SERVICE PROVIDING SYSTEM AND UNIT DEVICE

US 20130246281A1
Filed: 05/10/2013
Published: 09/19/2013
Est. Priority Date: 11/10/2010
Status: Abandoned Application

First Claim

Patent Images

1. A service providing system comprising:

a plurality of unit devices which independently execute authentication constituting processes constituting authentication processing that uses biometric authentication;

a unit integrating device which has each of the unit devices provided therein or externally connected thereto to communicate with each of the unit devices;

a user terminal which has the unit integrating device provided therein or externally connected thereto to communicate with the unit integrating device;

a verifying device which verifies the execution contents of each of the authentication constituting processes in accordance with an authenticator; and

a service providing device which communicates with the user terminal and the verifying device,each of the unit devices comprisingan equipment certificate storage module which stores an equipment certificate issued to each of the unit devices by an equipment certificate issuer in accordance with a public key encryption method, the equipment certificate including an equipment certificate body and a digital signature generated for the equipment certificate body by a secret key to the equipment certificate issuer, the equipment certificate body including identification information for a public key of or for secret information to generate a message authentication code of the unit device to which the authentication constituting process belongs, unit device specifying information to specify the unit device to which the authentication constituting process belongs, and equipment certificate issuer information to specify the equipment certificate issuer,an evaluation report storage module which stores an evaluation report, the evaluation report including the unit device specifying information of the unit device used for the execution of the authentication constituting process, biometric authentication constituting process information to specify a biometric authentication constituting process including a biometric authentication algorithm, and biometric authentication accuracy indicating the accuracy of the biometric authentication by the biometric authentication algorithm,a secret information storage module which stores secret information to generate the authenticator,an authentication constituting process executing module which executes the authentication constituting process when each of the unit devices receives, from the unit integrating device, an authentication constituting process execution request to request the execution of the authentication constituting process,an authenticator generating module which generates the authenticator by the use of the secret information in accordance with the equipment certificate, the evaluation report, the challenge value, and a hash value of the execution contents,an authentication context generating module which generates an authentication context, the equipment certificate, the evaluation report, the challenge value, the hash value of the execution contents, and the authenticator being described in the authentication context in a specific format,an authentication constituting process result information generating module which generates authentication constituting process result information in which the authentication context and the execution result of the authentication constituting process are described in a specific format, anda result information sending module which sends the authentication constituting process result information to the unit integrating device,at least one of the unit devices further comprisinga user identification information certificate storage module which stores a user identification information certificate issued to a user of the user terminal by a third-party organization in accordance with a public key encryption method, the user identification information certificate including a certificate body and a digital signature generated for the certificate body by a secret key to the third-party organization, the certificate body including user identification information to identify the user, a hash value of biometric referential information for the user, and the third-party organization information to identify the third-party organization,the authenticator generating module of at least one of the unit devices generating the authenticator by the use of the secret information in accordance with the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, and the hash value of the execution contents,the authentication context generating module of at least one of the unit devices generating an authentication context, the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, the hash value of the execution contents, and the authenticator being described in the authentication context in a specific format,the unit integrating device comprisinga device information storage module which stores, in association with one another, unit device specifying information for each of the unit devices, a function name indicating a function in an authentication constituting process executed by each of the unit devices, and a processing order indicating the order of processing the functions,a first authentication constituting process execution request sending module which sends the challenge value and the authentication constituting process execution request to the unit device specified by the unit device specifying information in accordance with the processing order and the unit device specifying information in the device information storage module in response to an authentication processing execution request to request the execution of the authentication processing and the challenge value from the user terminal,a second authentication constituting process execution request sending module which sends the challenge value and the authentication constituting process execution request to the unit device subsequent to the sending destination unit device in the processing order in accordance with the processing order and the unit device specifying information in the device information storage module in response to the authentication constituting process result information from the unit device which is a sending destination of the authentication constituting process execution request,an authentication processing result information generating module which generates authentication processing result information in accordance with the processing order and the unit device specifying information in the unit device constituting information in response to the authentication constituting