication by comparing a peripheral device data which is owned by itself and is a data of a peripheral device with said acquired peripheral device data;
  
  outputting a peripheral device data of a peripheral device which is authenticated in said determination whether or not it is authenticated in said first authentication; and
  
  generating an authentication data used for a determination whether or not it is authenticated in a second authentication.
- View Dependent Claims (73, 74)
- - 73. The method of generating an authentication data according to claim 71, wherein said peripheral device data is a peripheral device name which is a name for identifying a peripheral device and a peripheral device address which is an address of a peripheral device.
  - 74. The method of generating an authentication data according to claim 71, further comprising:
    - inputting an authentication key; and
      
      generating a random number, wherein said step of generating said authentication data includes;
      
      generating said authentication data by using said authentication key, said random number and said peripheral device data.

72. A method of generating an authentication data, comprising:
- receiving peripheral device data which identify peripheral devices from said peripheral devices;
  
  displaying said peripheral device data;
  
  storing said peripheral device data;
  
  selecting a peripheral device which is authenticated from said displayed peripheral device data;
  
  an access determining section configured to extract a displayed peripheral device data corresponding to said selected displayed peripheral device from said device data database; and
  
  generating an authentication data used for authentication of said peripheral device by said authentication server on the basis of said peripheral device data.

75. A method of generating an authentication data, comprising:
- receiving an authentication data and a peripheral device data which identifies a peripheral device from said peripheral device; and
  
  comparing a peripheral device data and an authentication data received from said peripheral device with a peripheral device data owned by itself and an authentication data used for determination whether or not said peripheral device is authenticated in a first authentication by said authentication server, and when they coincide, outputting said authentication data as an authentication data used for determination whether or not said peripheral device is authenticated in a second authentication by a authentication server to said authentication server.
- View Dependent Claims (76)
- - 76. The method of generating an authentication data according to claim 75, wherein said peripheral device data is a peripheral device name which is a name for identifying a peripheral device and a peripheral device address which is an address of a peripheral device.

77. A peripheral device which is connected to a second communication system, comprising:
- an interface configured to be connected through a communication channel to a terminal device accessible to a first communication system;
  
  a transmitting and receiving section configured to transmit an identification data of itself through said interface to said terminal device, and receive an authentication data, which is generated on the basis of said identification data, used for access to said first communication system from said terminal device; and
  
  a connection section configured to transmit said authentication data through said second communication system to said first communication system, and perform connection process with said first communication system.
- View Dependent Claims (78, 79, 80)
- - 78. The peripheral device according to claim 77, wherein said identification data is a name of itself or an address of itself.
  - 79. The peripheral device according to claim 77, wherein said identification data includes an authentication data for a connection to said terminal device.
  - 80. The peripheral device according to claim 77, further comprising:
    - a register section configured to register a personal group which relates said terminal device permits a connection to said first communication system to a peripheral device name of itself, wherein said transmitting and receiving section receives an address of a personal group management server from said first communication system, and said register section on the basis of said address transmits an identifier of said terminal device and said peripheral device name to said first communication system and registers said personal group.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NEC Corporation
Original Assignee
NEC Corporation
Inventors
Dempo, Hiroshi, Fujino, Shozo

Granted Patent

US 8,150,370 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 12/40052   High-speed IEEE 1394 serial...

H04L 2209/80   Wireless network architectu...

H04L 63/0492   by using a location-limited...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0853   using an additional device,...

H04L 63/0884   by delegation of authentica...

H04L 65/1073   Registration or de-registra...

H04L 65/1093   by adding participants; by ...

H04L 65/1094   Inter-user-equipment sessio...

H04L 65/612   for unicast

H04L 67/148   Migration or transfer of se...

H04L 9/321   involving a third party or ...

H04L 9/3271   using challenge-response

H04M 1/66   with means for preventing u...

H04M 1/72412   using two-way short-range w...

H04W 12/062   Pre-authentication

H04W 36/0038   of security context informa...

AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND AUTHENTICATION DATA GENERATION PROGRAM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

91 Citations

80 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND AUTHENTICATION DATA GENERATION PROGRAM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

91 Citations

80 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links