Access authentication method, information processing unit, and computer product

US 8,572,392 B2
Filed: 06/27/2006
Issued: 10/29/2013
Est. Priority Date: 04/01/2004
Status: Expired due to Fees

First Claim

Patent Images

1. An access authentication method for performing access authentication using a recording medium that is detachably connected to an information processing unit, the access authentication method comprising:

first performing the access authentication by authenticating authentication information provided by a user;

issuing a key corresponding to the authentication information, when the access authentication based on the authentication information is successful at the first performing;

encrypting the authentication information provided by the user with the key to generate encrypted authentication information; and

first storing the key in the information processing unit;

second storing, using a processor, the encrypted authentication information in a first memory area of the recording medium, and a plurality of identification information of login screens for a plurality of systems and respective login information about the login screens, in a corresponding manner, the login information being used to log in the respective login screens and including both an identification information (ID) and a password in a second memory area of the recording medium, the second memory area being protected by the authentication information provided by the user;

second performing, using the processor, the access authentication by obtaining the encrypted authentication information stored in the first memory area of the recording medium at the storing and by decrypting the encrypted authentication information using the key stored in the information processing unit at the storing, when a login screen for a system is displayed on the information processing unit;

reading, using the processor, login information including both an ID and a password corresponding to identification information of the displayed login screen from the second memory area, when the access authentication is successful at the second performing; and

entering, using the processor, the login information read at the reading on the displayed login screen, whereinthe issuing, the encrypting, the first storing, and the second storing are performed in a first event in which the recording medium is connected to the information processing unit, andthe second performing, the reading, and the entering are performed in a second event after the first event in which the recording medium is connected to the information processing unit.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An input personal identification number (PIN) is encrypted, identification information to identify a computer that has generated an encrypted PIN is associated with the encrypted PIN, and the associated information is sent to a recording medium. When the recording medium is again connected to the computer, it is checked whether the identification information is present in the recording medium. If the identification information is present in the recording medium, the encrypted PIN associated with the identification information is decrypted. These processes can be performed on both computer side and recording medium side.

18 Citations

View as Search Results

29 Claims

1. An access authentication method for performing access authentication using a recording medium that is detachably connected to an information processing unit, the access authentication method comprising:
- first performing the access authentication by authenticating authentication information provided by a user;
  
  issuing a key corresponding to the authentication information, when the access authentication based on the authentication information is successful at the first performing;
  
  encrypting the authentication information provided by the user with the key to generate encrypted authentication information; and
  
  first storing the key in the information processing unit;
  
  second storing, using a processor, the encrypted authentication information in a first memory area of the recording medium, and a plurality of identification information of login screens for a plurality of systems and respective login information about the login screens, in a corresponding manner, the login information being used to log in the respective login screens and including both an identification information (ID) and a password in a second memory area of the recording medium, the second memory area being protected by the authentication information provided by the user;
  
  second performing, using the processor, the access authentication by obtaining the encrypted authentication information stored in the first memory area of the recording medium at the storing and by decrypting the encrypted authentication information using the key stored in the information processing unit at the storing, when a login screen for a system is displayed on the information processing unit;
  
  reading, using the processor, login information including both an ID and a password corresponding to identification information of the displayed login screen from the second memory area, when the access authentication is successful at the second performing; and
  
