Method and system for authenticating user and providing service

US 6,799,271 B2
Filed: 04/22/2003
Issued: 09/28/2004
Est. Priority Date: 04/23/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A service providing method which uses a user terminal which stores a decryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, comprising:

an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key;

a first transmission step of transmitting the encrypted authentication data from the authentication apparatus to the user terminal through the service providing apparatus;

a decryption step of decrypting the encrypted authentication data in the user terminal using the decryption key stored in the user terminal;

a return step of returning the authentication data decrypted in said decryption step to the authentication apparatus through the service providing apparatus;

an authentication step of authenticating the decrypted authentication data in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal and returned in said return step with the authentication data generated in said authentication data generation step before encryption;

a second transmission step of transmitting usage right information, which prescribes a use condition of a service, from the authentication apparatus to the service providing apparatus if the authentication step authenticates the decrypted authentication data; and

a service providing step of causing the service providing apparatus to provide the service to the user in accordance with the condition prescribed in the usage right information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A service providing method which uses a user terminal, a service providing apparatus, and an authentication apparatus is disclosed. In the method, authentication data is generated and encrypted by using an encryption key which is stored in the user terminal. The encrypted authentication data is transmitted from the authentication apparatus to the user terminal through the service providing apparatus. The encrypted authentication data is decrypted in the user terminal by using the encryption key. The decrypted authentication data is returned to the authentication apparatus through the service providing apparatus, and an authentication is executed in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal with the authentication data before encryption. The service providing apparatus provides a service to the user in accordance with a result of the authentication.

Citations

20 Claims

1. A service providing method which uses a user terminal which stores a decryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, comprising:
- an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key;
  
  a first transmission step of transmitting the encrypted authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
  
  a decryption step of decrypting the encrypted authentication data in the user terminal using the decryption key stored in the user terminal;
  
  a return step of returning the authentication data decrypted in said decryption step to the authentication apparatus through the service providing apparatus;
  
  an authentication step of authenticating the decrypted authentication data in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal and returned in said return step with the authentication data generated in said authentication data generation step before encryption;
  
  a second transmission step of transmitting usage right information, which prescribes a use condition of a service, from the authentication apparatus to the service providing apparatus if the authentication step authenticates the decrypted authentication data; and
  
  a service providing step of causing the service providing apparatus to provide the service to the user in accordance with the condition prescribed in the usage right information.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein in said authentication data generation step, the authentication data is generated using user specifying information which specifies a user.
  - 3. The method according to claim 2, wherein in said authentication data generation step, the authentication data is generated also using service specifying information that specifies the service to be provided.
  - 4. The method according to claim 2, further comprising, before said authentication data generation step, a specifying information transmission step of transmitting information that specifies the user specifying information from the user terminal to the authentication apparatus through the service providing apparatus.
  - 5. The method according to claim 2, wherein
- 6. The method according to claim 1, wherein the encryption key used in said authentication data generation step is a public key corresponding to the user, and the decryption key used in said decryption step is a private key unique to the user.
- 7. The method according to claim 1, wherein the user terminal is a portable information terminal.

8. A service providing method which uses a user terminal which stores an encryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, said method comprising:
- an authentication data generation step of generating authentication data;
  
  a first transmission step of transmitting the authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
  
  an encryption step of encrypting the authentication data in the user terminal using the encryption key stored in the user terminal;
  
  a return step of returning the authentication data encrypted in said encryption step to the authentication apparatus through the service providing apparatus;
  
  an authentication step of authenticating the returned authentication data returned in said return step in the authentication apparatus by decrypting the encrypted authentication data transmitted from the user terminal and returned to the authentication apparatus in said return step using a decryption key stored in the authentication apparatus and comparing the decrypted authentication data with the authentication data transmitted in said first transmission step;
  
  a second transmission step of transmitting usage right information which prescribes a use condition of a service from the authentication apparatus to the service providing apparatus if the authentication step authenticates the returned authentication data returned to the authentication apparatus in said return step; and
  
  a service providing step of causing the service providing apparatus to provide the service to the user in accordance with the use condition prescribed in the usage right information.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method according to claim 8, wherein
- 10. The method according to claim 8, wherein the encryption key used in said encryption step is a private key unique to the user, and the decryption key used in the authentication step is a public key corresponding to the user.
- 11. The method according to claim 8, wherein in the authentication data generation step, the authentication data is generated using user specifying information which specifies a user.
- 12. The method according to claim 11, further comprising, before said authentication data generation step, a specifying information transmission step of transmitting information that specifies the user specifying information from the user terminal to the authentication apparatus through the service providing apparatus.
- 13. The method according to claim 11, whereinsaid authentication data generation step includes a random number generation step of generating a random number in the authentication apparatus, and the authentication data is generated using the user specifying information and the generated random number.
- 14. The method according to claim 8, wherein the user terminal is a portable information terminal.

15. An information processing system comprising:
- a user terminal configured to store a decryption key;
  
  a service providing apparatus configured to communicate with said user terminal; and
  
  an authentication apparatus configured to communicate with said service providing apparatus, wherein said authentication apparatus comprises;
  
  authentication data generation means for generating authentication data and encrypting the generated authentication data; and
  
  first transmission means for transmitting the encrypted authentication data from said authentication apparatus to said user terminal through said service providing apparatus, wherein said user terminal comprises;
  
  storage means for storing the decryption key;
  
  decryption means for decrypting the encrypted authentication data using the decryption key stored in said storage means; and
  
  return means for returning the authentication data decrypted by said decryption means to said authentication apparatus through said service providing apparatus, wherein said authentication apparatus comprises;
  
  authentication means for authenticating the decrypted authentication data by comparing the decrypted authentication data returned from said user terminal by said return means with the authentication data generated by said authentication data generation means before said authentication data generation means encrypted the authentication data; and
  
  second transmission means for transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication means authenticates the decrypted authentication data; and
  
  wherein said service providing apparatus provides the service to the user in accordance with the use condition prescribed in the usage right information.

16. An information processing system comprising:
- a user terminal configured to store an encryption key;
  
  a service providing apparatus configured to communicate with said user terminal; and
  
  an authentication apparatus configured to communicate with said service providing apparatus, wherein said authentication apparatus comprises;
  
  authentication data generation means for generating authentication data;
  
  andfirst transmission means for transmitting the authentication data from said authentication apparatus to said user terminal through said service providing apparatus, wherein said user terminal comprises;
  
  storage means for storing the encryption key;
  
  encryption means for encrypting the authentication data using the encryption key stored in said user terminal; and
  
  return means for returning the authentication data encrypted by said encryption means to said authentication apparatus through said service providing apparatus, wherein said authentication apparatus comprises;
  
  storage means for storing a decryption key;
  
  authentication means for authenticating the encrypted authentication data by decrypting the encrypted authentication data returned from said user terminal by said return means using the decryption key stored in said authentication apparatus and comparing the decrypted authentication data with the authentication data transmitted by said first transmission means;
  
  second transmission means for transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if the authentication means authenticates the encrypted authentication data, and wherein said service providing apparatus provides the service to the user in accordance with the use condition prescribed in the usage right information.

17. An authentication apparatus which can communicate with a user terminal through a service providing apparatus, comprising:
- authentication data generation means for generating authentication data and encrypting the generated authentication data using an encryption key corresponding to the user;
  
  first transmission means for transmitting the encrypted authentication data to the user terminal through the service providing apparatus;
  
  reception means for receiving, through the service providing apparatus, authentication data obtained by decrypting the encrypted authentication data in the user terminal using a decryption key stored in the user terminal;
  
  authentication means for authenticating the decrypted authentication data by comparing the decrypted authentication data received by said reception means with the authentication data generated by said authentication data generation means before encryption; and
  
  second transmission means for transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication means authenticates the decrypted authentication data.

18. An authentication apparatus which can communicate with a user terminal through a service providing apparatus, comprising:
- authentication data generation means for generating authentication data;
  
  first transmission means for transmitting the generated authentication data from said authentication apparatus to the user terminal through the service providing apparatus;
  
  reception means for receiving, through the service providing apparatus, authentication data obtained by encrypting the authentication data in the user terminal using an encryption key stored in the user terminal;
  
  decryption means for decrypting the encrypted authentication data received by said reception means using a decryption key corresponding to the user;
  
  authentication means for authenticating the decrypted authentication data by comparing the decrypted authentication data with the authentication data transmitted by said first transmission means;
  
  second transmission means for transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication means authenticates the decrypted authentication data.

19. A control program for a computer which functions as an authentication apparatus which can communicated with a user terminal through a service providing apparatus, the control program causing the computer to execute:
- an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key corresponding to the user;
  
  a first transmission step of transmitting the encrypted authentication data to the user terminal through the service providing apparatus;
  
  a reception step of receiving, through the service providing apparatus, authentication data obtained by decrypting the encrypted authentication data in the user terminal using a decryption key stored in the user terminal;
  
  an authentication step of authenticating the decrypted authentication data by comparing the decrypted authentication data received in said reception step with the authentication data generated in said authentication data generation step before encryption;
  
  a second transmission step of transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication step authenticates the decrypted authentication data.

20. A control program for a computer which functions as an authentication apparatus which can communicate with a user terminal through a service providing apparatus, the control program causing the computer to execute:
- an authentication data generation step of generating authentication data;
  
  a first transmission step of transmitting the generated authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
  
  a reception step of receiving, through the service providing apparatus, authentication data obtained by encrypting the authentication data in the user terminal using an encryption key stored in the user terminal;
  
  a decryption step of decrypting the encrypted authentication data received in said reception step using a decryption key corresponding to the user;
  
  an authentication step of authenticating the decrypted authentication data by comparing the decrypted authentication data with the authentication data transmitted in the first transmission step; and
  
  a second transmission step of transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication step authenticates the decrypted authentication data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Original Assignee
Canon Kabushiki Kaisha (Canon Inc.)
Inventors
Kugai, Masami
Primary Examiner(s)
MOISE, EMMANUEL LIONEL

Application Number

US10/419,866
Publication Number

US 20030200177A1
Time in Patent Office

525 Days
Field of Search

713/171, 713/201, 713/168, 705/65, 705/51, 705/52, 705/54, 705/55, 705/57-59, 705/64, 705/67, 705/71, 380/30
US Class Current

713/168
CPC Class Codes

G06F 21/10 Protecting distributed prog...

G06Q 20/3674 involving authentication

Method and system for authenticating user and providing service

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for authenticating user and providing service

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links