COOPERATION SYSTEM, COOPERATION METHOD THEREOF, INFORMATION PROCESSING SYSTEM, AND STORAGE MEDIUM

US 20130326608A1
Filed: 05/28/2013
Published: 12/05/2013
Est. Priority Date: 05/30/2012
Status: Active Grant

First Claim

Patent Images

1. A cooperation system including a first information processing system for managing user authentication information about a plurality of users for each group and a second information processing system for acquiring data from the first information processing system and providing a service using the acquired data,the first information processing system comprising:

a first authentication unit configured to receive user authentication information from a user operating a client and to authenticate the user based on the received user authentication information; and

a first transmission unit configured to, in response to reception of a request for starting to use the service after the user is successfully authenticated, transmit group authentication information set for the group to which the user belongs to the second information processing system, andthe second information processing system comprising;

a second authentication unit configured to receive the transmitted group authentication information and to perform authentication based on the received group authentication information; and

a second transmission unit configured to, after the authentication has been successfully performed based on the group authentication information, transmit identification information indicating that the authentication has been successfully performed to the first information processing system,wherein the first information processing system further comprises;

an instruction unit configured to transmit the transmitted identification information to the client and to instruct the client to access the second information processing system, andwherein the second information processing system further comprises;

a verification unit configured to verify the identification information transmitted from the client performing access according to the instruction; and

a providing unit configured to, in response to successful verification of the identification information, provide the service to the user operating the client without authenticating the user operating the client.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client sends a request to start to use a service via an information processing system that is a cooperation source, acquires identification information indicating that authentication has been successfully performed based on group authentication information set for a group to which a user belongs, and then transmits the identification information to an information processing system that is a cooperation destination.

46 Citations

View as Search Results

15 Claims

1. A cooperation system including a first information processing system for managing user authentication information about a plurality of users for each group and a second information processing system for acquiring data from the first information processing system and providing a service using the acquired data,the first information processing system comprising:
- a first authentication unit configured to receive user authentication information from a user operating a client and to authenticate the user based on the received user authentication information; and
  
  a first transmission unit configured to, in response to reception of a request for starting to use the service after the user is successfully authenticated, transmit group authentication information set for the group to which the user belongs to the second information processing system, andthe second information processing system comprising;
  
  a second authentication unit configured to receive the transmitted group authentication information and to perform authentication based on the received group authentication information; and
  
  a second transmission unit configured to, after the authentication has been successfully performed based on the group authentication information, transmit identification information indicating that the authentication has been successfully performed to the first information processing system,wherein the first information processing system further comprises;
  
  an instruction unit configured to transmit the transmitted identification information to the client and to instruct the client to access the second information processing system, andwherein the second information processing system further comprises;
  
  a verification unit configured to verify the identification information transmitted from the client performing access according to the instruction; and
  
  a providing unit configured to, in response to successful verification of the identification information, provide the service to the user operating the client without authenticating the user operating the client.

2. A second information processing system for providing a service in corporation with a first information processing system for managing user authentication information about a plurality of users for each group, the second information processing system comprising:
- a reception unit configured to receive group authentication information set for a group to which a user belongs from the first information processing system;
  
  a transmission unit configured to, after authentication has been successfully performed based on the received group authentication information, transmit identification information indicating that the authentication has been successfully performed to the first information processing system; and
  
  a providing unit configured to, when accessed from a client that has received the identification information via the first information processing system, provide the service without authenticating the user operating the client.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. The second information processing system according to claim 2, wherein the reception unit is configured to receive, from the first information processing system, the group authentication information transmitted in response to reception of a request for starting to use the service by the user that has input the user authentication information and has been authenticated.
  - 4. The second information processing system according to claim 2, wherein the first information processing system provides the service when a protected resource is accessed, and instructs a client to access the protected resource when an unprotected resource is accessed,wherein the second information processing system further comprises a verification unit configured to receive the identification information from the client accessing the unprotected resource according to an instruction of the first information processing system, and to verify the received identification information, andwherein the providing unit is configured to, in response to successful verification of the identification information, instruct the client to access the protected resource and to provide the service without authenticating the user operating the client that has accessed according to the instruction.
  - 5. The second information processing system according to claim 4, wherein the providing unit is configured to instruct the client to access the protected resource and to instruct the client to store the identification information.
  - 6. The second information processing system according to claim 4, wherein the providing unit is configured to instruct the client to access the protected resource and to instruct the client to store the identification information in which an expiration time is set shorter than an expiration time of the identification information received and stored by the client via the first information processing system.
  - 7. The second information processing system according to claim 4, further comprising an instruction unit configured to, when the client accesses the protected resource without being authenticated, specify an information processing system for authenticating the user based on a group to which the user operating the client belongs, and to cause the client to access the information processing system.
  - 8. The second information processing system according to claim 2, wherein the service acquires data from the first information processing system, generates document data by inserting the data into a form, and provides the client with the generated data.

9. A first information processing system for managing user authentication information about a plurality of uses for each group, the first information processing system comprising:
- an authentication unit configured to receive user authentication information about a user operating a client and to authenticate the user based on the received user authentication information;
  
  a transmission unit configured to, after the user is successfully authenticated, transmit group authentication information set for a group to which the user belongs to a second information processing system, to receive, from the second information processing system, identification information indicating that authentication is successful performed based on the group authentication information, and to transmit the received identification information to the client; and
  
  a data transmission unit configured to transmit data to the second information processing system for requesting the data without authenticating the user operating the client in response to access from the client that has received the identification information.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The first information processing system according to claim 9, further comprising a providing unit configured to provide a screen including an item for displaying data input by a user via the client and a button for receiving a request for starting to use a service provided by the second information processing system using the data.
  - 11. The first information processing system according to claim 9, wherein the transmission unit is configured to transmit to the client the identification information in which the expiration time is set and an instruction for storing the identification information.
  - 12. The first information processing system according to claim 10, wherein, after receiving the request for starting to use the service provided by the second information processing system using the data, the first information processing system receives, from the client, the identification information in which the expiration time is set, and if the received identification information is within the expiration time, the first information processing system instructs the client to access the second information processing system, and if the acquired identification information is not within the expiration time, the first information processing system transmits the group authentication information to the second information processing system, receives new identification information, and transmits the received new identification information to the client.
  - 13. The first information processing system according to claim 10, wherein the service does not require user authentication using the user authentication information, and the second information processing system provides another service requiring user authentication using the user authentication information, andwherein the screen provided by the providing unit further includes a button for receiving a request for starting to use the another service.

14. A cooperation method for a cooperation system including a first information processing system for managing user authentication information about a plurality of users for each group and a second information processing system for acquiring data from the first information processing system and providing a service using the acquired data, the cooperation method comprising:
- receiving, via the first information processing system, the user authentication information from a user operating a client and authenticating the user based on the received user authentication information;
  
  transmitting, via the first information processing system, in response to reception of a request for starting to use the service after the user has been successfully authenticated, group authentication information set for a group to which the user belongs to the second information processing system;
  
  receiving, via the second information processing system, the transmitted group authentication information and performing authentication based on the received group authentication information;
  
  transmitting, via the second information processing system, after the authentication has been successfully performed based on the group authentication information, identification information indicating that the authentication has been successfully performed to the first information processing system;
  
  transmitting, via the first information processing system, transmitting the transmitted identification information to the client and instructing the client to access the second information processing system;
  
  verifying, via the second information processing system, the identification information transmitted from the client accessed according to the instruction; and
  
  providing, via the second information processing system, in response to successful verification of the identification information, the service to the user operating the client without authenticating the user operating the client.

15. A storage medium storing a program executed by a second information processing system for providing a service in cooperation with a first information processing system managing user authentication information about a plurality of users for each group, the program comprising:
- a reception step of receiving group authentication information set for a group to which a user belongs from the first information processing system;
  
  a transmission step of, after authentication has been successfully performed based on the received group authentication information, transmitting identification information indicating that the authentication has been successfully performed to the first information processing system; and
  
  a providing step of, when accessed from a client that has received the identification information via the first information processing system, providing the service without authenticating the user operating the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Uchida, Takayuki

Granted Patent

US 9,413,751 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/8
CPC Class Codes

G06F 21/41   where a single sign-on prov...

G06F 2221/2137   Time limited access, e.g. t...

H04L 63/0815   providing single-sign-on or...

COOPERATION SYSTEM, COOPERATION METHOD THEREOF, INFORMATION PROCESSING SYSTEM, AND STORAGE MEDIUM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

COOPERATION SYSTEM, COOPERATION METHOD THEREOF, INFORMATION PROCESSING SYSTEM, AND STORAGE MEDIUM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links