process result information from the unit device which is a sending destination of the authentication constituting process execution request when the sending destination unit device is the last unit device in the processing order, the authentication context in the authentication constituting process result information received from each of the unit devices and the execution result in the authentication constituting process result information received from the last unit device in the processing order being described in the authentication processing result information in a specific format, andan authentication processing result information sending module which sends the authentication processing result information to the user terminal,the user terminal comprisinga service request sending module which sends, to the service providing device, a service request to request a service to the service providing device,an authentication processing execution request sending module which sends, to the unit integrating device, the challenge value and the authentication processing execution request in response to an authentication request which requests the user to perform the biometric authentication, and the challenge value from the service providing device,a transfer module which transfers, to the service providing device, authentication processing result information received from the unit integrating device, anda display module which displays service information received from the service providing device,the service providing device comprisinga user information storage module which stores, in association with each other, user identification information in the user identification information certificate, and service user identification information which has a value different from that of the user identification information to identify the user,a service providing policy storage module which stores a service providing policy indicating conditions for providing services to the user, the service providing policy including service identification information to identify the service, unit device specifying information used for the execution of the authentication constituting processes, biometric authentication constituting process information to specify a biometric authentication constituting process including a biometric authentication algorithm, and a reference value indicating a reference for regarding the accuracy of the biometric authentication by the biometric authentication algorithm as proper,an authentication request sending module which generates and holds the challenge value and sends the challenge value and the authentication request to the user terminal in response to a service request from the user terminal,a sending module which sends the held challenge value, the authentication processing result information, and the service providing policy to the verifying device in response to authentication processing result information from the user terminal,a read module which searches the user information storage module in accordance with the user identification information and reads service user identification information associated with the user identification information in response to user identification information and a verification result from the verifying device when the verification result is proper, anda service information sending module which sends the service information to the user terminal in accordance with the read service user identification information,the verifying device comprisinga public key storage module which stores a public key to the equipment certificate issuer of each of the unit devices and a public key to the third-party organization,a receiving module which receives, from the service providing device, the challenge value, the authentication processing result information, and the service providing policy,a format verifying module which verifies that the received authentication processing result information fits the specific format,an authenticator verifying module which verifies an authenticator in the authentication context described in the received authentication processing result information,an equipment certificate verifying module which verifies the digital signature in the equipment certificate included in the authentication context described in the received authentication processing result information in accordance with the public key to the equipment certificate issuer,a user identification information certificate verifying module which verifies the digital signature in the user identification information certificate included in the authentication context described in the received authentication processing result information in accordance with the public key to the third-party organization,an evaluation report verifying module which verifies the evaluation report included in the authentication context described in the received authentication processing result information in accordance with the received service providing policy,a challenge value verifying module which verifies the challenge value in the authentication context described in the received authentication processing result information in accordance with the received challenge value,an execution result verifying module which verifies that the execution result described in the received authentication processing result information is proper, anda user identification information sending module which sends, to the service providing device, the user identification information in the user identification information certificate used for the verification by the user identification information certificate verifying module and the verification result that indicates properness when all the verification results by the format verifying module, the authenticator verifying module, the equipment certificate verifying module, the user identification information certificate verifying module, the evaluation report verifying module, the challenge value verifying module, and the execution result verifying module are proper.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to one embodiment, the verifying device sends, to the service providing device, the user identification information in the user identification information certificate and the execution result that indicates properness when all the verification results are proper. the service providing device reads service user identification information associated with the user identification information in response to user identification information and a verification result. The service providing device sends the service information to the user terminal in accordance with the read service user identification information.

