Method and system for authenticating user and providing service
First Claim
1. A service providing method which uses a user terminal which stores a decryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, comprising:
- an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key;
a first transmission step of transmitting the encrypted authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
a decryption step of decrypting the encrypted authentication data in the user terminal using the decryption key stored in the user terminal;
a return step of returning the authentication data decrypted in said decryption step to the authentication apparatus through the service providing apparatus;
an authentication step of authenticating the decrypted authentication data in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal and returned in said return step with the authentication data generated in said authentication data generation step before encryption;
a second transmission step of transmitting usage right information, which prescribes a use condition of a service, from the authentication apparatus to the service providing apparatus if the authentication step authenticates the decrypted authentication data; and
a service providing step of causing the service providing apparatus to provide the service to the user in accordance with the condition prescribed in the usage right information.
1 Assignment
0 Petitions
Accused Products
Abstract
A service providing method which uses a user terminal, a service providing apparatus, and an authentication apparatus is disclosed. In the method, authentication data is generated and encrypted by using an encryption key which is stored in the user terminal. The encrypted authentication data is transmitted from the authentication apparatus to the user terminal through the service providing apparatus. The encrypted authentication data is decrypted in the user terminal by using the encryption key. The decrypted authentication data is returned to the authentication apparatus through the service providing apparatus, and an authentication is executed in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal with the authentication data before encryption. The service providing apparatus provides a service to the user in accordance with a result of the authentication.
-
Citations
20 Claims
-
1. A service providing method which uses a user terminal which stores a decryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, comprising:
-
an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key;
a first transmission step of transmitting the encrypted authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
a decryption step of decrypting the encrypted authentication data in the user terminal using the decryption key stored in the user terminal;
a return step of returning the authentication data decrypted in said decryption step to the authentication apparatus through the service providing apparatus;
an authentication step of authenticating the decrypted authentication data in the authentication apparatus by comparing the decrypted authentication data transmitted from the user terminal and returned in said return step with the authentication data generated in said authentication data generation step before encryption;
a second transmission step of transmitting usage right information, which prescribes a use condition of a service, from the authentication apparatus to the service providing apparatus if the authentication step authenticates the decrypted authentication data; and
a service providing step of causing the service providing apparatus to provide the service to the user in accordance with the condition prescribed in the usage right information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
said authentication data generation step includes a random number generation step of generating a random number in the authentication apparatus, and the authentication data is generated using the user specifying information and the generated random number. -
6. The method according to claim 1, wherein the encryption key used in said authentication data generation step is a public key corresponding to the user, and the decryption key used in said decryption step is a private key unique to the user.
-
7. The method according to claim 1, wherein the user terminal is a portable information terminal.
-
-
8. A service providing method which uses a user terminal which stores an encryption key, a service providing apparatus which can communicate with the user terminal, and an authentication apparatus which can communicate with the service providing apparatus, said method comprising:
-
an authentication data generation step of generating authentication data;
a first transmission step of transmitting the authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
an encryption step of encrypting the authentication data in the user terminal using the encryption key stored in the user terminal;
a return step of returning the authentication data encrypted in said encryption step to the authentication apparatus through the service providing apparatus;
an authentication step of authenticating the returned authentication data returned in said return step in the authentication apparatus by decrypting the encrypted authentication data transmitted from the user terminal and returned to the authentication apparatus in said return step using a decryption key stored in the authentication apparatus and comparing the decrypted authentication data with the authentication data transmitted in said first transmission step;
a second transmission step of transmitting usage right information which prescribes a use condition of a service from the authentication apparatus to the service providing apparatus if the authentication step authenticates the returned authentication data returned to the authentication apparatus in said return step; and
a service providing step of causing the service providing apparatus to provide the service to the user in accordance with the use condition prescribed in the usage right information. - View Dependent Claims (9, 10, 11, 12, 13, 14)
in said encryption step, the authentication data is converted into hash data and then encrypted, and said authentication step, decrypts the encrypted authentication data by using the decryption key to produce decrypted hash data and authenticates the decrypted authentication data by comparing the decrypted hash data decrypted using the decryption key with the hash data generated from the authentication data transmitted in said first transmission step. -
10. The method according to claim 8, wherein the encryption key used in said encryption step is a private key unique to the user, and the decryption key used in the authentication step is a public key corresponding to the user.
-
11. The method according to claim 8, wherein in the authentication data generation step, the authentication data is generated using user specifying information which specifies a user.
-
12. The method according to claim 11, further comprising, before said authentication data generation step, a specifying information transmission step of transmitting information that specifies the user specifying information from the user terminal to the authentication apparatus through the service providing apparatus.
-
13. The method according to claim 11, wherein
said authentication data generation step includes a random number generation step of generating a random number in the authentication apparatus, and the authentication data is generated using the user specifying information and the generated random number. -
14. The method according to claim 8, wherein the user terminal is a portable information terminal.
-
-
15. An information processing system comprising:
-
a user terminal configured to store a decryption key;
a service providing apparatus configured to communicate with said user terminal; and
an authentication apparatus configured to communicate with said service providing apparatus, wherein said authentication apparatus comprises;
authentication data generation means for generating authentication data and encrypting the generated authentication data; and
first transmission means for transmitting the encrypted authentication data from said authentication apparatus to said user terminal through said service providing apparatus, wherein said user terminal comprises;
storage means for storing the decryption key;
decryption means for decrypting the encrypted authentication data using the decryption key stored in said storage means; and
return means for returning the authentication data decrypted by said decryption means to said authentication apparatus through said service providing apparatus, wherein said authentication apparatus comprises;
authentication means for authenticating the decrypted authentication data by comparing the decrypted authentication data returned from said user terminal by said return means with the authentication data generated by said authentication data generation means before said authentication data generation means encrypted the authentication data; and
second transmission means for transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication means authenticates the decrypted authentication data; and
wherein said service providing apparatus provides the service to the user in accordance with the use condition prescribed in the usage right information.
-
-
16. An information processing system comprising:
-
a user terminal configured to store an encryption key;
a service providing apparatus configured to communicate with said user terminal; and
an authentication apparatus configured to communicate with said service providing apparatus, wherein said authentication apparatus comprises;
authentication data generation means for generating authentication data;
and first transmission means for transmitting the authentication data from said authentication apparatus to said user terminal through said service providing apparatus, wherein said user terminal comprises;
storage means for storing the encryption key;
encryption means for encrypting the authentication data using the encryption key stored in said user terminal; and
return means for returning the authentication data encrypted by said encryption means to said authentication apparatus through said service providing apparatus, wherein said authentication apparatus comprises;
storage means for storing a decryption key;
authentication means for authenticating the encrypted authentication data by decrypting the encrypted authentication data returned from said user terminal by said return means using the decryption key stored in said authentication apparatus and comparing the decrypted authentication data with the authentication data transmitted by said first transmission means;
second transmission means for transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if the authentication means authenticates the encrypted authentication data, and wherein said service providing apparatus provides the service to the user in accordance with the use condition prescribed in the usage right information.
-
-
17. An authentication apparatus which can communicate with a user terminal through a service providing apparatus, comprising:
-
authentication data generation means for generating authentication data and encrypting the generated authentication data using an encryption key corresponding to the user;
first transmission means for transmitting the encrypted authentication data to the user terminal through the service providing apparatus;
reception means for receiving, through the service providing apparatus, authentication data obtained by decrypting the encrypted authentication data in the user terminal using a decryption key stored in the user terminal;
authentication means for authenticating the decrypted authentication data by comparing the decrypted authentication data received by said reception means with the authentication data generated by said authentication data generation means before encryption; and
second transmission means for transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication means authenticates the decrypted authentication data.
-
-
18. An authentication apparatus which can communicate with a user terminal through a service providing apparatus, comprising:
-
authentication data generation means for generating authentication data;
first transmission means for transmitting the generated authentication data from said authentication apparatus to the user terminal through the service providing apparatus;
reception means for receiving, through the service providing apparatus, authentication data obtained by encrypting the authentication data in the user terminal using an encryption key stored in the user terminal;
decryption means for decrypting the encrypted authentication data received by said reception means using a decryption key corresponding to the user;
authentication means for authenticating the decrypted authentication data by comparing the decrypted authentication data with the authentication data transmitted by said first transmission means;
second transmission means for transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication means authenticates the decrypted authentication data.
-
-
19. A control program for a computer which functions as an authentication apparatus which can communicated with a user terminal through a service providing apparatus, the control program causing the computer to execute:
-
an authentication data generation step of generating authentication data and encrypting the generated authentication data using an encryption key corresponding to the user;
a first transmission step of transmitting the encrypted authentication data to the user terminal through the service providing apparatus;
a reception step of receiving, through the service providing apparatus, authentication data obtained by decrypting the encrypted authentication data in the user terminal using a decryption key stored in the user terminal;
an authentication step of authenticating the decrypted authentication data by comparing the decrypted authentication data received in said reception step with the authentication data generated in said authentication data generation step before encryption;
a second transmission step of transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication step authenticates the decrypted authentication data.
-
-
20. A control program for a computer which functions as an authentication apparatus which can communicate with a user terminal through a service providing apparatus, the control program causing the computer to execute:
-
an authentication data generation step of generating authentication data;
a first transmission step of transmitting the generated authentication data from the authentication apparatus to the user terminal through the service providing apparatus;
a reception step of receiving, through the service providing apparatus, authentication data obtained by encrypting the authentication data in the user terminal using an encryption key stored in the user terminal;
a decryption step of decrypting the encrypted authentication data received in said reception step using a decryption key corresponding to the user;
an authentication step of authenticating the decrypted authentication data by comparing the decrypted authentication data with the authentication data transmitted in the first transmission step; and
a second transmission step of transmitting usage right information which prescribes a use condition of a service to the service providing apparatus if said authentication step authenticates the decrypted authentication data.
-
Specification