WO2009128278A1 - 要求側分散id管理装置、提供側分散id管理装置、分散id管理システムおよび提供側分散id管理方法 - Google Patents
要求側分散id管理装置、提供側分散id管理装置、分散id管理システムおよび提供側分散id管理方法 Download PDFInfo
- Publication number
- WO2009128278A1 WO2009128278A1 PCT/JP2009/001784 JP2009001784W WO2009128278A1 WO 2009128278 A1 WO2009128278 A1 WO 2009128278A1 JP 2009001784 W JP2009001784 W JP 2009001784W WO 2009128278 A1 WO2009128278 A1 WO 2009128278A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- management
- identification information
- server
- service providing
- user
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Definitions
- the present invention relates to a request side distributed ID management device, a provider side distributed ID management device, a distributed ID management system, a request side distributed ID management method, a provider side distributed ID management method, a request side distributed ID management program, and a provider side distributed ID management program.
- a request side distributed ID management device a provider side distributed ID management device, a distributed ID management system, a request side distributed ID management method, a provider side distributed ID management method, a request side distributed ID management program, and a provider side distributed ID management program.
- Non-Patent Document 1 An example of a distributed ID (Identifier) management system is described in Non-Patent Document 1. As shown in FIG. 4, the distributed ID management system described in Non-Patent Document 1 includes an ID management server (IdP-0), a service providing server (SP-1), a service providing server (SP-2), It has.
- IdP-0 an ID management server
- SP-1 service providing server
- SP-2 service providing server
- the distributed ID management system having such a configuration operates as follows.
- the ID management server (IdP-0) and the service providing server (SP-1) associate the ID (Identifier) of the same user (for example, the user u) registered in each server in advance. Keep it.
- the ID management server (IdP-0) and the service providing server (SP-2) associate the IDs of the same user u registered in the respective servers in advance.
- the ID management server manages the ID of the user u in association with each associated service providing server even if the ID is the same user. .
- the user u makes an authentication request to the ID management server (IdP-0) from a user terminal (not shown).
- the ID management server (IdP-0) makes a service request to the service providing server (SP-1).
- the ID management server (IdP-0) sends the user information (987654 @ SP-1) of the user u in the service providing server (SP-1) to the service providing server (SP-1). Send as an authenticated user.
- the ID management server (IdP-0) also sends the user information (123456 @ SP-2) of the user u in the service providing unit (SP-2) to the service providing unit (SP-2). ) As an authenticated user.
- Patent Document 1 solves the problem that different user IDs are set for each system between different systems, and the ID of each user must be used for each system. It is described in.
- Patent Document 1 describes a method for transmitting authentication information as follows.
- the user authentication information transmitting unit 20d included in the computer system 20 of the company A searches the user information storage unit 20c, and extracts and extracts the user authentication information of the company B associated with the first user recognition information of the user 1.
- the second user authentication information is encrypted. Then, it is disclosed that the user authentication information transmitting unit 20d transmits the encrypted second user authentication information together with information necessary for accessing the computer system 30 of the company B through the transmitting / receiving unit 20a. ing.
- Patent Document 1 discloses a method for retrieving authentication information. Specifically, the user authentication means 30b of the second computer system 30 decrypts the second user authentication information received by the transmission / reception means 30a. Then, the user authentication unit 30b performs authentication by searching the user information storage unit 30c based on the decrypted second user authentication information. Note that the reference numerals in this paragraph also correspond to those in FIG.
- Patent Documents 1 and 2 the second problem described in Patent Documents 1 and 2 is that a plurality of ID management units cannot cooperate with each other in cooperation of services between different systems (between systems across domains). It is. The reason is that no consideration is given to the cooperation of services via a plurality of ID management units.
- the present invention has been made in view of the above circumstances, and an object of the present invention is to provide a request-side distributed ID management apparatus that can increase the provision of services to user terminals by mutual cooperation of service providing servers. It is to provide a providing side distributed ID management device and a distributed ID management system.
- a first service providing server belonging to a domain formed by a hierarchical structure a first ID management device holding first server identification information for identifying the first service providing server
- a request-side distributed ID management device functioning as the first ID management device in a distributed ID management system comprising a second ID management device that holds server identification information of a service providing server belonging to a domain different from the domain.
- ID management means for holding first user identification information for identifying a user of the first service providing server in association with the first server identification information; ID request processing means for receiving a management user identification information acquisition request for identifying a user of the second ID management device corresponding to the first user identification information from the first service providing server; Inter-domain cooperation means for acquiring the management user identification information from the second ID management device based on the acquisition request,
- the ID request processing means includes: A request-side distributed ID management apparatus is provided, wherein the management user identification information acquired by the inter-domain cooperation unit is transmitted to the first service providing server.
- a first service providing server belonging to a domain formed by a hierarchical structure a first ID management device holding server identification information for identifying the first service providing server, and the domain
- the second ID management device in a distributed ID management system comprising: a second service providing server belonging to a different domain; and a second ID management device holding server identification information for identifying the second service providing server
- Providing side distributed ID management device functioning as The user identification information of the user associated with the server identification information of the first ID management device is held in association with the management user identification information of the user associated with the server identification information of the own device.
- Server ID management means Server ID request processing means for receiving a request for the management user identification information corresponding to the user identification information associated with the server identification information of the first ID management apparatus from the first ID management apparatus; Prepared,
- the server ID request processing means includes: In response to the received request, the management user identification information held in the server ID management means is read, and the management user identification information is transmitted to the first ID management device.
- a distributed ID management device is provided.
- the first and second service providing servers belonging to different domains formed by a hierarchical structure the first ID management device holding server identification information of the first service providing server
- a distributed ID management system comprising: the second ID management device that holds server identification information of a second service providing server; and a user terminal that is connected to communicate with the first service providing server
- the first ID management device includes: ID management means for holding first user identification information for identifying a user of the first service providing server in association with server identification information of the first service providing server;
- an acquisition request for management user identification information that identifies a user of the second ID management device is sent to the first service.
- ID request processing means received from the providing server; Inter-domain cooperation means for acquiring the management user identification information from the second ID management device based on the acquisition request, The second ID management device The user identification information of the user associated with the server identification information of the first ID management device is held in association with the management user identification information of the user associated with the server identification information of the own device.