58 Citations

View as Search Results

7 Claims

1. A service providing system comprising:
- a plurality of unit devices which independently execute authentication constituting processes constituting authentication processing that uses biometric authentication;
  
  a unit integrating device which has each of the unit devices provided therein or externally connected thereto to communicate with each of the unit devices;
  
  a user terminal which has the unit integrating device provided therein or externally connected thereto to communicate with the unit integrating device;
  
  a verifying device which verifies the execution contents of each of the authentication constituting processes in accordance with an authenticator; and
  
  a service providing device which communicates with the user terminal and the verifying device,each of the unit devices comprisingan equipment certificate storage module which stores an equipment certificate issued to each of the unit devices by an equipment certificate issuer in accordance with a public key encryption method, the equipment certificate including an equipment certificate body and a digital signature generated for the equipment certificate body by a secret key to the equipment certificate issuer, the equipment certificate body including identification information for a public key of or for secret information to generate a message authentication code of the unit device to which the authentication constituting process belongs, unit device specifying information to specify the unit device to which the authentication constituting process belongs, and equipment certificate issuer information to specify the equipment certificate issuer,an evaluation report storage module which stores an evaluation report, the evaluation report including the unit device specifying information of the unit device used for the execution of the authentication constituting process, biometric authentication constituting process information to specify a biometric authentication constituting process including a biometric authentication algorithm, and biometric authentication accuracy indicating the accuracy of the biometric authentication by the biometric authentication algorithm,a secret information storage module which stores secret information to generate the authenticator,an authentication constituting process executing module which executes the authentication constituting process when each of the unit devices receives, from the unit integrating device, an authentication constituting process execution request to request the execution of the authentication constituting process,an authenticator generating module which generates the authenticator by the use of the secret information in accordance with the equipment certificate, the evaluation report, the challenge value, and a hash value of the execution contents,an authentication context generating module which generates an authentication context, the equipment certificate, the evaluation report, the challenge value, the hash value of the execution contents, and the authenticator being described in the authentication context in a specific format,an authentication constituting process result information generating module which generates authentication constituting process result information in which the authentication context and the execution result of the authentication constituting process are described in a specific format, anda result information sending module which sends the authentication constituting process result information to the unit integrating device,at least one of the unit devices further comprisinga user identification information certificate storage module which stores a user identification information certificate issued to a user of the user terminal by a third-party organization in accordance with a public key encryption method, the user identification information certificate including a certificate body and a digital signature generated for the certificate body by a secret key to the third-party organization, the certificate body including user identification information to identify the user, a hash value of biometric referential information for the user, and the third-party organization information to identify the third-party organization,the authenticator generating module of at least one of the unit devices generating the authenticator by the use of the secret information in accordance with the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, and the hash value of the execution contents,the authentication context generating module of at least one of the unit devices generating an authentication context, the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, the hash value of the execution contents, and the authenticator being described in the authentication context in a specific format,the unit integrating device comprisinga device information storage module which stores, in association with one another, unit device specifying information for each of the unit devices, a function name indicating a function in an authentication constituting process executed by each of the unit devices, and a processing order indicating the order of processing the functions,a first authentication constituting process execution request sending module which sends the challenge value and the authentication constituting process execution request to the unit device specified by the unit device specifying information in accordance with the processing order and the unit device specifying information in the device information storage module in response to an authentication processing execution request to request the execution of the authentication processing and the challenge value from the user terminal,a second authentication constituting process execution request sending module which sends the challenge value and the authentication constituting process execution request to the unit device subsequent to the sending destination unit device in the processing order in accordance with the processing order and the unit device specifying information in the device information storage module in response to the authentication constituting process result information from the unit device which is a sending destination of the authentication constituting process execution request,an authentication processing result information generating module which generates authentication processing result information in accordance with the processing order and the unit device specifying information in the unit device constituting information in response to the authentication constituting process result information from the unit device which is a sending destination of the authentication constituting process execution request when the sending destination unit device is the last unit device in the processing order, the authentication context in the authentication constituting process result information received from each of the unit devices and the execution result in the authentication constituting process result information received from the last unit device in the processing order being described in the authentication processing result information in a specific format, andan authentication processing result information sending module which sends the authentication processing result information to the user terminal,the user terminal comprisinga service request sending module which sends, to the service providing device, a service request to request a service to the service providing device,an authentication processing execution request sending module which sends, to the unit integrating device, the challenge value and the authentication processing execution request in response to an authentication request which requests the user to perform the biometric authentication, and the challenge value from the service providing device,a transfer module which transfers, to the service providing device, authentication processing result information received from the unit integrating device, anda display module which displays service information received from the service providing device,the service providing device comprisinga user information storage module which stores, in association with each other, user identification information in the user identification information certificate, and service user identification information which has a value different from that of the user identification information to identify the user,a service providing policy storage module which stores a service providing policy indicating conditions for providing services to the user, the service providing policy including service identification information to identify the service, unit device specifying information used for the execution of the authentication constituting processes, biometric authentication constituting process information to specify a biometric authentication constituting process including a biometric authentication algorithm, and a reference value indicating a reference for regarding the accuracy of the biometric authentication by the biometric authentication algorithm as proper,an authentication request sending module which generates and holds the challenge value and sends the challenge value and the authentication request to the user terminal in response to a service request from the user terminal,a sending module which sends the held challenge value, the authentication processing result information, and the service providing policy to the verifying device in response to authentication processing result information from the user terminal,a read module which searches the user information storage module in accordance with the user identification information and reads service user identification information associated with the user identification information in response to user identification information and a verification result from the verifying device when the verification result is proper, anda service information sending module which sends the service information to the user terminal in accordance with the read service user identification information,the verifying device comprisinga public key storage module which stores a public key to the equipment certificate issuer of each of the unit devices and a public key to the third-party organization,a receiving module which receives, from the service providing device, the challenge value, the authentication processing result information, and the service providing policy,a format verifying module which verifies that the received authentication processing result information fits the specific format,an authenticator verifying module which verifies an authenticator in the authentication context described in the received authentication processing result information,an equipment certificate verifying module which verifies the digital signature in the equipment certificate included in the authentication context described in the received authentication processing result information in accordance with the public key to the equipment certificate issuer,a user identification information certificate verifying module which verifies the digital signature in the user identification information certificate included in the authentication context described in the received authentication processing result information in accordance with the public key to the third-party organization,an evaluation report verifying module which verifies the evaluation report included in the authentication context described in the received authentication processing result information in accordance with the received service providing policy,a challenge value verifying module which verifies the challenge value in the authentication context described in the received authentication processing result information in accordance with the received challenge value,an execution result verifying module which verifies that the execution result described in the received authentication processing result information is proper, anda user identification information sending module which sends, to the service providing device, the user identification information in the user identification information certificate used for the verification by the user identification information certificate verifying module and the verification result that indicates properness when all the verification results by the format verifying module, the authenticator verifying module, the equipment certificate verifying module, the user identification information certificate verifying module, the evaluation report verifying module, the challenge value verifying module, and the execution result verifying module are proper.
- View Dependent Claims (2, 3)
- - 2. The service providing system according to claim 1, whereinthe authenticator verifying module verifies the authenticator generated by each of the unit devices in accordance with information identical or corresponding to the secret information in each of the unit devices.
  - 3. The service providing system according to claim 1, whereinthe secret information in the secret information storage module is a secret key in a public key encryption method, andthe authenticator generated by the authenticator generating module is a digital signature generated on the basis of the secret key.

4. A service providing system comprising:
- a plurality of unit devices which independently execute authentication constituting processes constituting authentication processing that uses biometric authentication;
  
  a unit integrating device which has each of the unit devices provided therein or externally connected thereto to communicate with each of the unit devices;
  
  a user terminal which has the unit integrating device provided therein or externally connected thereto to communicate with the unit integrating device;
  
  a verifying device which verifies the execution contents of each of the authentication constituting processes in accordance with an authenticator; and
  
  a service providing device which communicates with the user terminal and the verifying device,each of the unit devices comprisingan equipment certificate storage module which stores an equipment certificate issued to each of the unit devices by an equipment certificate issuer in accordance with a public key encryption method, the equipment certificate including an equipment certificate body and a digital signature generated for the equipment certificate body by a secret key to the equipment certificate issuer, the equipment certificate body including identification information for a public key of or for secret information to generate a message authentication code of the unit device to which the authentication constituting process belongs, unit device specifying information to specify the unit device to which the authentication constituting process belongs, and equipment certificate issuer information to specify the equipment certificate issuer,an evaluation report storage module which stores an evaluation report, the evaluation report including the unit device specifying information of the unit device used for the execution of the authentication constituting process, biometric authentication constituting process information to specify a biometric authentication constituting process including a biometric authentication algorithm, and biometric authentication accuracy indicating the accuracy of the biometric authentication by the biometric authentication algorithm,a secret information storage module which stores secret information to generate the authenticator,an authentication constituting process executing module which executes the authentication constituting process when each of the unit devices receives, from the unit integrating device, an authentication constituting process execution request to request the execution of the authentication constituting process,an authenticator generating module which generates the authenticator by the use of the secret information in accordance with the equipment certificate, the evaluation report, the challenge value, and a hash value of the execution contents,an authentication context generating module which generates an authentication context, the equipment certificate, the evaluation report, the challenge value, the hash value of the execution contents, and the authenticator being described in the authentication context in a specific format,an authentication constituting process result information generating module which generates authentication constituting process result information in which the authentication context and the execution result of the authentication constituting process are described in a specific format, anda result information sending module which sends the authentication constituting process result information to the unit integrating device,at least one of the unit devices further comprisinga user identification information certificate storage module which stores a user identification information certificate issued to a user of the user terminal by a third-party organization in accordance with a public key encryption method, the user identification information certificate including a certificate body and a digital signature generated for the certificate body by a secret key to the third-party organization, the certificate body including user identification information to identify the user, a hash value of biometric referential information for the user, and the third-party organization information to identify the third-party organization,the authenticator generating module of at least one of the unit devices generating the authenticator by the use of the secret information in accordance with the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, and the hash value of the execution contents,the authentication context generating module of at least one of the unit devices generating an authentication context, the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, the hash value of the execution contents, and the authenticator being described in the authentication context in a specific format,the unit integrating device comprisinga device information storage module which stores, in association with one another, unit device specifying information for each of the unit devices, a function name indicating a function in an authentication constituting process executed by each of the unit devices, and a processing order indicating the order of processing the functions,a first authentication constituting process execution request sending module which sends the challenge value and the authentication constituting process execution request to the unit device specified by the unit device specifying information in accordance with the processing order and the unit device specifying information in the device information storage module in response to an authentication processing execution request to request the execution of the authentication processing and the challenge value from the user terminal,a second authentication constituting process execution request sending module which sends the challenge value and the authentication constituting process execution request to the unit device subsequent to the sending destination unit device in the processing order in accordance with the processing order and the unit device specifying information in the device information storage module in response to the authentication constituting process result information from the unit device which is a sending destination of the authentication constituting process execution request,an authentication processing result information generating module which generates authentication processing result information in accordance with the processing order and the unit device specifying information in the unit device constituting information in response to the authentication constituting process result information from the unit device which is a sending destination of the authentication constituting process execution request when the sending destination unit device is the last unit device in the processing order, the authentication context in the authentication constituting process result information received from each of the unit devices and the execution result in the authentication constituting process result information received from the last unit device in the processing order being described in the authentication processing result information in a specific format, andan authentication processing result information sending module which sends the authentication processing result information to the user terminal,the user terminal comprisinga service request sending module which sends, to the service providing device, a service request to request a service to the service providing device,an authentication processing execution request sending module which sends, to the unit integrating device, the challenge value and the authentication processing execution request in response to an authentication request which requests the user to perform the biometric authentication, and the challenge value from the service providing device,a transfer module which transfers, to the service providing device, authentication processing result information received from the unit integrating device, anda display module which displays service information received from the service providing device,the service providing device comprisinga service user identification information storage module which stores, in association with each other, cooperated user identification information which has a value different from that of the user identification information to identify the user, and service user identification information which has a value different from those of the cooperated user identification information and the user identification information to identify the user,a service providing policy storage module which stores a service providing policy indicating conditions for providing services to the user, the service providing policy including service identification information to identify the service, unit device specifying information used for the execution of the authentication constituting processes, biometric authentication constituting process information to specify a biometric authentication constituting process including a biometric authentication algorithm, and a reference value indicating a reference for regarding the accuracy of the biometric authentication by the biometric authentication algorithm as proper,an authentication request sending module which generates and holds the challenge value and sends the challenge value and the authentication request to the user terminal in response to a service request from the user terminal,a sending module which sends the held challenge value, the authentication processing result information, and the service providing policy to the verifying device in response to authentication processing result information from the user terminal,a cooperated read module which searches the service user identification information storage module in accordance with the cooperated user identification information and reads service user identification information associated with the cooperated user identification information in response to the cooperated user identification information and the verification result from the verifying device when the verification result is proper, anda service information sending module which sends the service information to the user terminal in accordance with the read service user identification information,the verifying device comprisinga public key storage module which stores a public key to the equipment certificate issuer of each of the unit devices and a public key to the third-party organization,a receiving module which receives, from the service providing device, the challenge value, the authentication processing result information, and the service providing policy,a format verifying module which verifies that the received authentication processing result information fits the specific format,an authenticator verifying module which verifies an authenticator in the authentication context described in the received authentication processing result information,an equipment certificate verifying module which verifies the digital signature in the equipment certificate included in the authentication context described in the received authentication processing result information in accordance with the public key to the equipment certificate issuer,a user identification information certificate verifying module which verifies the digital signature in the user identification information certificate included in the authentication context described in the received authentication processing result information in accordance with the public key to the third-party organization,an evaluation report verifying module which verifies the evaluation report included in the authentication context described in the received authentication processing result information in accordance with the received service providing policy,a challenge value verifying module which verifies the challenge value in the authentication context described in the received authentication processing result information in accordance with the received challenge value,an execution result verifying module which verifies that the execution result described in the received authentication processing result information is proper,a cooperated user information storage module which stores, in association with each other, the user identification information in the user identification information certificate, and cooperated user identification information which is the same as the former cooperated user identification information having a value different from that of the user identification information to identify the user, anda cooperated user identification information sending module which sends, to the service providing device, the cooperated user identification information read from the cooperated user information storage module and the verification result that indicates properness in accordance with the user identification information in the user identification information certificate used for the verification by the user identification information certificate verifying module when all the verification results by the format verifying module, the authenticator verifying module, the equipment certificate verifying module, the user identification information certificate verifying module, the evaluation report verifying module, the challenge value verifying module, and the execution result verifying module are proper.
- View Dependent Claims (5, 6)
- - 5. The service providing system according to claim 4, whereinthe authenticator verifying module verifies the authenticator generated by each of the unit devices in accordance with information identical or corresponding to the secret information in each of the unit devices.
  - 6. The service providing system according to claim 4, whereinthe secret information in the secret information storage module is a secret key in a public key encryption method, andthe authenticator generated by the authenticator generating module is a digital signature generated on the basis of the secret key.

7. At least one of a plurality of unit devices used in a service providing system, the service providing system comprising the unit devices which independently execute authentication constituting processes constituting authentication processing that uses biometric authentication, a unit integrating device which has each of the unit devices provided therein or externally connected thereto to communicate with each of the unit devices, a user terminal which has the unit integrating device provided therein or externally connected thereto to communicate with the unit integrating device, a verifying device which verifies the execution contents of each of the authentication constituting processes in accordance with an authenticator, and a service providing device which communicates with the user terminal and the verifying device, the unit device comprising:
- an equipment certificate storage module which stores an equipment certificate issued to each of the unit devices by an equipment certificate issuer in accordance with a public key encryption method, the equipment certificate including an equipment certificate body and a digital signature generated for the equipment certificate body by a secret key to the equipment certificate issuer, the equipment certificate body including identification information for a public key of or for secret information to generate a message authentication code of the unit device to which the authentication constituting process belongs, unit device specifying information to specify the unit device to which the authentication constituting process belongs, and equipment certificate issuer information to specify the equipment certificate issuer;
  
  an evaluation report storage module which stores an evaluation report, the evaluation report including the unit device specifying information of the unit device used for the execution of the authentication constituting process, biometric authentication constituting process information to specify a biometric authentication constituting process including a biometric authentication algorithm, and biometric authentication accuracy indicating the accuracy of the biometric authentication by the biometric authentication algorithm;
  
  a user identification information certificate storage module which stores a user identification information certificate issued to a user of the user terminal by a third-party organization in accordance with a public key encryption method, the user identification information certificate including a certificate body and a digital signature generated for the certificate body by a secret key to the third-party organization, the certificate body including user identification information to identify the user, a hash value of biometric referential information for the user, and the third-party organization information to identify the third-party organization;
  
  a secret information storage module which stores secret information to generate the authenticator;
  
  an authentication constituting process executing module which executes the authentication constituting process when receiving, from the unit integrating device, an authentication constituting process execution request to request the execution of the authentication constituting process;
  
  an authenticator generating module which generates the authenticator by the use of the secret information in accordance with the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, and a hash value of the execution contents;
  
  an authentication context generating module which generates an authentication context, the equipment certificate, the evaluation report, the challenge value, the user identification information certificate, the hash value of the execution contents, and the authenticator being described in the authentication context in a specific format;
  
  an authentication constituting process result information generating module which generates authentication constituting process result information in which the authentication context and the execution result of the authentication constituting process are described in a specific format; and
  
  a result information sending module which sends the authentication constituting process result information to the unit integrating device,wherein the authentication context and the execution result are extracted as the authentication constituting process result information by the unit integrating device,the extracted authentication context and execution result are described in authentication processing result information in a specific format by the unit integrating device, andthe authentication processing result information is sent to the service providing device from the unit integrating device via the user terminal, the authentication context and the execution result are extracted by the verifying device after the authentication processing result information to which the challenge value and a service providing policy are added by the service providing device is sent, and the verifying device verifies the execution result, the format of the authentication processing result information, the authenticator in the authentication context, the equipment certificate, the evaluation report, the user identification information certificate, and the challenge value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Solutions Corporation (Toshiba Corporation)
Original Assignee
Kabushiki Kaisha Toshiba (Toshiba Corporation), Toshiba Solutions Corporation (Toshiba Corporation)
Inventors
YAMADA, Asahiko, Okada, Koji, Ikeda, Tatsuro

Application Number

US13/891,626
Publication Number

US 20130246281A1
Time in Patent Office

Days
Field of Search
US Class Current

705/71
CPC Class Codes

G06F 21/31   User authentication

G06F 21/32   using biometric data, e.g. ...

G06F 21/34   involving the use of extern...

G06F 2221/034   Test or assess a computer o...

G06F 2221/2115   Third party

G06Q 20/409   Device specific authenticat...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3263   involving certificates, e.g...

H04L 9/3271   using challenge-response

SERVICE PROVIDING SYSTEM AND UNIT DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

58 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

SERVICE PROVIDING SYSTEM AND UNIT DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links