AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND TERMINAL DEVICE

US 20090271630A1
Filed: 05/12/2008
Published: 10/29/2009
Est. Priority Date: 05/16/2007
Status: Active Grant

First Claim

Patent Images

1. An authentication method for authenticating a third node which applies to participate in a workgroup comprised of a first node and a second node which are in a network system, the authentication method comprising the steps of:

transmitting a temporary authentication ticket including a digital signature of the third node from the third node to the first node;

authenticating the third node by the first node based on the digital signature of the temporary authentication ticket received from the third node;

transmitting a password for participating in the workgroup from the third node to the first node;

verifying by the first node the password received from the third node;

generating a regular authentication ticket by the first node by adding a digital signature of the first node to the temporary authentication ticket to transmit the regular authentication ticket to the third node in a case where the third node has been successfully authenticate based on the digital signature, and the password is correct;

transmitting from the third node to the second node the regular authentication ticket received from the third node;

authenticating the first node and the third node by the second node based on the digital signatures of the regular authentication ticket received from the third node; and

causing the second node to permit the third node to access, as a node of the workgroup, the second node in a case where the first node and the third node have been successfully authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are an authentication method, authentication system and a terminal device in which the authentication of a non-participating third node is can be simplified and can be executed in the case of multicast by using an authentication ticket in a distributed processing network system, the non-participating third node being intended to access each of the nodes, including a first and a second node, constituting a workgroup. The first node that has already participated in the workgroup authenticates the third node intended to participate in the workgroup and issues the authentication ticket including the signatures of both nodes, and when the authentication ticket is submitted to the second node, the second node permits the third node to access, without password-based-authentication, by authenticating the first node and the second node which have signed the authentication ticket.

22 Citations

View as Search Results

13 Claims

1. An authentication method for authenticating a third node which applies to participate in a workgroup comprised of a first node and a second node which are in a network system, the authentication method comprising the steps of:
- transmitting a temporary authentication ticket including a digital signature of the third node from the third node to the first node;
  
  authenticating the third node by the first node based on the digital signature of the temporary authentication ticket received from the third node;
  
  transmitting a password for participating in the workgroup from the third node to the first node;
  
  verifying by the first node the password received from the third node;
  
  generating a regular authentication ticket by the first node by adding a digital signature of the first node to the temporary authentication ticket to transmit the regular authentication ticket to the third node in a case where the third node has been successfully authenticate based on the digital signature, and the password is correct;
  
  transmitting from the third node to the second node the regular authentication ticket received from the third node;
  
  authenticating the first node and the third node by the second node based on the digital signatures of the regular authentication ticket received from the third node; and
  
  causing the second node to permit the third node to access, as a node of the workgroup, the second node in a case where the first node and the third node have been successfully authenticated.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The authentication method of claim 1, wherein the temporary authentication ticket includes information about the workgroup.
  - 3. The authentication method of claim 1, information of the digital signature of the third node includes identification information unique to the third node.
  - 4. The authentication method of claim 1, wherein the first node inquires of an authentication node about information of the digital signature of the third node when the first node authenticates the third node based on the digital signature of the temporary authentication ticket
  - 5. The authentication method of claim 1, wherein the second node inquires of an authentication node about information of the digital signatures of the first node and the third node when the second node authenticates the first node and the third node based on the digital signatures of the regular authentication ticket.
  - 6. The authentication method of claim 1, wherein the regular authentication ticket is invalidated in a certain time period, and the second node does not permit the third node to access, as a node of the workgroup, the second node when the second node has received the invalidated regular authentication ticket from the third node.

7. An authentication system for authenticating a third node which applies to participate in a workgroup comprised of a first node and a second node which are in a network system, the authentication system comprising:
- the first node;
  
  the first node including;
  
  a first authentication section which is adapted to authenticate the third node based on a digital signature of a temporary authentication ticket received from the third node;
  
  a password verification section which is adapted to verify a password received from the third node;
  
  a first authentication ticket generating section which is adapted to add a digital signature of the first node to the temporary authentication ticket to generate a regular authentication ticket therefrom when the first authentication section has successfully authenticated, and the password verification section has successfully verified the password; and
  
  a first authentication ticket transmitting section which is adapted to transmit to the third node the regular authentication ticket generated by the first authentication ticket generating section,the second node;
  
  the second node including;
  
  a second authentication section which is adapted to authenticate the first node and the third node based on digital signatures of the regular authentication ticket received from the third node; and
  
  a permission section which is adapted to permit the third node to access, as a node of the workgroup, the second node when the second node has successfully authenticated the first node and the third node, andthe third node;
  
  the third node including;
  
  a second authentication ticket generating section which is adapted to generate the temporary ticket including the digital signature of the third node;
  
  a second authentication ticket transmitting section which is adapted to transmit to the first node the temporary authentication ticket generated by the second authentication ticket generating section;
  
  a password transmission section which is adapted to transmit to the first node the password for participating in the workgroup;
  
  a storage section which is adapted to store the regular authentication ticket received from the first node; and
  
  a third authentication ticket transmitting section which is adapted to transmit the regular authentication ticket to the second node when the third node applies to access the second node.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The authentication system of claim 7, wherein the temporary authentication ticket includes information about the workgroup.
  - 9. The authentication system of claim 7, information of the digital signature of the third node includes identification information unique to the third node.
  - 10. The authentication system of claim 7, comprising:
    - an authentication node of which the first authentication section of the first node inquires about information of the digital signature of the third node when the first authentication section of the first node authenticates the third node based on the digital signature of the temporary authentication ticket.
  - 11. The authentication system of claim 7, comprising:
    - an authentication node of which the second authentication section of the second node inquires about information of the digital signatures of the first node and the third node when the second authentication section authenticates the first node and the third node based on the digital signatures of the regular authentication ticket.
  - 12. The authentication system of claim 7, wherein the regular authentication ticket is invalidated in a certain time period, and the second node does not permit the third node to access, as a node of the workgroup, the second node when the second node has received the invalidated regular authentication ticket from the third node.

13. A terminal device which functions as a node for constituting a workgroup on a network, the terminal device comprising:
- a second authentication ticket generating section which is adapted to generate a temporary authentication ticket including a digital signature of the terminal device when the terminal device is not in the workgroup;
  
  a second authentication ticket transmitting section which is adapted to transmit the temporary authentication ticket generated by the second authentication ticket generating section to a first node constituting the workgroup;
  
  a password transmission section which is adapted to transmit to the first node a password for participating in the workgroup;
  
  a storage section which is adapted to receive and store a regular authentication ticket which has been generated in the first node after the terminal device was authenticated by the first node;
  
  a second authentication ticket transmitting section which is adapted to transmit the regular authentication ticket stored in the storage section to a second node when the terminal device accesses the second node;
  
  a first authentication section which is adapted to authenticate a third node based on a digital signature of a temporary authentication ticket received, when the terminal device is in the workgroup, from the third node;
  
  a password verification section which is adapted to verify a password received from the third node;
  
  a first authentication ticket generating section which is adapted to add the digital signature of the terminal device to the temporary authentication ticket received from the third node to generate a regular authentication ticket when the first authentication section has successfully authenticated the third node, and the password verification section has successfully verified the password received from the third node;
  
  a first authentication ticket transmitting section which is adapted to transmit to the third node the regular authentication ticket generated by the first authentication ticket generating section;
  
  a second authentication section which is adapted to authenticate a forth node and a fifth node based on digital signatures of a regular authentication ticket received, when the terminal device is in the workgroup, from the fourth node, the received regular authentication ticket including a digital signature of the fifth node,a permission section which is adapted to permit the fourth node to access, as a node of the workgroup, the terminal device when the second authentication section has successfully authenticated the fourth node and the fifth node.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Konica Minolta Holdings Incorporated (Konica Minolta Inc.)
Original Assignee
Konica Minolta Holdings Incorporated (Konica Minolta Inc.)
Inventors
Kitamura, Masahiro, Yoshida, Hiroki, Deishi, Satoshi

Granted Patent

US 7,975,293 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/33   using certificates

G06F 21/41   where a single sign-on prov...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/104   Grouping of entities

H04L 9/3213   using tickets or tokens, e....

H04L 9/3226   using a predetermined code,...

H04L 9/3247   involving digital signatures

AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND TERMINAL DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

22 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND TERMINAL DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

22 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links