- Server ID management means Server ID request processing means for receiving a request for the management user identification information corresponding to the user identification information associated with the server identification information of the first ID management apparatus from the first ID management apparatus; Prepared,
- the server ID request processing means includes: In response to the received request, the management user identification information held in the server ID management means is read, and the management user identification information is transmitted to the first ID management device,
- the server ID request processing means includes: Transmitting the management user identification information acquired by the inter-domain cooperation means to the first service providing server;
- the first service providing server includes: Based on the management user identification information transmitted by the server ID request processing means, the second ID management device is requested for second user identification information for identifying a user of the second service providing server. Then, a distributed ID management system is provided, wherein the service is requested from the second service providing server by the second user identification information.
- a first service providing server belonging to a domain formed by a hierarchical structure a first ID management device holding first server identification information for identifying the first service providing server, Request of requesting distributed ID management device functioning as first ID management device in distributed ID management system comprising second ID management device holding server identification information of service providing server belonging to domain different from domain Side distributed ID management method, An ID management step of holding first user identification information for identifying a user of the first service providing server in association with the first server identification information; An ID request processing step of receiving from the first service providing server an acquisition request for management user identification information for identifying a user of the second ID management device corresponding to the first user identification information; An inter-domain cooperation step of acquiring the management user identification information from the second ID management device based on the acquisition request,
- the ID request processing step includes: A request-side distributed ID management method is provided, wherein the management user identification information acquired in the inter-domain cooperation step is transmitted to the first service providing server.
- a first service providing server belonging to a domain formed by a hierarchical structure a first ID management device holding server identification information for identifying the first service providing server, and the domain
- the second ID management device in a distributed ID management system comprising: a second service providing server belonging to a different domain; and a second ID management device holding server identification information for identifying the second service providing server
- a provider-side distributed ID management method for a provider-side distributed ID management device that functions as: The user identification information of the user associated with the server identification information of the first ID management device is held in association with the management user identification information of the user associated with the server identification information of the own device.
- a distributed ID management method is provided.
- a first service providing server belonging to a domain formed by a hierarchical structure a first ID management device holding first server identification information for identifying the first service providing server, Request of requesting distributed ID management device functioning as first ID management device in distributed ID management system comprising second ID management device holding server identification information of service providing server belonging to domain different from domain Side distributed ID management program, An ID management procedure for holding first user identification information for identifying a user of the first service providing server in association with the first server identification information; An ID request processing procedure for receiving an acquisition request for management user identification information for identifying a user of the second ID management device corresponding to the first user identification information from the first service providing server; An inter-domain cooperation procedure for acquiring the management user identification information from the second ID management device based on the acquisition request,
- the ID request processing procedure is as follows: A request-side distributed ID management program is provided, which causes a computer to transmit the management user identification information acquired in the inter-domain cooperation procedure to the first service providing server.
- a first service providing server belonging to a domain formed by a hierarchical structure a first ID management device holding server identification information for identifying the first service providing server, and the domain
- the second ID management device in a distributed ID management system comprising: a second service providing server belonging to a different domain; and a second ID management device holding server identification information for identifying the second service providing server
- a provider-side distributed ID management program for a provider-side distributed ID management device that functions as: The user identification information of the user associated with the server identification information of the first ID management device is held in association with the management user identification information of the user associated with the server identification information of the own device.
- Server ID management procedure for receiving a request for the management user identification information corresponding to the user identification information associated with the server identification information of the first ID management device from the first ID management device; Including The server ID request processing procedure includes: In response to the received request, the management user identification information held in the server ID management procedure is read and the management user identification information is transmitted to the first ID management apparatus. A providing side distributed ID management program is provided.
- a request-side distributed ID management apparatus a providing-side distributed ID management apparatus, and a distributed ID management system that can increase service provision to user terminals through cooperation between service providing servers.
- the distributed ID management system includes domain 1, domain 2, and user terminal 3.
- the domain 1 includes an ID management server (request side distributed ID management device that functions as a first ID management device) 11, a service providing server (first service providing server) 12, and a service providing server 13. .
- the domain 2 includes an ID management server (providing side distributed ID management device functioning as a second ID management device) 21 and a service providing server (second service providing server) 22.
- the ID management server 11 shown in FIG. 1 is different from the domain 1 in the service providing server 12 belonging to the domain 1 formed by the hierarchical structure, the ID management server 11 holding server identification information for identifying the service providing server 12.
- a request-side distributed ID management device that functions as an ID management server in a distributed ID management system including an ID management server 21 that holds server identification information of a service providing server 22 belonging to the domain 2.
- ID management unit 111 that holds the first ID (first user identification information) of the user specifying the user in association with the server identification information, and the ID management server corresponding to the first ID of the user
- An acquisition request for a management user ID (management user identification information) for identifying 21 users is received from the service providing server 12.
- ID request processing unit 114 and inter-domain linkage unit 113 that acquires a management user ID from ID management server 21 based on the acquisition request.
- ID request processing unit 114 is acquired by inter-domain linkage unit 113.
- the management user ID thus transmitted is transmitted to the service providing server 12.
- the ID management server 21 shown in FIG. 1 is different from the domain 1 in the service providing server 12 belonging to the domain 1 formed by the hierarchical structure, the ID management server 11 holding the server identification information for identifying the service providing server 12.
- a providing-side distributed ID management device that functions as an ID management server in a distributed ID management system including a service providing server 22 belonging to the domain 2 and an ID management server 21 that holds server identification information for identifying the service providing server 22
- An ID management unit that holds the first ID of the user associated with the server identification information of the ID management server 11 in association with the management user ID associated with the server identification information of the own server ( Server ID management means) 211 and the ID management server 11, server identification information of the ID management server
- An ID request processing unit (server ID request processing means) 214 that accepts a request for a management user ID corresponding to the first ID of the user associated with the ID request processing unit 214.
- the management user ID held in the ID management unit 211 is read, and the management user ID of the user is transmitted to the ID management server 11.
- the ID management server 11 acquires a management user ID from the ID management server 21. Then, the ID management server 11 transmits the management user ID to the service providing server 12. The service providing server 12 connects to the ID management server 21 based on the management user ID.
- the service providing server 12 acquires the second ID of the user of the service providing server 22 corresponding to the management user ID from the ID management server 21.
- the service providing server 12 acquires the second ID of the user of the service providing server 22, the service providing server 12 can start communication connection with the service providing server 22.
- the service providing server 12 and the service providing server 22 cooperate with each other, so that the distributed ID management system can provide many services to the user terminal 3.
