JP2006236281A - Client terminal, application starting file generating device and single sign-on system - Google Patents

Client terminal, application starting file generating device and single sign-on system Download PDF

Info

Publication number
JP2006236281A
JP2006236281A JP2005054013A JP2005054013A JP2006236281A JP 2006236281 A JP2006236281 A JP 2006236281A JP 2005054013 A JP2005054013 A JP 2005054013A JP 2005054013 A JP2005054013 A JP 2005054013A JP 2006236281 A JP2006236281 A JP 2006236281A
Authority
JP
Japan
Prior art keywords
application
client terminal
authentication
authentication ticket
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2005054013A
Other languages
Japanese (ja)
Other versions
JP4667908B2 (en
Inventor
Hironori Yamashita
洋徳 山下
Original Assignee
Mitsubishi Electric Corp
三菱電機株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitsubishi Electric Corp, 三菱電機株式会社 filed Critical Mitsubishi Electric Corp
Priority to JP2005054013A priority Critical patent/JP4667908B2/en
Publication of JP2006236281A publication Critical patent/JP2006236281A/en
Application granted granted Critical
Publication of JP4667908B2 publication Critical patent/JP4667908B2/en
Application status is Active legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Abstract

<P>PROBLEM TO BE SOLVED: To make access without executing login processing even when a rich client application accesses a web system if a web browser acquires an authentication ticket. <P>SOLUTION: Application information required to start the rich client application and an application starting file generating device 3 for generating an application starting file including an authentication ticket are provided. A client terminal 1 starts the rich client application according to the application information included in the application starting file and transfers the authentication ticket to the rich client application. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a client terminal, an application activation file generation apparatus, and a single sign-on system that realize single sign-on that enables access to a plurality of Web systems by a single login process.

In recent years, “Web systems” that utilize Web technology have been widely used, and various systems have been realized as Web systems in in-house systems.
Here, the Web system is a general term for systems that implement various processes by mounting a Web browser on a client terminal and performing data communication with the Web application server.

In a Web system, a “login” process is usually performed to identify a user. That is, personal authentication is performed by prompting input of personal information such as a user ID and a password, and collating the personal information.
Such login processing is generally performed for each Web system, but it is complicated for the user to prompt the user to input personal information such as a user ID and password every time a different Web system is used. Therefore, a “single sign-on” technique has been developed that realizes access to a plurality of Web systems by a single login process.
In a single sign-on system equipped with “single sign-on” technology, the authentication processing device issues an authentication ticket (authentication information) that guarantees authentication, and the web browser of the client terminal is a web application server (web system). When data communication is performed, data including the authentication ticket is transmitted to the Web application server, and the Web application server refers to the authentication ticket included in the data and confirms that the user has logged in. (For example, refer to Patent Document 1).

On the other hand, in a Web system using a Web browser, various restrictions are imposed on the user interface due to restrictions on HTML. Therefore, in order to realize a more complicated user interface, “rich client” technology has been developed.
Here, the rich client technology can realize a user interface equivalent to a general application (eg, word processing software, spreadsheet software) while using a Web technology (eg, HTTP communication, Cookie). It is technology.
Hereinafter, in this specification, an application (application other than a Web browser) equipped with rich client technology is referred to as a “rich client application”.

JP 2003-296277 A (paragraph numbers [0022] to [0062], FIG. 1)

  Since the conventional single sign-on system is configured as described above, once a Web browser performs login processing and obtains an authentication ticket, it accesses a plurality of Web systems without performing login processing again. can do. However, since the technology for sharing the authentication ticket between the Web browser and the rich client application has not been established, even if the Web browser acquires the authentication ticket, the login process is performed when the rich client application accesses the Web system. There was an issue that had to be done.

The present invention has been made to solve the above-described problems. If a Web browser acquires an authentication ticket, the Web system can be used without performing login processing even when a rich client application accesses the Web system. An object is to obtain a client terminal and a single sign-on system that can be accessed.
Another object of the present invention is to provide an application start file generation device that can generate an application start file that enables a Web browser to start a rich client application and deliver an authentication ticket to the rich client application. And

  When the single sign-on system according to the present invention receives an authentication ticket from the client terminal when receiving an access from the client terminal, it generates an application activation file including application information and an authentication ticket necessary for starting the application, An application start file generation device that transmits the application start file to the client terminal is provided, and when the client terminal receives the application start file from the application start file generation device, the application information included in the application start file The application is started according to the above, and the authentication ticket included in the application start file is delivered to the application.

