Information processing system, information processing device, and authentication method

US 9,210,159 B2
Filed: 01/28/2014
Issued: 12/08/2015
Est. Priority Date: 02/06/2013
Status: Active Grant

First Claim

Patent Images

1. An information processing system, comprising:

one or more information processing devices,wherein the one or more information processing devices includes;

a storage unit configured to store a program; and

a processor configured to execute the program,wherein the program which, when executed by the processor, functions as;

a receiving unit configured to receive user identification information and organization identification information from an external device; and

an authentication unit configured to perform authentication with respect to the user identification information and the organization identification information received from the external device by the receiving unit using a first storage unit that stores one or more sets of user identification information in association with the organization identification information;

wherein when the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are stored in association with each other in a second storage unit that stores the organization identification information in association with information on one or more external services that have established a trust relationship for authentication;

wherein when the authentication unit receives the federated authentication request from the external device that is not authenticated, the authentication unit attaches information on the federated authentication request to a response to the receiving unit for prompting the receiving unit to receive the user identification information and the organization identification information from the external device;

wherein when the information on the federated authentication request is attached to the user identification information and the organization identification information received from the external device, the receiving unit sends authentication information indicating authentication has been completed by the authentication unit to the external device; and

wherein when the authentication unit receives from the external device the federated authentication request that has the authentication information attached thereto, the authentication unit determines that the federated authentication request is from the external device that is authenticated.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An information processing system includes a receiving unit that receives user identification information and organization identification information from an external device, and an authentication unit that performs authentication of the user identification information and the organization identification information received by the receiving unit using a first storage unit storing one or more sets of user identification information in association with organization identification information. When the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are associated with each other in a second storage unit storing the organization identification information in association with information on one or more external services that have established a trust relationship for authentication.

14 Citations

View as Search Results

8 Claims

1. An information processing system, comprising:
- one or more information processing devices,wherein the one or more information processing devices includes;
  
  a storage unit configured to store a program; and
  
  a processor configured to execute the program,wherein the program which, when executed by the processor, functions as;
  
  a receiving unit configured to receive user identification information and organization identification information from an external device; and
  
  an authentication unit configured to perform authentication with respect to the user identification information and the organization identification information received from the external device by the receiving unit using a first storage unit that stores one or more sets of user identification information in association with the organization identification information;
  
  wherein when the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are stored in association with each other in a second storage unit that stores the organization identification information in association with information on one or more external services that have established a trust relationship for authentication;
  
  wherein when the authentication unit receives the federated authentication request from the external device that is not authenticated, the authentication unit attaches information on the federated authentication request to a response to the receiving unit for prompting the receiving unit to receive the user identification information and the organization identification information from the external device;
  
  wherein when the information on the federated authentication request is attached to the user identification information and the organization identification information received from the external device, the receiving unit sends authentication information indicating authentication has been completed by the authentication unit to the external device; and
  
  wherein when the authentication unit receives from the external device the federated authentication request that has the authentication information attached thereto, the authentication unit determines that the federated authentication request is from the external device that is authenticated.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The information processing system according to claim 1, wherein when the information on the federated authentication request is not attached to the user identification information and the organization identification information received from the external device, the receiving unit prompts the external device to display a screen including information on the external service that can be accessed.
  - 3. The information processing system according to claim 1, wherein when an error occurs in generating the federated authentication response, the authentication unit sends a request to the receiving unit to prompt the external device to display a screen including error information.
  - 4. The information processing system according to claim 2, wherein when the external service separately provides an access destination for the external device with which the trust relationship for authentication is established and an access destination for the external device with which the trust relationship for authentication is not established, the receiving unit switches access destination information of the external service in the screen including the information on the external service that can be accessed based on the second storage unit.
  - 5. The information processing system according to claim 2, further comprising:
    - a third storage unit from which information may be retrieved at a faster rate than the second storage unit, the third storage unit storing the information on the external service that can be accessed;
      
      wherein the receiving unit generates the screen including the information on the external service that can be accessed based on the information on the external service retrieved from the third storage unit.
  - 6. The information processing system according to claim 1, wherein when the authentication unit receives a login request to access the external service from an internal service that has received a process request from the external device that is authenticated, if the organization identification information received from the external device and the external service designated in the login request are stored in association with each other in the second storage unit, the authentication unit provides to the internal service authentication information of the external service acquired by sending the federated authentication response to the external service, and prompts the internal service to execute a process based on the process request using the external service.

7. An information processing device comprising:
- a storage unit configured to store a program; and
  
  a processor configured to execute the program,wherein the program which, when executed by the processor, functions as;
  
  a receiving unit configured to receive user identification information and organization identification information from an external device; and
  
  an authentication unit configured to perform authentication with respect to the user identification information and the organization identification information received from the external device by the receiving unit using a first storage unit that stores one or more sets of user identification information in association with the organization identification information;
  
  wherein when the authentication unit receives a federated authentication request to access an external service from the external device that is authenticated, the authentication unit sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are stored in association with each other in a second storage unit that stores the organization identification information in association with information on one or more external services that have established a trust relationship for authentication;
  
  wherein when the authentication unit receives the federated authentication request from the external device that is not authenticated, the authentication unit attaches information on the federated authentication request to a response to the receiving unit for prompting the receiving unit to receive the user identification information and the organization identification information from the external device;
  
  wherein when the information on the federated authentication request is attached to the user identification information and the organization identification information received from the external device, the receiving unit sends authentication information indicating authentication has been completed by the authentication unit to the external device; and
  
  wherein when the authentication unit receives from the external device the federated authentication request that has the authentication information attached thereto, the authentication unit determines that the federated authentication request is from the external device that is authenticated.

8. An authentication method executed by an information processing system including one or more information processing devices, the authentication method comprising:
- a receiving step in which a receiving unit receives user identification information and organization identification information from an external device;
  
  an authentication step in which a processor performs authentication with respect to the user identification information and the organization identification information received from the external device by the receiving unit using a first memory that stores one or more sets of user identification information in association with the organization identification information;
  
  a request receiving step in which the processor receives a federated authentication request to access an external service from the external device that is authenticated;
  
  a sending step in which the processor sends a federated authentication response to the external device if the organization identification information received from the external device and the external service designated in the federated authentication request are stored in association with each other in a second memory that stores the organization identification information in association with information on one or more external services that have established a trust relationship for authentication;
  
  an attaching step in which when the processor receives the federated authentication request from the external device that is not authenticated, the processor attaches information on the federated authentication request to a response to the receiving unit for prompting the receiving unit to receive the user identification information and the organization identification information from the external device;
  
  a sending step in which when the information on the federated authentication request is attached to the user identification information and the organization identification information received from the external device, the receiving unit sends authentication information indicating authentication has been completed by the processor to the external device; and
  
  a determining step in which when the processor receives from the external device the federated authentication request that has the authentication information attached thereto, the processor determines that the federated authentication request is from the external device that is authenticated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ricoh Company Limited
Original Assignee
Ricoh Company Limited
Inventors
Satoh, Jun, Matsushima, Hiroyuki, Nakajima, Masato, Takemoto, Ryo
Primary Examiner(s)
Jeudy, Josnel

Application Number

US14/165,713
Publication Number

US 20140223532A1
Time in Patent Office

679 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0815 providing single-sign-on or...

Information processing system, information processing device, and authentication method

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

8 Claims

Specification

Solutions

Use Cases

Quick Links

Information processing system, information processing device, and authentication method

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

8 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links