- the ID management unit 111 when the first ID of the user is not stored in association with the service providing server 12, the ID management unit 111 generates an ID for identifying the user for the service providing server, and the ID is A new user is held in association with the service providing server.
- the ID management unit 211 When the second ID of the user is not stored, the ID management unit 211 generates new user identification information that identifies the user of the service providing server 22 and uses the new user identification information as the service providing server 22. The new user identification information is held in association with the server identification information of the ID management server 21 as the second ID of the user.
- the ID management server 11 has an ID encryption unit 112 that encrypts the first ID of the user for identifying the user for each service providing server.
- the ID management server 21 has an ID encryption unit 212 that encrypts at least one of the second ID of the user held in the ID management unit 211 or the user identification information of the service providing server 22.
- the ID encryption unit 212 performs an encryption process on the ID of the user of the service providing server 22 requested by the inter-domain cooperation unit 113 by an encryption method that allows the service providing server 22 to decrypt the ID.
- the service providing server 12 includes an ID decrypting unit 121 that decrypts encrypted user identification information, an ID requesting unit 122 that requests a user ID, a service requesting unit 123 that requests a service from the service providing server, And a service processing unit 124.
- the service providing server 13 includes an ID decrypting unit 131, an ID requesting unit 132, a service requesting unit 133, and a service processing unit 134.
- the ID management server 21 has a function as the ID management server 11 in addition to the function as the providing-side distributed ID management device described above. That is, the ID management server 21 includes an ID management unit 211, an ID encryption unit 212, an inter-domain cooperation unit 213, and an ID request processing unit 214. Similarly, the ID management server 11 has a function as the ID management server 21 in addition to the function as the request-side distributed ID management apparatus described above.
- the service providing server 22 includes an ID decrypting unit 221, an ID requesting unit 222, a service requesting unit 223, and a service processing unit 224.
- the ID management server 11 manages user IDs in the domain 1.
- the ID management server 21 manages user IDs in the domain 2.
- the ID management unit 111 manages user IDs in the ID management server 11, the service providing server 12, and the service providing server 13 belonging to the domain 1. Specifically, the ID management unit 111 holds the association between the user ID and each server.
- the ID encryption unit 112 may not be disclosed to other service providing servers during the ID request processing for linking services from the service providing server 12 belonging to the domain 1 to the service providing server 22 belonging to the domain 2. It has a function to encrypt the ID.
- the inter-domain cooperation unit 113 acquires the user ID in the ID management server 21 in the domain 2 in order to respond to the service providing server 12 that is the ID request source in cooperation with the ID management server 21 belonging to the domain 2.
- the ID request processing unit 114 receives an ID acquisition request for linking services from the service providing server 12 belonging to the domain 1, and responds to the request source with the encrypted ID.
- the ID decryption unit 121 decrypts the encrypted user ID received from the service providing server 22 when cooperating with the service of the service providing server 22 belonging to the domain 2.
- the ID request unit 122 inquires and requests the ID management server 21 for the encrypted user ID in the service of the service providing server 22 in order to link the service providing server 22 and the service.
- the service request unit 123 makes a service request to the service providing server 22 when the service providing server 22 cooperates with the service.
- the service processing unit 124 provides a service in response to a service request (referred to as a service request) from the service providing server 22 or the user terminal 3.
- a service request a service request
- the service request unit 123 requests the ID request unit 122 for a cooperation destination ID that is a service cooperation destination (here, the server ID of the service providing server 13) (step S01).
- the ID request unit 122 transmits the cooperation destination ID to the service request unit 123 (step S03). Further, the ID request unit 122 requests the ID request processing unit 114 for the encrypted user ID at the service cooperation destination (step S05).
- the ID request processing unit 114 requests the ID management unit 111 for the user ID in the service providing server 13 corresponding to the user in the service providing server 12 (step S07).
- the ID management unit 111 If there is a user ID corresponding to the request from the ID request processing unit 114, the ID management unit 111 returns the user ID. On the other hand, if the user ID corresponding to the request of the ID request processing unit 114 is not yet registered, the ID management unit 111 newly creates the user ID in the service providing server 13 that is the cooperation destination. . Then, the ID management unit 111 associates the created ID of the user with the ID of the user in the service providing server 12 that is the caller, and then converts the created ID of the user to the ID It returns to the request processing unit 114 (step S09).
- the ID request processing unit 114 encrypts the received ID of the user in the service providing server 13 with the encryption key of the service providing server 13 that is the service cooperation destination, so that an ID encryption request is sent to the ID encryption unit 112. Is transmitted (step S11).
- the ID encryption unit 112 When receiving the ID encryption request, the ID encryption unit 112 encrypts the received user ID. Then, the ID request processing unit 114 acquires the user ID encrypted by the ID encryption unit 112 (step S13). A user ID encrypted with an encryption key is referred to as an encryption ID.
- the ID request processing unit 114 transmits the acquired encrypted ID to the ID request unit 122 (step S15).
- the ID request unit 122 When the ID request unit 122 receives the encrypted ID from the ID request processing unit 114, the ID request unit 122 transmits the received encrypted ID to the service request unit 123 (step S17).
- the service request unit 123 Upon receiving the encryption ID, the service request unit 123 makes a service request to the service processing unit 134 of the service providing server 13 based on the encryption ID and the cooperation destination ID (step S19).
- the service processing unit 134 When the service processing unit 134 receives a service request from the service request unit 123, the service processing unit 134 requests the ID decryption unit 131 to decrypt the encrypted ID (step S21).
- the service providing server 13 can acquire the user ID associated with the service providing server 13 by the ID decrypting unit 131 decrypting the encrypted ID (step S23).
- the service requesting unit 123 of the service providing server 12 requests the ID requesting unit 122 for a cooperation destination ID that is a service cooperation destination (here, the service providing server 22) (step S101).
- the ID request unit 122 transmits the cooperation destination ID to the service request unit 123 (step S103). Further, the ID request unit 122 requests the ID request processing unit 114 of the ID management server 11 for the encrypted user ID (that is, the encrypted ID) at the service cooperation destination (step S105). ).
- the ID request processing unit 114 requests the inter-domain linkage unit 113 for the management user ID in the ID management server 21 corresponding to the first ID of the user in the ID management server 11 (step S107).
- the inter-domain linkage unit 113 requests the ID request processing unit 214 for the management user ID in the ID management server 21 (step S109).
- the ID request processing unit 214 requests the ID management unit 211 for the management user ID in the ID management server 21 corresponding to the user in the ID management server 11 (step S111).
