USER AUTHENTICATION METHOD AND SYSTEM FOR IMPLEMENTING SAME

US 20170257359A1
Filed: 08/31/2015
Published: 09/07/2017
Est. Priority Date: 09/01/2014
Status: Active Grant

First Claim

Patent Images

1. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:

an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;

a synchronization server that generates at least one token code based on the token ID included in the user account information; and

an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request, and transmits an authentication determination result to the usage target system,wherein, if the authentication server receives an authentication request prior notification, which is transmitted while the information communication terminal is in a communicative condition, before receiving the user authentication request, the authentication server performs the authentication determination on the user authentication request based on at least a first token code, andwherein, if the authentication server receives the user authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the user authentication request based on a set of at least the first token code and a second token code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A new user authentication method which prevents illicit access to a system includes an authentication system which authenticates a user, said authentication system including: a database which, manages user account information including a token ID which identifies a security token; a synchronization server which generates token codes on the basis of the token ID; and an authentication server which carries out an authentication determination transmitted from the system, and transmits the result to the system subject to use. If a prior notification of an authentication request is received prior to receiving the user authentication request, the authentication server carries out the authentication determination using a first token code, whereas, if the user authentication request is received without prior notification of the authentication request being received, the authentication server carries out the authentication determination using the first token code and a second token code.

46 Citations

View as Search Results

14 Claims

1. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
- an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
  
  a synchronization server that generates at least one token code based on the token ID included in the user account information; and
  
  an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request, and transmits an authentication determination result to the usage target system,wherein, if the authentication server receives an authentication request prior notification, which is transmitted while the information communication terminal is in a communicative condition, before receiving the user authentication request, the authentication server performs the authentication determination on the user authentication request based on at least a first token code, andwherein, if the authentication server receives the user authentication request without receiving the authentication request prior notification, the authentication server performs the authentication determination on the user authentication request based on a set of at least the first token code and a second token code.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The authentication system according to claim 1, wherein, if the user authentication request includes a password and an additional code, the authentication server performs the authentication determination on the user authentication request by comparing a set of the password and the additional code with the set of the first token code and the second token code.
  - 3. The authentication system according to claim 1, wherein, if the authentication server receives the authentication request prior notification from the information communication terminal of a user, the authentication server performs control to set an authentication request flag associated with the user at a value indicating that the authentication request flag is enabled, andif the value of the authentication request flag indicates that the authentication request flag is enabled, the authentication server performs the authentication determination on the user authentication request by comparing a password included in the user authentication request with the first token code.
  - 4. The authentication system according to claim 3, wherein the authentication server resets the value of the authentication request flag to a value indicating that the authentication request flag is disabled when a predetermined time elapses following reception of the authentication request prior notification.
  - 5. The authentication system according to claim 3, wherein, if the user authentication request does not include an additional code and the value of the authentication request flag indicates that the authentication request flag is disabled, the authentication server transmits an authentication determination result indicating that the user authentication request is not permitted to the usage target system.
  - 6. The authentication system according to claim 1, wherein the authentication server performs control to register the authentication determination result in the authentication database as authentication history information, andwherein the authentication database manages the authentication history information for each user.
  - 7. The authentication system according to claim 1, wherein the authentication database manages a password derivation pattern for each user, the password derivation pattern being constituted by specific elements selected from a plurality of elements forming a geometric pattern.

8. An information communication terminal used in authentication by an authentication system that authenticates a user who uses a usage target system, comprising:
- storing means for storing a password derivation pattern constituted by specific elements selected from a plurality of elements forming a geometric pattern;
  
  transmitting means for transmitting an authentication request prior notification to the authentication system;
  
  obtaining means for obtaining at least one token code that is in synchronization with at least one token code generated by the authentication system from a security token of the user;
  
  first generating means for generating a code table by assigning a first token code obtained by the obtaining means to the specific elements forming the password derivation pattern within the geometric pattern, and assigning an arbitrary code to remaining elements of the geometric pattern;
  
  second generating means for generating an additional code based on a second token code obtained by the obtaining means; and
  
  displaying means for displaying a reference screen on a user interface,wherein, in a communicative condition, the transmitting means transmits the authentication request prior notification to the authentication system and the displaying means displays the reference screen on the user interface so as to include the code table generated by the first generating means, andin a non-communicative condition, the displaying means displays the reference screen on the user interface so as to include the code table generated by the first generating means and the additional code generated by the second generating means.
- View Dependent Claims (9)
- - 9. The information communication terminal according to claim 8, wherein, if the information communication terminal is in the communicative condition, the displaying means displays the reference screen on the user interface so as to also include the additional code generated by the second generating means.

10. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
- an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
  
  a synchronization server that generates at least one token code based on the token ID included in the user account information;
  
  a prior authentication server that receives an authentication request prior notification transmitted from the information communication terminal of a user, and manages a prior notification condition of the user based on the authentication request prior notification; and
  
  an authentication server which, upon reception of a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request in accordance with an authentication request state of the user, which is managed by the prior authentication server, and transmits an authentication determination result to the usage target system,wherein, if the prior notification condition of the user is active, the authentication server performs the authentication determination on the user authentication request based on a first token code, andwherein, if the user authentication request is received while the prior notification condition of the user is inactive, the authentication server performs the authentication determination on the user authentication request based on a set of the first token code and a second token code.

11. An authentication system for authenticating, by way of using an information communication terminal, a user who uses a usage target system, comprising:
- an authentication database that manages user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
  
  a synchronization server that generates at least one token code based on the token ID included in the user account information;
  
  a prior authentication server that receives an authentication request prior notification transmitted from the information communication terminal of a user, and manages a prior notification condition of the user based on the authentication request prior notification; and
  
  an authentication server that receives a user authentication request transmitted from the usage target system, performs an authentication determination on the user authentication request based on the at least one token code, and transmits an authentication determination result to the usage target system,wherein the authentication server performs control to register the authentication determination result in the authentication database as authentication history information.
- View Dependent Claims (12)
- - 12. The authentication system according to claim 11, wherein, if the authentication history information relating to a first user authentication request transmitted from a first usage target system indicates, based on the authentication database, successful authentication, the authentication server performs the authentication determination on a second user authentication request transmitted from a second usage target system.

13. A user authentication method executed by an authentication system in order to authenticate a user who uses a usage target system, comprising:
- managing user account information for each user, the user account information including a token ID for identifying a security token of the corresponding user;
  
  generating at least one token code based on the token ID included in the user account information;
  
  receiving a user authentication request transmitted from the usage target system and performing an authentication determination on the user authentication request; and
  
  transmitting an authentication determination result to the usage target system,wherein the authentication determination includes, if an authentication request prior notification, which is transmitted while an information communication terminal of the user is in a communicative condition, is received before receiving the user authentication request, performing authentication determination on the user authentication request based on a first token code, andwherein the authentication determination includes, if the user authentication request is received without receiving the authentication request prior notification, performing authentication determination on the user authentication request based on a set of the first token code and a second token code.

14. A program for authenticating, by an authentication system, a user who uses a usage target system,wherein, the program being executed under control of a processor of an information communication terminal causes the information communication terminal to implement:
- storing means for storing a password derivation pattern constituted by specific elements selected from a plurality of elements forming a geometric pattern;
  
  transmitting means for transmitting an authentication request prior notification to the authentication system;
  
  obtaining means for obtaining at least one token code that is in synchronization with at least one token code generated by the authentication system from a security token of the user;
  
  first generating means for generating a code table by assigning a first token code obtained by the obtaining means to the specific elements forming the password derivation pattern within the geometric pattern, and assigning an arbitrary code to remaining elements of the geometric pattern;
  
  second generating means for generating an additional code based on a second token code obtained by the obtaining means;
  
  displaying means for displaying a reference screen on a user interface; and
  
  control means for performing control such that in a communicative condition, the transmitting means transmits the authentication request prior notification to the authentication system and the displaying means displays the reference screen on the user interface so as to include the code table generated by the first generating means, and performing control such that in a non-communicative condition, the displaying means displays the reference screen on the user interface so as to include the code table generated by the first generating means and the additional code generated by the second generating means.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Passlogy Co.,Ltd.
Original Assignee
Passlogy Co.,Ltd.
Inventors
OGAWA, Hideharu

Granted Patent

US 10,574,647 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/951   Indexing; Web crawling tech...

G06F 21/30   Authentication, i.e. establ...

H04L 63/083   using passwords cryptograph...

H04L 63/0853   using an additional device,...

H04L 9/3226   using a predetermined code,...

USER AUTHENTICATION METHOD AND SYSTEM FOR IMPLEMENTING SAME

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

USER AUTHENTICATION METHOD AND SYSTEM FOR IMPLEMENTING SAME

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links