×

Authority delegation system, method, authentication server system, and storage medium therefor

  • US 9,967,253 B2
  • Filed: 05/27/2015
  • Issued: 05/08/2018
  • Est. Priority Date: 05/30/2014
  • Status: Active Grant
First Claim
Patent Images

1. An authentication server system capable of communicating with a server system providing a service accessible from a first client and a second client, the authentication server system comprising:

  • one or more processors; and

    at least one memory device storing a program which, when executed by the one or more processors, causes the authentication server system to function as;

    an authentication unit configured to determine whether a user is a legitimate user based on authentication information input by the user via an authentication screen displayed on the first client;

    an issuance unit configured to issue authority information indicating that authority of the user has been delegated to the first client in a case where the user, determined to be the legitimate user by the authentication unit, provides an instruction for authorizing, under the authority of the user on the service, the first client via an authorization confirmation screen displayed on the first client;

    an authorization unit configured to authorize the first client to access the service by the authority of the user based on the authority information transmitted when the first client requests an access to the service;

    a management unit configured to manage an identifier of the user determined to be the legitimate user by the authentication unit and an identifier of a client in association with each other;

    wherein the legitimate user is a user who has accessed the authentication server system using the second client and has been authenticated based on authentication information input by the user via an authentication screen displayed on the second client, and, after authentication, thelegitimate user issues an instruction to associate the legitimate user with the identifier of the second client via a client association confirmation screen,a first determination unit configured to determine whether the authority information has been issued for any of client identifiers associated with the identifier of the user determined to be the legitimate user by the authentication unit; and

    a second determination unit configured to determine whether the identifier of the user determined to be the legitimate user by the authentication unit is associated with the identifier of the second client used by the user wherein, in a case where the first determination unit determines that the authority information has been issued for the any of client identifiers and the management second determination unit determines that the identifier of the user determined to be the legitimate user by the authentication unit is associated with the identifier of the second client, the issuance unit issues authority information indicating that the authority of the user has been delegated to the second client without receiving an instruction for authorizing the second client on the service,wherein in a case where the management unit confirms that the second client operated by the user is not associated with the identifier of the user after the user has been determined to be the legitimate user by the authentication unit, the management unit provides an association confirmation screen for inquiring whether to associate the identifier of the user with the identifier of the second client in order to omit an operation for providing the instruction for authorizing the authority of the user on the service to be delegated to the second client, and manages the identifier of the user and the identifier of the second client in association with each other in response to an instruction for associating the identifier of the user with the identifier of thesecond client instructed via the association confirmation screen, andwherein the management unit manages the identifier of the user, the identifier of the first client, and a type of the first client in association with one another, and in a case where a type of the second client is same as the type of the first client when the identifier of the user is to be associated with the identifier of the second client, the management unit manages the identifier of the user and the identifier of the second client in association with each other without receiving the instruction for associating the identifier of the user with the identifier of the second client via the association confirmation screen.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×