- the ID management unit 211 When there is a management user ID corresponding to the request from the ID request processing unit 214, the ID management unit 211 returns the management user ID. On the other hand, if the management user ID corresponding to the request of the ID request processing unit 214 has not yet been registered, the ID management unit 211 is the user ID in the ID management server 21 (that is, the management user ID). .) Further, the ID management unit 211 creates a second ID of the user in the service providing server 22 that is the cooperation destination. The ID management unit 211 associates the first ID of the user with the management user ID in the ID management server 11, and then returns the management user ID to the ID request processing unit 214 (step S113).
- the ID management unit 211 stores the management user ID in the ID management server 21 and the second ID of the user in the service providing server 22 in association with each other.
- the ID request processing unit 214 transmits an ID encryption request to the ID encryption unit 212 in order to encrypt the received management user ID with the encryption key of the service providing server 22 that is the service cooperation destination (step S115). ).
- the ID encryption unit 212 When receiving the ID encryption request, the ID encryption unit 212 encrypts the received management user ID. Then, the ID request processing unit 214 acquires the management user ID encrypted by the ID encryption unit 212 (referred to as “encrypted management user ID”) (step S117).
- the ID request processing unit 214 transmits the acquired encryption management user ID to the inter-domain cooperation unit 113 (step S119).
- the inter-domain linkage unit 113 When the inter-domain linkage unit 113 receives the encryption management user ID from the ID request processing unit 214, it transmits the received encryption management user ID to the ID request processing unit 114 (step S121). When receiving the encryption management user ID from the inter-domain cooperation unit 113, the ID request processing unit 114 transmits the received encryption management user ID to the ID request unit 122 of the service providing server 12 (step S123). .
- the ID request unit 122 presents the acquired encryption management user ID in the ID management server 21 to the ID request processing unit 214 and requests the ID of the user in the service providing server 22 that is a service cooperation destination. (Step S125).
- the ID request processing unit 214 requests the ID management unit 211 for the management user ID in the ID management server 21 and the second ID of the user in the corresponding service providing server 22 (step S127).
- the ID management unit 211 When there is a second ID of the user corresponding to the service providing server 22, the ID management unit 211 returns the second ID of the user. On the other hand, if the ID of the user corresponding to the service providing server 22 is not yet registered, the ID management unit 211 creates the second ID of the user in the service providing server 22 that is the cooperation destination. The ID management unit 211 then associates the second ID of the user with the management user ID in the ID management server 21, and then returns the second ID of the user to the ID request processing unit 214 (step S129).
- the ID request processing unit 214 transmits an ID encryption request to the ID encryption unit 212 in order to encrypt the received second ID of the user with the encryption key of the service providing server 22 that is the service cooperation destination. (Step S131).
- the ID encryption unit 212 When receiving the ID encryption request, the ID encryption unit 212 encrypts the received second ID of the user. Then, the ID request processing unit 214 acquires the user's second ID encrypted by the ID encryption unit 212 (this is referred to as an encrypted second ID) (step S133).
- the ID request processing unit 214 transmits the acquired encrypted second ID to the ID requesting unit 122 of the service providing server 12 (step S135).
- the ID request unit 122 receives the encrypted second ID from the ID request processing unit 214. When receiving the encrypted second ID, the ID request unit 122 transmits the encrypted second ID to the service request unit 123 (step S137). Upon receiving the encrypted second ID, the service request unit 123 makes a service request to the service processing unit 224 of the service providing server 22 based on the encrypted second ID and the service cooperation destination ID (step S139).
- the service processing unit 224 When the service processing unit 224 receives a service request based on the encrypted second ID from the service request unit 123 of the service providing server 12, the service processing unit 224 requests the ID decryption unit 221 to decrypt the encrypted second ID (step S141).
- the service providing server 22 can acquire the second ID of the user associated with the service providing server 22 by decrypting the encrypted second ID in the ID decrypting unit 221 (step S143).
- the inter-domain cooperation unit 113 of the ID management server 11 is configured to cooperate with the ID management server 21.
- a distributed ID management system that does not require a centralized ID management device or the like can be realized.
- service providing servers can cooperate with each other between domains (systems) with different management targets, so that applicable services can be increased.
- the service providing server 12 since the ID of the user is encrypted by the ID encryption unit 212, when the service providing server 22 cooperates with the service, the service providing server 12 receives the user's ID. Service collaboration can be realized without disclosing the ID.
- the present embodiment is configured to create a user ID in the service providing server 22 or the ID management server 21 of the cooperation destination even when there is no corresponding user ID.
- the user ID can be dynamically provided to the service providing server 22.
- the present embodiment includes the following technical scope.
- a distributed ID management device including an ID management server discloses an ID management unit that manages a user ID of each server that provides each service in the service providing server to be managed, and discloses the user ID to the service providing server. Necessary for realizing service cooperation between an ID encryption unit that encrypts an ID to realize transmission of a user ID to another service providing server that cooperates with the service providing server belonging to another domain And an inter-domain linkage unit that realizes easy ID linkage.
- the ID request unit that inquires the ID management server about the ID of the user at the cooperation destination, and receives a service cooperation request from the other service providing server. And a section for decrypting the received user ID.
- the ID management unit manages the user ID of each service providing server in the service providing server to be managed, and associates the user ID in each service providing server. And a unit for generating a user ID for the service provider and newly adding the user ID to the user ID when there is no user ID association. It is good.
- the ID encryption unit does not disclose the user ID in the service providing server of the cooperation destination to the service providing server of the cooperation source without disclosing the user ID in the service providing server of the cooperation source.
- the service providing server that is the cooperation source is connected to the ID management server.