  According to the present invention, when an authentication ticket is received from a client terminal when an access is received from the client terminal, an application start file including application information and an authentication ticket necessary for starting the application is generated, and the application start An application startup file generation device that transmits a file to the client terminal is provided, and when the client terminal receives the application startup file from the application startup file generation device, the application is executed according to the application information included in the application startup file. Since the authentication ticket included in the application startup file is delivered to the application, the Web browser acquires the authentication ticket. Without non-browser applications (rich client applications) is to implement a log-in process even if you access the application server (Web system), there is an advantage of being able to access the application server.

Embodiment 1 FIG.
FIG. 1 is a block diagram showing a single sign-on system according to Embodiment 1 of the present invention. In FIG. 1, a client terminal 1 is connected to a network 5 such as the Internet, and a web browser of the client terminal 1 is an application activation file. When an application start file is received from the generation device 3, the application start application is called, and the application start application starts the rich client application according to the application information included in the application start file, and the application start file Executes the process of handing over the authentication ticket included in to the rich client application.

When the authentication processing device 2 is connected to the network 5 and receives personal information from the client terminal 1, the personal information is collated with the personal information registered in the database, and if the matching personal information is registered in the database, Processing such as transmitting an authentication ticket that guarantees authentication to the client terminal 1 is performed.
When the application startup file generation device 3 is connected to the network 5 and receives access from the client terminal 1 and receives an authentication ticket from the client terminal 1, it includes application information and an authentication ticket necessary for starting the rich client application. Processing such as generating an application startup file and transmitting the application startup file to the client terminal 1 is performed.
The application server 4 is a Web system that is connected to the network 5 and manages rich client applications.

FIG. 2 is a block diagram showing a client terminal according to Embodiment 1 of the present invention. In FIG. 2, a man-machine I / F 11 is composed of, for example, a keyboard and a mouse. Used when entering.
When the user operates the man-machine I / F 11 and inputs personal information such as a user ID and a password, the authentication processing request unit 12 transmits the personal information to the authentication processing device 2 via the network I / F 13. Perform processing such as requesting authentication processing.
The network I / F 13 is connected to the network 5 and performs data input / output processing for the network 5.
When the network I / F 13 receives the authentication ticket transmitted from the authentication processing device 2, the authentication ticket acquisition unit 14 acquires the authentication ticket from the network I / F 13.
The authentication processing request unit 12, the network I / F 13, and the authentication ticket acquisition unit 14 constitute an authentication ticket acquisition unit.

The authentication ticket transmission unit 15 transmits the authentication ticket acquired by the authentication ticket acquisition unit 14 to the application activation file generation device 3 via the network I / F 13.
When the network I / F 13 receives the application startup file transmitted from the application startup file generation device 3, the startup file acquisition unit 16 acquires the application startup file from the network I / F 13.
The network I / F 13, the authentication ticket transmission unit 15, and the activation file acquisition unit 16 constitute an activation file acquisition unit.

The application download unit 17 refers to the application information included in the application activation file acquired by the activation file acquisition unit 16 and downloads the rich client application from the application server 4 via the network I / F 13.
The application activation unit 18 outputs a rich client application activation instruction downloaded by the application download unit 17 to the application execution unit 19, and outputs an authentication ticket included in the application activation file to the application execution unit 19.
When receiving an activation command from the application activation unit 18, the application execution unit 19 starts execution of the rich client application and performs processing such as delivering the authentication ticket to the rich client application.
The network I / F 13, the application download unit 17, the application activation unit 18, and the application execution unit 19 constitute application activation means.

In the first embodiment, an authentication processing request unit 12, an authentication ticket acquisition unit 14, an authentication ticket transmission unit 15, an activation file acquisition unit 16, an application download unit 17, an application activation unit 18, For example, the application execution unit 19 is assumed to be configured by hardware such as a semiconductor integrated circuit board on which a CPU, a memory, a semiconductor switch, and the like are mounted. When the client terminal 1 is a computer, A program in which the processing contents of the authentication processing request unit 12, the authentication ticket acquisition unit 14, the authentication ticket transmission unit 15, the activation file acquisition unit 16, the application download unit 17, the application activation unit 18, and the application execution unit 19 are described. The program stored in the memory of the computer CPU is stored in the memory. The may be executed.
In this case, the Web browser performs the processing of the authentication processing request unit 12, the authentication ticket acquisition unit 14, the authentication ticket transmission unit 15, and the activation file acquisition unit 16.

