Authentication method, authentication system, and authentication server
First Claim
1. A communication method in which a terminal unit connected with an authentication server and a plurality of service provider'"'"'s servers via a network makes a request for authentication to each server, said communication method comprising:
- transmitting authentication request information for requiring user authentication to said authentication server;
receiving a server authentication reply from said authentication server;
transmitting, in accordance with said server authentication reply, authentication ticket request information for requiring an authentication ticket for accessing a specific service provider'"'"'s server, to said authentication server;
receiving an authentication ticket reply including said authentication ticket from said authentication server;
transmitting service request information for requiring a service provision, together with said received authentication ticket, to said specific service provider'"'"'s server; and
receiving an authentication service reply including a session identifier issued by the specific service provider'"'"'s server, the service reply indicating the authentication approval from the service provider'"'"'s server when said authentication ticket is determined as authorized by said service provider'"'"'s server, and said authentication ticket is unique and issued only to said terminal unit and does not include the user authentication information;
transmitting by the terminal unit to said service provider'"'"'s server, page request information for requiring page information;
transmitting by the terminal unit to said authentication server authentication ticket issuance request information for requiring issuance of said authentication ticket upon receipt of an authentication service reply indicating an authentication service error from said service provider'"'"'s server;
transmitting by the terminal unit to said authentication server authentication request information for requiring user authentication, upon receipt of an authentication ticket reply indicating an authentication ticket error from said authentication server;
receiving at the terminal unit from said authentication server, a server authentication reply indicating a user authentication approval;
transmitting by the terminal unit to the authentication server authentication ticket request information for requiring an authentication ticket allowing an access to the specific service provider'"'"'s server in accordance with said server authentication reply;
receiving at the terminal unit an authentication ticket reply including said authentication ticket from said authentication server; and
transmitting by the terminal unit service request information for requiring a service provision from said specific service provider'"'"'s server together with said received authentication ticket,when said authentication ticket is determined as authorized by said service provider'"'"'s server, receiving an authentication service reply indicating the authentication approval from the service provider'"'"'s server, and retransmitting said page request information to said service provider'"'"'s server and receiving the page information from said service provider'"'"'s server.
1 Assignment
0 Petitions
Accused Products
Abstract
A user authentication processing is performed and an authentication session ID is returned to a terminal 500 (A14). An authentication server 600 issues and stores an authentication ticket (A17). The authentication ticket and authentication session are returned to the terminal 500 (A18). A user 100 transmits a request of service provision and the authentication ticket to a service provider'"'"'s server 700, and the service provider'"'"'s server 700 transmits the authentication ticket to the authentication server 600 (A20). The authentication server 600 performs an authentication processing of the authentication ticket (A21), and the authentication result is notified (A22). In the case of the authentication approval, a service session ID is issued together with the notification of authorization (A23). When receiving the notification of the authentication approval, the terminal 500 performs an establishment processing of the session using the received service session ID, and stores the service session ID (A27).
19 Citations
4 Claims
-
1. A communication method in which a terminal unit connected with an authentication server and a plurality of service provider'"'"'s servers via a network makes a request for authentication to each server, said communication method comprising:
-
transmitting authentication request information for requiring user authentication to said authentication server; receiving a server authentication reply from said authentication server; transmitting, in accordance with said server authentication reply, authentication ticket request information for requiring an authentication ticket for accessing a specific service provider'"'"'s server, to said authentication server; receiving an authentication ticket reply including said authentication ticket from said authentication server; transmitting service request information for requiring a service provision, together with said received authentication ticket, to said specific service provider'"'"'s server; and receiving an authentication service reply including a session identifier issued by the specific service provider'"'"'s server, the service reply indicating the authentication approval from the service provider'"'"'s server when said authentication ticket is determined as authorized by said service provider'"'"'s server, and said authentication ticket is unique and issued only to said terminal unit and does not include the user authentication information; transmitting by the terminal unit to said service provider'"'"'s server, page request information for requiring page information; transmitting by the terminal unit to said authentication server authentication ticket issuance request information for requiring issuance of said authentication ticket upon receipt of an authentication service reply indicating an authentication service error from said service provider'"'"'s server; transmitting by the terminal unit to said authentication server authentication request information for requiring user authentication, upon receipt of an authentication ticket reply indicating an authentication ticket error from said authentication server; receiving at the terminal unit from said authentication server, a server authentication reply indicating a user authentication approval; transmitting by the terminal unit to the authentication server authentication ticket request information for requiring an authentication ticket allowing an access to the specific service provider'"'"'s server in accordance with said server authentication reply; receiving at the terminal unit an authentication ticket reply including said authentication ticket from said authentication server; and transmitting by the terminal unit service request information for requiring a service provision from said specific service provider'"'"'s server together with said received authentication ticket, when said authentication ticket is determined as authorized by said service provider'"'"'s server, receiving an authentication service reply indicating the authentication approval from the service provider'"'"'s server, and retransmitting said page request information to said service provider'"'"'s server and receiving the page information from said service provider'"'"'s server. - View Dependent Claims (2, 3)
-
-
4. A terminal unit which is connected with an authentication server and a plurality of service provider'"'"'s servers via a network, said terminal unit comprising:
-
first transmitting means for transmitting authentication request information requiring user authentication to said authentication server; first receiving means for receiving a server authentication reply from said authentication server; second transmitting means for transmitting, to said authentication server, authentication ticket request information for requiring an authentication ticket for accessing a specific service provider'"'"'s server, in accordance with said server authentication reply; second receiving means for receiving an authentication ticket reply including said authentication ticket from said authentication server; third transmitting means for transmitting service request information requiring a service provision together with said received authentication ticket, to said specific service provider'"'"'s server, and third receiving means for receiving an authentication service reply including a session identifier issued by the specific service provider'"'"'s server, the service reply indicating the authentication approval from the specific service provider'"'"'s server, when said authentication ticket is determined as authorized by said specific service provider'"'"'s server, wherein said authentication ticket is unique and issued only to said terminal unit and does not include the user authentication information, and wherein said terminal unit further includes a first module and a second module, said first module transmits page request information for requiring page information to said second module, said second module transmits said page request information to said specific service provider'"'"'s server, when said second module receives an authentication service reply indicating an authentication service error from said specific service provider'"'"'s server, said second module, after transmitting authentication ticket issuance request information for requiring issuance of said authentication ticket to said authentication server, and when receiving an authentication ticket reply indicating an authentication ticket error from said authentication server, transmits authentication request information for requiring the user authentication to said authentication server, said second module, receives a server authentication reply indicating the authentication approval from said authentication server, said second module, in accordance with said server authentication reply, transmits, to said authentication server, authentication ticket request information for requiring an authentication ticket for accessing the specific service provider'"'"'s server, said second module receives an authentication ticket reply including said authentication ticket from said authentication server, second module transmits, together with said received authentication ticket, service request information for requiring a service provision to said specific service provider'"'"'s server, said second module, when said authentication ticket is determined as authorized by said service provider'"'"'s server, receives an authentication service reply indicating the authentication approval from the specific service provider'"'"'s server, said second module retransmits said page request information to said specific service provider'"'"'s server, said second module receives the page information from said specific service provider'"'"'s server, and transmits the page information to said first module, and said first module generates image information from the received page information.
-
Specification