- a unit that requests the ID from the ID management server May be included.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer And Data Communications (AREA)
- Multi Processors (AREA)
Abstract
Description
前記第1のサービス提供サーバの利用者を特定する第1の利用者識別情報を、前記第1のサーバ識別情報と対応づけて保持するID管理手段と、
前記第1の利用者識別情報に対応する前記第2のID管理装置の利用者を特定する管理利用者識別情報の取得要求を、前記第1のサービス提供サーバから受け付けるID要求処理手段と、
前記取得要求に基づいて、前記第2のID管理装置から前記管理利用者識別情報を取得するドメイン間連携手段と、を備え、
前記ID要求処理手段は、
前記ドメイン間連携手段によって取得された前記管理利用者識別情報を前記第1のサービス提供サーバへ送信する
ことを特徴とする要求側分散ID管理装置が提供される。
前記第1のID管理装置のサーバ識別情報に対応づけられた利用者の利用者識別情報を、自装置のサーバ識別情報に対応づけられた利用者の管理利用者識別情報と対応づけて保持するサーバID管理手段と、
前記第1のID管理装置から、当該第1のID管理装置のサーバ識別情報に対応づけられた利用者識別情報に対応する前記管理利用者識別情報の要求を受け付けるサーバID要求処理手段と、を備え、
前記サーバID要求処理手段は、
受け付けられた前記要求により、前記サーバID管理手段に保持された前記管理利用者識別情報を読み出して、当該管理利用者識別情報を前記第1のID管理装置へ送信する
ことを特徴とする提供側分散ID管理装置が提供される。
前記第1のID管理装置は、
前記第1のサービス提供サーバの利用者を特定する第1の利用者識別情報を、当該第1のサービス提供サーバのサーバ識別情報と対応づけて保持するID管理手段と、
前記第2のサービス提供サーバが提供するサービスの要求を前記利用者端末から受け付けると、前記第2のID管理装置の利用者を特定する管理利用者識別情報の取得要求を、前記第1のサービス提供サーバから受け付けるID要求処理手段と、
前記取得要求に基づいて、前記第2のID管理装置から前記管理利用者識別情報を取得するドメイン間連携手段と、を備え、
前記第2のID管理装置は、
前記第1のID管理装置のサーバ識別情報に対応づけられた利用者の利用者識別情報を、自装置のサーバ識別情報に対応づけられた利用者の管理利用者識別情報と対応づけて保持するサーバID管理手段と、
前記第1のID管理装置から、当該第1のID管理装置のサーバ識別情報に対応づけられた利用者識別情報に対応する前記管理利用者識別情報の要求を受け付けるサーバID要求処理手段と、を備え、
前記サーバID要求処理手段は、
受け付けられた前記要求により、前記サーバID管理手段に保持された前記管理利用者識別情報を読み出して、当該管理利用者識別情報を前記第1のID管理装置へ送信し、
前記サーバID要求処理手段は、
前記ドメイン間連携手段によって取得された前記管理利用者識別情報を前記第1のサービス提供サーバへ送信し、
前記第1のサービス提供サーバは、
前記サーバID要求処理手段によって送信された前記管理利用者識別情報に基づいて、前記第2のサービス提供サーバの利用者を特定する第2の利用者識別情報を前記第2のID管理装置に要求し、当該第2の利用者識別情報によって前記第2のサービス提供サーバに前記サービスを要求する
ことを特徴とする分散ID管理システムが提供される。
前記第1のサービス提供サーバの利用者を特定する第1の利用者識別情報を、前記第1のサーバ識別情報と対応づけて保持するID管理ステップと、
前記第1の利用者識別情報に対応する前記第2のID管理装置の利用者を特定する管理利用者識別情報の取得要求を、前記第1のサービス提供サーバから受け付けるID要求処理ステップと、
前記取得要求に基づいて、前記第2のID管理装置から前記管理利用者識別情報を取得するドメイン間連携ステップと、を含み、
前記ID要求処理ステップは、
前記ドメイン間連携ステップで取得された前記管理利用者識別情報を前記第1のサービス提供サーバへ送信する
ことを特徴とする要求側分散ID管理方法が提供される。
前記第1のID管理装置のサーバ識別情報に対応づけられた利用者の利用者識別情報を、自装置のサーバ識別情報に対応づけられた利用者の管理利用者識別情報と対応づけて保持するサーバID管理ステップと、
前記第1のID管理装置から、当該第1のID管理装置のサーバ識別情報に対応づけられた利用者識別情報に対応する前記管理利用者識別情報の要求を受け付けるサーバID要求処理ステップと、を含み、
前記サーバID要求処理ステップは、
受け付けられた前記要求により、前記サーバID管理ステップで保持された前記管理利用者識別情報を読み出して、当該管理利用者識別情報を前記第1のID管理装置へ送信する
ことを特徴とする提供側分散ID管理方法が提供される。
前記第1のサービス提供サーバの利用者を特定する第1の利用者識別情報を、前記第1のサーバ識別情報と対応づけて保持するID管理手順と、
前記第1の利用者識別情報に対応する前記第2のID管理装置の利用者を特定する管理利用者識別情報の取得要求を、前記第1のサービス提供サーバから受け付けるID要求処理手順と、
前記取得要求に基づいて、前記第2のID管理装置から前記管理利用者識別情報を取得するドメイン間連携手順と、を含み、
前記ID要求処理手順は、
前記ドメイン間連携手順で取得された前記管理利用者識別情報を前記第1のサービス提供サーバへ送信する
ことをコンピュータに実行させることを特徴とする要求側分散ID管理プログラムが提供される。
前記第1のID管理装置のサーバ識別情報に対応づけられた利用者の利用者識別情報を、自装置のサーバ識別情報に対応づけられた利用者の管理利用者識別情報と対応づけて保持するサーバID管理手順と、
前記第1のID管理装置から、当該第1のID管理装置のサーバ識別情報に対応づけられた利用者識別情報に対応する前記管理利用者識別情報の要求を受け付けるサーバID要求処理手順と、を含み、
前記サーバID要求処理手順は、
受け付けられた前記要求により、前記サーバID管理手順で保持された前記管理利用者識別情報を読み出して、当該管理利用者識別情報を前記第1のID管理装置へ送信する
ことをコンピュータに実行させることを特徴とする提供側分散ID管理プログラムが提供される。
Claims (9)
- 階層構造により形成されたドメインに属する第1のサービス提供サーバと、当該第1のサービス提供サーバを識別する第1のサーバ識別情報を保持する第1のID管理装置と、前記ドメインと異なるドメインに属するサービス提供サーバのサーバ識別情報を保持する第2のID管理装置とを備えた分散ID管理システムにおける前記第1のID管理装置として機能する要求側分散ID管理装置であって、
前記第1のサービス提供サーバの利用者を特定する第1の利用者識別情報を、前記第1のサーバ識別情報と対応づけて保持するID管理手段と、
前記第1の利用者識別情報に対応する前記第2のID管理装置の利用者を特定する管理利用者識別情報の取得要求を、前記第1のサービス提供サーバから受け付けるID要求処理手段と、
前記取得要求に基づいて、前記第2のID管理装置から前記管理利用者識別情報を取得するドメイン間連携手段と、を備え、
前記ID要求処理手段は、
前記ドメイン間連携手段によって取得された前記管理利用者識別情報を前記第1のサービス提供サーバへ送信する
ことを特徴とする要求側分散ID管理装置。 - 階層構造により形成されたドメインに属する第1のサービス提供サーバと、当該第1のサービス提供サーバを識別するサーバ識別情報を保持する第1のID管理装置と、前記ドメインと異なるドメインに属する第2のサービス提供サーバと、当該第2のサービス提供サーバを識別するサーバ識別情報を保持する第2のID管理装置とを備えた分散ID管理システムにおける前記第2のID管理装置として機能する提供側分散ID管理装置であって、
前記第1のID管理装置のサーバ識別情報に対応づけられた利用者の利用者識別情報を、自装置のサーバ識別情報に対応づけられた利用者の管理利用者識別情報と対応づけて保持するサーバID管理手段と、
前記第1のID管理装置から、当該第1のID管理装置のサーバ識別情報に対応づけられた利用者識別情報に対応する前記管理利用者識別情報の要求を受け付けるサーバID要求処理手段と、を備え、
前記サーバID要求処理手段は、
