JP4390429B2 - Single sign-on system, program thereof and method thereof - Google Patents

Single sign-on system, program thereof and method thereof Download PDF

Info

Publication number
JP4390429B2
JP4390429B2 JP2002131409A JP2002131409A JP4390429B2 JP 4390429 B2 JP4390429 B2 JP 4390429B2 JP 2002131409 A JP2002131409 A JP 2002131409A JP 2002131409 A JP2002131409 A JP 2002131409A JP 4390429 B2 JP4390429 B2 JP 4390429B2
Authority
JP
Japan
Prior art keywords
user computer
server
user
customer code
authentication data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2002131409A
Other languages
Japanese (ja)
Other versions
JP2003323409A (en
Inventor
美穂 山▲崎▼
岳夫 荒木
Original Assignee
セイコーエプソン株式会社
株式会社オージス総研
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by セイコーエプソン株式会社, 株式会社オージス総研 filed Critical セイコーエプソン株式会社
Priority to JP2002131409A priority Critical patent/JP4390429B2/en
Publication of JP2003323409A publication Critical patent/JP2003323409A/en
Application granted granted Critical
Publication of JP4390429B2 publication Critical patent/JP4390429B2/en
Application status is Expired - Fee Related legal-status Critical
Anticipated expiration legal-status Critical

Links

Images

Description

[0001]
BACKGROUND OF THE INVENTION
The present invention relates to a single sign-on system, a program thereof, and a method thereof.
[0002]
[Prior art]
Conventionally, when a user accesses one website after accessing another website, information necessary for authentication such as a user ID and a password is transmitted as authentication data each time each website is accessed, and authentication is confirmed. The user is requested to log in. However, since it is cumbersome for the user to perform login work every time each website is accessed, a single sign-on system that allows access to other websites simply by receiving authentication on one website. Has been developed.
[0003]
For example, the following system can be considered as a single sign-on system. That is, when multiple websites authenticate and confirm with a common authentication data for one user, the user can send authentication data to a server that operates one website, and the server can confirm the authentication. At that time, a cookie including the ID number assigned to the user's computer is transmitted, and the user's computer stores the cookie in a predetermined folder. The ID and authentication data included in this cookie are stored on the server side as a database. Thereafter, when the same user requests access to another website, the previous cookie is also transmitted to the website. Then, the server operating the website determines the authentication data corresponding to the ID included in the cookie from the above-mentioned database and performs authentication confirmation. As a result, the user can access a plurality of websites by one login operation.
[0004]
[Problems to be solved by the invention]
However, in the single sign-on system described above, since one authentication data corresponds to each ID included in the cookie, a plurality of websites authenticate and confirm with a common authentication data for one user. In some cases, single sign-on can be realized, but a single sign-on system cannot be adopted when a plurality of websites authenticate and confirm one user with different authentication data.
[0005]
The present invention has been made in view of such problems, and a single sign-on system capable of realizing single sign-on even when each website authenticates and confirms with different authentication data for one user, and One of the purposes is to provide such a method. Another object is to provide a program for realizing such single sign-on.
[0006]
[Means for solving the problems and their functions and effects]
In order to achieve the above object, a first aspect of the present invention is a single sign-on system that allows a user to access another website only by authenticating at one of a plurality of websites. ,
A first server that operates the first website and allows access to the first website after authentication confirmation by the first authentication data;
A second server that operates the second website and permits access to the second website after authentication confirmation by the second authentication data;
Data storage means for associating and storing the individual customer code assigned to each user and the first authentication data or the second authentication data;
With
The first server and the second server are:
If the personal customer code is not stored in the user's computer when the user's computer requests access to the user's website, the user's computer is requested for data for authentication, and thereafter After confirming the authentication with the authentication data received from the user's computer, the user's computer is allowed to access the website, and the personal customer code associated with the authentication data is read from the data storage means. Sending to the user's computer in a form that the user's computer can save;
When the personal customer code is stored in the user's computer when the user's computer requests access to the user's website, the user's computer does not request the authentication data. Allow access to website
Is.
[0007]
In this single sign-on system, the first server and the second server are already connected to the first server when the personal customer code is stored on the user's computer when the user's computer requests access to his / her website. This means that the authentication has been confirmed by either the first server or the second server, and access to the user's computer's own website is permitted without requesting the user's own authentication data. That is, whether or not the personal customer code is stored in the user's computer, rather than determining whether or not to permit access based on the authentication data corresponding to the personal customer code stored in the user's computer. Therefore, it is possible to perform single sign-on even if the first authentication data and the second authentication data are different. Therefore, single sign-on can be realized even when each website verifies authentication with different authentication data for one user. Although the first and second websites are different websites, the first and second servers may be different servers or the same server (the same applies hereinafter). The data storage means for storing the personal customer code and the first authentication data in association with each other and the data storage means for storing the personal customer code and the second authentication data in association with each other are the same data storage means. There may be different data storage means (the same applies hereinafter).
[0008]
In the first single sign-on system of the present invention, the individual customer code may be a code meaningless to a third party other than the single sign-on system. In this way, information about the user is protected even if the personal customer code is leaked.
[0009]
In the first single sign-on system of the present invention, the individual customer code may be transmitted to the user's computer in a format that can be stored in a memory instead of a disk of the user's computer. In this way, the personal customer code is stored in a memory such as a RAM instead of a disk such as a hard disk, which is effective in preventing so-called “spoofing” (an act in which a person other than the user having the personal customer code impersonates the user). Is.
[0010]
In the first single sign-on system of the present invention, the individual customer code may be valid only during a session. By doing so, the personal customer code is effective only while the connection between the user's computer and the first server or the second server is maintained, and is effective in preventing so-called “spoofing”.