FIG. 3 is a block diagram showing an authentication processing apparatus according to Embodiment 1 of the present invention. In FIG. 3, a network I / F 21 is connected to the network 5 and performs data input / output processing for the network 5.
The personal information management DB 22 is a database that manages personal information (for example, user ID / password) of users who are permitted to log in.
When the network I / F 21 receives the personal information transmitted from the client terminal 1, the authentication processing unit 23 collates the personal information with the personal information managed in the personal information management DB 22, and the matching personal information is managed by the personal information management. If managed by the DB 22, processing such as transmitting an authentication ticket that guarantees authentication to the client terminal 1 via the network I / F 21 is performed.

  In the first embodiment, the authentication processing unit 23 that is a component of the authentication processing device 2 is configured by hardware such as a semiconductor integrated circuit board on which a CPU, a memory, a semiconductor switch, and the like are mounted. However, when the authentication processing device 2 is a computer, the program in which the processing contents of the authentication processing unit 23 are described is stored in the memory of the computer, and the program in which the CPU of the computer is stored in the memory is stored. You may make it perform.

FIG. 4 is a block diagram showing an application activation file generation apparatus according to Embodiment 1 of the present invention. In FIG. 4, a network I / F 31 is connected to the network 5 and performs data input / output processing for the network 5. .
When the network I / F 31 receives access from the client terminal 1 when the network I / F 31 receives an authentication ticket from the client terminal 1, the login confirmation unit 32 determines that the login has been completed. If the authentication ticket has not been received, it is determined that the user has not logged in.
The network I / F 31 and the login confirmation unit 32 constitute authentication ticket receiving means.

The basic setting information storage unit 33 generates basic setting information for generating application information necessary for starting the rich client application (for example, the name of the rich client application, the module name, and the URL of the application server 4 that manages the rich client application). , Ticket ID).
If the login confirmation unit 32 determines that the login has been completed, the startup file generation unit 34 generates an application startup file based on the basic setting information stored in the basic setting information storage unit 33.
The authentication ticket embedding unit 35 performs a process of embedding the authentication ticket received by the network I / F 31 in the application activation file generated by the activation file generation unit 34.
The basic setting information storage unit 33, the startup file generation unit 34, and the authentication ticket embedding unit 35 constitute a startup file generation unit.

The activation file transmission unit 36 transmits the application activation file in which the authentication ticket is embedded by the authentication ticket embedding unit 35 to the client terminal 1 via the network I / F 31.
The network I / F 31 and the startup file transmission unit 36 constitute startup file transmission means.

In the first embodiment, the login confirmation unit 32, the activation file generation unit 34, the authentication ticket embedding unit 35, and the activation file transmission unit 36, which are components of the application activation file generation device 3, include, for example, a CPU, It is assumed that the device is configured by hardware such as a semiconductor integrated circuit board on which a memory, a semiconductor switch, and the like are mounted. However, when the application startup file generation device 3 is a computer, a login confirmation unit 32, startup The program in which the processing contents of the file generation unit 34, the authentication ticket embedding unit 35, and the activation file transmission unit 36 are described is stored in the memory of the computer, and the CPU of the computer executes the program stored in the memory. You may do it.
FIG. 5 is a processing sequence diagram showing processing contents of the single sign-on system according to Embodiment 1 of the present invention.

Next, the operation will be described.
When the user operates the man-machine I / F 11 of the client terminal 1 and specifies the URL of the file generation device 3 for starting an application, the authentication processing request unit 12 that is a Web browser of the client terminal 1 passes through the network I / F 13. Then, a page acquisition request is transmitted to the application activation file generation device 3 (step ST1).
When the network I / F 31 receives a page acquisition request transmitted from the client terminal 1, the log-in confirmation unit 32 of the application activation file generation device 3 may receive the authentication ticket from the client terminal 1. It is determined whether or not the user has already logged in by determining whether or not the login has been made.
At this stage, since the authentication ticket cannot be received from the client terminal 1, it is determined that the user has not logged in.
If the login confirmation unit 32 determines that the user has not logged in, a message (including the URL of the authentication processing device 2) indicating that an authentication ticket needs to be acquired from the authentication processing device 2 in order to acquire the application startup file. Message) to the client terminal 1 (step ST2).