受け付けられた前記要求により、前記サーバID管理手段に保持された前記管理利用者識別情報を読み出して、当該管理利用者識別情報を前記第1のID管理装置へ送信する
ことを特徴とする提供側分散ID管理装置。 - 前記サーバID管理手段は、
前記管理利用者識別情報が前記サーバID管理手段に保存されていないときには、前記第2のサービス提供サーバの利用者を特定する新利用者識別情報を生成し、当該新利用者識別情報を前記第2のサービス提供サーバのサーバ識別情報に対応づけて保持するとともに、当該新利用者識別情報を前記管理利用者識別情報として前記自装置のサーバ識別情報に対応づけて保持する
ことを特徴とする請求項2に記載の提供側分散ID管理装置。 - 前記サーバID管理手段に保持された前記管理利用者識別情報または前記新利用者識別情報の少なくともいずれかを暗号化するID暗号化手段、
を備えることを特徴とする請求項2または3記載の提供側分散ID管理装置。 - 階層構造により形成された異なるドメインに属する第1と第2のサービス提供サーバと、前記第1のサービス提供サーバのサーバ識別情報を保持する第1のID管理装置と、前記第2のサービス提供サーバのサーバ識別情報を保持する第2のID管理装置と、前記第1のサービス提供サーバと通信接続する利用者端末とを備えた分散ID管理システムであって、
前記第1のID管理装置は、
前記第1のサービス提供サーバの利用者を特定する第1の利用者識別情報を、当該第1のサービス提供サーバのサーバ識別情報と対応づけて保持するID管理手段と、
前記第2のサービス提供サーバが提供するサービスの要求を前記利用者端末から受け付けると、前記第2のID管理装置の利用者を特定する管理利用者識別情報の取得要求を、前記第1のサービス提供サーバから受け付けるID要求処理手段と、
前記取得要求に基づいて、前記第2のID管理装置から前記管理利用者識別情報を取得するドメイン間連携手段と、を備え、
前記第2のID管理装置は、
前記第1のID管理装置のサーバ識別情報に対応づけられた利用者の利用者識別情報を、自装置のサーバ識別情報に対応づけられた利用者の管理利用者識別情報と対応づけて保持するサーバID管理手段と、
前記第1のID管理装置から、当該第1のID管理装置のサーバ識別情報に対応づけられた利用者識別情報に対応する前記管理利用者識別情報の要求を受け付けるサーバID要求処理手段と、を備え、
前記サーバID要求処理手段は、
受け付けられた前記要求により、前記サーバID管理手段に保持された前記管理利用者識別情報を読み出して、当該管理利用者識別情報を前記第1のID管理装置へ送信し、
前記サーバID要求処理手段は、
前記ドメイン間連携手段によって取得された前記管理利用者識別情報を前記第1のサービス提供サーバへ送信し、
前記第1のサービス提供サーバは、
前記サーバID要求処理手段によって送信された前記管理利用者識別情報に基づいて、前記第2のサービス提供サーバの利用者を特定する第2の利用者識別情報を前記第2のID管理装置に要求し、当該第2の利用者識別情報によって前記第2のサービス提供サーバに前記サービスを要求する
ことを特徴とする分散ID管理システム。 - 階層構造により形成されたドメインに属する第1のサービス提供サーバと、当該第1のサービス提供サーバを識別する第1のサーバ識別情報を保持する第1のID管理装置と、前記ドメインと異なるドメインに属するサービス提供サーバのサーバ識別情報を保持する第2のID管理装置とを備えた分散ID管理システムにおける前記第1のID管理装置として機能する要求側分散ID管理装置の要求側分散ID管理方法であって、
前記第1のサービス提供サーバの利用者を特定する第1の利用者識別情報を、前記第1のサーバ識別情報と対応づけて保持するID管理ステップと、
前記第1の利用者識別情報に対応する前記第2のID管理装置の利用者を特定する管理利用者識別情報の取得要求を、前記第1のサービス提供サーバから受け付けるID要求処理ステップと、
前記取得要求に基づいて、前記第2のID管理装置から前記管理利用者識別情報を取得するドメイン間連携ステップと、を含み、
前記ID要求処理ステップは、
前記ドメイン間連携ステップで取得された前記管理利用者識別情報を前記第1のサービス提供サーバへ送信する
ことを特徴とする要求側分散ID管理方法。 - 階層構造により形成されたドメインに属する第1のサービス提供サーバと、当該第1のサービス提供サーバを識別するサーバ識別情報を保持する第1のID管理装置と、前記ドメインと異なるドメインに属する第2のサービス提供サーバと、当該第2のサービス提供サーバを識別するサーバ識別情報を保持する第2のID管理装置とを備えた分散ID管理システムにおける前記第2のID管理装置として機能する提供側分散ID管理装置の提供側分散ID管理方法であって、
前記第1のID管理装置のサーバ識別情報に対応づけられた利用者の利用者識別情報を、自装置のサーバ識別情報に対応づけられた利用者の管理利用者識別情報と対応づけて保持するサーバID管理ステップと、
前記第1のID管理装置から、当該第1のID管理装置のサーバ識別情報に対応づけられた利用者識別情報に対応する前記管理利用者識別情報の要求を受け付けるサーバID要求処理ステップと、を含み、
前記サーバID要求処理ステップは、
受け付けられた前記要求により、前記サーバID管理ステップで保持された前記管理利用者識別情報を読み出して、当該管理利用者識別情報を前記第1のID管理装置へ送信する
ことを特徴とする提供側分散ID管理方法。 - 階層構造により形成されたドメインに属する第1のサービス提供サーバと、当該第1のサービス提供サーバを識別する第1のサーバ識別情報を保持する第1のID管理装置と、前記ドメインと異なるドメインに属するサービス提供サーバのサーバ識別情報を保持する第2のID管理装置とを備えた分散ID管理システムにおける前記第1のID管理装置として機能する要求側分散ID管理装置の要求側分散ID管理プログラムであって、
前記第1のサービス提供サーバの利用者を特定する第1の利用者識別情報を、前記第1のサーバ識別情報と対応づけて保持するID管理手順と、
前記第1の利用者識別情報に対応する前記第2のID管理装置の利用者を特定する管理利用者識別情報の取得要求を、前記第1のサービス提供サーバから受け付けるID要求処理手順と、
前記取得要求に基づいて、前記第2のID管理装置から前記管理利用者識別情報を取得するドメイン間連携手順と、を含み、
前記ID要求処理手順は、
前記ドメイン間連携手順で取得された前記管理利用者識別情報を前記第1のサービス提供サーバへ送信する
ことをコンピュータに実行させることを特徴とする要求側分散ID管理プログラム。 - 階層構造により形成されたドメインに属する第1のサービス提供サーバと、当該第1のサービス提供サーバを識別するサーバ識別情報を保持する第1のID管理装置と、前記ドメインと異なるドメインに属する第2のサービス提供サーバと、当該第2のサービス提供サーバを識別するサーバ識別情報を保持する第2のID管理装置とを備えた分散ID管理システムにおける前記第2のID管理装置として機能する提供側分散ID管理装置の提供側分散ID管理プログラムであって、
前記第1のID管理装置のサーバ識別情報に対応づけられた利用者の利用者識別情報を、自装置のサーバ識別情報に対応づけられた利用者の管理利用者識別情報と対応づけて保持するサーバID管理手順と、
前記第1のID管理装置から、当該第1のID管理装置のサーバ識別情報に対応づけられた利用者識別情報に対応する前記管理利用者識別情報の要求を受け付けるサーバID要求処理手順と、を含み、
前記サーバID要求処理手順は、
受け付けられた前記要求により、前記サーバID管理手順で保持された前記管理利用者識別情報を読み出して、当該管理利用者識別情報を前記第1のID管理装置へ送信する
ことをコンピュータに実行させることを特徴とする提供側分散ID管理プログラム。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2010508121A JP5365628B2 (ja) | 2008-04-17 | 2009-04-17 | 要求側分散id管理装置、提供側分散id管理装置、分散id管理システムおよび提供側分散id管理方法 |
EP09733099.7A EP2267631A4 (en) | 2008-04-17 | 2009-04-17 | DEVICE FOR DISTRIBUTION DISTRIBUTION ID MANAGEMENT, DEVICE FOR DISTRIBUTION DISTRIBUTION ID MANAGEMENT, DISTRIBUTION ID MANAGEMENT SYSTEM, AND METHOD FOR RESPONSE DISTRIBUTION ID MANAGEMENT |