[0011]
In the first single sign-on system of the present invention, the personal customer code may be transmitted to the user's computer in a format that can be stored by the user's computer and has an expiration date. In this way, the first server and the second server allow access when the personal customer code within the expiration date is stored in the user's computer, and immediately access when the expired personal customer code is stored. Since it cannot be allowed, it is effective in preventing so-called “spoofing”. The personal customer code may be transmitted to the user's computer in a format that can be saved by the user's computer and set an expiration date. In this way, whether or not to set an expiration date is optional, and when the expiration date is set, the above-described effects are achieved.
[0012]
In the first single sign-on system of the present invention, the first server and the second server may use cookies as a format that can be stored by the user's computer. In this way, this system can be realized relatively easily.
[0013]
In the first single sign-on system of the present invention, the first server and the second server encrypt the personal customer code when transmitting the personal customer code to the user's computer, and the user's computer. When the personal customer code is acquired from the computer of the user, the encrypted personal customer code may be acquired and then decrypted. In this way, since the personal customer code is transmitted and received in an encrypted state, even if it leaks, the confidentiality is high.
[0014]
The second of the present invention is a single sign-on program for causing one or more computers to function as the first server and the second server in the first single sign-on system of the present invention. If this program is executed by one or a plurality of computers, single sign-on can be performed even if each website authenticates with different authentication data for one user, as in the first aspect of the present invention. Can be realized. The single sign-on program may be recorded on a computer-readable recording medium (for example, hard disk, ROM, FD, CD, DVD, etc.) or via a transmission medium (communication network such as the Internet or LAN). It may be distributed in any other way, or may be exchanged in any other form.
[0015]
A third aspect of the present invention is a single sign-on method that allows a user to access another website only by authenticating at one of a plurality of websites,
A first server that operates the first website and allows access to the first website after authentication confirmation by the first authentication data;
A second server that operates the second website and permits access to the second website after authentication confirmation by the second authentication data;
Data storage means for associating and storing the individual customer code assigned to each user and the first authentication data or the second authentication data;
Using a system with
The first server and the second server are:
If the personal customer code is not stored in the user's computer when the user's computer requests access to the user's website, the user's computer is requested for data for authentication, and thereafter After confirming the authentication with the authentication data received from the user's computer, the user's computer is allowed to access the website, and the personal customer code associated with the authentication data is read from the data storage means. Sending to the user's computer in a form that the user's computer can save;
When the personal customer code is stored in the user's computer when the user's computer requests access to the user's website, the user's computer does not request the authentication data. Allow access to website
Is.
[0016]
According to this single sign-on method, similar to the first aspect of the present invention, single sign-on can be realized even when each website authenticates and confirms with different authentication data for one user. .
[0017]
In this single sign-on method, the personal customer code may be a meaningless code for a third party other than the single sign-on system. In this way, even if the personal customer code is leaked, information about the user is protected. The The personal customer code may be transmitted to the user's computer in a format that can be stored in a memory instead of the user's computer disk. In this way, the personal customer code is not a disk such as a hard disk but a RAM or the like. This is effective for preventing so-called “spoofing”. Furthermore, the personal customer code may be valid only during a session, and the personal customer code is valid only while the connection between the user's computer and the first server or the second server is maintained, so-called It is effective in preventing “spoofing”. Furthermore, the personal customer code may be transmitted to the user's computer in a form that can be stored by the user's computer and with an expiration date, so that the first server and the second server are the user's computer. If an individual customer code within the expiration date is stored, access is allowed as it is, and when an expired personal customer code is stored, access is not allowed immediately, which is effective in preventing so-called “spoofing” Is. In addition, the first server and the second server may use cookies as a format that can be stored by the user's computer, and this system can be realized relatively easily. Further, when the first server and the second server transmit the personal customer code to the user's computer, the first server and the second server encrypt and transmit the personal customer code to the user's computer. When the personal customer code is acquired, the encrypted personal customer code may be acquired and then decrypted. In this case, the personal customer code is transmitted and received in an encrypted state. Even if it does, confidentiality is high.
[0018]
DETAILED DESCRIPTION OF THE INVENTION
Next, embodiments of the present invention will be described with reference to the drawings. FIG. 1 is an explanatory diagram showing a schematic configuration of a single sign-on system 10 of the present embodiment.
[0019]
The single sign-on system 10 includes a first web server 12, a second web server 14, and a storage device 16 that stores an authentication DB (DB is an abbreviation for database, the same applies hereinafter). The first web server 12, the second web server 14, and the storage device 16 are connected in a communicable state via an intranet 17, and the first web server 12 and the second web server 14 are connected to a user computer via the Internet 18. 40 is connected in a state where communication is possible. Although there are many user computers 40 that can be connected to the Internet, in the present embodiment, for the sake of convenience, a specific one user computer 40 will be described.
[0020]
The first web server 12 is a server that operates the first website and allows the user computer 40 to access the first website after authentication confirmation using the first authentication data received from the user computer 40. Here, as shown in FIG. 2, it is assumed that the user ID and the password, which are the first authentication data when logging in to the first website, are “XXX” and “□□□”, respectively.
[0021]
The second web server 14 is a server that operates the second website and allows the user computer 40 to access the second website after the authentication confirmation by the second authentication data received from the user computer 40. Here, as shown in FIG. 2, it is assumed that the user ID and the password, which are the second authentication data when logging in to the second website, are “ΔΔΔ” and “▽▽▽”, respectively.
[0022]
The storage device 16 stores an authentication DB. As shown in FIG. 2, the authentication DB includes a personal customer code assigned to each user who uses the user computer 40, first authentication data necessary for logging in to the first website, 2 is associated with the second authentication data required when logging in to the website. This authentication DB also stores personal information such as the user's name, address, telephone number, and e-mail address in a format associated with the personal customer code. The personal customer code is automatically issued by the first web server 12 or the second web server 14 when the user sets the user ID and password on the first website or the second website via the user computer 40. This code is meaningless to a third party unless the authentication DB is referred to.
[0023]
The user computer 40 is a well-known general-purpose personal computer. The user computer 40 transmits and receives requests to and from the first web server 12 and the second web server 14 via the Internet using an installed web browser, and receives the first web site or the second web Browse the web page of the site.
[0024]
Next, the operation of the single sign-on system 10 will be described with reference to FIG. FIG. 3 is a flowchart of a request response process executed by the first web server 12 and the second web server 14. The request response program is installed in the HDDs of the first web server 12 and the second web server 14 or stored in an application server (not shown), and is provided to each of the servers 12 and 14 as necessary. The operation of the first web server 12 will be described below, but the operation of the second web server 14 is the same.
[0025]
The first web server 12 reads out a request response program at every predetermined timing and executes a request response process. When the request response process is started, the first web server 12 first determines whether or not an access request has been received from the user computer 40 via the Internet 18 (step S100). Then, when the access request is not received, the request response processing is finished as it is, and when the access request is received, it is determined whether or not the authentication of the user computer 40 by the authentication data is already completed during this session. (Step S110). When the authentication is confirmed, a web page corresponding to the access request received at step S100 is transmitted to the user computer 40 (step S230). When the authentication is not confirmed, the user computer 40 is sent to the first website. A related cookie is requested (step S120), and after receiving a response according to the request from the user computer 40, it is determined whether or not the cookie is included in the response (step S130).
[0026]
If the cookie is not included, the first authentication data is requested to the user computer 40 (step S140). That is, a login screen having a user ID input field and a password input field is transmitted to the user computer 40. Thereafter, the first authentication data is received from the user computer 40 (step S150). That is, a login screen in which a user ID and a password are input in each input field is received from the user computer 40. Subsequently, it is determined whether or not the received first authentication data is registered in the authentication DB stored in the storage device 16 (step S160), and if it is not registered, an error message (for example, “input The user ID and password are not correct "is transmitted to the user computer 40 (step S170), and the request response process is terminated. On the other hand, when the received first authentication data is registered in the authentication DB, the personal customer code corresponding to the first authentication data is read from the authentication DB (step S180), and the read personal customer code is valid. Encryption is performed with a time limit and a session ID (step S190). Here, the session ID is a serial number assigned to each session. Next, a cookie including the encrypted personal customer code, expiration date, and session ID is created (step S195), and the cookie is transmitted to the user computer 40 together with the web page corresponding to the access request received in step S100 (step S200). ), The request response process is terminated. Then, the user computer 40 receives this cookie and stores it in a predetermined storage location. The session ID is an ID that is invalidated in the first web server 12 every time the connection with the user computer 40 is disconnected.
[0027]
In step S130, when the data received from the user computer 40 includes a cookie, the encrypted data included in the cookie is decrypted to obtain a personal customer code, an expiration date, and a session ID (step S210). It is determined whether or not the personal customer code is valid (step S220). This determination is made based on the expiration date and session ID included in the decrypted data. Specifically, it is determined that the personal customer code is valid when the session ID is not invalidated within the expiration date, and the personal customer code is invalid otherwise. When the personal customer code is not valid, the processing from step S140 described above is performed. On the other hand, when the personal customer code is valid, the first authentication data is not requested to the user computer 40, and step S100 is performed. Then, the web page corresponding to the access request received in is transmitted to the user computer 40 (step S230), and the request response process is terminated.
[0028]
Next, a case where the user computer 40 first accesses the first website and accesses the second website during the session with the first web server 12 will be described with reference to FIGS. 3 and 4. FIG. 4 is an explanatory diagram showing exchange of request response signals. When the user computer 40 first accesses the first website, the first web server 12 determines that there is an access request in step S100 in the request response process of FIG. 3, determines that the authentication confirmation is incomplete in step S110, and step S130. In Steps S140 to S160, it is determined that the cookie cannot be acquired from the user computer 40. In Steps S140 to S160, request transmission / response reception of the first authentication data and authentication confirmation based on the received first authentication data are performed. The personal customer code associated with the first authentication data is encrypted with an expiration date and a session ID, and a cookie is created. The cookie is transmitted to the user computer 40 together with the web page. Thereafter, each time the user computer 40 makes an access request for various web pages to the first website during the session, the first web server 12 determines that there is an access request in step S100, and determines that the authentication has been confirmed in step S110. In step S230, the web page is transmitted to the user computer 40.
[0029]
Thereafter, when the user computer 40 accesses the second website during the session with the first web server 12, the second web server 14 determines that there is an access request in step S100 in the request response process of FIG. 3, and step S110. In step S130, a cookie (a cookie sent by the first web server 12 to the user computer 40) is determined from the user computer 40 in step S130. In step S220, the personal customer code included in the cookie is determined to be valid, and the web page is transmitted to the user computer 40 in step S230. That is, the second web server 14 allows access to the user computer 40 without performing authentication confirmation, and single sign-on is realized.
[0030]
According to the embodiment described in detail above, the first web server 12 and the second web server 14 determine whether or not to permit access depending on whether or not a valid personal customer code is stored in the user computer 40. Therefore, single sign-on is possible even if the first authentication data and the second authentication data are different. Therefore, single sign-on can be realized even when each website verifies authentication with different authentication data for one user.
[0031]
Moreover, since the personal customer code is transmitted and received in an encrypted state, it is highly confidential even if it is leaked, and is meaningless for a third party other than the single sign-on system 10 or its user. Therefore, even if the code is decrypted, information about the user (such as personal information) will not be leaked.
[0032]
Furthermore, (1) the personal customer code is valid only during the session, (2) the personal customer code is transmitted to the user computer 40 in a format with an expiration date, and the expired personal customer code is stored. Since the first web server 12 and the second web server 14 do not permit access immediately, this is effective in preventing so-called “spoofing”.
[0033]
The present invention is not limited to the above-described embodiment, and it goes without saying that the present invention can be implemented in various modes as long as it belongs to the technical scope of the present invention.
[0034]
For example, in the above-described embodiment, the personal customer code may be transmitted to the user computer 40 in a format that can be stored in the RAM instead of the disk of the user computer 40. By doing so, it becomes effective by preventing so-called “spoofing”.
[0035]
In FIG. 4 of the above-described embodiment, the user computer 40 can access the second website by single sign-on even if the second authentication data is not set. In such a case, the second web server 14 may automatically set the second authentication data of the user computer 40, that is, the user ID and password, and send it to the user computer 40. Note that the authentication method of the first or second website need not be limited to the input of the user ID and password.
[0036]
Further, in the above-described embodiment, instead of transmitting / receiving the personal customer code as a cookie, a temporary ID valid only during the session may be assigned to the personal customer code, and the temporary ID may be transmitted / received as a cookie. The personal customer code is a code that is given to each user and is a code that is continuously used. Therefore, although it is a meaningless code for a third party, it should be kept as secret as possible. On the other hand, since the temporary ID is valid only during the session, even if it is leaked, it is almost impossible to perform impersonation such as “spoofing” using the temporary ID.
[0037]
Furthermore, in the above-described embodiment, the first and second websites are different websites, and the first and second web servers 12 and 14 are different web servers, but one web server is the first. And the second website may be operated.
[0038]
In the above-described embodiment, the user may determine whether or not to give an expiration date to the cookie, and the session ID may be attached as necessary instead of being essential. Further, a plurality of storage devices 16 may be provided instead of one.
[Brief description of the drawings]
FIG. 1 is an explanatory diagram showing a schematic configuration of a single sign-on system according to an embodiment.
FIG. 2 is an explanatory diagram of an authentication DB.
FIG. 3 is a flowchart of a request response process executed by a first web server and a second web server.
FIG. 4 is an explanatory diagram showing exchange of request response signals.
[Explanation of symbols]
DESCRIPTION OF SYMBOLS 10 ... Single sign-on system, 12 ... 1st web server, 14 ... 2nd web server, 16 ... Memory | storage device, 17 ... Intranet, 18 ... Internet, 40 ... User computer.

Claims (1)

  1. A single sign-on system that allows a user to access other websites of the user simply by authenticating at one of a plurality of websites,
    The data storage means, the first server, and the second server are connected to each other via an intranet, and a user computer used by the user is connected to the first server and the second server via the Internet,
    The data storage means is a means for storing the personal customer code assigned to each user in association with the first authentication data or the second authentication data ,
    The first server is
    When the access request to the first website is received from the user computer via the Internet, the user who has already used the first authentication data by the first server during the current session with the user computer Determine whether the computer has been verified,
    If authentication of the user computer has been completed, a web page corresponding to the access request is transmitted to the user computer via the Internet,
    If authentication of the user computer has not been completed, a session associated with the user computer via the Internet, which is a cookie associated with the first website, which is a personal customer code, an expiration date, and the second server Requesting a cookie containing an ID (an ID assigned to each session by the second server and invalidated by the second server when the connection between the second server and the user computer is disconnected); After receiving a response from the user computer via the Internet, determining whether the cookie is included in the response;
    If the cookie is not included in the response, a screen requesting input of the first authentication data is transmitted to the user computer via the Internet, and the user computer transmits the screen via the Internet. A screen on which one authentication data is input is received, it is determined whether or not the received first authentication data is stored in the data storage means, and if it is not stored, an error message is sent to the user computer. If the data is stored and stored, the personal customer code corresponding to the first authentication data is read from the storage means, and a new expiration date and a new session ID ( The first server and the user computer are attached to each session by the first server. ID is invalidated by the first server when the connection with the server is disconnected, and a cookie including the encrypted personal customer code, expiration date and session ID is created, and the created cookie is Send to the user computer along with the web page in response to the access request via the Internet;
    If the response includes a cookie, the encrypted data included in the cookie is decrypted to obtain a personal customer code, an expiration date, and a session ID given by the second server. It is determined whether it is valid or not by satisfying the condition that the session ID given by the second server is not invalidated within the validity period, and when the personal customer code is valid, the access request A web page corresponding to the user ID is transmitted to the user computer, and when the personal customer code is not valid, a screen requesting input of the first authentication data is transmitted to the user computer via the Internet, and the user computer If a screen on which one authentication data is input is received, the first authentication data is If not stored, an error message is transmitted to the user computer, and if stored, corresponds to the first authentication data. The personal customer code to be read is read from the data storage means, and the read individual customer code is encrypted with a new expiration date and a new session ID, and a cookie including the encrypted individual customer code, the expiration date and the session ID is created. And transmitting the created cookie and the web page in response to the access request to the user computer via the Internet,
    The second server is
    When the access request to the second website is received from the user computer via the Internet, the user who has already used the second authentication data by the second server during the current session with the user computer Determine whether the computer has been verified,
    If authentication of the user computer has been completed, a web page corresponding to the access request is transmitted to the user computer via the Internet,
    If authentication of the user computer has not been completed, it is a cookie associated with the second website via the Internet to the user computer, and includes a personal customer code, an expiration date, and a session attached by the first server Requesting a cookie containing an ID (an ID assigned to each session by the second server and invalidated by the second server when the connection between the second server and the user computer is disconnected); After receiving a response from the user computer via the Internet, determining whether the cookie is included in the response;
    If the cookie is not included in the response, a screen requesting input of the second authentication data is transmitted to the user computer via the Internet, and the user computer transmits the screen via the Internet. 2) A screen on which authentication data is input is received, it is determined whether or not the received second authentication data is stored in the data storage means, and if it is not stored, an error message is sent to the user computer. If the data is stored and stored, the personal customer code corresponding to the second authentication data is read from the storage means, and a new expiration date and a new session ID ( Added to each session by the second server, and the second server and the user computer. ID is invalidated by the second server when the connection with the server is disconnected), and a cookie including the encrypted personal customer code, expiration date and session ID is created, and the created cookie is Send to the user computer along with the web page in response to the access request via the Internet;
    If a cookie is included in the response, the encrypted data included in the cookie is decrypted to obtain a personal customer code, an expiration date, and a session ID given by the first server. It is determined whether it is valid or not by satisfying the condition that the session ID given by the first server is not invalidated within the validity period, and when the personal customer code is valid, the access request A web page corresponding to the request is transmitted to the user computer, and if the personal customer code is not valid, a screen requesting input of second authentication data is transmitted to the user computer via the Internet, and the user computer 2 If the screen on which the authentication data is input is received, the second authentication data is If it is not stored, an error message is transmitted to the user computer via the Internet, and if it is stored, it corresponds to the second authentication data. The personal customer code to be read is read from the data storage means, and the read individual customer code is encrypted with a new expiration date and a new session ID, and a cookie including the encrypted individual customer code, the expiration date and the session ID is created. And transmitting the created cookie and the web page in response to the access request to the user computer via the Internet.
    Single sign-on system.
JP2002131409A 2002-05-07 2002-05-07 Single sign-on system, program thereof and method thereof Expired - Fee Related JP4390429B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2002131409A JP4390429B2 (en) 2002-05-07 2002-05-07 Single sign-on system, program thereof and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2002131409A JP4390429B2 (en) 2002-05-07 2002-05-07 Single sign-on system, program thereof and method thereof

Publications (2)

Publication Number Publication Date
JP2003323409A JP2003323409A (en) 2003-11-14
JP4390429B2 true JP4390429B2 (en) 2009-12-24

Family

ID=29544052

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2002131409A Expired - Fee Related JP4390429B2 (en) 2002-05-07 2002-05-07 Single sign-on system, program thereof and method thereof

Country Status (1)

Country Link
JP (1) JP4390429B2 (en)

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4652710B2 (en) * 2004-03-29 2011-03-16 チエル株式会社 Single sign-on system for learning
JP5075410B2 (en) * 2004-07-07 2012-11-21 株式会社 アスリート Television receiver and client terminal
JP2006309355A (en) * 2005-04-26 2006-11-09 Matsushita Electric Ind Co Ltd Service system, and operating method for server device of the system
CN101310286B (en) * 2005-11-24 2011-12-14 国际商业机器公司 Improved single sign-on
JP4946564B2 (en) * 2007-03-27 2012-06-06 富士通株式会社 Authentication processing method and system
CN101599951A (en) 2008-06-06 2009-12-09 阿里巴巴集团控股有限公司 Method, device and system for releasing website information
JP4988003B2 (en) 2010-03-29 2012-08-01 シャープ株式会社 MFP, MFP control system, program and recording medium
US9544145B2 (en) 2012-10-29 2017-01-10 Mitsubishi Electric Corporation Device, method, and medium for facility management verification
JP5975910B2 (en) * 2013-03-15 2016-08-23 三菱電機株式会社 Data processing apparatus, data processing method, data processing program, and cooperative business system
WO2015122009A1 (en) * 2014-02-17 2015-08-20 富士通株式会社 Service providing method, service requesting method, information processing device, and client device

Also Published As

Publication number Publication date
JP2003323409A (en) 2003-11-14

Similar Documents

Publication Publication Date Title
US7979899B2 (en) Trusted device-specific authentication
US7409543B1 (en) Method and apparatus for using a third party authentication server
US7703130B2 (en) Secure authentication systems and methods
US7133662B2 (en) Methods and apparatus for restricting access of a user using a cellular telephone
EP1661362B1 (en) Method and system for stepping up to certificate-based authentication without breaking an existing ssl session
US6629246B1 (en) Single sign-on for a network system that includes multiple separately-controlled restricted access resources
EP1766840B1 (en) Graduated authentication in an identity management system
US7484012B2 (en) User enrollment in an e-community
US9485239B2 (en) Implementing single sign-on across a heterogeneous collection of client/server and web-based applications
EP2109955B1 (en) Provisioning of digital identity representations
US7886346B2 (en) Flexible and adjustable authentication in cyberspace
EP2021938B1 (en) Policy driven, credential delegation for single sign on and secure access to network resources
US7113994B1 (en) System and method of proxy authentication in a secured network
US8532620B2 (en) Trusted mobile device based security
CN103067399B (en) Wireless transmit / receive unit
US7702902B2 (en) Method for a web site with a proxy domain name registration to receive a secure socket layer certificate
US7444666B2 (en) Multi-domain authorization and authentication
US7174454B2 (en) System and method for establishing historical usage-based hardware trust
US8627437B2 (en) Method for reading attributes from an ID token
EP2098006B1 (en) Authentication delegation based on re-verification of cryptographic evidence
CA2407482C (en) Security link management in dynamic networks
EP2008398B1 (en) Enhanced security for electronic communications
KR100464755B1 (en) User authentication method using user's e-mail address and hardware information
JP4867663B2 (en) Network communication system
US7562222B2 (en) System and method for authenticating entities to users

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20050426

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20080515

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20080527

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20080724

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20090203

A521 Written amendment

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20090330

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20090915

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20091006

R150 Certificate of patent (=grant) or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (prs date is renewal date of database)

Free format text: PAYMENT UNTIL: 20121016

Year of fee payment: 3

FPAY Renewal fee payment (prs date is renewal date of database)

Free format text: PAYMENT UNTIL: 20121016

Year of fee payment: 3

FPAY Renewal fee payment (prs date is renewal date of database)

Free format text: PAYMENT UNTIL: 20131016

Year of fee payment: 4

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees