Authentication system, authentication server, and sub-authentication server

US 8,782,760 B2
Filed: 04/21/2011
Issued: 07/15/2014
Est. Priority Date: 10/23/2008
Status: Active Grant

First Claim

Patent Images

1. An authentication system, comprising:

an authentication server comprising a memory that stores authentication information to be used for authentication and a processor coupled to the memory of the authentication server;

a plurality of sub-authentication server comprising a memory and a processor coupled to the memory of the sub-authentication server;

a terminal comprising a memory and a processor coupled to the memory of the terminal, anda management terminal comprising a memory and a processor coupled to the memory, whereinthe processor of the authentication server executes a process comprisingverifying, when receiving an authentication request which is to request to authenticate biometric information of a user using the terminal, the authentication information to authenticate the transmission origin of the authentication request using the authentication information for each sub-authentication server, when receiving the authentication request,selecting the sub-authentication server where a degree of similarity calculated as a verification result becomes a predetermined threshold value or less, andtransmitting authentication information used to authenticate a transmission origin of the authentication request, to selected one of the plurality of sub-authentication server,the processor of the authentication server and/or the processor of the sub-authentication server executes a process comprising transmitting identification information to identify the sub-authentication server to which the authentication information is transmitted by the authentication server, to the terminal that transmits the authentication request,the memory of the terminalstores identification information to identify a transmission destination of the authentication request;

the processor of the terminal executes a process comprisingtransmitting the authentication request to a transmission destination identified with the identification information stored by the memory of the terminal; and

updating the identification information stored in the memory of the terminal using the identification information, when receiving the identification information, andthe memory of the sub-authentication serverstores the authentication information transmitted from the authentication server to the sub-authentication server,the processor of the sub-authentication server executes a process comprising authenticating the transmission origin of the authentication request using the authentication information stored in the memory of the sub-authentication server, when receiving the authentication request, andthe processor of the authentication server and/or the management terminal further executes a process comprisingdeleting a part of the authentication information stored by the memory of the sub-authentication server with respect to the sub-authentication server where the frequency of performing the authentication is high as compared with the other sub-authentication servers,storing the authentication information deleted in the memory of the sub-authentication server;

with respect to the sub-authentication server where the frequency of performing the authentication is low as compared with the other sub-authentication servers, andtransmitting identification information to identify the sub-authentication server becoming the storage destination where the authentication information is stored, to the transmission origin authenticated using the authentication information deleted.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An authentication server transmits authentication information used to authenticate the transmission origin of an authentication request, to a sub-authentication server, when receiving the authentication request. The authentication server transmits identification information to identify the sub-authentication server to which the authentication information is transmitted, to a terminal. The terminal includes a transmission destination storage unit that stores identification information to identify the transmission destination of the authentication request and transmits the authentication request to the transmission destination identified with the identification information stored by the transmission destination storage unit. The terminal updates the identification information using the identification information, when receiving the identification information. The sub-authentication server includes an authentication information storage unit that stores the authentication information transmitted from the authentication server to the sub-authentication server, and authenticates the transmission origin of the authentication request using the stored authentication information, when receiving the authentication request.

Citations

13 Claims

1. An authentication system, comprising:
- an authentication server comprising a memory that stores authentication information to be used for authentication and a processor coupled to the memory of the authentication server;
  
  a plurality of sub-authentication server comprising a memory and a processor coupled to the memory of the sub-authentication server;
  
  a terminal comprising a memory and a processor coupled to the memory of the terminal, anda management terminal comprising a memory and a processor coupled to the memory, whereinthe processor of the authentication server executes a process comprisingverifying, when receiving an authentication request which is to request to authenticate biometric information of a user using the terminal, the authentication information to authenticate the transmission origin of the authentication request using the authentication information for each sub-authentication server, when receiving the authentication request,selecting the sub-authentication server where a degree of similarity calculated as a verification result becomes a predetermined threshold value or less, andtransmitting authentication information used to authenticate a transmission origin of the authentication request, to selected one of the plurality of sub-authentication server,the processor of the authentication server and/or the processor of the sub-authentication server executes a process comprising transmitting identification information to identify the sub-authentication server to which the authentication information is transmitted by the authentication server, to the terminal that transmits the authentication request,the memory of the terminalstores identification information to identify a transmission destination of the authentication request;
  
  the processor of the terminal executes a process comprisingtransmitting the authentication request to a transmission destination identified with the identification information stored by the memory of the terminal; and
  
  updating the identification information stored in the memory of the terminal using the identification information, when receiving the identification information, andthe memory of the sub-authentication serverstores the authentication information transmitted from the authentication server to the sub-authentication server,the processor of the sub-authentication server executes a process comprising authenticating the transmission origin of the authentication request using the authentication information stored in the memory of the sub-authentication server, when receiving the authentication request, andthe processor of the authentication server and/or the management terminal further executes a process comprisingdeleting a part of the authentication information stored by the memory of the sub-authentication server with respect to the sub-authentication server where the frequency of performing the authentication is high as compared with the other sub-authentication servers,storing the authentication information deleted in the memory of the sub-authentication server;
  
  with respect to the sub-authentication server where the frequency of performing the authentication is low as compared with the other sub-authentication servers, andtransmitting identification information to identify the sub-authentication server becoming the storage destination where the authentication information is stored, to the transmission origin authenticated using the authentication information deleted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The authentication system according to claim 1, whereinthe processor of the sub-authentication server further executes a process of determining whether a current state is a state where the empty capacity of the memory of the sub-authentication server needs to be increased;
    - anddeleting a part of the authentication information stored in the memory of the sub-authentication server, when it is determined that the current state is the state where the empty capacity needs to be increased.
  - 3. The authentication system according to claim 2,wherein the memory of the sub-authentication server stores a valid period of the authentication information with respect to each piece of authentication information, andthe processor of the sub-authentication server further executes a process of deleting the authentication information where the valid period expires, from the memory of the sub-authentication server.
  - 4. The authentication system according to claim 3,wherein the memory of the sub-authentication server includes storing the authentication information in a cache, andthe processor of the sub-authentication server including a disk device further executes a process of backing up the authentication information stored in the memory of the sub-authentication server in the disk device.
  - 5. The authentication system according to claim 4,wherein the disk device stores the authentication information that is transmitted by the authentication server, when the empty capacity does not exist in the memory of the sub-authentication server, andthe processor of the sub-authentication server further executes a process of the authentication using the authentication information stored in the memory of the sub-authentication server and the disk device.
  - 6. The authentication system according to claim 5,wherein the memory of the sub-authentication server further includesstoring log information related to the authentication performed by the sub-authentication server, andthe processor of the sub-authentication server further executes a process of a transmitting the log information stored in the memory of the sub-authentication server to the authentication server, according to a predetermined policy.
  - 7. The authentication system according to claim 6,wherein the memory of the terminal includes storing identification information to identify the authentication server, separately from the identification information transmitted.
  - 8. The authentication system according to claim 7,wherein each of the memory of the authentication server and the memory of the sub-authentication server includes storing an authentication program to be used for the authentication,the processor of the authentication server further executes, when the authentication program stored in the memory of the authentication server is updated, a process of transmitting the updated authentication program to the sub-authentication server, andthe processor of the sub-authentication server further executes a process of updating the authentication program stored in the memory of the sub-authentication server, using the authentication program transmitted, when receiving the authentication program.
  - 9. The authentication system according to claim 8,wherein the memory of the authentication server, the memory of the sub-authentication server, and the memory of the terminal store information in an encrypted state.
  - 10. The authentication system according to claim 9,wherein the processor of the authentication server, the processor of the sub-authentication server, and the processor of the terminal further executes a process of encrypting information and transmitting the information, and decrypting the encrypted information, when receiving the encrypted information.
  - 11. The authentication system according to claim 1,wherein the memory of the authentication server further includes storing attribute information of a user authenticated by the authentication information, for each piece of authentication information;
    - the processor of the authentication server further executes a process of selecting the same sub-authentication server for each kind of the attribute information, using the attribute information stored in the memory of the authentication server corresponding to the authentication information used to authenticate the authentication request, when receiving the authentication request, andtransmitting the authentication information to the sub-authentication server selected.

12. An authentication server, comprising:
- a memory that stores authentication information to be used for authentication; and
  
  a processor coupled to the memory, wherein the processor executes a process comprising;
  
  verifying, when receiving an authentication request which is to request to authenticate biometric information of a user using the terminal, the authentication information to authenticate the transmission origin of the authentication request using the authentication information for each sub-authentication server, when receiving the authentication request;
  
  selecting the sub-authentication server where a degree of similarity calculated as a verification result becomes a predetermined threshold value or less;
  
  transmitting the authentication information used to authenticate a transmission origin of an authentication request, to one of a plurality of sub-authentication server, when receiving the authentication request;
  
  transmitting identification information to identify the sub-authentication server to which the authentication information is transmitted, to a terminal, the terminal transmitting the authentication request to a transmission destination identified with the identification information, being the transmission origin of the received authentication request, and updating the identification information stored in a memory of the terminal using the identification information transmitted when receiving the identification information;
  
  deleting a part of the authentication information stored by the memory of the sub-authentication server with respect to the sub-authentication server where the frequency of performing the authentication is high as compared with the other sub-authentication servers;
  
  storing the authentication information deleted in the memory of the sub-authentication server;
  
  with respect to the sub-authentication server where the frequency of performing the authentication is low as compared with the other sub-authentication servers; and
  
  transmitting identification information to identify the sub-authentication server becoming the storage destination where the authentication information is stored, to the transmission origin authenticated using the authentication information deleted.

13. An authentication method comprising:
- verifying, when receiving an authentication request which is to request to authenticate biometric information of a user using a terminal, the authentication information to authenticate the transmission origin of the authentication request using the authentication information for each sub-authentication server, when receiving the authentication request;
  
  selecting the sub-authentication server where a degree of similarity calculated as a verification result becomes a predetermined threshold value or less,transmitting authentication information used to authenticate a transmission origin of the authentication request to selected one of the plurality of sub-authentication server;
  
  transmitting identification information to identify the sub-authentication server to which the authentication information is transmitted to the terminal that transmits the authentication request;
  
  transmitting the authentication request to a transmission destination identified with the identification information stored by a transmission destination storage unit;
  
  updating the identification information stored in the transmission destination storage unit using the transmitted identification information, when receiving the identification information;
  
  authenticating the transmission origin of the authentication request using the transmitted authentication information transmitted, when receiving the authentication request;
  
  deleting a part of the authentication information stored by the memory of the sub-authentication server with respect to the sub-authentication server where the frequency of performing the authentication is high as compared with the other sub-authentication servers;
  
  storing the authentication information deleted in the memory of the sub-authentication server;
  
  with respect to the sub-authentication server where the frequency of performing the authentication is low as compared with the other sub-authentication servers; and
  
  transmitting identification information to identify the sub-authentication server becoming the storage destination where the authentication information is stored, to the transmission origin authenticated using the authentication information deleted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu Limited
Original Assignee
Fujitsu Limited
Inventors
Kamakura, Ken
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US13/091,508
Publication Number

US 20110202985A1
Time in Patent Office

1,181 Days
Field of Search

726/7
US Class Current

726/7
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 2221/2145   Inheriting rights or proper...

G06F 2221/2151   Time stamp

H04L 63/08   for authentication of entit...

Authentication system, authentication server, and sub-authentication server

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication system, authentication server, and sub-authentication server

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links