When the network I / F 13 receives the message transmitted from the application activation file generation device 3, the authentication processing request unit 12 of the client terminal 1 extracts the URL of the authentication processing device 2 from the message, and the authentication processing device 2. Is accessed (step ST3).
When the network I / F 21 receives access from the client terminal 1, the authentication processing unit 23 of the authentication processing device 2 displays a login screen that prompts input of personal information (for example, user ID and password) via the network I / F 21. The screen data is transmitted to the client terminal 1 (step ST4).
Here, personal information that prompts the user to input a user ID and password is shown. However, the present invention is not limited to this, and for example, input of a fingerprint, ID card information, or the like may be prompted.

When the network I / F 13 receives the screen data of the login screen transmitted from the authentication processing device 2, the authentication processing request unit 12 of the client terminal 1 displays the login screen on a display (not shown) according to the screen data.
When the user operates the man-machine I / F 11 and inputs personal information such as a user ID / password, the authentication processing request unit 12 transmits the personal information to the authentication processing device 2 via the network I / F 13. Then, an authentication process is requested (step ST5).

When the network I / F 21 receives the personal information transmitted from the client terminal 1, the authentication processing unit 23 of the authentication processing device 2 collates the personal information with the personal information managed in the personal information management DB 22 (step ST6). ).
For example, if the personal information is a user ID / password, it is determined whether or not a user ID / password that matches the user ID / password is managed in the personal information management DB 22, and the matching user ID / password is the personal information. If managed by the management DB 22, login is permitted, and if the matching user ID / password is not managed by the personal information management DB 22, login is rejected.
If the login is permitted, the authentication processing unit 23 transmits an authentication ticket that guarantees the authentication to the client terminal 1 via the network I / F 21 (step ST7).
The authentication ticket is encrypted authentication information including, for example, a user ID, access authority, expiration date, and the like.

When the network I / F 13 receives the authentication ticket transmitted from the authentication processing device 2, the authentication ticket acquisition unit 14 that is the Web browser of the client terminal 1 acquires the authentication ticket from the network I / F 13.
When the authentication ticket acquisition unit 14 acquires the authentication ticket, the authentication ticket transmission unit 15 that is a Web browser of the client terminal 1 transmits the authentication ticket to the application activation file generation device 3 via the network I / F 13.

When the network I / F 31 receives the authentication ticket transmitted from the client terminal 1, the login confirmation unit 32 of the application activation file generation device 3 releases the encryption of the authentication ticket and looks at the contents of the authentication ticket. Make sure you are logged in.
When confirming that the user has logged in, the login confirmation unit 32 calls the activation file generation unit 34, which is an application activation file generation module (step ST9).
When invoked from the login confirmation unit 32, the activation file generation unit 34 of the application activation file generation device 3 generates an application activation file based on the basic setting information stored in the basic setting information storage unit 33.
For example, a file for starting an application including a name of the rich client application, a module name, a URL of the application server 4 that manages the rich client application, a ticket ID, and the like is generated.

The authentication ticket embedding unit 35, which is an application startup file generation module of the application startup file generation device 3, generates an authentication ticket received by the network I / F 31 when the startup file generation unit 34 generates an application startup file. Implement the process of embedding in the application startup file.
When the authentication ticket embedding unit 35 embeds the authentication ticket in the application activation file, the activation file transmission unit 36 of the application activation file generation device 3 transmits the application activation file to the client terminal via the network I / F 31. 1 (steps ST10 and ST11).

  When the network I / F 13 receives the application startup file transmitted from the application startup file generation device 3, the startup file acquisition unit 16 that is the Web browser of the client terminal 1 receives the application startup file from the network I / F 13. Obtaining and calling the application download unit 17 which is an application activation application, and outputting the application activation file to the application download unit 17 (step ST12).

When the application download unit 17 of the client terminal 1 is called from the startup file acquisition unit 16 and receives the application startup file, the application download unit 17 refers to the application information included in the application startup file, and the name of the rich client application Alternatively, the URL of the application server 4 in which the rich client application is managed is confirmed, and the application server 4 is requested to download the rich client application via the network I / F 13 (step ST13).
The application download unit 17 transmits the authentication ticket included in the application activation file to the application server 4 when requesting the download of the rich client application.

When the application server 4 receives the request for downloading the rich client application from the client terminal 1 and receives the authentication ticket from the client terminal 1, the application server 4 decrypts the authentication ticket and logs in by viewing the contents of the authentication ticket. Confirm that it has been completed.
When confirming that the application server 4 has logged in, the application server 4 transmits the rich client application designated by the client terminal 1 to the client terminal 1 (step ST14).
When the network I / F 13 receives the rich client application transmitted from the application server 4, the application download unit 17 of the client terminal 1 downloads the rich client application and outputs it to the application execution unit 19.

When the application download unit 17 downloads the rich client application, the application start unit 18 that is an application start application of the client terminal 1 outputs a start command for the rich client application to the application execution unit 19 and the application start file. Is output to the application execution unit 19.
Upon receiving the activation command from the application activation unit 18, the application execution unit 19 of the client terminal 1 starts execution of the rich client application and performs processing such as delivering the authentication ticket to the rich client application (step ST15). .

As a result, the rich client application starts executing, but during execution, for example, when it is necessary to perform data communication with the application server 4, the authentication ticket delivered from the application execution unit 19 is transmitted to the application server 4 ( Step ST16).
When the application server 4 receives the authentication ticket from the rich client application, the application server 4 releases the encryption of the authentication ticket and confirms that the login has been completed by viewing the content of the authentication ticket.
Therefore, the rich client application can access the application server 4 only by transmitting the authentication ticket to the application server 4 without performing a login process.

  As is apparent from the above, according to the first embodiment, when an authentication ticket is received from the client terminal 1 when an access is received from the client terminal 1, the application information and the authentication ticket necessary for starting the rich client application are received. Is provided, and an application start file generating device 3 is provided for transmitting the application start file to the client terminal 1, and the client terminal 1 receives the application start file from the application start file generating device 3. Then, the rich client application is started according to the application information included in the application start file, and the authentication ticket included in the application start file is Since the configuration is such that the application is delivered to the application, if the Web browser acquires the authentication ticket, the application server 4 can be accessed without performing the login process even when the rich client application accesses the application server 4. Play.

  Further, according to the first embodiment, the rich client application is downloaded to the user because the rich client application is downloaded from the application server 4 with reference to the application information included in the application startup file. In doing so, the spread of CD-ROM and the like can be stopped. For this reason, once the CD-ROM is distributed to an appropriate user, it is possible to avoid a situation in which the CD-ROM is distributed to an inappropriate user.

  Further, according to the first embodiment, when an authentication ticket transmitted from the client terminal 1 is received, an application activation file including application information and an authentication ticket necessary for activation of the rich client application is generated, Since the application start file is configured to be transmitted to the client terminal 1, the Web browser can start the rich client application and generate the application start file that enables the delivery of the authentication ticket to the rich client application. There is an effect.

BRIEF DESCRIPTION OF THE DRAWINGS It is a block diagram which shows the single sign-on system by Embodiment 1 of this invention. It is a block diagram which shows the client terminal by Embodiment 1 of this invention. It is a block diagram which shows the authentication processing apparatus by Embodiment 1 of this invention. It is a block diagram which shows the file generation apparatus for application starting by Embodiment 1 of this invention. It is a processing sequence diagram which shows the processing content of the single sign-on system by Embodiment 1 of this invention.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 Client terminal, 2 Authentication processing apparatus, 3 Application starting file production apparatus, 4 Application server, 5 Network, 11 Man machine I / F, 12 Authentication process request part (authentication ticket acquisition means), 13 Network I / F (authentication) Ticket acquisition means, activation file acquisition means, application activation means), 14 authentication ticket acquisition section (authentication ticket acquisition means), 15 authentication ticket transmission section (activation file acquisition means), 16 activation file acquisition section (activation file) Acquisition means), 17 application download unit (application activation unit), 18 application activation unit (application activation unit), 19 application execution unit (application activation unit), 21 network I / F, 22 personal information management DB, 23 authentication processing unit 31 Network I / F (authentication ticket receiving means, activation File transmission means), 32 login confirmation section (authentication ticket receiving means), 33 basic setting information storage section (startup file generation means), 34 startup file generation section (startup file generation means), 35 authentication ticket embedding section (Startup file generation means), 36 Startup file transmission unit (Startup file transmission means).

Claims (6)

  1.   An authentication ticket acquisition unit that transmits personal information to the authentication processing device to request authentication processing, receives an authentication ticket that guarantees authentication from the authentication processing device, and an authentication ticket received by the authentication ticket acquisition unit A startup file acquisition means for transmitting to the startup file generation device and receiving the application startup file including the application information and the authentication ticket necessary for starting the application from the application startup file generation device; and the startup file A client comprising application launching means for launching an application in accordance with the application information included in the application launching file received by the obtaining unit and delivering the authentication ticket contained in the application launching file to the application The end.
  2.   The client terminal according to claim 1, wherein the application activation unit activates an application having a function of transmitting an authentication ticket to the application server when performing data communication with the application server.
  3.   3. The client terminal according to claim 1, wherein the application starting unit downloads the application from the application server by referring to the application information included in the application starting file, and starts the application. .
  4.   When an access is received from a client terminal, an authentication ticket receiving unit that receives an authentication ticket guaranteeing authentication by the authentication processing device from the client terminal, and an application is started when the authentication ticket is received by the authentication ticket receiving unit A startup file generation unit that generates an application startup file including application information necessary for authentication and the authentication ticket, and a startup file transmission that transmits the application startup file generated by the startup file generation unit to the client terminal An apparatus for generating a file for starting an application.
  5.   When personal information is received from the client terminal, the personal information is collated with the personal information registered in the database, and if the matching personal information is registered in the database, an authentication ticket guaranteeing authentication is issued to the client terminal. In the single sign-on system provided with the authentication processing device that transmits to the client terminal, when receiving the authentication ticket from the client terminal when receiving an access from the client terminal, the application information necessary for starting the application and the authentication ticket are included. An application startup file generation device is provided that generates an application startup file and transmits the application startup file to the client terminal, and the client terminal receives the application startup file from the application startup file generation device. When the application is received, the application is started according to the application information included in the application startup file, and the authentication ticket included in the application startup file is delivered to the application. .
  6.   6. The single sign-on system according to claim 5, wherein the client terminal downloads the application from the application server by referring to the application information included in the application activation file, and activates the application.
JP2005054013A 2005-02-28 2005-02-28 Client terminal and single sign-on system Active JP4667908B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2005054013A JP4667908B2 (en) 2005-02-28 2005-02-28 Client terminal and single sign-on system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2005054013A JP4667908B2 (en) 2005-02-28 2005-02-28 Client terminal and single sign-on system

Publications (2)

Publication Number Publication Date
JP2006236281A true JP2006236281A (en) 2006-09-07
JP4667908B2 JP4667908B2 (en) 2011-04-13

Family

ID=37043816

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2005054013A Active JP4667908B2 (en) 2005-02-28 2005-02-28 Client terminal and single sign-on system

Country Status (1)

Country Link
JP (1) JP4667908B2 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009217430A (en) * 2008-03-10 2009-09-24 Kddi Corp Authentication system
JP2010140351A (en) * 2008-12-12 2010-06-24 Canon Software Inc Information processor, session management method, program and recording medium
JP2010525448A (en) * 2007-04-20 2010-07-22 マイクロソフト コーポレーション Request-only authentication to access web service resources
JP2010533422A (en) * 2007-07-09 2010-10-21 アルカテル−ルーセント ユーエスエー インコーポレーテッド Web-based wireless provisioning and activation of mobile terminals
US8095972B1 (en) 2008-10-06 2012-01-10 Southern Company Services, Inc. Secure authentication for web-based applications
JP2013134655A (en) * 2011-12-27 2013-07-08 Ricoh Co Ltd Information processing device, information processing system, and program
JP2013530440A (en) * 2010-04-26 2013-07-25 オーセンテイフイ・インコーポレーテツド Secure and efficient login and transaction authentication using iPhone ™ and other smart mobile communication devices
US8756665B2 (en) 2011-07-08 2014-06-17 International Business Machines Corporation Authenticating a rich client from within an existing browser session

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004234640A (en) * 2003-01-08 2004-08-19 Ricoh Co Ltd Information providing device, information providing processing system, image forming apparatus, information providing method and unauthorized utilization preventing method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004234640A (en) * 2003-01-08 2004-08-19 Ricoh Co Ltd Information providing device, information providing processing system, image forming apparatus, information providing method and unauthorized utilization preventing method

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8656472B2 (en) 2007-04-20 2014-02-18 Microsoft Corporation Request-specific authentication for accessing web service resources
US9832185B2 (en) 2007-04-20 2017-11-28 Microsoft Technology Licensing, Llc Request-specific authentication for accessing web service resources
JP2010525448A (en) * 2007-04-20 2010-07-22 マイクロソフト コーポレーション Request-only authentication to access web service resources
US9590994B2 (en) 2007-04-20 2017-03-07 Microsoft Technology Licensing, Llc Request-specific authentication for accessing web service resources
US9183366B2 (en) 2007-04-20 2015-11-10 Microsoft Technology Licensing, Llc Request-specific authentication for accessing Web service resources
US10104069B2 (en) 2007-04-20 2018-10-16 Microsoft Technology Licensing, Llc Request-specific authentication for accessing web service resources
JP2010533422A (en) * 2007-07-09 2010-10-21 アルカテル−ルーセント ユーエスエー インコーポレーテッド Web-based wireless provisioning and activation of mobile terminals
JP4760842B2 (en) * 2008-03-10 2011-08-31 Kddi株式会社 authentication system
JP2009217430A (en) * 2008-03-10 2009-09-24 Kddi Corp Authentication system
US8095972B1 (en) 2008-10-06 2012-01-10 Southern Company Services, Inc. Secure authentication for web-based applications
JP2010140351A (en) * 2008-12-12 2010-06-24 Canon Software Inc Information processor, session management method, program and recording medium
US8893237B2 (en) 2010-04-26 2014-11-18 Authentify, Inc. Secure and efficient login and transaction authentication using iphones# and other smart mobile communication devices
JP2013530440A (en) * 2010-04-26 2013-07-25 オーセンテイフイ・インコーポレーテツド Secure and efficient login and transaction authentication using iPhone ™ and other smart mobile communication devices
US8719905B2 (en) 2010-04-26 2014-05-06 Authentify Inc. Secure and efficient login and transaction authentication using IPhones™ and other smart mobile communication devices
US9092609B2 (en) 2011-07-08 2015-07-28 International Business Machines Corporation Authenticating a rich client from within an existing browser session
US8756665B2 (en) 2011-07-08 2014-06-17 International Business Machines Corporation Authenticating a rich client from within an existing browser session
JP2013134655A (en) * 2011-12-27 2013-07-08 Ricoh Co Ltd Information processing device, information processing system, and program

Also Published As

Publication number Publication date
JP4667908B2 (en) 2011-04-13

Similar Documents

Publication Publication Date Title
US7225464B2 (en) Method for verifying the identity of a user for session authentication purposes during Web navigation
KR100946110B1 (en) Method and system for stepping up to certificate-based authentication without breaking an existing ssl session
US7748609B2 (en) System and method for browser based access to smart cards
TWI400922B (en) Authentication of a principal in a federation
CN101027676B (en) A personal token and a method for controlled authentication
US6615353B1 (en) User authentication method and user authentication system
EP2109955B1 (en) Provisioning of digital identity representations
US20090271847A1 (en) Methods, Apparatuses, and Computer Program Products for Providing a Single Service Sign-On
US7500262B1 (en) Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
US7409710B1 (en) Method and system for dynamically generating a web-based user interface
US9571494B2 (en) Authorization server and client apparatus, server cooperative system, and token management method
JP2008523486A (en) Method and system for securely combining name identifier registration profiles
US8386776B2 (en) Certificate generating/distributing system, certificate generating/distributing method and certificate generating/distributing program
CN102132304B (en) Form filling with digital identities, and automatic password generation
JP4186512B2 (en) Service providing system, device terminal and processing method thereof, authentication device and method, service providing device and method, and program
EP2442528A1 (en) Security model for industrial devices
CN103283204B (en) Methods of access to protected content be licensed
US20080097998A1 (en) Data file access control
JP4856755B2 (en) Customizable sign-on service
RU2342693C2 (en) Method and device for presenting gifts on data transfer network
US20030233483A1 (en) Executing software in a network environment
US8214887B2 (en) Method and system for providing user access to a secure application
US6832366B2 (en) Application generator
US7117243B2 (en) Methods for distributed program execution with file-type association in a client-server network
US7330872B2 (en) Method for distributed program execution with web-based file-type association

Legal Events

Date Code Title Description
RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20071010

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20080128

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20080722

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20101012

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20101210

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20110104

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20110112

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140121

Year of fee payment: 3

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250