AUTHORIZATION SERVER, AUTHENTICATION COOPERATION SYSTEM, AND STORAGE MEDIUM STORING PROGRAM

US 20170163636A1
Filed: 11/30/2016
Published: 06/08/2017
Est. Priority Date: 12/08/2015
Status: Active Grant

First Claim

Patent Images

1. An authorization server comprising:

a unit configured to receive an authorization token generation request along with representative authorization token information and local user information from a client device, the client device receiving transfer of an authority for using an application server based on an authorization operation performed by a user, the client device registering a first authorization token issued based on the transfer as representative authorization token information;

a unit configured to, in a case where the client device is authenticated successfully on the basis of the representative authorization token information received along with an authorization token generation request, respond a second authorization token to the client device and generate and store authorization token information by associating the local user information received along with the authorization token generation request with the second authorization token; and

a responding unit configured to receive an authorization token verification request including the second authorization token from an application server that received a processing request along with the second authorization token from the client device, and, in the case that the authorization token is verified successfully on the basis of the received second authorization token and the authorization token information, respond with the local user information included in the authorization token information to the application server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authorization token verification request including a second authorization token is received from an application server having received a processing request along with the second authorization token from a client device, and, in a case where the authorization token is verified successfully on basis of the received second authorization token and the authorization token information, the local user information included in the authorization token information is responded to the application server.

21 Citations

View as Search Results

7 Claims

1. An authorization server comprising:
- a unit configured to receive an authorization token generation request along with representative authorization token information and local user information from a client device, the client device receiving transfer of an authority for using an application server based on an authorization operation performed by a user, the client device registering a first authorization token issued based on the transfer as representative authorization token information;
  
  a unit configured to, in a case where the client device is authenticated successfully on the basis of the representative authorization token information received along with an authorization token generation request, respond a second authorization token to the client device and generate and store authorization token information by associating the local user information received along with the authorization token generation request with the second authorization token; and
  
  a responding unit configured to receive an authorization token verification request including the second authorization token from an application server that received a processing request along with the second authorization token from the client device, and, in the case that the authorization token is verified successfully on the basis of the received second authorization token and the authorization token information, respond with the local user information included in the authorization token information to the application server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The authorization server according to claim 1,wherein the representative authorization token information includes identification information of the client and identification information of a tenant of the representative client;
    - andwherein the responding unit responds, as a part of the authorization token information, the identification information of the tenant of the client device.
  - 3. The authorization server according to claim 1, wherein the local user information includes information describing a domain accessible by a user authenticated by a local authentication server and user identification information in the domain.
  - 4. The authorization server according to claim 3,wherein the authorization token verification request is received from an application server having received a processing request from the client device along with the second authorization token;
    - andwherein the local user information is used by the application server for identifying a user being a requestor of the processing request.
  - 5. An authentication cooperation system comprising an authorization server according to claim 1, and an application server, and a client device,wherein the client device comprises:
    - a storing unit configured to store a first authorization token as representative authorization token information, the first authorization token being issued based on transfer of an authority for using the application server based on an authorization operation performed by a user;
      
      a transmitting unit configured to transmit an authorization token generation request along with local user information of a log-in user and the representative authorization token information to the authorization server; and
      
      wherein, in the case that a second authorization token is received along with the authorization token generation request, the transmitting unit is configured to transmit a request for processing along with the second authorization token to the application server; and
      
      wherein the application server comprises;
      
      a transmitting unit configured to transmit the authorization token verification request to the authorization server when the application server receives a processing request along with the second authorization token from the client device and receive the authorization token information including the local user information associated with the second authorization token as a response as a result of a success of the authorization token verification request; and
      
      a processing unit configured to process the processing request for a user described in the local user information or for the client device.
  - 6. The authentication cooperation system according to claim 5,wherein the representative authorization token information includes identification information of the client device and identification information of a tenant of the client device;
    - the authorization server is configured to respond, as a part of the authorization token information, with the identification information of the tenant of the client device requesting to generate the authorization token verified successfully; and
      
      wherein the application server is configured to process the processing request for a user described in the local user information or for the client device in the case that the local authentication cooperation mode set based on the identification information of the tenant is enabled.
  - 7. A storage medium storing a program which, when run on a device, causes the device to act as the authorization server according to claim 1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Nishida, Takahiko

Granted Patent

US 9,985,962 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06Q 20/3674   involving authentication

G07F 17/26   for printing, stamping, fra...

G07F 7/08   by coded identity card or c...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 9/32   including means for verifyi...

H04L 9/3213   using tickets or tokens, e....

H04W 12/06   Authentication

AUTHORIZATION SERVER, AUTHENTICATION COOPERATION SYSTEM, AND STORAGE MEDIUM STORING PROGRAM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

21 Citations

7 Claims

Specification

Solutions

Use Cases

Quick Links

AUTHORIZATION SERVER, AUTHENTICATION COOPERATION SYSTEM, AND STORAGE MEDIUM STORING PROGRAM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

7 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links