AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, AND SUB-AUTHENTICATION SERVER

US 20110202985A1
Filed: 04/21/2011
Published: 08/18/2011
Est. Priority Date: 10/23/2008
Status: Active Grant

First Claim

Patent Images

1. An authentication system, comprising:

an authentication server that stores authentication information to be used for authentication;

a sub-authentication server; and

a terminal, whereinthe authentication server includes an authentication information transmitting unit that transmits authentication information used to authenticate the transmission origin of an authentication request, to the sub-authentication server, when receiving the authentication request,the authentication server and/or the sub-authentication server includes an identification information transmitting unit that transmits identification information to identify the sub-authentication server to which the authentication information is transmitted by the authentication information transmitting unit, to the terminal that transmits the authentication request,the terminal includesa transmission destination storage unit that stores identification information to identify the transmission destination of the authentication request;

an authentication request transmitting unit that transmits the authentication request to the transmission destination identified with the identification information stored by the transmission destination storage unit; and

an update unit that updates the identification information stored in the transmission destination storage unit using the identification information transmitted by the identification information transmitting unit, when receiving the identification information, andthe sub-authentication server includesan authentication information storage unit that stores the authentication information transmitted from the authentication information transmitting unit to the sub-authentication server; and

an authentication unit that authenticates the transmission origin of the authentication request using the authentication information stored in the authentication information storage unit, when receiving the authentication request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication server transmits authentication information used to authenticate the transmission origin of an authentication request, to a sub-authentication server, when receiving the authentication request. The authentication server transmits identification information to identify the sub-authentication server to which the authentication information is transmitted, to a terminal. The terminal includes a transmission destination storage unit that stores identification information to identify the transmission destination of the authentication request and transmits the authentication request to the transmission destination identified with the identification information stored by the transmission destination storage unit. The terminal updates the identification information using the identification information, when receiving the identification information. The sub-authentication server includes an authentication information storage unit that stores the authentication information transmitted from the authentication server to the sub-authentication server, and authenticates the transmission origin of the authentication request using the stored authentication information, when receiving the authentication request.

Citations

15 Claims

1. An authentication system, comprising:
- an authentication server that stores authentication information to be used for authentication;
  
  a sub-authentication server; and
  
  a terminal, whereinthe authentication server includes an authentication information transmitting unit that transmits authentication information used to authenticate the transmission origin of an authentication request, to the sub-authentication server, when receiving the authentication request,the authentication server and/or the sub-authentication server includes an identification information transmitting unit that transmits identification information to identify the sub-authentication server to which the authentication information is transmitted by the authentication information transmitting unit, to the terminal that transmits the authentication request,the terminal includesa transmission destination storage unit that stores identification information to identify the transmission destination of the authentication request;
  
  an authentication request transmitting unit that transmits the authentication request to the transmission destination identified with the identification information stored by the transmission destination storage unit; and
  
  an update unit that updates the identification information stored in the transmission destination storage unit using the identification information transmitted by the identification information transmitting unit, when receiving the identification information, andthe sub-authentication server includesan authentication information storage unit that stores the authentication information transmitted from the authentication information transmitting unit to the sub-authentication server; and
  
  an authentication unit that authenticates the transmission origin of the authentication request using the authentication information stored in the authentication information storage unit, when receiving the authentication request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The authentication system according to claim 1,wherein the sub-authentication server includes a plurality of sub-authentication servers,the authentication request is to request to authenticate biometric information of a user using the terminal,the authentication unit of the sub-authentication server performs the authentication using the authentication information stored in the authentication information storage unit,the authentication server further includes a selection unit that verifies the authentication information to authenticate the transmission origin of the authentication request using the authentication information stored by the authentication information storage unit, for each sub-authentication server, when receiving the authentication request, and selects the sub-authentication server where a degree of similarity calculated as a verification result becomes a predetermined threshold value or less, andthe authentication information transmitting unit transmits the authentication information to the sub-authentication server selected by the selection unit.
  - 3. The authentication system according to claim 2, further comprising:
    - a management terminal that manages the authentication system,wherein the authentication server and/or the management terminal includes;
      
      a deletion unit that deletes a part of the authentication information stored by the authentication information storage unit, with respect to the sub-authentication server where the frequency of performing the authentication by the authentication unit is high as compared with the other sub-authentication servers;
      
      a storage unit that stores the authentication information deleted by the deletion unit in the authentication information storage unit, with respect to the sub-authentication server where the frequency of performing the authentication by the authentication unit is low as compared with the other sub-authentication servers; and
      