  entering, using the processor, the login information read at the reading on the displayed login screen, whereinthe issuing, the encrypting, the first storing, and the second storing are performed in a first event in which the recording medium is connected to the information processing unit, andthe second performing, the reading, and the entering are performed in a second event after the first event in which the recording medium is connected to the information processing unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The access authentication method according to claim 1, wherein the information processing unit performs the first performing, the issuing, the encrypting, the first storing, the second storing the second performing, the reading and the entering.
  - 3. The access authentication method according to claim 1, wherein the recording medium performs the first performing, the issuing, the encrypting, the first storing, the second storing the second performing, the reading and the entering.
  - 4. The access authentication method according to claim 1, further comprising setting a validity period for the key used for at least one of the encrypting and the second performing, wherein the second performing is performed when the validity period is not expired.
  - 5. The access authentication method according to claim 1, wherein,at the encrypting, encrypted authentication information is generated and stored in the recording medium each time access authentication based on authentication information from the user is successful at the first performing, andat the second performing, when a plurality of pieces of encrypted authentication information are stored in the recording medium, any one of the pieces of encrypted authentication information is decrypted using the key stored in the information processing unit.
  - 6. The access authentication method according to claim 5, wherein,at the encrypting, encrypted authentication information is associated with unit identification information to uniquely identify an information processing unit that is involved in generating the encrypted authentication information, and the associated information is stored in the recording medium, andat the second performing, encrypted authentication information associated with unit identification information corresponding to an information processing unit to which the recording medium is currently connected is obtained from the plurality of pieces of encrypted authentication information stored in the recording medium, and the decryption is performed.
  - 7. The access authentication method according to claim 1, further comprising determining whether to generate the encrypted authentication information, wherein, at the encrypting, the encrypted authentication information is generated when the encrypted authentication information has been determined to be generated.
  - 8. The access authentication method according to claim 1, further comprising determining whether to use the encrypted authentication information stored in the recording medium, wherein, at the second performing, the decryption is performed using the encrypted authentication information when the encrypted authentication information has been determined to be used.
  - 9. The access authentication method according to claim 1, further comprising storing in the recording medium unit identification information to uniquely identify an information processing unit that is involved in generating encrypted authentication information when the encrypted authentication information generated at the encrypting is stored in the recording medium, wherein, at the second performing, the decryption is performed when unit identification information corresponding to an information processing unit to which the recording medium is currently connected matches the unit identification information stored in the recording medium.
  - 10. The access authentication method according to claim 1, further comprising storing medium identification information to uniquely identify a recording medium in an information processing unit that is involved in generating encrypted authentication information when the encrypted authentication information generated at the encrypting is stored in the recording medium, wherein, at the second performing, the decryption is performed when medium identification information corresponding to a recording medium which is currently connected to the information processing unit matches the medium identification information stored in the information processing unit.
  - 11. The access authentication method according to claim 1, wherein,at the encrypting, the predetermined key is issued for the encryption based on medium identification information to uniquely identify a recording medium and unit identification information to uniquely identify an information processing unit to which the recording medium is currently connected, andat the second performing, the key is issued for the decryption based on medium identification information corresponding to the recording medium and unit identification information corresponding to an information processing unit to which the recording medium is currently connected.

12. A computer-readable non-transitory recording medium that stores therein an access authentication program for implementing an access authentication method in which access authentication is performed by an information processing unit being a computer with a recording medium that is detachably connected to the information processing unit, the access authentication program causing the computer to perform a process comprising:
- first performing the access authentication by authenticating authentication information provided by a user;
  
  issuing a key corresponding to the authentication information, when the access authentication based on the authentication information is successful at the first performing;
  
  encrypting the authentication information provided by the user with the key to generate encrypted authentication information; and
  
  storing the key in the information processing unit, the encrypted authentication information in a first memory area of the recording medium, and a plurality of identification information of login screens for a plurality of systems and respective login information about the login screens, in a corresponding manner, the login information being used to log in the respective login screens and including both an identification information (ID) and a password in a second memory area of the recording medium, the second memory area being protected by the authentication information provided by the user;
  
  second performing the access authentication by obtaining the encrypted authentication information stored in the first memory area of the recording medium at the storing and by decrypting the encrypted authentication information using the key stored in the information processing unit at the storing, when a login screen for a system is displayed on the information processing unit;
  
  reading login information including both an ID and a password corresponding to identification information of the displayed login screen from the second memory area, when the access authentication is successful at the second performing; and
  