US12/922,791 US8650275B2 (en) | 2008-04-17 | 2009-04-17 | Requester-side distributed ID management device, provider-side distributed ID management device, distributed ID management system, and provider-side distributed ID management method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2008-107943 | 2008-04-17 | ||
JP2008107943 | 2008-04-17 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2009128278A1 true WO2009128278A1 (ja) | 2009-10-22 |
Family
ID=41198979
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2009/001784 WO2009128278A1 (ja) | 2008-04-17 | 2009-04-17 | 要求側分散id管理装置、提供側分散id管理装置、分散id管理システムおよび提供側分散id管理方法 |
Country Status (4)
Country | Link |
---|---|
US (1) | US8650275B2 (ja) |
EP (1) | EP2267631A4 (ja) |
JP (1) | JP5365628B2 (ja) |
WO (1) | WO2009128278A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011175402A (ja) * | 2010-02-24 | 2011-09-08 | Mitsubishi Electric Corp | アクセス制御連携システム及びアクセス制御連携方法 |
JP2012194722A (ja) * | 2011-03-16 | 2012-10-11 | Fujitsu Ltd | システム、認証情報管理方法、およびプログラム |
JP2013077176A (ja) * | 2011-09-30 | 2013-04-25 | Toshiba Corp | ユーザ情報提供装置及びプログラム |
JP2013250875A (ja) * | 2012-06-01 | 2013-12-12 | Canon Inc | システムおよび制御方法およびプログラム |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6248641B2 (ja) * | 2014-01-15 | 2017-12-20 | 株式会社リコー | 情報処理システム及び認証方法 |
KR102245382B1 (ko) * | 2019-12-31 | 2021-04-28 | 주식회사 코인플러그 | 블록체인 네트워크 기반의 가상 공통 아이디 서비스 방법 및 이를 이용한 서비스 제공 서버 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002312320A (ja) | 2001-04-18 | 2002-10-25 | Life:Kk | アクセス制御システム及びアクセス制御方法 |
WO2004059415A2 (en) * | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | Method and system for authentification in a heterogeneous federated environment, i.e. single sign on in federated domains |
WO2004059478A2 (en) * | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | Method and system for consolidated sign-off in a heterogeneous federated environment |
JP2004234329A (ja) | 2003-01-30 | 2004-08-19 | Nippon Telegraph & Telephone East Corp | Idマッピングを利用したシングルサインオンシステム、方法、プログラム並びに記憶媒体 |
JP2006252418A (ja) * | 2005-03-14 | 2006-09-21 | Nec Corp | 認証情報を用いたシングルサインオンの連携方法、そのシステム、仲介サーバ、動作方法及び動作プログラム |
JP2008071226A (ja) * | 2006-09-15 | 2008-03-27 | Nec Corp | クレデンシャルコンバージョンシステムと方法、コンピュータ装置、及びプログラム |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7610390B2 (en) * | 2001-12-04 | 2009-10-27 | Sun Microsystems, Inc. | Distributed network identity |
US7784085B2 (en) * | 2005-12-08 | 2010-08-24 | Oracle America, Inc. | Enabling identity information exchange between circles of trust |
US7657639B2 (en) * | 2006-07-21 | 2010-02-02 | International Business Machines Corporation | Method and system for identity provider migration using federated single-sign-on operation |
-
2009
- 2009-04-17 US US12/922,791 patent/US8650275B2/en not_active Expired - Fee Related
- 2009-04-17 JP JP2010508121A patent/JP5365628B2/ja not_active Expired - Fee Related
- 2009-04-17 EP EP09733099.7A patent/EP2267631A4/en not_active Withdrawn
- 2009-04-17 WO PCT/JP2009/001784 patent/WO2009128278A1/ja active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002312320A (ja) | 2001-04-18 | 2002-10-25 | Life:Kk | アクセス制御システム及びアクセス制御方法 |
WO2004059415A2 (en) * | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | Method and system for authentification in a heterogeneous federated environment, i.e. single sign on in federated domains |
WO2004059478A2 (en) * | 2002-12-31 | 2004-07-15 | International Business Machines Corporation | Method and system for consolidated sign-off in a heterogeneous federated environment |
JP2004234329A (ja) | 2003-01-30 | 2004-08-19 | Nippon Telegraph & Telephone East Corp | Idマッピングを利用したシングルサインオンシステム、方法、プログラム並びに記憶媒体 |
JP2006252418A (ja) * | 2005-03-14 | 2006-09-21 | Nec Corp | 認証情報を用いたシングルサインオンの連携方法、そのシステム、仲介サーバ、動作方法及び動作プログラム |
JP2008071226A (ja) * | 2006-09-15 | 2008-03-27 | Nec Corp | クレデンシャルコンバージョンシステムと方法、コンピュータ装置、及びプログラム |
Non-Patent Citations (4)
Title |
---|
KEIKO OKUBO: "Ninsho Ticket o Mochiita Bunsan Ninsho Hoshiki no Teian", INFORMATION PROCESSING SOCIETY OF JAPAN KENKYU HOKOKU, vol. 2006, no. 80, 20 July 2006 (2006-07-20), pages 47 - 52, XP008143557 * |
NICK PIERSON: "Overview of Active Directory Federation Services in Windows Server 2003 R2", MICROSOFT CORPORATION, October 2005 (2005-10-01), XP008141532, Retrieved from the Internet <URL:http://download.microsoft.com/download/3/a/f/ 3af89d13-4ef4-42bb-aaa3-95e06721b062/ADFS.doc> [retrieved on 20090507] * |
See also references of EP2267631A4 |
THOMAS WASON: "Liberty ID-FF Architecture Overview", LIBERTY ALLIANCE, 2005, XP007900064, Retrieved from the Internet <URL:http://www.projectliberty.org/liberty/ content/download/318/2366/file/draft-liberty- idff-arch-overview-1.2-errata-v1.0.pdf> [retrieved on 20090507] * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2011175402A (ja) * | 2010-02-24 | 2011-09-08 | Mitsubishi Electric Corp | アクセス制御連携システム及びアクセス制御連携方法 |
JP2012194722A (ja) * | 2011-03-16 | 2012-10-11 | Fujitsu Ltd | システム、認証情報管理方法、およびプログラム |
JP2013077176A (ja) * | 2011-09-30 | 2013-04-25 | Toshiba Corp | ユーザ情報提供装置及びプログラム |
JP2013250875A (ja) * | 2012-06-01 | 2013-12-12 | Canon Inc | システムおよび制御方法およびプログラム |
Also Published As
Publication number | Publication date |
---|---|
JPWO2009128278A1 (ja) | 2011-08-04 |
US20110022656A1 (en) | 2011-01-27 |
EP2267631A4 (en) | 2016-06-01 |
US8650275B2 (en) | 2014-02-11 |
JP5365628B2 (ja) | 2013-12-11 |
EP2267631A1 (en) | 2010-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8848923B2 (en) | Key distribution scheme for networks of information | |
KR100939430B1 (ko) | 브로드캐스트/멀티캐스트 서비스에서 디지털 저작권관리방법 | |
KR101819556B1 (ko) | 클라우드 컴퓨팅 시스템에서 패밀리 클라우드를 지원하기 위한 장치 및 방법 | |
JP5365628B2 (ja) | 要求側分散id管理装置、提供側分散id管理装置、分散id管理システムおよび提供側分散id管理方法 | |
JP5042800B2 (ja) | ネットワークデータ分散共有システム | |
WO2005119557B1 (en) | Secure communication and real-time watermarking using mutating identifiers | |
JP4040886B2 (ja) | コンテンツ管理システムおよびコンテンツ管理方法 | |
JP2000261427A (ja) | 暗号通信端末、暗号通信センター装置、暗号通信システム及び記憶媒体 | |
EP1993267B1 (en) | Contact information retrieval system and communication system using the same | |
JP2007058567A (ja) | 文書配信システム、クライアント装置および文書配信方法 | |
KR20120122616A (ko) | Drm 서비스 제공 방법 및 장치 | |
KR20080046253A (ko) | Lan에 미디어 컨텐츠를 분배하기 위한 디지털 보안 | |
US20140137205A1 (en) | System and Method for Automatic Provisioning of Managed Devices | |
US20120136749A1 (en) | Digital rights management (drm) method and apparatus in small and medium enterprise (sme) and method for providing drm service | |
JP2006260321A (ja) | サービス提供システムおよびそのユーザ認証方法 | |
KR20100100134A (ko) | 네트워크 로봇 서비스를 위한 보안 서비스 방법 및 장치 | |
JP2009187382A (ja) | ファイル転送システムおよびファイル転送方法 | |
JPH11331145A (ja) | 情報共有システム、情報保管装置およびそれらの情報処理方法、並びに記録媒体 | |
KR100823736B1 (ko) | Xri기반의 익명성 보장 방법 및 이를 위한 장치 | |
JP2005108153A (ja) | 車両用情報サービスシステム | |
JP4047318B2 (ja) | コンテンツ配信利用制御方法 | |
JP4629373B2 (ja) | 鍵を紛失した場合であっても、メールの受信を再開することができるメールシステムおよびメール送信方法 | |
Crocker et al. | RFC1848: MIME Object Security Services | |
CN114978690A (zh) | 一种针对多域数据汇聚的数据融合共享方法 | |
CN114650144A (zh) | 基于区块链的文件分享方法及系统、电子设备及存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09733099 Country of ref document: EP Kind code of ref document: A1 |
|
REEP | Request for entry into the european phase |
Ref document number: 2009733099 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 12922791 Country of ref document: US Ref document number: 2009733099 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2010508121 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |