JP2013020312A - Authentication system and authentication method - Google Patents

Authentication system and authentication method Download PDF

Info

Publication number
JP2013020312A
JP2013020312A JP2011151336A JP2011151336A JP2013020312A JP 2013020312 A JP2013020312 A JP 2013020312A JP 2011151336 A JP2011151336 A JP 2011151336A JP 2011151336 A JP2011151336 A JP 2011151336A JP 2013020312 A JP2013020312 A JP 2013020312A
Authority
JP
Japan
Prior art keywords
server
authentication
user
client terminal
seeds
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2011151336A
Other languages
Japanese (ja)
Other versions
JP4820928B1 (en
Inventor
Toshifumi Shintani
敏文 新谷
Soichi Saishu
壮一 最首
Original Assignee
Nomura Research Institute Ltd
株式会社野村総合研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nomura Research Institute Ltd, 株式会社野村総合研究所 filed Critical Nomura Research Institute Ltd
Priority to JP2011151336A priority Critical patent/JP4820928B1/en
Application granted granted Critical
Publication of JP4820928B1 publication Critical patent/JP4820928B1/en
Publication of JP2013020312A publication Critical patent/JP2013020312A/en
Application status is Active legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Abstract

An authentication system that enables single sign-on to a plurality of servers and enables simultaneous authentication while ensuring security among the servers and systems.
Each server 100 includes an authentication processing unit 120 that performs an authentication process. A client terminal 300 includes an authentication request unit 311 that transmits an authentication request to each server 100. The authentication processing unit 120 is a server. User information 130 including a hashed password 132 obtained by hashing a password for each user ID using server seeds, and transmitting the server seeds to the client terminal 300 as seeds in response to an authentication request. The unit 311 transmits the hash value hashed using the seed received from the server 100 to the server 100, and the authentication processing unit 120 includes the hash value received from the client terminal 300 and the hashed password 132 related to the target user. Compare and authenticate.
[Selection] Figure 1

Description

  The present invention relates to an authentication technology, and more particularly to a technology effective when applied to an authentication system and an authentication method for performing single sign-on by inputting a single user ID and password for a plurality of servers and the like.

  In recent years, due to the progress of cloud computing services, etc., it is common to perform operations related to information processing by accessing multiple data centers and servers continuously or concurrently from client terminals owned by users. It has become to. In such a system environment, a so-called single sign-on mechanism is applied in order to avoid the complexity of performing user authentication individually on each server, etc., every time access to each server, etc. is started. There is also a case.

  In the single sign-on mechanism, a user performs one-time authentication, thereby enabling access to a plurality of systems and servers that require user authentication without performing individual authentication procedures. As a method for realizing this mechanism, for example, each server or system communicates between servers using the SAML (Security Assertion Markup Language) protocol (Non-Patent Document 1) and is performed by a specific server such as an authentication server. By automatically taking over the authentication result information, a method of eliminating the need for a second authentication procedure by the user at each server or the like is employed.

  However, the single sign-on environment based on such a mechanism is premised on the establishment of a trust relationship that allows authentication information to be taken over and accepted between servers and systems, such as an in-house system on an intranet. Therefore, when each server or system is operated by a different business operator, such a trust relationship may not be established due to a security relationship or the like.

  On the other hand, for example, Japanese Patent Laid-Open No. 2010-86435 (Patent Document 1) describes an example of the following network system. That is, the network system includes a plurality of Web servers, relay servers, and a plurality of user terminals, and the first Web server performs authentication by comparing authentication information from the terminals and authentication information in the storage unit, When authentication is established, the message includes information related to the first user ID included in the authentication information, the first URL to the first Web server, the second URL to the second Web server, and the authentication strength. Is generated and sent to the relay server.

  The relay server acquires the second user ID corresponding to the first user ID from the table for registering the same user information, rewrites the first user ID in the message with the second user ID, Send to Web server. When the second Web server receives the message, the second Web server obtains the second user ID from the message, and when the second user ID is stored in the storage unit, the information related to the received authentication strength and the storage unit The user is re-authenticated based on information related to the authentication strength. As a result, in a network system composed of a plurality of systems that are not in a trust relationship or cooperative relationship with each other, a plurality of applications requiring authentication can be used by inputting authentication information once.

JP 2010-86435 A

"Security Assertion Markup Language (SAML) v2.0", [online], March 15, 2005, OASIS (Organization for the Advancement of Structured Information Standards), [Search April 25, 2011], Internet <URL : http://www.oasis-open.org/standards#samlv2.0>

  As described above, a single sign-on environment can be constructed by using a technique such as that described in Non-Patent Document 1. However, in such an environment, it is necessary that a trust relationship is established between servers and systems. Therefore, for example, in an environment where a trust relationship is not established between servers and systems, for example, inside and outside the company or between different operators, authentication information acquired from an authentication server or the like for authentication processing on the server. It is also conceivable that unauthorized access is made to other servers using the server, and there is a problem in terms of ensuring security between servers and systems.

  On the other hand, if a mechanism such as Patent Document 1 is used, it is possible to construct a single sign-on environment between servers and systems in which a trust relationship is not established. However, in addition to user management at a certain server, the user usually has to manage registration and change of user IDs individually at other servers as well. Moreover, it is necessary to manage the correspondence relationship between user IDs in a plurality of servers, such as the relay server in Patent Document 1, and the management becomes complicated. In addition, in such a form in which authentication is continuously performed between a plurality of servers and systems, when the user needs to access a large number of servers and systems at the same time, the response is reduced. Have

  SUMMARY OF THE INVENTION An object of the present invention is to provide an authentication system and an authentication method that enable single sign-on for a plurality of servers and systems, and that can perform authentication in parallel while ensuring security among the servers and systems. Is to provide. The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in this application, the outline of typical ones will be briefly described as follows.

  An authentication system according to a representative embodiment of the present invention is an authentication system that performs single sign-on to a plurality of servers connected via a network by a single authentication process from a client terminal by a user. It has characteristics.

  That is, each server has an authentication processing unit that performs authentication processing for access to the server, and the client terminal receives a user ID and password from a user when executing or using the function of each server. And an authentication request unit that transmits authentication requests to the servers sequentially or in parallel.

  The authentication processing unit of the server has a server seed which is unique information different for each server and a hash obtained by hashing the user password for each registered user ID using the server seed in a predetermined procedure. User information holding account information including a password, and in response to the authentication request received from the client terminal, the server seed is transmitted to the client terminal as a seed, and the client terminal The authentication request unit transmits a hash value obtained by hashing a password designated by the user in a predetermined procedure using the seeds received from the server, and the authentication processing unit of the server The hash value received from the client terminal and the hash associated with the target user By comparing the reduction passwords to authenticate, it transmits the authentication result to the client terminal.

  The present invention can also be applied to an authentication method for performing single sign-on for a plurality of servers connected via a network by a single authentication process from a client terminal by a user.

  Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.

  According to a typical embodiment of the present invention, single sign-on for a plurality of servers and systems is possible, and authentication processing is performed by performing authentication in parallel while ensuring security between the servers and systems. It is possible to suppress a decrease in response due to.

It is the figure which showed the outline | summary about the structural example of the authentication system which is one embodiment of this invention. It is the figure which showed the outline | summary about the example of the flow of the authentication process in one embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

  An authentication system according to an embodiment of the present invention realizes single sign-on for a plurality of servers and systems (hereinafter simply referred to as “servers”) by a single authentication process from a client terminal by a user. System. At this time, by using a different key (server specific information) for each server, authentication can be performed independently and securely. In addition, it is possible to perform authentication on each server simultaneously, reducing the time required for authentication when there is a need to access many servers in parallel, and suppressing a decrease in response. Is possible.

<System configuration>
Below, the system configuration | structure of the authentication system of this Embodiment is demonstrated. FIG. 1 is a diagram showing an outline of a configuration example of an authentication system according to an embodiment of the present invention. The authentication system 1 has a configuration in which a plurality of servers 100, a master server 200, and client terminals 300 are connected to a network 400.

  The server 100 is a computer system composed of server devices. For example, a web server, an application server, a database server, a file server, a storage system, etc., receives user access from the client terminal 300 after user authentication and provides services. Has the function to provide. The server 100 includes, for example, a business processing unit 110 and an authentication processing unit 120 that are implemented by software programs. The business processing unit 110 executes processing related to a service (business) provided by the server 100, and includes, for example, middleware, application programs, and the like.

  The authentication processing unit 120 performs an authentication process for access to the server 100. The authentication processing unit 120 includes user information 130 including account information for each user as information used when performing authentication processing. The user information 130 is configured by, for example, a database, a file table, or the like. For example, for each registered user ID of the registered user, the user seed 131 as unique information that is different for each user and the password are hashed by a predetermined procedure. Account information such as hashed password 132 is included. In addition, the authentication processing unit 120 has a server seed 140 as unique information that is different for each server.

  In the present embodiment, as will be described later, the authentication processing unit 120 performs authentication processing with the client terminal 300 by a challenge / response method. That is, in response to the authentication request from the user, the server seeds 140, the user seeds 131, and a random number as a challenge are transmitted. Further, the hashed hash value is received as a response from the client terminal 300, and authentication is performed by comparing the received hash value with the hashed password 132 hashed by the random number. . Therefore, the authentication processing unit 120 has a random number generation function and a hash algorithm. In addition, various known techniques and algorithms can be used for these implementations. When security of the communication path between the server 100 and the client terminal 300 is secured, a method other than the challenge / response method may be adopted.

  The master server 200 is a computer system composed of server devices, PCs (Personal Computers), and the like, and generates and provides user seeds 131 and server seeds 140 held in each server 100. Since it is not a so-called authentication server that performs authentication representatively, it does not have a user authentication function. The master server 200 includes, for example, a seed generation unit 210 that is implemented by a software program.

  The seeds generation unit 210 generates seeds based on an instruction from an administrator or the like or a request from each server 100, and provides the seeds as user seeds 131 or server seeds 140 to the target server 100 via the network 400. The seed generation method and the seed format are not particularly limited. For example, a unique character string or binary data having a predetermined length can be generated and used as a seed.

  The client terminal 300 is a computer system constituted by a PC, a portable terminal, and the like, and has a function of accessing the server 100 via the network 400 in order to execute and use a service (business) provided by each server 100. The client terminal 300 has a client application 310 implemented by, for example, a software program. The client application 310 is an application program for executing and using a function (business) provided by each server 100. The client application 310 has an authentication request unit 311 and may use, for example, a program that runs on a Web browser. it can.

  The authentication request unit 311 makes a request for authentication to the server 100 when the client application 310 executes and uses the function of each server 100. For example, an input of a user ID and password is accepted from a user via a login screen, and authentication processing is performed individually or in parallel with the authentication processing unit 120 of each server 100 by a challenge / response method or the like. This realizes the single sign-on function.

  Here, based on the server seeds 140, the user seeds 131, and the random numbers transmitted from the authentication processing unit 120 of the server 100 in response to the transmission of the authentication request, the password designated by the user is hashed according to a predetermined procedure. Is transmitted to the authentication processing unit 120 of the server 100 to perform authentication processing. Accordingly, the authentication request unit 311 has the same hash algorithm as that implemented by the authentication processing unit 120 of the server 100.

  As the network 400, for example, a public communication network such as the Internet, a communication network partially using a general public line such as a WAN (Wide Area Network) and a VPN (Virtual Private Network), a LAN (Local Area Network), and the like are appropriately used. Can be used.

<Authentication process>
Below, the content of the authentication process in the authentication system 1 of this Embodiment is demonstrated. As an initial state for performing the authentication process, it is assumed that each server 100 holds a seed generated by the seed generation unit 210 of the master server 200 as a server seed 140 in advance. Furthermore, initial registration of account information including a user ID, a password, and the like is performed in advance by each user. At this time, as account information, the seeds generated by the seed generation unit 210 of the master server 200 are stored as user seeds 131 for each user ID. Further, the password is stored as a hashed password 132 hashed by a predetermined hash algorithm using the user seeds 131 and the server seeds 140 as seed values.

  By not holding the password directly, the leakage of the password can be prevented. In addition, hashing is performed by using a unique user seed 131 for each user as a seed value, so that, for example, even when the same password is accidentally specified by a plurality of users, the hash value may be different for each user. it can.

  FIG. 2 is a diagram showing an overview of an example of the flow of authentication processing in the present embodiment. First, the user requests authentication (login) via the authentication request unit 311 of the client terminal 300. At this time, for example, user ID and password information are specified via a login screen or the like. The authentication request unit 311 transmits an authentication request including the designated user ID to the server 100 (S01).

  Upon receiving the user ID, the authentication processing unit 120 of the server 100 generates a random number as a challenge in the challenge / response method, acquires seeds, and transmits them to the client terminal 300 (S02). Here, in addition to the random number, the server seed 140 and the user seed 131 corresponding to the user ID held in the user information 130 are acquired.

  The server seed 140, the user seed 131, and the authentication request unit 311 of the client terminal 300 that has received the random number hash the password specified in step S01 with a predetermined hash algorithm (S03). Further, the hash value obtained in step S03 is hashed using the user seeds 131 as a seed value (S04). Furthermore, the hash value obtained in step S04 is hashed using the server seeds 140 as a seed value (S05). Further, the hash value obtained in step S05 is made one-time by hashing using a random number as a seed value, and the obtained hash value is transmitted to the server 100 (S06).

  Note that the series of hashing procedures in steps S03 to S05 described above is merely an example, and other procedures that can obtain equivalent results are naturally possible. However, the password is hashed in advance during user registration. It is necessary to use the same procedure as the hashing process when the hashed password 132 is acquired. Further, for example, when an instruction to update the password is received from the server 100 in step S02, the password (and hash) is executed before executing step S03 as necessary. Update password 132) may be updated.

  Upon receiving the hash value, the authentication processing unit 120 of the server 100 acquires the hashed password 132 corresponding to the target user ID from the user information 130 (S07), and the random number generated in step S02 is the acquired hashed password 132. Is hashed as a seed value (S08). Thereafter, authentication processing is performed by comparing the obtained hash value with the hash value received from the client terminal 300 in step S07, and the authentication result is transmitted to the client terminal 300 (S09). That is, if the two match as a result of the comparison, the authentication is established, and if the two do not match, the authentication is not established. At this time, for example, information related to the location of the transmission source such as the IP address is acquired from the request message from the client terminal 300, and other conditions such as whether or not the information is within a predetermined range are successful or unsuccessful. It may be added to the judgment.

  The authentication request unit 311 of the client terminal 300 receives the authentication result (S10), and then automatically performs the above-described series of processes sequentially for the other servers 100 as necessary, and authenticates each server 100. Process. Since the authentication processing in each server 100 is independent, the above-described series of processing can be performed simultaneously on a plurality of necessary servers 100 in parallel. The necessary information on the server 100 can be grasped by, for example, holding a setting file including a list of servers 100 on the client terminal 300.

  With the above processing, the user can perform authentication processing for each necessary server 100 only by specifying the user ID and password once.

  Even if the administrator of a certain server 100 obtains account information such as the user's seeds 131 and the hashed password 132 of the target user from his / her user information 130 by taking the above-described method, This information cannot be used to authenticate other servers 100 by impersonation, and security between the servers 100 is ensured.

  This is because the value of the user's hashed password 132 in a certain server 100 is hashed by its own server seeds 140, and the user's hashed password 132 in the other server 100 is stored in the other server 100. This is because the value is different because it is hashed by 100 server seeds 140. Therefore, even if both are hashed using the same random number as a seed value, the same hash value is not obtained, and authentication is not established in step S09 in FIG. Further, even if the server seeds 140 of the other server 100 are acquired by some means, a hash value having the same value as the hashed password 132 in the other server 100 is generated unless the password of the target user is known. It is not possible.

  As described above, according to the authentication system 1 according to an embodiment of the present invention, single sign-on for a plurality of servers 100 can be realized by a single authentication process from the client terminal 300 by the user. At this time, by performing authentication using unique information (server seeds 140) different for each server 100, it is possible to independently and securely access each server 100. In addition, it is possible to perform authentication in each server 100 in parallel and reduce the time required for authentication in cases where it is necessary to access a large number of servers in parallel to suppress a decrease in response. Is possible.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.

  INDUSTRIAL APPLICABILITY The present invention can be used for an authentication system and an authentication method that perform single sign-on by inputting a single user ID and password for a plurality of servers and the like.

1 ... Authentication system,
DESCRIPTION OF SYMBOLS 100 ... Server, 110 ... Business processing part, 120 ... Authentication processing part, 130 ... User information, 131 ... User seed, 132 ... Hash password, 140 ... Server seed,
200: Master server, 210: Seeds generation unit,
300 ... Client terminal, 310 ... Client application, 311 ... Authentication request unit,
400: Network.

Claims (5)

  1. An authentication system that performs single sign-on to a plurality of servers connected via a network by a single authentication process from a client terminal by a user,
    Each of the servers has an authentication processing unit that performs an authentication process for access to the server,
    The client terminal has an authentication request unit that receives a user ID and password designation from a user and sequentially or concurrently sends authentication requests to the servers when executing or using the functions of the servers. And
    The authentication processing unit of the server has a server seed which is unique information different for each server and a hash obtained by hashing the user password for each registered user ID using the server seed in a predetermined procedure. User information holding account information including a password, and in response to the authentication request received from the client terminal, the server seed as a seed is transmitted to the client terminal,
    The authentication request unit of the client terminal transmits a hash value obtained by hashing a password designated by the user in a predetermined procedure using the seeds received from the server to the server,
    The authentication processing unit of the server performs authentication by comparing the hash value received from the client terminal with the hashed password relating to the target user, and transmits an authentication result to the client terminal. A featured authentication system.
  2. The authentication system according to claim 1,
    The authentication processing unit of the server further includes, as the account information for each user held in the user information, user seeds that are unique information different for each user, and the user password is stored in the server A hashed password that has been hashed in a predetermined procedure using the seeds and the user seeds, and in response to the authentication request received from the client terminal, the server seeds and the target user as the seeds The authentication system according to claim 1, wherein the user seeds are transmitted to the client terminal.
  3. The authentication system according to claim 1 or 2,
    The authentication processing unit of the server transmits the seeds and the generated random number to the client terminal in response to the authentication request received from the client terminal,
    The authentication request unit of the client terminal hashes the password specified by the user using a predetermined procedure using the seeds received from the server, and further hashes using the random number received from the server Sending a hash value to the server;
    The authentication processing unit of the server performs authentication by comparing the hash value received from the client terminal with a value obtained by hashing the hashed password related to the target user using the random number. A featured authentication system.
  4. In the authentication system according to any one of claims 1 to 3,
    The authentication system further comprises a master server connected to the network and generating and providing a seed value as the seed for each server based on a request from each server.
  5. An authentication method for performing single sign-on to a plurality of servers connected via a network by a single authentication process from a client terminal by a user,
    Each server includes server seeds that are unique information different for each server, user seeds that are unique information different for each user for each registered user ID, and a password for the user. Having account information including a hashed password hashed in a predetermined procedure using the user seeds,
    A first step of transmitting an authentication request including a user ID designated by the user to the server when the client terminal executes or uses the function of each server;
    A second step in which the server receiving the authentication request transmits the server seed and the user seed related to the target user and the generated random number to the client terminal;
    The client terminal hashes a password designated by the user in a predetermined procedure using the server seeds and the user seeds received from the server, and further hashes a hash value hashed by using the random numbers. A third step of sending to
    The server that has received the hash value performs authentication by comparing the hash value with a value obtained by hashing the hashed password associated with the target user using the random number, and the authentication result is the client terminal. And a fourth step of transmitting to
    An authentication method, wherein the first to fourth steps are executed sequentially or in parallel on the servers.
JP2011151336A 2011-07-08 2011-07-08 Authentication system and authentication method Active JP4820928B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2011151336A JP4820928B1 (en) 2011-07-08 2011-07-08 Authentication system and authentication method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011151336A JP4820928B1 (en) 2011-07-08 2011-07-08 Authentication system and authentication method
PCT/JP2011/080040 WO2013008352A1 (en) 2011-07-08 2011-12-26 Authentication system and authentication method

Publications (2)

Publication Number Publication Date
JP4820928B1 JP4820928B1 (en) 2011-11-24
JP2013020312A true JP2013020312A (en) 2013-01-31

Family

ID=45327076

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2011151336A Active JP4820928B1 (en) 2011-07-08 2011-07-08 Authentication system and authentication method

Country Status (2)

Country Link
JP (1) JP4820928B1 (en)
WO (1) WO2013008352A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014150064A1 (en) * 2013-03-15 2014-09-25 Google Inc. Privacy preserving knowledge/factor possession tests for persistent authentication
KR101680260B1 (en) 2015-12-14 2016-11-29 주식회사 코인플러그 Certificate issuance system and method based on block chain
KR101723405B1 (en) * 2016-07-04 2017-04-06 주식회사 코인플러그 Certificate authentication system and method based on block chain
WO2017171165A1 (en) * 2015-12-14 2017-10-05 (주)코인플러그 System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014035610A (en) * 2012-08-08 2014-02-24 Hitachi Ltd Authentication system and authentication method
JP2014068140A (en) 2012-09-25 2014-04-17 Sony Corp Information processor, information processing method and program
JP6111186B2 (en) * 2013-12-03 2017-04-05 日本電信電話株式会社 Distributed information linkage system and data operation method and program thereof
WO2017104674A1 (en) * 2014-12-22 2017-06-22 日本電産株式会社 Motor module and motor authentication method

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH11282982A (en) * 1998-03-31 1999-10-15 Oki Electric Ind Co Ltd User card, communication terminal equipment, communication server, communication system and user authentication method for communication system
US20010037332A1 (en) * 2000-04-27 2001-11-01 Todd Miller Method and system for retrieving search results from multiple disparate databases
JP2002324049A (en) * 2001-04-25 2002-11-08 Nippon Telegr & Teleph Corp <Ntt> Access control method and system
JP2003132022A (en) * 2001-10-22 2003-05-09 Nec Corp User authentication system and method
JP2005209118A (en) * 2004-01-26 2005-08-04 Nippon Telegr & Teleph Corp <Ntt> Information distributed storage system, overall authentication server device used therefor, authentication server device, distributed storage server device, and information distributed storage method
JP4992332B2 (en) * 2006-08-03 2012-08-08 富士通株式会社 Login management method and server

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014150064A1 (en) * 2013-03-15 2014-09-25 Google Inc. Privacy preserving knowledge/factor possession tests for persistent authentication
US8949960B2 (en) 2013-03-15 2015-02-03 Google Inc. Privacy preserving knowledge and factor possession tests for persistent authentication
CN105210071A (en) * 2013-03-15 2015-12-30 谷歌公司 Privacy preserving knowledge/factor possession tests for persistent authentication
KR101680260B1 (en) 2015-12-14 2016-11-29 주식회사 코인플러그 Certificate issuance system and method based on block chain
WO2017171165A1 (en) * 2015-12-14 2017-10-05 (주)코인플러그 System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same
US10164779B2 (en) 2015-12-14 2018-12-25 Coinplug, Inc. System for issuing public certificate on basis of block chain, and method for issuing public certificate on basis of block chain by using same
KR101723405B1 (en) * 2016-07-04 2017-04-06 주식회사 코인플러그 Certificate authentication system and method based on block chain
WO2018008800A1 (en) * 2016-07-04 2018-01-11 (주)코인플러그 Accredited certificate authentication system based on blockchain, and accredited certificate authentication method based on blockchain, using same

Also Published As

Publication number Publication date
JP4820928B1 (en) 2011-11-24
WO2013008352A1 (en) 2013-01-17

Similar Documents

Publication Publication Date Title
US10200357B2 (en) Mobile single-sign-on authentication using browser as intermediary
CN101449257B (en) Policy driven, credential delegation for single sign on and secure access to network resources
US9699168B2 (en) Method and system for authenticating a rich client to a web or cloud application
JP2011522327A (en) Authentication limited to trusted equipment
CA2689847C (en) Network transaction verification and authentication
CN100544361C (en) Method and device for managing session identifiers
RU2576479C2 (en) Method and system for visiting third party application via cloud platform
US20100042834A1 (en) Systems and methods for provisioning network devices
JP2015537269A (en) LDAP-based multi-tenant in-cloud identity management system
JP4647200B2 (en) Secure handling of client credentials used for web-based access to resources
US20090013063A1 (en) Method for enabling internet access to information hosted on csd
US9413750B2 (en) Facilitating single sign-on (SSO) across multiple browser instance
US20140075513A1 (en) Device token protocol for authorization and persistent authentication shared across applications
US8132242B1 (en) Automated authentication of software applications using a limited-use token
US8448238B1 (en) Network security as a service using virtual secure channels
CN102112979B (en) Secure resource name resolution
US8850219B2 (en) Secure communications
DE112012003731T5 (en) Method and apparatus for key sharing in conjunction with the Remote Desktop Protocol
CA2775206C (en) System and method of handling requests in a multi-homed reverse proxy
EP2705642B1 (en) System and method for providing access credentials
US8782757B2 (en) Session sharing in secure web service conversations
JP2007219935A (en) Distributed authentication system and distributed authentication method
US9660974B2 (en) Fingerprint based authentication for single sign on
WO2011057057A1 (en) System and method for secure access of a remote system
US20090089870A1 (en) System and method for validating interactions in an identity metasystem

Legal Events

Date Code Title Description
TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20110905

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20140909

Year of fee payment: 3

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250