      an identification information re-transmitting unit that transmits identification information to identify the sub-authentication server becoming the storage destination where the authentication information is stored by the storage unit, to the transmission origin authenticated using the authentication information deleted by the deletion unit, andthe terminal further includes a re-update unit that updates the identification information stored in the transmission destination storage unit using the identification information transmitted by the identification information re-transmitting unit, when receiving the identification information.
  - 4. The authentication system according to claim 3, further comprising:
    - a determination unit that determines whether a current state is a state where the empty capacity of the authentication information storage unit needs to be increased; and
      
      a deletion unit that deletes a part of the authentication information stored in the authentication information storage unit, when it is determined by the determination unit that the current state is the state where the empty capacity needs to be increased.
  - 5. The authentication system according to claim 4,wherein the authentication information storage unit stores a valid period of the authentication information with respect to each piece of authentication information, andthe sub-authentication server further includes a deletion unit that deletes the authentication information where the valid period expires, from the authentication information storage unit.
  - 6. The authentication system according to claim 5,wherein the authentication information storage unit stores the authentication information in a cache, andthe sub-authentication server including a disk device further includes a backup unit that backs up the authentication information stored in the authentication information storage unit in the disk device.
  - 7. The authentication system according to claim 6,wherein the disk device stores the authentication information that is transmitted by the authentication information transmitting unit, when the empty capacity does not exist in the authentication information storage unit, andthe authentication unit performs the authentication using the authentication information stored in the authentication information storage unit and the disk device.
  - 8. The authentication system according to claim 7,wherein the sub-authentication server further includes:
    - a log information storage unit that temporarily stores log information related to the authentication performed by the sub-authentication server, anda log transmitting unit that transmits the log information stored in the log information storage unit to the authentication server, according to a predetermined policy.
  - 9. The authentication system according to claim 8,wherein the identification information storage unit stores identification information to identify the authentication server, separately from the identification information transmitted by the identification information transmitting unit.
  - 10. The authentication system according to claim 9,wherein each of the authentication server and the sub-authentication server includes an authentication program storage unit that stores an authentication program to be used for the authentication,the authentication server further includes a program transmitting unit that, when the authentication program stored in the authentication program storage unit of the authentication server is updated, transmits the updated authentication program to the sub-authentication server, andthe sub-authentication server further includes an authentication program update unit that updates the authentication program stored in the authentication program storage unit of the sub-authentication server, using the authentication program transmitted by the program transmitting unit, when receiving the authentication program.
  - 11. The authentication system according to claim 10,wherein the authentication server, the sub-authentication server, and the terminal store information in an encrypted state.
  - 12. The authentication system according to claim 11,wherein the authentication server, the sub-authentication server, and the terminal encrypt information and transmit the information, and decrypt the encrypted information, when receiving the encrypted information.
  - 13. The authentication system according to claim 1,wherein the authentication server further includes an attribute information storage unit that stores attribute information of a user authenticated by the authentication information, for each piece of authentication information;
    - and an attribute use selecting unit that selects the same sub-authentication server for each kind of the attribute information, using the attribute information stored in the attribute information storage unit corresponding to the authentication information used to authenticate the authentication request, when receiving the authentication request, andthe authentication information transmitting unit transmits the authentication information to the sub-authentication server selected by the selection unit.

14. An authentication server, comprising:
- a storage unit that stores authentication information to be used for authentication;
  
  an authentication information transmitting unit that transmits the authentication information used to authenticate the transmission origin of an authentication request and stored in the storage unit, to a sub-authentication server, when receiving the authentication request; and
  
  an identification information transmitting unit that transmits identification information to identify the sub-authentication server to which the authentication information is transmitted by the authentication information transmitting unit, to a terminal that transmits the authentication request to the transmission destination identified with the identification information and is the transmission origin of the received authentication request.

15. An authentication method comprising:
- transmitting authentication information used to authenticate the transmission origin of an authentication request to a sub-authentication server, when receiving the authentication request,transmitting identification information to identify the sub-authentication server to which the authentication information is transmitted to a terminal that transmits the authentication request,transmitting the authentication request to the transmission destination identified with the identification information stored by the transmission destination storage unit;
  
  updating the identification information stored in the transmission destination storage unit using the transmitted identification information, when receiving the identification information; and
  
  authenticating the transmission origin of the authentication request using the transmitted authentication information transmitted, when receiving the authentication request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
KAMAKURA, KEN

Granted Patent

US 8,782,760 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/7
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2151   Time stamp

H04L 63/08   for authentication of entit...

AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, AND SUB-AUTHENTICATION SERVER

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, AND SUB-AUTHENTICATION SERVER

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links