  entering the login information read at the reading on the displayed login screen, whereinthe issuing, the encrypting, and the storing are performed in a first event in which the recording medium is connected to the information processing unit, andthe second performing, the reading, and the entering are performed in a second event after the first event in which the recording medium is connected to the information processing unit.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The computer-readable recording medium according to claim 12, the program further causing the computer to perform setting a validity period for the key used for at least one of the encrypting and the second performing, wherein the second performing is performed when the validity period is not expired.
  - 14. The computer-readable recording medium according to claim 12, wherein,at the encrypting, encrypted authentication information is generated and stored in the recording medium each time access authentication based on authentication information from the user is successful at the first performing, andat the second performing, when a plurality of pieces of encrypted authentication information are stored in the recording medium, any one of the pieces of encrypted authentication information is decrypted using the key in the information processing unit.
  - 15. The computer-readable recording medium according to claim 14, wherein,at the encrypting, encrypted authentication information is associated with unit identification information to uniquely identify an information processing unit that is involved in generating the encrypted authentication information, and the associated information is stored in the recording medium, andat the second performing, encrypted authentication information associated with unit identification information corresponding to an information processing unit to which the recording medium is currently connected is obtained from the plurality of pieces of encrypted authentication information stored in the recording medium, and the decryption is performed.
  - 16. The computer-readable recording medium according to claim 12, the program further causing the computer to perform determining whether to generate the encrypted authentication information, wherein, at the encrypting, the encrypted authentication information is generated when the encrypted authentication information has been determined to be generated.
  - 17. The computer-readable recording medium according to claim 12, the program further causing the computer to perform determining whether to use the encrypted authentication information stored in the recording medium, wherein, at the second performing, the decryption is performed using the encrypted authentication information when the encrypted authentication information has been determined to be used.
  - 18. The computer-readable recording medium according to claim 12, the program further causing the computer to perform storing in the recording medium unit identification information to uniquely identify an information processing unit that is involved in generating encrypted authentication information when the encrypted authentication information generated at the encrypting is stored in the recording medium, wherein, at the second performing, the decryption is performed when unit identification information corresponding to an information processing unit to which the recording medium is currently connected matches the unit identification information stored in the recording medium.
  - 19. The computer-readable recording medium according to claim 12, the program further causing the computer to perform storing medium identification information to uniquely identify a recording medium in an information processing unit that is involved in generating encrypted authentication information when the encrypted authentication information generated at the encrypting is stored in the recording medium, wherein, at the second performing, the decryption is performed when medium identification information corresponding to a recording medium which is currently connected to the information processing unit matches the medium identification information stored in the information processing unit.

20. A computer-readable non-transitory recording medium that stores therein an access authentication program for implementing an access authentication method in which access authentication is performed by a recording medium being a computer that is detachably connected to an information processing unit with authentication information provided by a user, the access authentication program causing the computer to perform a process comprising:
- first performing the access authentication by authenticating authentication information provided by a user;
  
  issuing a key corresponding to the authentication information, when the access authentication based on the authentication information is successful at the first performing;
  
  encrypting the authentication information provided by the user with the key to generate encrypted authentication information; and
  
  storing the key in the information processing unit, the encrypted authentication information in a first memory area of the recording medium, and a plurality of identification information of login screens for a plurality of systems and respective login information about the login screens, in a corresponding manner, the login information being used to log in the respective login screens including both an identification information (ID) and a password in a second memory area of the recording medium, the second memory area being protected by the authentication information provided by the user;
  
  second performing the access authentication by obtaining the encrypted authentication information stored in the first memory area of the recording medium at the storing and by decrypting the encrypted authentication information using the key stored in the information processing unit at the storing, when a login screen for a system is displayed on the information processing unit;
  
  reading login information including both an ID and a password corresponding to identification information of the displayed login screen from the second memory area, when the access authentication is successful at the second performing; and
  
  entering the login information read at the reading on the displayed login screen, whereinthe issuing, the encrypting, and the storing are performed in a first event in which the recording medium is connected to the information processing unit, andthe second performing, the reading, and the entering are performed in a second event after the first event in which the recording medium is connected to the information processing unit.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The computer-readable recording medium according to claim 20, the program further causing the computer to perform setting a validity period for the key used for at least one of the encrypting and the second performing, wherein the second performing is performed when the validity period is not expired.
  - 22. The computer-readable recording medium according to claim 20, wherein,at the encrypting, encrypted authentication information is generated and stored in the recording medium each time access authentication based on authentication information from the user is successful at the first performing, andat the second performing, when a plurality of pieces of encrypted authentication information are stored in the recording medium, any one of the pieces of encrypted authentication information is decrypted using the key in the information processing unit.
  - 23. The computer-readable recording medium according to claim 22, wherein,at the encrypting, encrypted authentication information is associated with unit identification information to uniquely identify an information processing unit that is involved in generating the encrypted authentication information, and the associated information is stored in the recording medium, andat the second performing, encrypted authentication information associated with unit identification information corresponding to an information processing unit to which the recording medium is currently connected is obtained from the plurality of pieces of encrypted authentication information stored in the recording medium, and the decryption is performed.
  - 24. The computer-readable recording medium according to claim 20, the program further causing the computer to perform determining whether to generate the encrypted authentication information, wherein, at the encrypting, the encrypted authentication information is generated when the encrypted authentication information has been determined to be generated.
  - 25. The computer-readable recording medium according to claim 20, the program further causing the computer to perform determining whether to use the encrypted authentication information stored in the recording medium, wherein, at the second performing, the decryption is performed using the encrypted authentication information when the encrypted authentication information has been determined to be used.
  - 26. The computer-readable recording medium according to claim 20, the program further causing the computer to perform storing in the recording medium unit identification information to uniquely identify an information processing unit that is involved in generating encrypted authentication information when the encrypted authentication information generated at the encrypting is stored in the recording medium, wherein, at the second performing, the decryption is performed when unit identification information corresponding to an information processing unit to which the recording medium is currently connected matches the unit identification information stored in the recording medium.
  - 27. The computer-readable recording medium according to claim 20, the program further causing the computer to perform storing medium identification information to uniquely identify a recording medium in an information processing unit that is involved in generating encrypted authentication information when the encrypted authentication information generated at the encrypting is stored in the recording medium, wherein, at the second performing, the decryption is performed when medium identification information corresponding to a recording medium which is currently connected to the information processing unit matches the medium identification information stored in the information processing unit.

28. An information processing apparatus for performing access authentication using a recording medium that is detachably connected thereto and authentication information provided by a user, the information processing apparatus comprising:
- a first performing unit that performs the access authentication by authenticating authentication information provided by a user;
  
  an issuing unit that issues a key corresponding to the authentication information, when the access authentication based on the authentication information performed by the first performing unit is successful;
  
  an encrypting unit that encrypts the authentication information provided by the user with the key to generate encrypted authentication information;
  
  a storing unit that stores the key in the information processing unit, the encrypted authentication information in a first memory area of the recording medium, and a plurality of identification information of login screens for a plurality of systems and respective login information about the login screens, in a corresponding manner, the login information being used to log in the respective login screens and including both an identification information (ID) and a password in a second memory area of the recording medium, the second memory area being protected by the authentication information provided by the user; and
  
  a second performing unit that performs the access authentication by obtaining the encrypted authentication information stored in the first memory area of the recording medium at the storing and by decrypting the encrypted authentication information using the key stored in the information processing unit by the storing unit, when a login screen for a system is displayed on the information processing unit;
  
  whereinthe second performing unit reads login information including both an ID and a password corresponding to identification information of the displayed login screen from the second memory area, when the access authentication is successful by the second performing unit, and enters the read login information on the displayed login screen,the issuing by the issuing unit, the encrypting by the encrypting unit, and the storing by storing unit are performed in a first event in which the recording medium is connected to the information processing unit, andthe second performing by the second performing unit, the reading by the second performing unit, and the entering by the second performing unit are performed in a second event after the first event in which the recording medium is connected to the information processing unit.

29. An information processing unit for performing access authentication using a recording medium that is detachably connected thereto and authentication information provided by a user, the information processing unit comprising:
- a memory; and
  
  a processor coupled to the memory, wherein the processor executes a process comprising;
  
  first performing the access authentication by authenticating authentication information provided by a user;
  
  issuing a key corresponding to the authentication information, when the access authentication based on the authentication information is successful at the first performing;
  
  encrypting the authentication information provided by the user with the key to generate encrypted authentication information;
  
  storing the key in the information processing unit, the encrypted authentication information in a first memory area of the recording medium, and a plurality of identification information of login screens for a plurality of systems and respective login information about the login screens, in a corresponding manner, the login information being used to log in the respective login screens and including both an identification information (ID) and a password in a second memory area of the recording medium, the second memory area being protected by the authentication information provided by the user;
  
  second performing the access authentication by obtaining the encrypted authentication information stored in the first memory area of the recording medium at the storing and by decrypting the encrypted authentication information using the key stored in the information processing unit at the storing, when a login screen for a system is displayed on the information processing unit;
  
  reading login information including both an ID and a password corresponding to identification information of the displayed login screen from the second memory area, when the access authentication is successful at the second performing; and
  
  entering the login information at the reading on the displayed login screen, whereinthe issuing, the encrypting, and the storing are performed in a first event in which the recording medium is connected to the information processing unit, andthe second performing, the reading, and the entering are performed in a second event after the first event in which the recording medium is connected to the information processing unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Client Computing Limited (Lenovo Group Ltd.)
Original Assignee
Fujitsu Limited
Inventors
Ishidera, Nobutaka
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Anderson, Michael D

Application Number

US11/474,973
Publication Number

US 20060248345A1
Time in Patent Office

2,681 Days
Field of Search

713/155, 713/176, 713/193, 705/41, 380/44, 380/279
US Class Current

713/183
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/445   by mutual authentication, e...

G06F 2221/2129   Authenticate client device ...

Access authentication method, information processing unit, and computer product

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Access authentication method, information processing unit, and computer product

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links