COMMUNICATION TERMINAL AND SECURE LOG-IN METHOD

US 20150256530A1
Filed: 03/06/2015
Published: 09/10/2015
Est. Priority Date: 03/10/2014
Status: Active Grant

First Claim

Patent Images

1. A communication terminal communicable with first and second servers through a network, comprising:

a processor including a browser, a host controller, an operating system, and an authentication-management-application,wherein the browser starts a child process using, as an argument, an inter-process communication received from another application,wherein the operating system controls the host controller by calling one of a plurality of interfaces, including a certain interface that controls a sensor, andwherein the authentication-management-application exchanges data with the sensor that is coupled to the host controller through the certain interface of the operating system, and performs a process includingrequesting a user authentication by transmitting to the second server a user ID and matching data detected by the sensor, and acquiring a password transmitted from the second server in a case in which the user authentication is successful;

replaying, between the first server and the second server, authentication data transmitted from the first server in response to requesting the first server to provide a service;

first transmitting a user ID that is prepared in advance and the acquired password to the second server, in a case in which a screen that urges the user ID and the password to be input is received from the second server; and

disconnecting a communication with the second server without redirecting an authentication response that includes information specifying the first server and is transmitted from the second server in a case in which a pair of the user ID and the password transmitted to the second server is stored in the second server and authentication is successful, and starting the child process of the browser by the argument based on the authentication response and transmitting the authentication response to the first server, in order to make a log-in to and receive the service from the first server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A communication terminal is provided with functions to redirect authentication data, make a substitute reply of a password to a biometric authentication part, and transfer the authentication data transmitted after the password to a browser'"'"'s child process, in order to perform a substitute authentication using the biometric authentication or token, without requiring a user to input the password.

69 Citations

View as Search Results

20 Claims

1. A communication terminal communicable with first and second servers through a network, comprising:
- a processor including a browser, a host controller, an operating system, and an authentication-management-application,wherein the browser starts a child process using, as an argument, an inter-process communication received from another application,wherein the operating system controls the host controller by calling one of a plurality of interfaces, including a certain interface that controls a sensor, andwherein the authentication-management-application exchanges data with the sensor that is coupled to the host controller through the certain interface of the operating system, and performs a process includingrequesting a user authentication by transmitting to the second server a user ID and matching data detected by the sensor, and acquiring a password transmitted from the second server in a case in which the user authentication is successful;
  
  replaying, between the first server and the second server, authentication data transmitted from the first server in response to requesting the first server to provide a service;
  
  first transmitting a user ID that is prepared in advance and the acquired password to the second server, in a case in which a screen that urges the user ID and the password to be input is received from the second server; and
  
  disconnecting a communication with the second server without redirecting an authentication response that includes information specifying the first server and is transmitted from the second server in a case in which a pair of the user ID and the password transmitted to the second server is stored in the second server and authentication is successful, and starting the child process of the browser by the argument based on the authentication response and transmitting the authentication response to the first server, in order to make a log-in to and receive the service from the first server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The communication terminal as claimed in claim 1, whereinthe operating system is restricted from adding a device driver, making an inter-process communication amongst applications of the communication terminal, and expanding the browser by a plug-in, andthe authentication-management-application redirects the authentication data transmitted from the first server to the second server, and redirects authentication data transmitted from the second server to the first server.
  - 3. The communication terminal as claimed in claim 1, wherein the authentication-management-application performs the process includingacquiring a list of a plurality of first servers providing services;
    - acquiring data detected by the sensor by controlling the sensor;
      
      urging a user to input a service name and the user ID;
      
      receiving the password by transmitting the user ID and the data to the second server;
      
      making a service providing request with respect to a selected one of the plurality of first servers, according to information specifying the one of the plurality of first servers that is selected and forms a pair with the service name;
      
      redirecting the authentication data transmitted from the selected one of the plurality of first servers to the second server according to a redirect setting, and in a case in which the screen that urges the user ID and the password to be input is received from the second server, transmitting the user ID that is prepared in advance and the acquired password to the second server by the authentication-management-application without making a screen display according to the screen;
      
      second transmitting the user ID input in response to the urging and the password received by the receiving to the second server, with respect to a request for the user ID and the password transmitted from the second server; and
      
      connecting to the selected one of the plurality of first servers according to a server domain part within the authentication data, when the authentication data is first received after transmitting the user ID and the password by the second transmitting, and generating the child process of the browser to which an added authentication data part within the authentication data is transferred.
  - 4. The communication terminal as claimed in claim 1, wherein the data includes biometric data selected from a group consisting of fingerprint data, vein data, and iris data.
  - 5. The communication terminal as claimed in claim 1, wherein the network includes the Internet, and the information specifying the first server includes a Uniform Resource Locator (URL).
  - 6. The communication terminal as claimed in claim 1, wherein the authentication data includes authentication data in conformance with Security Assertion Markup Language 2.0 (SAML2).
  - 7. The communication terminal as claimed in claim 1, wherein the data includes data for authenticating a user'"'"'s belonging.

8. A secure log-in method for a communication terminal communicable with first and second servers through a network, comprising:
- starting a child process of the communication terminal using, as an argument, an inter-process communication received from another application;
  
  calling one of a plurality of interfaces of an operating system that controls a host controller, including a certain interface that controls a sensor, and exchanging data with the sensor that is coupled to the host controller through the certain interface of the operating system of the communication terminal, by an authentication-management-application of the communication terminal;
  
  requesting a user authentication by transmitting to the second server a user ID and matching data detected by the sensor, by the authentication-management-application;
  
  transmitting a password from the second server to the communication terminal in a case in which the user authentication is successful;
  
  replaying, between the first server and the second server, authentication data transmitted from the first server in response to requesting the first server to provide a service, by the authentication-management-application;
  
  transmitting a user ID that is prepared in advance and the acquired password from the authentication-management-application to the second server, in a case in which a screen that urges the user ID and the password to be input is received from the second server;
  
  transmitting an authentication response that includes information specifying the first server, from the second server in a case in which a pair of the user ID and the password transmitted from the communication terminal is stored in the second server and authentication is successful; and
  
  disconnecting a communication with the second server without redirecting the authentication response, and starting the child process of a browser by the argument based on the authentication response and transmitting the authentication response to the first server, by the authentication-management-application, in order to make a log-in to and receive the service from the first server.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The secure log-in method as claimed in claim 8, whereinthe operating system is restricted from adding a device driver, making an inter-process communication amongst applications of the communication terminal, and expanding the browser by a plug-in, andthe authentication-management-application redirects the authentication data transmitted from the first server to the second server, and redirects authentication data transmitted from the second server to the first server.
  - 10. The secure log-in method as claimed in claim 8, wherein the authentication-management-application performs a process includingacquiring a list of a plurality of first servers providing services;
    - acquiring data detected by the sensor by controlling the sensor;
      
      urging a user to input a service name and the user ID;
      
      receiving the password by transmitting the user ID and the data to the second server;
      
      making a service providing request with respect to a selected one of the plurality of first servers, according to information specifying the one of the plurality of first servers that is selected and forms a pair with the service name;
      
      redirecting the authentication data transmitted from the selected one of the plurality of first servers to the second server according to a redirect setting, and in a case in which the screen that urges the user ID and the password to be input is received from the second server, transmitting the user ID that is prepared in advance and the acquired password to the second server by the authentication-management-application without making a screen display according to the screen;
      
      transmitting the user ID input in response to the urging and the password received by the receiving to the second server, with respect to a request for the user ID and the password transmitted from the second server; and
      
      connecting to the selected one of the plurality of first servers according to a server domain part within the authentication data, when the authentication data is first received after transmitting the user ID and the password by the transmitting the user ID input in response to the urging, and generating the child process of the browser to which an added authentication data part within the authentication data is transferred.
  - 11. The secure log-in method as claimed in claim 8, wherein the data includes biometric data selected from a group consisting of fingerprint data, vein data, and iris data.
  - 12. The secure log-in method as claimed in claim 8, wherein the network includes the Internet, and the information specifying the first server includes a Uniform Resource Locator (URL).
  - 13. The secure log-in method as claimed in claim 8, wherein the authentication data includes authentication data in conformance with Security Assertion Markup Language 2.0 (SAML2).
  - 14. The secure log-in method as claimed in claim 8, wherein the data includes data for authenticating a user'"'"'s belonging.

15. A non-transitory computer-readable storage medium having stored therein a program for causing a processor of a communication terminal that is communicable with first and second servers through a network to execute a process comprising:
- starting a child process of the communication terminal using, as an argument, an inter-process communication received from another application; and
  
  calling one of a plurality of interfaces of an operating system that controls a host controller, including a certain interface that controls a sensor, and exchanging data with the sensor that is coupled to the host controller through the certain interface of the operating system of the communication terminal, by an authentication-management-application of the communication terminal,wherein the authentication-management-application includesrequesting a user authentication by transmitting to the second server a user ID and matching data detected by the sensor, and acquiring a password from the second server transmitted from the second server in a case in which the user authentication is successful;
  
  replaying, between the first server and the second server, authentication data transmitted from the first server in response to requesting the first server to provide a service;
  
  transmitting a user ID that is prepared in advance and the acquired password to the second server, in a case in which a screen that urges the user ID and the password to be input is received from the second server; and
  
  disconnecting a communication with the second server without redirecting an authentication response that includes information specifying the first server and is transmitted from the second server in a case in which a pair of the user ID and the password transmitted to the second server is stored in the second server and authentication is successful, and starting the child process of a browser by the argument based on the authentication response and transmitting the authentication response to the first server, in order to make a log-in to and receive the service from the first server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium as claimed in claim 15, whereinthe operating system is restricted from adding a device driver, making an inter-process communication amongst applications of the communication terminal, and expanding the browser by a plug-in, andthe authentication-management-application redirects the authentication data transmitted from the first server to the second server, and redirects authentication data transmitted from the second server to the first server.
  - 17. The non-transitory computer-readable storage medium as claimed in claim 15, wherein the authentication-management-application performs a process includingacquiring a list of a plurality of first servers providing services;
    - acquiring data detected by the sensor by controlling the sensor;
      
      urging a user to input a service name and the user ID;
      
      receiving the password by transmitting the user ID and the data to the second server;
      
      making a service providing request with respect to a selected one of the plurality of first servers, according to information specifying the one of the plurality of first servers that is selected and forms a pair with the service name;
      
      redirecting the authentication data transmitted from the selected one of the plurality of first servers to the second server according to a redirect setting, and in a case in which the screen that urges the user ID and the password to be input is received from the second server, transmitting the user ID that is prepared in advance and the acquired password to the second server by the authentication-management-application without making a screen display according to the screen;
      
      transmitting the user ID input in response to the urging and the password received by the receiving to the second server, with respect to a request for the user ID and the password transmitted from the second server; and
      
      connecting to the selected one of the plurality of first servers according to a server domain part within the authentication data, when the authentication data is first received after transmitting the user ID and the password by the transmitting the user ID input in response to the urging, and generating the child process of the browser to which an added authentication data part within the authentication data is transferred.
  - 18. The non-transitory computer-readable storage medium as claimed in claim 15, wherein the data includes biometric data selected from a group consisting of fingerprint data, vein data, and iris data.
  - 19. The non-transitory computer-readable storage medium as claimed in claim 15, wherein the network includes the Internet, and the information specifying the first server includes a Uniform Resource Locator (URL).
  - 20. The non-transitory computer-readable storage medium as claimed in claim 15, wherein the authentication data includes authentication data in conformance with Security Assertion Markup Language 2.0 (SAML2).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
SEMBA, SATOSHI

Granted Patent

US 9,479,496 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0815   providing single-sign-on or...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/0861   using biometrical features,...

H04W 12/069   using certificates or pre-s...

COMMUNICATION TERMINAL AND SECURE LOG-IN METHOD

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

69 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

COMMUNICATION TERMINAL AND SECURE LOG-IN METHOD

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others