GB2412211A - Device and user registration - Google Patents
Device and user registration Download PDFInfo
- Publication number
- GB2412211A GB2412211A GB0510694A GB0510694A GB2412211A GB 2412211 A GB2412211 A GB 2412211A GB 0510694 A GB0510694 A GB 0510694A GB 0510694 A GB0510694 A GB 0510694A GB 2412211 A GB2412211 A GB 2412211A
- Authority
- GB
- United Kingdom
- Prior art keywords
- user
- information
- authentication
- server
- obtaining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1008—Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0853—Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal
Abstract
In a device registration system, user authentication and device authentication of a CE device are executed in a single session, and the user and the CE device are associated with each other if these authentications succeed. A CE device obtains information for user authentication from an IC card and a portable memory, and sends the information and device authentication information to a device registration server. The device registration server sends the information for user authentication to a user authentication server, and the device authentication information to a device authentication server. The user authentication server executes user authentication, and sends user information of the user to the device registration server if the authentication succeeds. The device authentication server executes device authentication, and sends device information of the device to the device registration server if the authentication succeeds. The device registration server associates the user information and the device information with each other.
Description
DEVICE REGISTRATION
The present invention relates to device registration systems and the like.
Recently, consumer electronics (CE) devices are coming to be used more commonly. CE devices are, for example, audio-visual devices such as video recorders, stereo sets, and television sets, household electric appliance products such as rice cookers and refrigerators, or other electronic devices that include computers so that services can be used via a network.
Thus, a CE device holds device authentication information for device authentication. A service server that provides a service executes device authentication before providing the service to the CE device.
Furthermore, by registering a user of the CE device in 2 - advance and associating the user with the CE device owned by the user, a more sophisticated service can be provided suitably for the user.
Furthermore, by managing association between users and CE devices, unauthorized use of CE devices can be prevented.
This serves to enhance security of the system.
As described above, association between users and CE devices is an important task for providing a service involving the CE devices.
Conventionally, for the purpose of such association, for example, a user who has purchased a CE device enters a user ID to a card attached to the CE device (information identifying the CE device, such as a serial number of the CE device, is printed in advance on the card) and sends the card by mail to a registration center, or enters necessary information on a predetermined registration sheet at the shop where the user purchased the CE device.
Furthermore, according to a product-information providing system and product-information providing method proposed in Japanese Unexamined Patent Application Publication No. 2002-352059, a user who has purchased a CE device or the like is registered online via a network.
According to the proposed art, user information is stored on a storage medium such as an IC card, and a user who has newly purchased a product is registered using the information stored on the IC card.
However, the task of associating a user with a CE device, even if it is executed online, requires the user to enter information relating to the user and information relating to the CE device. This has been a burden for the user.
Furthermore, for example, when the CE device is a small audio device or the like, the capability of displaying text information or an input unit for allowing input by a user is not necessarily adequate for entering such information.
Furthermore, when user information is registered in advance and the information is read for registration, the user must enter user authentication information such as a password. If the input is made via a software keyboard or the like, the user authentication information could be guessed by a third party watching the input operation.
Various respective aspects and features of the invention are defined in the appended claims. Features from the dependent claims may be combined with features of the independent claims as appropriate and not merely as explicitly set out in the claims.
Embodiments of the present invention relate to a device registration system that associates a registered user with a registered device by authenticating the registered user and the registered device while maintaining a logical connection.
Embodiment of the present invention can provide a device registration system and the like that readily allows device registration and updating of device registration by a user.
The present invention, in a first aspect thereof, provides a device registration system for associating a registered user with a terminal device in a device - 4 - registration server, the registered user being registered using user identification information stored in an IC card, and the terminal device being registered by device authentication using stored device authentication information, wherein the terminal device obtains user confirmation information for confirming that a user is a registered user using the user identification information of the IC card, wherein the terminal device sends the user confirmation information obtained and the device authentication information to the device registration server while maintaining a logical connection with the device registration server, wherein the device registration server confirms that the user is a registered user using the user confirmation information received from the terminal device, wherein the device registration server obtains a result of device authentication of the terminal device from a device authentication server using the deice authentication information received from the terminal device, and wherein the device registration server stores information that is unique to the user and information that is unique to the terminal device such that these pieces of information are associated with each other when the user is confirmed as a registered user and the result of device authentication indicates success of device authentication.
The present invention, in a second aspect thereof, - 5 - provides a device registration server including an information receiving unit for receiving user confirmation information and device authentication information from a terminal device while maintaining a logical connection with the terminal device, the user confirmation information being used for confirming that a user is a registered user, and the device authentication information being stored at the terminal device and being used for device authentication of the terminal device; a user confirmation unit for confirming that the user is a registered user at a user authentication server using the user confirmation information received; a device-authentication-result obtaining unit for obtaining a result of device authentication of the terminal device from the device authentication server using the device authentication information received; and an associated storage unit for storing information of the user and information of the terminal device such that the user and the terminal device are associated with each other when the user has been confirmed based on the user confirmation information and registration of the terminal device has been confirmed based on the result of device authentication.
The device registration server according to the second aspect may be such that the user confirmation information includes the user identification information and password information, the device registration server includes user - 6 authentication requesting unit for requesting user authentication to the user authentication server using the user identification information and the password information, and obtaining a result of user authentication from the user authentication server, and the user confirmation unit confirms that the user is a registered user using the result of user authentication obtained.
The device registration server according to the second aspect may also be such that the user confirmation information is a result of user authentication of the user, and the user confirmation unit confirms that the user is a registered user by asking the user authentication server whether the result of user authentication is correct.
The device registration server according to the second aspect may further include a service providing unit for providing a service to the terminal device whose information has been stored by the associated storage unit; and a settlement-information obtaining unit for obtaining settlement information that is set in advance for the user; wherein the associated storage unit stores information that is unique to the user, information that is unique to the device, and the settlement information obtained such that these pieces of information are associated with each other, and wherein a service charge of the service provided is settled using the settlement information stored. - 7
The present invention, in a third aspect thereof, provides a device registration method for a device registration server that is implemented by a computer including information receiving unit, user confirmation unit, device-authentication-result obtaining unit, and associated storage unit, the device registration method including an information receiving step of receiving user confirmation information and device authentication information from a terminal device while maintaining a logical connection with the terminal device, the user confirmation information being used for confirming that a user is a registered user, and the device authentication information being stored at the terminal device and being used for device authentication of the terminal device; a user confirmation step of causing the user confirmation unit to confirm that the user is a registered user at a user authentication server using the user confirmation information received; a device- authentication-result obtaining step of causing the device- authentication-result obtaining unit to obtain a result of device authentication of the terminal device from the device authentication server using the device authentication information received; and an associated storage step of causing the associated storage unit to store information of the user and information of the terminal device such that the user and the terminal device are associated with each 8 - other when the user has been confirmed based on the user confirmation information and registration of the terminal device has been confirmed based on the result of device authentication obtained.
The device registration method according to the third aspect may be such that the device registration server includes user-authentication requesting unit, the user confirmation information includes the user identification information and password information, the device registration method includes a user-authentication requesting step of causing the user-authentication requesting unit to request user authentication to the user authentication server using the user identification information and the password information and to obtain a result of user authentication from the user authentication server, and the user confirmation step confirms that the user is a registered user using the result of user authentication obtained.
The device registration method according to the third aspect may also be such that the user confirmation information is a result of user authentication of the user, and the user confirmation step confirms that the user is a registered user by asking the user authentication server whether the result of user authentication is correct.
The device registration method according to the third - 9 - aspect may also be such that the device registration server includes a service providing unit and a settlement- information obtaining unit, the device registration method includes a service providing step of causing the service providing unit to provide a service to the terminal device whose information has been stored in the associated storage step and a settlement-information obtaining step of causing the settlement-information obtaining unit to obtain settlement information that is set in advance for the user, the associated storage step stores information that is unique to the user, information that is unique to the terminal device, and the settlement information obtained such that these pieces of information area associated with each other, and a service charge of the service provided is settled using the settlement information stored.
The present invention, in a fourth aspect thereof, provides a device registration program for allowing a computer to execute an information receiving function for receiving user confirmation information and device authentication information from a terminal device while maintaining a logical connection with the terminal device, the user confirmation information being used for confirming that a user is a registered user, and the device authentication information being stored at the terminal device and being used for device authentication of the - 10 terminal device; a user confirmation function for confirming that the user is a registered user at a user authentication server using the user confirmation information received; a device-authentication-result obtaining function for obtaining a result of device authentication of the terminal device from the device authentication server using the device authentication information received; and an associated storage function for storing information of the user and information of the terminal device such that the user and the terminal device are associated with each other when the user has been confirmed based on the user confirmation information and registration of the terminal device has been confirmed based on the result of device authentication.
The device registration program according to the fourth aspect may be such that the user confirmation information includes the user identification information and password information, the device registration program has a user- authentication requesting function for requesting user authentication to the user authentication server using the user identification information and the password information, and obtaining a result of user authentication from the user authentication server, and the user confirmation function confirms that the user is a registered user using the result of user authentication obtained. - 11
The device registration program according to the fourth aspect may also be such that the user confirmation information is a result of user authentication of the user, and wherein the user confirmation function confirms that the user is a registered user by asking the user authentication server whether the result of user authentication is correct.
The device registration program according to the fourth aspect may allow execution of a service providing function for providing a service to the terminal device whose information has been stored by the associated storage function) and a settlement-information obtaining function for obtaining settlement information that is set in advance for the user; wherein the associated storage function stores information that is unique to the user, information that is unique to the device, and the settlement information obtained such that these pieces of information are associated with each other, and wherein a service charge of the service provided is settled using the settlement information stored.
The present invention, in a fifth aspect thereof, provides a computerreadable storage medium storing a device registration program for allowing a computer to execute an information receiving function for receiving user confirmation information and device authentication information from a terminal device while maintaining a 12 logical connection with the terminal device, the user confirmation information being used for confirming that a user is a registered user, and the device authentication information being stored at the terminal device and being used for device authentication of the terminal device) a user confirmation function for confirming that the user is a registered user at a user authentication server using the user confirmation information received; a deviceauthentication-result obtaining function for obtaining a result of device authentication of the terminal device from the device authentication server using the device authentication information received; and an associated storage function for storing information of the user and information of the terminal device such that the user and the terminal device are associated with each other when the user has been confirmed based on the user confirmation information and registration of the terminal device has been confirmed based on the result of device authentication.
The present invention, in a sixth aspect thereof, provides a terminal device storing device authentication information, the terminal device including a user- identification-information obtaining unit for obtaining user identification information for identifying a user from an IC card; a user- confirmation-information obtaining unit for obtaining user confirmation information for confirming that - 13 the user is a registered user using the user identification information obtained; and an information sending unit for sending the user confirmation information obtained and the device authentication stored to a device registration server for storing information that is unique to the terminal device and information that is unique to the user such that these pieces of information are associated with each other, while maintaining a logical connection with the device registration server.
The terminal device according to the sixth aspect may further include a password-information obtaining unit, wherein the user confirmation information is composed using the user identification information obtained and the password information obtained.
The terminal device according to the sixth aspect may further include a password-information obtaining unit; and a user-authentication-result obtaining unit for requesting user authentication to a user authentication server using the user identification information obtained and the password information obtained, and obtaining a result of user authentication from the user authentication server; wherein the user confirmation information obtained includes the result of user authentication obtained.
The present invention, in a seventh aspect thereof, provides a device registration method that is executed by a - 14 terminal device implemented by a computer including user- identification-information obtaining unit, user- confirmation-information obtaining unit, and information sending unit, the device registration method including a user-identificationinformation obtaining step of obtaining user identification information for identifying a user from an IC card; a user-confirmation-information obtaining step of obtaining user confirmation information for confirming that the user is a registered user using the user identification information obtained; and an information sending step of sending the user confirmation information obtained and the device authentication stored to a device registration server for storing information that is unique to the terminal device and information that is unique to the user such that these pieces of information are associated with each other, while maintaining a logical connection with the device registration server.
The device registration method according to the seventh aspect may be such that the terminal device further includes password-information obtaining unit, and the user confirmation information obtained in the user-confirmation- information obtaining step is composed using the useridentification information obtained and the password information obtained.
The device registration method according to the seventh - 15 aspect may also be such that the terminal device further includes password-information obtaining unit and user- authentication-result obtaining unit are provided, the device registration method includes a user-authentication- result obtaining step of requesting user authentication to a user authentication server using the user identification information obtained and the password information obtained, and causing the user- authentication-result obtaining unit to obtain a result of user authentication from the user authentication server, and the user confirmation information includes the result of user authentication obtained.
The present invention, in an eighth aspect thereof, provides a device registration program for allowing a terminal device implemented by a computer and storing device authentication information to execute a user-identification- information obtaining function for obtaining user identification information for identifying a user from an IC card; a user-confirmation- information obtaining function for obtaining user confirmation information for confirming that the user is a registered user using the user identification information obtained; and an information sending function for sending the user confirmation information obtained and the device authentication stored to a device registration server for storing information that is unique to the terminal device and information that is unique to the user such that these pieces of information are associated with each other, while maintaining a logical connection with the device registration server.
The device registration program according to the eighth aspect may allow execution of a password-information obtaining function, and the user confirmation information is composed using the user identification information obtained and the password information obtained.
The device registration program according to the eighth aspect may allow execution of a password-information obtaining function; and a userauthentication-result obtaining function for requesting user authentication to a user authentication server using the user identification information obtained and the password information obtained, and obtaining a result of user authentication from the user authentication server; wherein the user confirmation information includes the result of user authentication obtained.
The present invention, in a ninth aspect thereof, provides a computerreadable storage medium storing a device registration program for allowing a terminal device implemented by a computer and storing device authentication information to execute a user-identification-information obtaining function for obtaining user identification information for identifying a user from an IC card; a user - 17 confirmation-information obtaining function for obtaining user confirmation information for confirming that the user is a registered user using the user identification information obtained; and an information sending function for sending the user confirmation information obtained and the device authentication stored to a device registration server for storing information that is unique to the terminal device and information that is unique to the user such that these pieces of information are associated with each other, while maintaining a logical connection with the device registration server.
According to embodiments of the present invention, a user is really allowed to register a device to a service or the like.
The invention will now be described by way of example with reference to the accompanying drawings, throughout which like parts are referred to by like references, and in which: Fig. 1 is a diagram showing an example configuration of a device registration system according to an embodiment; Figs. 2A to 2C are diagrams showing examples of various tables used in the device registration system; Fig. 3 is a flowchart for explaining a procedure of device registration; Figs. 4A to 4D are diagrams showing examples of screens that are displayed during device registration; Fig. 5 is a diagram showing an example of hardware configuration of a CE device; Fig. 6 is a diagram showing a modification of a device- user association table; Fig. 7 is a flowchart for explaining a first modification; Fig. 8 is a diagram showing an example configuration of a device registration system according to a second modification; Figs. 9A to 9C are diagrams showing examples of various tables used in the second modification; Fig. 10 is a diagram showing the configuration of a device registration system according to a third modification; and Figs. llA and llB are diagrams showing examples of various tables used in the third modification.
Now, a preferred embodiment of the present invention will be described in detail with reference to the drawings.
(1) Overview of the Embodiment User authentication and device authentication of a CE device are executed in a single session, and the user and the CE device are associated with each other if these authentications succeed.
It is assumed herein that the user and the CE device - 19 have been registered in advance to allow authentications.
Referring to Fig. 1, a CE device 9 obtains information needed for user authentication from an IC card 7 and a
portable memory 6.
The CE device 9 holds device authentication information.
The CE device 9 sends the device authentication information and the information for user authentication obtained from the IC card 7 and the memory 6 to a device registration server 5.
The device registration server 5 sends the information for user authentication to a user authentication server 2, and sends the device authentication information to a device authentication server 3.
The user authentication server 2 executes user authentication, and sends user information relating to the user to the device registration server 5 if the user authentication succeeds.
The device authentication server 3 executes device authentication, and sends device information relating to the device to the device registration server 5 if the device authentication succeeds.
Then, the device registration server 5 receives the user information and the device information, and associates the user information and the device information with each other.
The device registration server 5 executes the above operations in a single session. Thus, it is ensured that the information for user authentication and the device authentication information have both been transmitted from the CE device 9. Therefore, the user and the CE device 9 are associated correctly with each other.
Although all the processing is executed in a single session in this embodiment, the user and the CE device 9 can be associated correctly with each other as long as at least the processing for receiving the information for user authentication and the processing for receiving the device authentication information are executed in a single session.
(2) Details of the Embodiment Fig. 1 is a diagram showing an example configuration of a device registration system 1 according to this embodiment.
In the device registration system 1, the user authentication server 2, the device authentication server 3, the device registration server 5, and the CE device 9 are arranged so that these components are allowed to communicate The CE device 9 is a terminal device that is capable of carrying out communications via a network. The CE device 9 holds a unique device ID for distinguishing itself from other CE devices, and device authentication information for executing device authentication. The device ID and the device authentication are embedded in advance in the CE device 9 at a manufacturing factory or the like.
The device authentication information is generated, for example, by combining the device ID and a passphrase (a long password or a key shared with a server) or secret key information that is unique to the device.
The CE device 9 is, for example, a stereo set, a television set, a video recorder, an air conditioner, a bath boiler, a lighting device, a lavatory bowl, or various other electric products.
By implementing these devices as CE devices, for example, in the case of a stereo set, a television set, or a video recorder, remote operations such as downloading content and reservation of recording are allowed. In the case of an air conditioner, a bath boiler, or a lighting device, remote operations such as turning the device on or off are allowed. In the case of a lavatory bowl, waste of a user can be sensed by a sensor and data can be sent to a healthcare server to check the medical status of the user.
The CE device 9 includes a reader/writer that is capable of carrying out short-range wireless communications with a contactless IC card to read or write data, and it is thus capable of carrying out wireless communications with an IC card 7 that is a contactless IC card.
Alternatively, a reader/writer may be provided externally to the CE device 9.
The CE device 9 also has a slot that allows the portable memory 6 to be mounted or removed, and it is capable of writing data to or reading data from the portable memory 6 mounted thereon. Furthermore, the CE device 9 includes a display for displaying text
information or images.
The IC card 7 includes a communication unit for carrying out wireless communications with a reader/writer, a storage unit for storing data and programs, and a calculating unit for executing calculations according to the programs. The IC card 7 is driven by a power received by wireless from a reader/writer.
The IC card 7 stores a card ID that is unique identification information, and it sends the card ID to the CE device 9 in response to a request from the CE device 9.
The card ID is associated with a user ID and a password at the user authentication server 2, which will be described later. Thus, the card ID serves as user identification information for identifying a user.
In this embodiment, a contactless IC card is used as the IC card 7. However, without limitation to a contactless IC card, any device that is capable of storing unique information associated with a user ID and providing the information to the CE device 9, such as a contact IC card or a magnetic card, may be used. Also, a cellular phone including a contactless communication device having equivalent functions of a contactless IC card may be used.
Alternatively, information that is specific to a user, such as a fingerprint or voiceprint of the user, may be associated with a user ID so that the CE device 9 can obtain the information.
The portable memory 6 is a semiconductor memory that is implemented in a small size for portable use, and it is capable of storing various data so as to allow reading and writing.
The portable memory 6 can be mounted on other computer products such as a personal computer as well as the CE device 9. The portable memory 6 is a non-volatile memory that holds data even when it is detached from these products.
The portable memory 6 stores in advance a memory ID that is unique ID information, such that the memory ID cannot be erased or changed, so that the portable memory 6 can be identified by the memory ID.
Furthermore, in this embodiment, the portable memory 6 stores password information for identifying a password of a user, such that the password information can be read from the CE device 9.
The card ID and the password information are - 24 information for user authentication that is obtained by the CE device 9 and that is used as user confirmation information for identifying user authentication information at the user authentication server 2.
In this embodiment, the CE device 9 obtains password information from the portable memory 6. Alternatively, a user may directly enter a password to the CE device 9.
Furthermore, the portable memory 6 need not be used if all the information for user authentication is held in the IC card 7 or if the possession of IC card 7 itself is used as a proof of identity.
The CE device 9 stores in advance connecting information for connecting to the device registration server 5, such as a uniform resource locator (URL) or stores connecting information provided by another server. When the device is registered, the CE device 9 connects to the device registration server 5, and sends information for user authentication read from the IC card 7 and the portable memory 6 and a device ID and device authentication information embedded in the CE device 9 to the device registration server 5.
The user authentication server 2 is a server apparatus for authenticating users who have been registered in advance.
The user authentication server 2 receives information for user authentication from the CE device 9, executes user authentication using the information for user authentication, and sends a result of user authentication to the CE device 9.
Furthermore, if the user authentication succeeds, the user authentication server 2 also sends user information to the device registration server 5 together with the result of user authentication.
Fig. 2A is a diagram showing an example of a user authentication table stored in the user authentication server 2.
As shown in Fig. 2A, in the user authentication table, a card ID of the IC card 7 owned by the user, a user ID and password information set by the user, and user information entered by the user at the time of user registration are stored such that these pieces of information are associated with each other.
Of these pieces of information, the user information includes basic personal information such as a name, an address, a phone number, and an email address, and also includes other information such as a date of birth, a business address, and hobbies.
The user authentication server 2 executes user authentication using the information recorded in the user authentication table.
In this embodiment, it is assumed that the user is registered in advance in the user authentication server 2. - 26
Using the user authentication table described above, the user authentication server 2 executes user authentication in the following manner.
First, based on a card ID received from the CE device 9, the user authentication server 2 identifies password information that is uniquely associated with the user ID and the card ID.
Then, the user authentication server 2 receives password information from the CE device 9 and identifies password information, and checks matching with the password information that has been identified earlier. If these pieces of password information match, the user authentication succeeds. On the other hand, if the pieces of password information do not match, the user authentication fails.
The password information that is received from the portable memory 6 is, for example, a memory ID. The memory ID may be associated with a password in advance in the user authentication server 2, or an encrypted password may be decrypted in the user authentication server 2.
If the user directly enters a password to the CE device 9 instead of using the portable memory 6, the user authentication server 2 compares the password entered by the user with a password identified based on the card ID.
Referring back to Fig. 1, the device authentication 27 server 3 is a server apparatus for executing device authentication of the CE device 9.
The device authentication server 3 receives device authentication information from the CE device 9, executes device authentication, and sends a result of device authentication to the device authentication server 3. If the device authentication succeeds, the device authentication server 3 sends device information of the CE device 9 to the CE device 9 together with the result of device authentication.
The CE device 9 may be registered in advance prior to sales on the market to allow device authentication with the CE device 9. Alternatively, the status of the CE device 9 may be changed by a user's operation prior to registration of a service to allow device authentication by itself.
Fig. 2B is a diagram showing an example of a device authentication table stored in the device authentication server 3.
In the device authentication table, a device ID that is ID information for identifying a device, device authentication information for executing device authentication, device information relating to the device, and a registration number or the like are associated with each other.
The device information includes information relating to - 28 the CE device 9, for example, a product code, a serial number, a date of manufacture, and manufacturer information.
The registration number is a number that is assigned when these pieces of information are uploaded to the device authentication server 3.
The device authentication server 3 described above receives a device ID and device authentication information from the CE device 9, and executes device authentication of the CE device 9 by comparing the device ID and the device authentication information with information in the device authentication table, by receiving a digest value generated from the device authentication information instead of the device authentication itself and comparing the digest value, or by receiving a digital signature encrypted with a secret key of a public-key cryptosystem and decrypting the digital signature with an associated public key for verification.
More specifically, the device authentication server 3 searches the device authentication table for the device ID and the device authentication information received from the CE device 9. The device authentication succeeds if the device ID and the device authentication information found by the search are associated with each other, if a digest value generated from device authentication information associated with the device ID found by the search matches, or if verification of signature information using device - 29 authentication information associated with the device ID, i.e., using key information, succeeds.
On the other hand, if at least one of the device ID and the device authentication information is absent in the device authentication table, or if the device ID and the device authentication are present but are not associated with each other, the device authentication fails.
Referring back to Fig. 1, the device registration server 5 is a server apparatus for associating a user with the CE device 9.
The device registration server 5 receives information for user authentication, including a card ID and password information that serve as user confirmation information, and information for device authentication, including a device ID and device authentication information, from the CE device 9 by receiving means.
Then, the device registration server 5 sends the information for user authentication to the user authentication server 2 to request user authentication, and receives a result of user authentication and user information of the user from the user authentication server 2 in order to confirm the user.
Furthermore, the device registration server 5 sends the information for device authentication to the device authentication server 3 to request device authentication, - 30 and receives a result of device authentication and device information of the CE device 9 from the device authentication server 3.
Then, the device registration server 5 stores the user information and the device information such that these pieces of information are associated with each other.
Fig. 2C is a diagram showing an example of a device- user association table generated by the device registration server 5.
The device-user association table includes user information and device information, and the device information is associated with the user information.
If a user owns a plurality of CE devices, a plurality of sets of device information is associated with the user information.
Furthermore, each time a user newly purchases a CE device and registers the CE device or each time a registration is cancelled, the device registration server 5 updates the device-user association table.
The device registration server 5 executes all the processing from receipt of a device registration request from the CE device 9 to completion of association between the user and the CE device 9 in a single session.
A session herein refers to a continuous logical connection in communication via a network. - 31
Even if a communication circuit temporarily becomes disconnected due to a trouble or the like, when the circuit has been recovered, for example, a session can be recovered using a one-time password, or information to be transmitted is temporarily stored in the device so that a series of exchange of data over the network can be completed asynchronously with user's operations when the circuit has been recovered.
More specifically, when establishing a session, the device registration server 5 issues a one-time password to the CE device 9. When a communication circuit once becomes disconnected and is then recovered, the CE device 9 sends the one-time password to the device registration server 5.
Accordingly, the device registration server 5 is allowed to recognize the CE device 9, so that the session can be resumed from the point where the session has become disconnected.
As described above, the device registration server 5 receives information for user authentication and information for device authentication from the CE device 9 in a single session. Thus, the device registration server 5 is allowed to confirm that the information for user authentication is read and transmitted from the CE device 9.
Therefore, a user that has passed user authentication based on information for user authentication transmitted in - 32 a session and the CE device 9 that has passed device authentication based on information for device authentication transmitted in the same session is associated with each other. Accordingly, the user and the CE device 9 are associated correctly with each other, so that spoofing or the like by a third party is prevented.
Thus, the user and the CE device 9 can be associated with each other by executing at least processing for receiving information for user authentication and information for device authentication from the CE device 9 in a single session.
In this embodiment, if a session becomes disconnected in the middle for some reason, the session is resumed from the beginning.
Fig. 3 is a flowchart for explaining a procedure of device registration.
First, in step 2, the user connects the CE device 9 to a network, sets the IC card 7 in the reader/writer of the CE device 9, and requests device registration to the device registration server 5.
Then, in step 10, the device registration server 5 requests user authentication to the CE device 9.
In step 4, the CE device 9 obtains a card ID from the IC card 7, obtains password information from the portable memory 6, and sends the card ID and the password information 33 to the device registration server 5.
Instead of using the portable memory 6, the user may enter a password directly to the CE device 9.
In step 12, the device registration server 5 receives the card ID and the password information from the CE device 9, and sends the card ID and the password information to the user authentication server 2.
In step 30, the user authentication server 2 receives the card ID and the password information from the CE device 9, and executes user authentication. It is assumed herein that the user authentication succeeds.
Then, in step 32, the user authentication server 2 sends an authentication result indicating success of user authentication and user information of the user to the device registration server 5.
In step 14, the device registration server 5 temporarily stores the user information transmitted from the user authentication server 2, and issues a device authentication request to the CE device 9.
Then, in step 6, the CE device 9 reads a device ID and device authentication information stored in advance in the CE device 9, and sends the device ID and the device authentication information to the device registration server 5.
In order to enhance security, the CE device 9 stores - 34 the device authentication information in an encrypted form, and the CE device 9 decrypts the device authentication information when sending it.
In step 16, the device registration server 5 receives the device ID and the device authentication information from the CE device 9, and sends the device ID and the device authentication information to the device authentication server 3.
In step 40, the device authentication server 3 receives the device ID and the device authentication information from the device registration server 5, and executes device authentication of the CE device 9.
It is assumed herein that the device authentication succeeds.
In step 42, the device authentication server 3 sends a notification of success of device authentication and device information of the CE device 9 to the device registration server 5.
In step 18, the device registration server 5 stores the device information received from the device authentication server 3 and the user information that has been temporarily stored earlier such that these pieces of information are associated with each other, thereby updating the device-user
association table.
Then, in step 20, the device registration server 5 sends a notification of completion of registration to the CE device 9.
In step 8, the CE device 9 receives the notification of completion of registration from the device registration server 5, and presents the notification to the user.
The device registration process is completed by the procedure described above.
If the user authentication or the device authentication fails, the device registration server 5 sends a notification to that effect to the CE device 9.
Furthermore, before updating the device-user association table, the device registration server 5 may cause the CE device 9 to present information relating to user information and device information to be associated with each other so that the user is allowed to confirm the information.
In this embodiment, the device registration server 5 requests the CE device 9 to send information for device authentication upon completion of user authentication.
However, without limitation to the embodiment, for example, information for user authentication and information for device authentication may be received from the CE device 9 before executing user authentication and device authentication. Alternatively, device information may be executed before requesting user authentication. - 36
Figs. 4A to 4D shows examples of a series of screens that are displayed on the display of the CE device 9 during device registration.
After purchasing the CE device 9, the user selects a device registration mode from a setup menu displayed on the CE device 9.
Then, a screen shown in Fig. 4A is displayed to prompt the user to set the IC card 7 and the portable memory 6.
When the user has set the IC card 7 in the reader/writer of the CE device 9 and set the portable memory 6 in the slot for portable memory, user authentication and device authentication start, and a screen indicating that authentication is in progress is displayed as shown in Fig. 4B.
When the user authentication and the device authentication have been completed, the device registration server 5 may send confirmation information for confirming content of registration to the CE device 9.
In that case, a user and the CE device 9 to be associated with each other are displayed on the CE device 9 as shown in Fig. 4C. The user selects "Yes" to accept it while otherwise selecting "No".
When the device registration has been completed, a notification of completion of registration is displayed on the CE device 9 as shown in Fig. 4D. - 37
Fig. 5 is a diagram showing an example of hardware configuration of the CE device 9.
A central processing unit (CPU) 121 executes various processing according to programs stored in a read-only memory (ROM) 122 or programs loaded from a storage unit 128 into a random access memory (RAM) 123.
The ROM 122 stores basic programs, parameters, and the like that are needed for the operation of the CE device 9.
The RAM 123 provides a working area needed by the CPU 121 to execute various processing.
The storage unit 128 stores programs and data needed for the operation of the CE device 9. The storage unit 128 is implemented by a storage device such as a hard disk or a semiconductor memory.
The device ID and device authentication information used for device authentication are stored in the storage unit 128.
Furthermore, a program for connecting to the device registration server 5 at the time of device registration and executing a device registration process is stored.
Other programs stored in the storage unit 128 include an operating system (OS) for achieving basic functions such as file input/output and control of components of the CE device 9.
The CPU 121, the ROM 122, and the RAM 123 are connected - 38 to each other via a bus 124. The bus 124 is also connected to an input/output interface 125.
The input/output interface 125 is connected to an input unit 126 including a keyboard and a mouse, an output unit 127 including a display implemented by a cathode-ray tube CRT) display or a liquid crystal display (LCD) and including a speaker, the storage unit 128 implemented by a hard disk or the like, and a communication unit 129 implemented by a modem, a terminal adaptor, or the like.
The input/output interface 125 is also connected to the reader/writer of the IC card 7, and to the slot for mounting the portable memory 6.
The communication unit 129 is a functional unit for carrying out communications via a network. For example, the communication unit 129 connects to the device registration server 5 and intermediates communications between the CE device 9 and the device registration server 5.
Furthermore, the input/output interface 125 is connected to a drive 130 as needed, on which a magnetic disk 141, an optical disk 142, a magneto-optical disk 143, a memory card 144, or the like is mounted as needed, and a computer program read therefrom is installed on the storage unit 128 as needed.
The configurations of the user authentication server 2 and the device authentication server 3 are basically the same as the configuration of the CE device 9, so that
descriptions thereof will be omitted.
The device registration server 5 in this embodiment associates user information with device information in the device-user association table. However, without limitation to the embodiment, information identifying a user and information identifying the CE device 9 may be associated with each other by other methods.
Fig. 6 is a diagram showing an example of the device- user association table in which user IDs and device IDs are associated with each other.
By associating device IDs with user IDs, a user can be associated with the CE device 9.
In this embodiment, as an example, the user authentication server 2, the device authentication server 3, and the device registration server 5 are used in the device registration system 1. Alternatively, each of the server apparatuses may be implemented by a system composed of a plurality of servers, or the functions of the three server apparatuses may be implemented by a single server.
As described above, in this embodiment, customer information or settlement information is identified by personal authentication using an IC card, and device authentication is also executed in the same session.
Accordingly, registration of an owner of the CE device 9 or - 40 a device used for a specific service is allowed by a very intuitive operation without newly entering characters or the like.
The input device of the CE device 9 may be a jog dial, a slide switch, or the like, and it suffices for an output device to have a capability of displaying one line.
Furthermore, a device may be registered not from a main unit of the device but by entering an encoded text string identifying an individual product using numeric keys of a remote controller or the like.
In this embodiment, user authentication is executed using an IC card and a memory card storing password information. However, device registration may be implemented using user authentication and device authentication using an IC card without a memory card storing password information, and a personal identification number (PIN) that is entered for personal identification to a device to be registered.
Furthermore, when a cellular phone including a contactless communication device is used as described earlier instead of a contactless IC card, user authentication may be executed based on a PIN entered from the cellular phone.
Furthermore, by registering user information and a terminal ID of a cellular phone registered by a user at a 41 user authentication server, combination with user authentication that identifies the user based on the terminal transmitted from the cellular phone is allowed. In that case, if the cellular phone supports a function of infrared communications, the terminal ID can be transmitted from a device to be registered together with device authentication information at the time of device authentication. When the user is identified based on the terminal ID of the cellular phone, a PIN entered from the cellular phone is used for user authentication in combination, allowing device registration through device authentication.
In this embodiment, password information is input from the portable memory 6 of the CE device 9. Alternatively, for example, user authentication may be executed using only the IC card 7 or the IC card 7 and an identification number consisting of about four numeric digits.
When user authentication is executed using only the IC card 7, the IC card 7 is set to the reader/writer of the CE device 9, and the CE device 9 is connected to the device registration server 5, whereby device registration of the CE device 9 is allowed.
According to the embodiment described above, the following advantages are achieved.
(1) Since the device registration server 5 receives - 42 information for device registration and information for user registration from the CE device 9 while maintaining a session, the device registration server 5 is allowed to associate a user and the CE device 9 accurately with each other.
(2) A user is allowed to register association between the user and the CE device 9 simply by setting the IC card 7 and the portable memory 6.
(3) When the portable memory 6 is not used, association between the user and the CE device 9 can be registered simply by setting the IC card 7 to the CE device 9 and entering a password to the CE device 9.
(4) The user need not enter information, or needs to input only a password. Thus, the user is readily allowed to register the CE device 9 even when the display capability of the display of the CE device 9 is low.
(5) The user need not enter information, or needs to enter only a password. Thus, the user is readily allowed to register the CE device 9 even when the text input capability of the CE device 9 is low.
(6) Since the user and the CE device 9 are associated with each other automatically via a network, manual operations are not needed, so that registration can be executed quickly and at low cost. - 43
First Modification In a first modification, a user is associated with the CE device 9 without passing information for user authentication to the device registration server 5.
This is because since the device registration server 5 can be a server apparatus that provides a commercial service managed by a third party, it is preferred not to pass information for user authentication to the device registration server 5 in order to improve security.
As described above, the device registration server 5 may be implemented as a service providing server that simply associates a user with the CE device 9 and that provides a service to the CE device 9.
The network configuration of this modification is the same as that of the device registration system 1, so that description will be given using the same numerals for the corresponding components.
Fig. 7 is a flowchart for explaining the first modification.
First, in step 52, the CE device 9 issues a device registration request to the device registration server 5.
Then, in step 70, the device registration server 5 issues a user authentication request to the CE device 9.
Then, in step 54, the CE device 9 obtains a card ID from the IC card 7, obtains password information from the - 44 portable memory 6, and sends these pieces of information for user authentication to the user authentication server 2.
In step 90, the user authentication server 2 receives the information for user authentication from the CE device 9, executes user authentication,and sends a result of user authentication to the CE device 9. It is assumed herein that the user authentication succeeds.
In step 56, the CE device 9 receives the result of user authentication from the user authentication server 2, and sends (i.e., redirects) the result of user authentication to the device registration server 5.
In step 72, the device registration server 5 receives the result of user authentication from the CE device 9, and requests the user authentication server 2 to confirm that the result of user authentication is a result of user authentication executed by the user authentication server 2.
The confirmation can be executed using, for example, a one-time token. A one-time token is a random value with a sufficient length that can be used only once after issuance thereof. More specifically, the user authentication server 2 sends a one-time token to the CE device 9 together with the result of user authentication. At this time, the user authentication server 2 stores the combination of the result of user authentication and the one- time token.
Then, the CE device 9 sends the one-time token to the - 45 device registration server 5 together with the result of user authentication. The device registration server 5 requests the user authentication server 2 to confirm the result of user authentication using the one-time token.
The user authentication server 2 is allowed to confirm that the result of user authentication received by the device registration server 5 is a result of user authentication executed by the user authentication server 2 by comparing the one-time token received from the device registration server 5 with the combination of the result of user authentication and the one-time token stored earlier.
After confirming the result of user authentication as described above, in step 92, the user authentication server 2 sends a result of confirmation and user information to the device registration server 5.
Upon receiving these pieces of information from the user authentication server 2, the device registration server confirms that the result of user authentication received from the CE device 9 is correct, and stores the user information.
Then, in step 74, the device registration server 5 sends a device authentication request to the CE device 9.
Then, in step 58, the CE device 9 sends a device ID and device authentication information to the device registration server 5. - 46
In step 76, the device registration server 5 receives the device ID and the device authentication information from the CE device 9, and sends the device ID and the device authentication information to the device authentication server 3.
In step 100, the device authentication server 3 receives the device ID and the device authentication information from the device registration server 5, executes device authentication, and sends a result of device authentication to the device registration server 5. It is assumed herein that the device authentication succeeds.
In step 78, the device registration server 5 redirects and sends the result of device authentication received from the device authentication server 3 to the user authentication server 2. At this time, the device registration server 5 also sends information for identifying the CE device 9, such as the device ID, to the user authentication server 2.
The user authentication server 2 stores information relating to the user such as a user ID, the device ID, and device information such that these pieces of information are associated with each other. In step 94, the user authentication server 2 sends device information of the CE device 9 that has passed device authentication to the device registration server 5. 47
In step 80, the device registration server 5 receives the device information, and stores the device information such that the device information is associated with the user information stored earlier.
Then, in step 82, the device registration server 5 sends a notification of completion of registration to the CE device 9.
In step 60, the CE device 9 receives the notification of completion of registration from the device registration server 5, and presents the notification to the user.
The device registration process is completed by the procedure described above.
In this modification, the user authentication server 2 stores device information and provides the device information to the device registration server 5. However, similarly to the embodiment, the device authentication server 3 may store device information and provide the device information to the device registration server 5.
According to the first modification described above, a user and the CE device 9 can be associated with each other at the device registration server 5 without passing information for user authentication to the device registration server 5.
Second Modification - 48 In a second modification, prepayment information of a user is further associated with the user and the CE device 9.
Prepayment is a method of settlement, and it is a system in which a user deposits money in advance at a prepayment account and a charge for use of a service is settled by subtracting it from the money deposited.
The prepayment system is used when using a charged service, for example, by presenting information identifying a user's prepayment account, such as a prepayment ID.
More specifically, when using a service, a user enters a prepayment ID to the CE device 9, or causes the reader/writer of the CE device 9 to read a contactless IC card storing a prepayment ID.
In the second modification, the prepayment information of the user is associated with the user information and device information so that a charged service can be used without entering a prepayment ID after executing device authentication of the CE device 9.
Fig. 8 is a diagram showing an example configuration of a device registration system la according to the second modification.
Components corresponding to those in the embodiment are designated by the same numerals, and descriptions thereof will be omitted.
A service providing server 5a uses the same procedure - 49 as in the embodiment to associate user information with device information.
The service providing server 5a is capable of associating a user with the CE device 9 similarly to the device registration server 5 in the embodiment, and is also capable of providing various services to the CE device 9.
The service providing server 5a associates a user with the CE device 9 similarly to the device registration server 5. Furthermore, the service providing server 5a obtains prepayment information from a user authentication server 2a together with user information, and associates the prepayment information with the user information. That is, the service providing server 5a obtains settlement information.
The prepayment information is information identifying a prepayment account of a user, provided in a prepayment- information management server 4.
When providing a charged service to the CE device 9, the service providing server 5a sends service charge information and prepayment information to the prepayment- information management server 4 to request payment of the service charge.
Upon receiving the bill of service charge from the service providing server 5a, the prepayment-information management server 4 identifies a prepayment account of the - 50 user based on the prepayment information, and subtracts the service charge.
As described above, the user is allowed to use prepayment information for settlement, so that the prepayment information serves as settlement information in this modification.
Fig. 9A is a diagram showing an example of a user authentication table stored in the user authentication server 2a.
In addition to the user authentication table described in relation to the embodiment, prepayment information of the user is further associated.
When sending user information to the service providing server 5a after user authentication, the user authentication server 2a also sends prepayment information of the user.
Fig. 9B is a diagram showing an example of logical structure of a prepayment information database managed by the prepayment-information management server 4.
As shown in Fig. 9B, in the prepayment information database includes prepayment information, log data, and the like are associated with each other, and a prepayment account is provided for each user.
The prepayment information includes information needed for managing the prepayment account of the user. A prepayment account can be identified based on the prepayment - 51 information.
The log data includes records of deposits to and payments from the prepayment account.
The current balance of the prepayment account can be determined from the log data. A sum is added for depositing, and a sum is subtracted for settlement.
* Fig. 9C is a diagram showing an example structure of a service user table stored in the service providing server 5a.
As shown in Fig. 9C, user information, prepayment information, device information, and registered service are associated with each other in the table. More specifically, the service providing server 5a stores user information and prepayment information received from the user authentication server 2a and device information received from the device authentication server 3 such that these pieces of information are associated with each other.
Furthermore, in the second modification, a service that can be used may be set for each CE device 9.
For example, the CE device 9 that is identified by device information 1 is allowed to receive a service A and a service B. The user is allowed to select services to use when registering the CE device 9. After registration, user information, prepayment information, and services selected are displayed on the CE device 9, and the user is allowed to - 52 confirm the information.
As described above, according to the second modification, the user is allowed to set services to use by the CE device 9, and is allowed to register a prepayment account for settling service charges.
Third Modification Fig. 10 is a diagram showing the configuration of a device registration system lb according to a third modification.
In this modification, a service registration server 5b associates a user with the CE device 9 and further with settlement information. The settlement information is information needed for settling a price charged to the user, such as a credit card number or an account number of a bank account from which the price is to be subtracted.
The settlement information in this modification may be prepayment information described in relation to the second modification.
Components corresponding to those in the embodiment are designated by the same numerals, and descriptions thereof will be omitted.
Furthermore, the service providing server 5b uses the same procedure as in the embodiment to associate user information with device information. - 53
A user authentication server 2b stores settlement information of the user, and sends the settlement information to the service providing server 5b together with user information.
The service providing server 5b stores the user information and settlement information received from the user authentication server 2b and the device information received from the device authentication server 3 such that these pieces of information are associated with each other, so that the settlement information obtained can be used for settlement.
When the user requests a charged service from the CE device 9 to the service providing server 5b, the service providing server 5b provides a service, and settles the service charge using the settlement information associated with the CE device 9.
Fig. llA is a diagram showing an example of a user authentication table stored in the user authentication server 2a.
As shown in Fig. llA, in addition to the user authentication table described in relation to the embodiment, settlement information of the user is associated.
When sending user information to the service providing server 5b after user authentication, the user authentication server 2b also sends the settlement information. - 54
Fig. llB is a diagram showing an example of a service user table stored in the service providing server 5b.
As shown in Fig. llB, user information, settlement information, device information, and registered service are associated with each other in the table.
More specifically, the service providing server 5b stores user information and settlement information received from the user authentication server 2a and device information received from the device authentication server 3 such that these pieces of information are associated with each other.
Furthermore, in the third modification, services that can be used may be set for each CE device 9.
In the third modification described above, when the user uses a charged service of the service providing server 5b using the CE device 9, the service charge is automatically settled according to settlement information associated with the CE device 9.
Fourth Modification In this modification, a device that is capable of communicating with the CE device 9, such as a remote controller of the CE device 9, is registered via the CE device 9.
By executing device registration via the CE device 9, - 55 device registration is allowed even when the device itself is not capable of connecting to the device registration server 5.
As an example, a case where a remote controller of the CE device 9 is registered using the device registration system 1 will be described.
It is assumed herein that the remote controller is capable of communicating with the IC card 7.
First, the CE device 9 requests device registration to the device registration server 5.
Then, the IC card 7 is set to the remote controller and a password is entered from the remote controller, and the card ID and the password are sent to the CE device 9.
The subsequent processing is the same as in the case of device registration of the CE device 9, whereby the remote controller is registered in the device registration server 5.
As described above, device registration of a device that is not capable of communication via a network is allowed via the CE device 9.
Although the embodiment and the modifications have been described mainly in the context of device registration, the present invention may be applied, for example, to updating of registration of the CE device 9. Thus, for example, when a device is registered at a public place or the like, such as when changing the model of a cellular phone or other - 56 communication device used for services, a device can be registered and registration can be updated quickly without allowing a third party to see personal information or user authentication information being entered.
In so far as the embodiments of the invention described above are implemented, at least in part, using software- controlled data processing apparatus, it will be appreciated that a computer program providing such software control and a transmission, storage or other medium by which such a computer program is provided are envisaged as aspects of the present invention.
Further embodiments of the invention are defined in the numbered paragraphs below. - 57
1. A device registration system for associating a registered user with a terminal device in a device registration server, the registered user being registered using user identification information stored in an IC card, and the terminal device being registered by device authentication using stored device authentication information, wherein the terminal device obtains user confirmation information for confirming that a user is a registered user using the user identification information of the IC card, wherein the terminal device sends the user confirmation information obtained and the device authentication information to the device registration server while maintaining a logical connection with the device registration server, wherein the device registration server confirms that the user is a registered user using the user confirmation information received from the terminal device, wherein the device registration server obtains a result of device authentication of the terminal device from a device authentication server using the deice authentication information received from the terminal device, and wherein the device registration server stores information that is unique to the user and information that is unique to the terminal device such that these pieces of information are 58 associated with each other when the user is confirmed as a registered user and the result of device authentication indicates success of device authentication.
2. A device registration server comprising: information receiving means for receiving user confirmation information and device authentication information from a terminal device while maintaining a logical connection with the terminal device, the user confirmation information being used for confirming that a user is a registered user, and the device authentication information being stored at the terminal device and being used for device authentication of the terminal device; user confirmation means for confirming that the user is a registered user at a user authentication server using the user confirmation information received; device-authentication-result obtaining means for obtaining a result of device authentication of the terminal device from the device authentication server using the device authentication information received; and associated storage means for storing information of the user and information of the terminal device such that the user and the terminal device are associated with each other when the user has been confirmed based on the user confirmation information and registration of the terminal - 59 device has been confirmed based on the result of device authentication.
3. A device registration server according to Paragraph 2, wherein the user confirmation information includes the user identification information and password information, wherein the device registration server comprises user-authentication requesting means for requesting user authentication to the user authentication server using the user identification information and the password information, and obtaining a result of user authentication from the user authentication server, and wherein the user confirmation means confirms that the user is a registered user using the result of user authentication obtained.
4. A device registration server according to Paragraph 2, wherein the user confirmation information is a result of user authentication of the user, and wherein the user confirmation means confirms that the user is a registered user by asking the user authentication server whether the result of user authentication is correct.
5. A device registration server according to Paragraph 2, further comprising: service providing means for providing a service to the terminal device whose information has been stored by the associated storage means; and settlement-information obtaining means for obtaining settlement information that is set in advance for the users wherein the associated storage means stores information that is unique to the user, information that is unique to the device, and the settlement information obtained such that these pieces of information are associated with each other, and wherein a service charge of the service provided is settled using the settlement information stored.
6. A device registration method for a device registration server that is implemented by a computer comprising information receiving means, user confirmation means, device-authentication-result obtaining means, and associated storage means, the device registration method comprising: an information receiving step of receiving user confirmation information and device authentication information from a terminal device while maintaining a logical connection with the terminal device, the user confirmation information being used for confirming that a user is a registered user, and the device authentication information being stored at the terminal device and being used for device authentication of the terminal device; a user confirmation step of causing the user confirmation means to confirm that the user is a registered user at a user authentication server using the user confirmation information received; a device-authentication-result obtaining step of causing the device-authentication-result obtaining means to obtain a result of device authentication of the terminal device from the device authentication server using the device authentication information received; and an associated storage step of causing the associated storage means to store information of the user and information of the terminal device such that the user and the terminal device are associated with each other when the user has been confirmed based on the user confirmation information and registration of the terminal device has been confirmed based on the result of device authentication obtained.
7. A device registration method according to Paragraph 6, wherein the device registration server comprises user- authentication requesting means, wherein the user confirmation information includes the user identification information and password information, wherein the device registration method comprises a user- authentication requesting step of causing the user-authentication - 62 requesting means to request user authentication to the user authentication server using the user identification information and the password information and to obtain a result of user authentication from the user authentication server, and wherein the user confirmation step confirms that the user is a registered user using the result of user authentication obtained.
8. A device registration method according to Paragraph 6, wherein the user confirmation information is a result of user authentication of the user, and wherein the user confirmation step confirms that the user is a registered user by asking the user authentication server whether the result of user authentication is correct.
9. A device registration method according to Paragraph 6, wherein the device registration server comprises service providing means and settlement-information obtaining means, wherein the device registration method comprises a service providing step of causing the service providing means to provide a service to the terminal device whose information has been stored in the associated storage step and a settlement-information obtaining step of causing the settlement- information obtaining means to obtain settlement information that is set in advance for the user, wherein the - 63 associated storage step stores information that is unique to the user, information that is unique to the terminal device, and the settlement information obtained such that these pieces of information area associated with each other, and wherein a service charge of the service provided is settled using the settlement information stored.
10. A device registration program for allowing a computer to execute: an information receiving function for receiving user confirmation information and device authentication information from a terminal device while maintaining a logical connection with the terminal device, the user confirmation information being used for confirming that a user is a registered user, and the device authentication information being stored at the terminal device and being used for device authentication of the terminal device; a user confirmation function for confirming that the user is a registered user at a user authentication server using the user confirmation information received; a device-authentication-result obtaining function for obtaining a result of device authentication of the terminal device from the device authentication server using the device authentication information received; and an associated storage function for storing information - 64 of the user and information of the terminal device such that the user and the terminal device are associated with each other when the user has been confirmed based on the user confirmation information and registration of the terminal device has been confirmed based on the result of device authentication.
11. A device registration program according to Paragraph 10, wherein the user confirmation information includes the user identification information and password information, wherein the device registration program has a user- authentication requesting function for requesting user authentication to the user authentication server using the user identification information and the password information, and obtaining a result of user authentication from the user authentication server, and wherein the user confirmation function confirms that the user is a registered user using the result of user authentication obtained.
12. A device registration program according to Paragraph 10, wherein the user confirmation information is a result of user authentication of the user, and wherein the user confirmation function confirms that the user is a registered user by asking the user authentication server whether the result of user authentication is correct. -
13. A device registration program according to Paragraph 10, the device registration program allowing execution of: a service providing function for providing a service to the terminal device whose information has been stored by the associated storage function; and a settlement-information obtaining function for obtaining settlement information that is set in advance for the user; wherein the associated storage function stores information that is unique to the user, information that is unique to the device, and the settlement information obtained such that these pieces of information are associated with each other, and wherein a service charge of the service provided is settled using the settlement information stored.
14. A computer-readable storage medium storing a device registration program for allowing a computer to execute: an information receiving function for receiving user confirmation information and device authentication information from a terminal device while maintaining a logical connection with the terminal device, the user confirmation information being used for confirming that a 66 user is a registered user, and the device authentication information being stored at the terminal device and being used for device authentication of the terminal device; a user confirmation function for confirming that the user is a registered user at a user authentication server using the user confirmation information received) a device-authentication-result obtaining function for obtaining a result of device authentication of the terminal device from the device authentication server using the device authentication information received; and an associated storage function for storing information of the user and information of the terminal device such that the user and the terminal device are associated with each other when the user has been confirmed based on the user confirmation information and registration of the terminal device has been confirmed based on the result of device authentication.
15. A device registration system substantially as hereinbefore described with reference to the accompanying drawings.
16. A device registration server substantially as hereinbefore described with reference to the accompanying drawings.
17. A computer readable storage medium substantially as hereinbefore described with reference to the accompanying drawings. - 67
Claims (13)
1. A terminal device storing device authentication information, the terminal device comprising: user-identification-information obtaining means for obtaining user identification information for identifying a user from an IC card; user-confirmation-information obtaining means for obtaining user confirmation information for confirming that the user is a registered user using the user identification information obtained; and information sending means for sending the user confirmation information obtained and the device authentication stored to a device registration server for storing information that is unique to the terminal device and information that is unique to the user such that these pieces of information are associated with each other, while maintaining a logical connection with the device registration server.
2. A terminal device according to Claim 1, further comprising passwordinformation obtaining means, wherein the user confirmation information is composed using the user identification information obtained and the password information obtained.
3. A terminal device according to Claim 1, further comprlslng: passwordinformation obtaining means; and user-authentication-result obtaining means for requesting user authentication to a user authentication server using the user identification information obtained and the password information obtained, and obtaining a result of user authentication from the user authentication server; wherein the user confirmation information obtained includes the result of user authentication obtained.
4. A device registration method that is executed by a terminal device implemented by a computer comprising user- identification-information obtaining means, user- confirmation-information obtaining means, and information sending means, the device registration method comprising: a user-identification- information obtaining step of obtaining user identification information for identifying a user from an IC card; a user-confirmation-information obtaining step of obtaining user confirmation information for confirming that the user is a registered user using the user identification information obtained; and an information sending step of sending the user confirmation information obtained and the device authentication stored to a device registration server for storing information that is unique to the terminal device and information that is unique to the user such that these pieces of information are associated with each other, while maintaining a logical connection with the device registration server. 70
5. A device registration method according to Claim 4, wherein the terminal device further comprises password- information obtaining means, and wherein the user confirmation information obtained in the user-confirmation- information obtaining step is composed using the useridentification information obtained and the password information obtained.
6. A device registration method according to Claim 4, wherein the terminal device further comprises password- information obtaining means and user-authentication-result obtaining means are provided, wherein the device registration method comprises a user-authentication-result obtaining step of requesting user authentication to a user authentication server using the user identification information obtained and the password information obtained, and causing the user-authentication-result obtaining means to obtain a result of user authentication from the user authentication server, and wherein the user confirmation information includes the result of user authentication obtained.
7. A device registration program for allowing a terminal device implemented by a computer and storing device authentication information to execute: a user-identification-information obtaining function for obtaining user identification information for identifying a user from an IC card; a user-confirmation-information obtaining function for obtaining user confirmation information for confirming that the user is a registered user using the user identification information obtained; and an information sending function for sending the user confirmation information obtained and the device authentication stored to a device registration server for storing information that is unique to the terminal device and information that is unique to the user such that these pieces of information are associated with each other, while maintaining a logical connection with the device registration server.
8. A device registration program according to Claim 7, wherein the device registration program allows execution of a password- information obtaining function, and wherein the user confirmation information is composed using the user identification information obtained and the password information obtained.
9. A device registration program according to Claim 7, wherein the device registration program allows execution - 72 of: a password-information obtaining function; and a user-authentication-result obtaining function for requesting user authentication to a user authentication server using the user identification information obtained and the password information obtained, and obtaining a result of user authentication from the user authentication server; and wherein the user confirmation information includes the result of user authentication obtained.
lo. A computer-readable storage medium storing a device registration program for allowing a terminal device implemented by a computer and storing device authentication information to execute: a useridentification-information obtaining function for obtaining user identification information for identifying a user from an IC card; a userconfirmation-information obtaining function for obtaining user confirmation information for confirming that the user is a registered user using the user identification information obtained; and an information sending function for sending the user confirmation information obtained and the device authentication stored to a device registration server for _ 73 storing information that is unique to the terminal device and information that is unique to the user such that these pieces of information are associated with each other, while maintaining a logical connection with the device registration server.
11. A device registration method for execution by a terminal device, the method substantially as hereinbefore described with reference to the accompanying drawings.
12. A device registration program for execution by a terminal device, the program substantially as hereinbefore described with reference to the accompanying drawings.
13. A terminal device substantially as hereinbefore described with reference to the accompanying drawings.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2003188142A JP2005025337A (en) | 2003-06-30 | 2003-06-30 | Appliance registration system, appliance registration server, appliance registration method, appliance registration program, storage medium and terminal appliance |
| GB0411860A GB2403577B (en) | 2003-06-30 | 2004-05-26 | Device registration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| GB0510694D0 GB0510694D0 (en) | 2005-06-29 |
| GB2412211A true GB2412211A (en) | 2005-09-21 |
Family
ID=34921509
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB0510694A Withdrawn GB2412211A (en) | 2003-06-30 | 2005-05-25 | Device and user registration |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2412211A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105956450A (en) * | 2016-04-27 | 2016-09-21 | 四川效率源信息安全技术股份有限公司 | Method for locking/unlocking computer screen based on non-contact IC card |
| CN105975841A (en) * | 2016-04-27 | 2016-09-28 | 四川效率源信息安全技术股份有限公司 | Method for locking/ unlocking computer screen on the basis of softdog |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002352059A (en) * | 2001-05-24 | 2002-12-06 | Sony Corp | Method and system for providing product information |
| WO2003005671A2 (en) * | 2001-07-06 | 2003-01-16 | Livedevices Limited | Improvements relating to internet-connected devices |
| EP1289228A2 (en) * | 2001-08-28 | 2003-03-05 | Fujitsu Limited | Internet appliance terminal and user management system/program |
-
2005
- 2005-05-25 GB GB0510694A patent/GB2412211A/en not_active Withdrawn
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002352059A (en) * | 2001-05-24 | 2002-12-06 | Sony Corp | Method and system for providing product information |
| WO2003005671A2 (en) * | 2001-07-06 | 2003-01-16 | Livedevices Limited | Improvements relating to internet-connected devices |
| EP1289228A2 (en) * | 2001-08-28 | 2003-03-05 | Fujitsu Limited | Internet appliance terminal and user management system/program |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105956450A (en) * | 2016-04-27 | 2016-09-21 | 四川效率源信息安全技术股份有限公司 | Method for locking/unlocking computer screen based on non-contact IC card |
| CN105975841A (en) * | 2016-04-27 | 2016-09-28 | 四川效率源信息安全技术股份有限公司 | Method for locking/ unlocking computer screen on the basis of softdog |
Also Published As
| Publication number | Publication date |
|---|---|
| GB0510694D0 (en) | 2005-06-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8955085B2 (en) | Device registration system, device registration server, device registration method, device registration program, storage medium, and terminal device | |
| US10325254B2 (en) | Communication terminal and communication method using plural wireless communication schemes | |
| US7188110B1 (en) | Secure and convenient method and apparatus for storing and transmitting telephony-based data | |
| US20020073042A1 (en) | Method and apparatus for secure wireless interoperability and communication between access devices | |
| US20040098740A1 (en) | Method and apparatus for using a kiosk and a transaction device in an electronic commerce system | |
| US20020087542A1 (en) | Information providing system and method thereof | |
| US20020184500A1 (en) | System and method for secure entry and authentication of consumer-centric information | |
| WO2012098556A1 (en) | Direct carrier billing | |
| WO2001082151A1 (en) | External device and authentication system | |
| WO2001052212A1 (en) | Secure electronic commerce system | |
| US20060271423A1 (en) | Point management method and point management system | |
| US20050160007A1 (en) | Subscription-based sales system, terminal device, management device, server and program | |
| CA2313312A1 (en) | System, method, and computer program product for smart card to smart card transactions | |
| JPWO2004006194A1 (en) | Transaction system and transaction terminal device | |
| WO2002067165A1 (en) | Electronic settlement system and electronic settlement method | |
| JP4145878B2 (en) | Reservation sales system, terminal device, management device, server, and program | |
| JP2005115597A (en) | Card management system and card information management method | |
| GB2412211A (en) | Device and user registration | |
| JP2009043271A (en) | Service providing system, terminal device, and program | |
| JP2003157366A (en) | Personal information management method, management device, physical distribution device, and goods physical distribution system | |
| JP2002334227A (en) | Pay service provision method, pay service provision system, content server, program for pay service provision, and recording medium | |
| KR100901297B1 (en) | System for Virtual Mechant Network Application | |
| KR100629012B1 (en) | A bi-directional television and electronic commercial dealing system by using the bi-directional television | |
| JP2002163450A (en) | System, device, and method for card settlement | |
| KR100715416B1 (en) | Advance sale system, terminal device, management device, and readable-by-computer recording medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |