WO2010119626A1 - Id認証システム、方法及びプログラムが格納された非一時的なコンピュータ可読媒体 - Google Patents
Id認証システム、方法及びプログラムが格納された非一時的なコンピュータ可読媒体 Download PDFInfo
- Publication number
- WO2010119626A1 WO2010119626A1 PCT/JP2010/002073 JP2010002073W WO2010119626A1 WO 2010119626 A1 WO2010119626 A1 WO 2010119626A1 JP 2010002073 W JP2010002073 W JP 2010002073W WO 2010119626 A1 WO2010119626 A1 WO 2010119626A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- time
- authentication
- user
- server
- service providing
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/41—User authentication where a single sign-on provides access to a plurality of computers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Definitions
- the present invention relates to an ID authentication system, an ID authentication method, and a non-transitory computer-readable medium in which an ID authentication program is stored, and in particular, stores an ID authentication system, an ID authentication method, and an ID authentication program related to authentication for a plurality of service providing devices.
- Related non-transitory computer readable media are related non-transitory computer readable media.
- a service provided on a network-connected server from a terminal such as a PC (Personal Computer) or a mobile phone
- the user When using a service provided on a network-connected server from a terminal such as a PC (Personal Computer) or a mobile phone, the user normally logs in to the service using an ID and password for identifying the user.
- the user who intends to use the service is identified on the service side, and the user can use the service according to the contract between the user and the service provider.
- Single sign-on is a mechanism in which once a user logs in to a service using a certain ID and password, the user can log in to another service without re-entering the ID and password. This single sign-on mechanism is realized by sharing user identification information between a service that logs in first and a service that logs in next.
- Each service provider has user information corresponding to each user.
- the user information refers to contract information such as a service use course registered when the user contracts with the service provider, personal information such as the user's name, address and telephone number, and the user on the service side. Information including an identifier for identification.
- the service provider manages the user information and the user ID and password in association with each other.
- the authentication system described in Patent Literature 1 includes a sign-on management table in which a user terminal holds identification information for identifying a user terminal, and an authentication server stores identification information of a user terminal that has been authenticated for login. It is configured as follows. If there is a login request from the user terminal to the application server, whether the application server includes the identification information of the user terminal in the sign-on management table based on the identification information transmitted from the user terminal Determine whether. When the identification information is included, the application server operates so that login authentication is successful, and when it is not included, the login authentication information is acquired from the user terminal. By such processing, single sign-on is realized in the authentication system described in Patent Document 1.
- the authentication system described in Patent Document 2 is a login proxy system connected to a plurality of application servers, and includes a login proxy server, an authentication server, and a DB server including a login template table and a URL conversion table. .
- the user logs in to the authentication server in the login proxy system in advance. After that, when the user logs in to the application server from the user terminal, the login proxy server responds to the login request to the user application server transmitted from the user terminal, and the login authentication of the user to the application server is performed.
- a request including information is generated using the authentication information of the DB server and the authentication server, and the application server is logged in on behalf of the user.
- the content is converted using the DB server so that it functions in the same way as when the user terminal receives it directly from the application server, and the response is returned to the user terminal. To do.
- single sign-on is realized in the authentication system described in Patent Document 2.
- the problem to be solved by the present invention is a problem particularly in Patent Document 1, but there is a problem caused by the terminal transmitting unique identification information to a plurality of service providing apparatuses (for example, application servers). That is, when a user uses a plurality of services through a terminal, not only can the terminal and the user using the service be identified within a single service provider, but also a plurality of service providers can be identified. The terminal and user can be identified and tracked across the network.
- a plurality of service providing apparatuses for example, application servers
- the service providers b and c managing the application servers B and C grasp the user identification information (this is the same as that sent to the application server A) and the user purchase history in association with each other. It is possible.
- the service providers b and c and the service provider a exchange information with each other so that the user's personal information and historical information such as purchase information can be linked and grasped using common identification information. This is a problem from the viewpoint of user privacy protection.
- An object of the present invention is to provide an ID authentication system, an ID authentication method, and a non-transitory computer-readable medium storing an ID authentication program that can be realized.
- the ID authentication system includes a terminal device, a plurality of service providing devices, and an authentication server.
- the terminal device One-time ID generation means for generating a one-time ID used temporarily;
- One-time ID transmission means for transmitting the one-time ID generated by the one-time ID generation means to the service providing device;
- User ID transmission means for transmitting the one-time ID transmitted by the one-time ID transmission means and a user ID for uniquely identifying a user to the authentication server;
- the service providing apparatus includes: An ID inquiry means for receiving the one-time ID transmitted from the terminal device and inquiring of the authentication server for authentication information corresponding to the received one-time ID;
- the authentication server is Authentication information management means for storing a user ID and authentication information for authentication in the service providing apparatus in association with each other;
- ID receiving means for receiving the one-time ID and user ID transmitted from the terminal device;
- the user ID corresponding to the one-time ID included in the inquiry from the service providing apparatus is acquired from the one-time ID and the user ID received
- An ID authentication method includes: Generate a one-time ID in the terminal device, Sending the one-time ID from the terminal device to the service providing device; Transmitting the one-time ID and a user ID for uniquely identifying the user from the terminal device to the authentication server;
- the service providing apparatus receives a one-time ID from the terminal apparatus, and executes a process of inquiring authentication information corresponding to a temporary ID from the authentication server based on the one-time ID;
- the authentication server receives the one-time ID and the user ID from the terminal device;
- the authentication server acquires a user ID corresponding to the one-time ID included in the inquiry from the service providing apparatus, further acquires authentication information corresponding to the user ID, and sends the authentication information to the service providing apparatus. To be sent.
- a non-transitory computer-readable medium storing an ID authentication program according to the present invention is provided.
- a non-transitory computer-readable medium storing an ID authentication program for executing authentication for a user to log in to a service providing apparatus Obtain the one-time ID and user ID sent from the terminal device,
- the service providing apparatus acquires a user ID corresponding to the one-time ID included in the inquiry from the service providing apparatus that has received the one-time ID from the terminal apparatus, and further acquires authentication information corresponding to the user ID.
- the authentication server is caused to execute processing for transmitting authentication information to be executed and executing the processing.
- FIG. 1 is a configuration diagram of an ID authentication system according to a first exemplary embodiment. It is a flowchart figure which shows the process of the ID authentication system concerning Embodiment 1. It is a sequence diagram which shows the process of the ID authentication system concerning Embodiment 1.
- FIG. It is a figure of the management table of one time ID and terminal user ID concerning Embodiment 1.
- FIG. It is a figure of the management table of terminal user ID and server user ID concerning 1st Embodiment, and a password.
- It is a block diagram of the ID authentication system concerning Embodiment 2.
- the ID authentication system includes a terminal 100, an authentication server 200, and a plurality of application server groups 300 (301 to 30N). These are connected to a network and can communicate with each other.
- the terminal 100, the authentication server 200, and the plurality of application server groups 300 have been described as hardware configurations, but the present invention is not limited to this.
- the present invention can also realize arbitrary processing by causing a CPU (Central Processing Unit) to execute a computer program.
- the computer program can be provided by being recorded on a recording medium, or can be provided by being transmitted via the Internet or another communication medium.
- Non-transitory computer-readable media include, for example, flexible disks, hard disks, magnetic disks, magneto-optical disks, CD-ROMs, DVDs, ROM cartridges, RAM memory cartridges with battery backup, flash memory cartridges, and nonvolatile RAM cartridges. Etc. are included.
- the communication medium includes a wired communication medium such as a telephone line, a wireless communication medium such as a microwave line, and the like.
- the terminal 100 corresponds to a PC (Personal Computer), a mobile phone, a PDA (Personal Digital Assistant), or the like.
- the application server group 300 is illustrated as an example of a service providing apparatus, and may be any apparatus that provides some service connected to the network.
- the terminal 100 includes a service confirmation unit 110, a one-time ID automatic generation unit 120, a one-time ID transmission unit 130, and a user ID transmission unit 140.
- the authentication server 200 includes an ID receiving unit 210, an ID management unit 220, and a server ID response unit 230.
- the application server group 300 includes an ID inquiry unit 310 (311 to 31N) on each application server.
- the service confirmation unit 110 confirms whether the application server connected this time and the service provided thereon are compatible with the ID authentication system. Note that, in a situation where all application server groups 300 connected to the authentication server 200 are compatible with the ID authentication system, the processing unit is not an essential component.
- the one-time ID automatic generation unit 120 generates a one-time ID that is a temporary temporary ID for the current connection.
- the one-time ID automatic generation unit 120 generates a different one-time ID for each connection.
- the one-time ID transmission unit 130 transmits the one-time ID generated for the current connection to the application server 300 connected this time.
- the user ID transmission unit 140 transmits to the authentication server 200 the one-time ID and the terminal user ID issued in advance for the authentication server to recognize the user.
- This terminal user ID is identification information that uniquely identifies a user, but is a concept that includes not only individual users but also identification information that identifies groups.
- the ID receiving unit 210 receives the one-time ID and the terminal user ID transmitted from the terminal 100, and stores them in a table for managing those sets.
- the ID management unit 220 is an authentication information management unit that manages, for each user managed by the authentication server 200, a terminal user ID and authentication information of each application server 300 of the user in a table.
- the authentication information is a password for logging in to each application server 300, identification information, and the like.
- the server ID response unit 230 receives the inquiry by the above-mentioned one-time ID from the application server 300, searches the corresponding one-time ID from the set of the one-time ID and the terminal user ID managed by the ID reception unit 210, Get the paired terminal user ID. Thereafter, the server ID response unit 230 selects the application server that made the inquiry from the set of the terminal user ID managed by the ID management unit 220 and the server user ID and password of each application server 300, and the terminal user. The server user ID and password corresponding to the ID are acquired and returned to the application server 300.
- the ID inquiry unit 310 receives the one-time ID transmitted from the terminal, uses the one-time ID to inquire the authentication information of the corresponding user to the authentication server, receives the server user ID and password of the user as a response, Perform login processing for the user.
- the system When the user uses a service on the application server 301 among a plurality of services provided on the plurality of application server groups 300 using the terminal 100, the system operates in the following procedure.
- the terminal 100 is connected to the application server 301 via a network (step A1 in FIGS. 2 and 3).
- a protocol such as HTTP (HyperText Transfer Protocol) or HTTPS (HyperText Transfer Protocol Security).
- the service confirmation unit 110 on the terminal determines whether the connected server and service are compatible with the ID authentication system of the present invention (step A2 in FIGS. 2 and 3).
- a list of URLs (Uniform Resource Locator) and IP (Internet Protocol) addresses of servers and services corresponding to this system, and port numbers at the time of connection is stored in the terminal, A method of determining whether or not the list is included in the list by comparing the list with the information of the server and service connected this time can be considered.
- URLs Uniform Resource Locator
- IP Internet Protocol
- a method of using a digital certificate authentication process performed at the time of HTTPS connection is conceivable.
- a specific character as an identifier corresponding to the system is displayed in a specific field in the digital certificate of the server.
- a method may be considered in which a column is embedded in advance, and when the digital certificate of the server transmitted from the connected server is authenticated on the terminal, whether or not the identifier is included is determined.
- a certificate authority that issues a digital certificate of the server there is a method of limiting the certificate to a specific certificate authority. As a result, when a digital certificate transmitted from the connected server is authenticated on the terminal, it can be determined that the certificate is issued by this specific certificate authority and is compatible with this system. .
- the authentication function of this system cannot be used for servers and services that do not support this system. However, it is possible to use the service by a normal login method in which the user ID and password for the server and service are input through the user interface on the terminal (step A3a in FIG. 2). On the other hand, if it is determined that the server and service are compatible with the system, the single sign-on process of the system is started in the following procedure (step A3b in FIGS. 2 and 3).
- the one-time ID automatic generation unit 120 newly generates a one-time ID for connecting the current server and service ( Step A4) in FIGS.
- the one-time ID is an ID having a sufficient number of digits so that the one-time ID is generated multiple times at the same terminal and the same one as the one-time ID at other terminals is not generated by chance. . Moreover, it is possible to reduce the possibility that the same one-time ID is generated by setting the expiration date of the ID as necessary. Furthermore, the address of the authentication server 200 required in the one-time ID inquiry procedure described below may be embedded in this one-time ID.
- An example of a one-time ID is a format such as “a323912z9dw0afcdsl@authentication.server.co.jp”.
- the first part “a323912z9dw0afcdsl” of “@” used as a delimiter is a randomly generated random character string
- the second part “authentication.server.co.jp” of “@” is the one-time ID.
- This is the address of the authentication server to query.
- the authentication server address may be separately transmitted without being included in the one-time ID.
- the user ID transmission unit 140 transmits the one-time ID generated in step A4 and the terminal user ID issued in advance for the authentication server 200 to recognize the terminal user to the authentication server 200 (FIG. 2). And Step A5) of FIG. Here, it is assumed that the user ID transmission unit 140 transmits “a323912z9dw0afcdsl” as the one-time ID and “user001” as the terminal user ID to the authentication server 200.
- the terminal user needs to perform user registration with the authentication server 200 in advance and have the authentication server 200 issue a terminal user ID for recognizing the terminal 100 and the user using the terminal 100. Furthermore, by registering the user ID in the terminal user ID transmission unit on the terminal 100 in advance, it is possible to save the user from inputting the user ID in step A5 and to automatically execute a series of processes. Become. Also, a password may be set at the same time as the terminal user ID and sent to the authentication server 200.
- the one-time ID transmission unit 130 on the terminal 100 transmits the one-time ID generated in step A4 to the application server 301 (step A6 in FIGS. 2 and 3).
- the one-time ID transmission unit 130 transmits “a323912z9dw0afcdsl” as the one-time ID to the application server 301.
- the one-time ID and terminal user ID transmitted from the terminal 100 to the authentication server 200 in step A5 are received by the ID receiving unit 210 on the authentication server, and the ID receiving unit 210 manages the one-time ID and the user ID as a set. It is stored in the table (step A7 in FIGS. 2 and 3).
- the ID receiving unit 210 stores and manages a set of the one-time ID “a323912z9dw0afcdsl” and the terminal user ID “user001” in a table.
- the one-time ID and the terminal user ID are managed by a database table, but they may be managed by a main storage device in the server.
- the processing order of the processing for the authentication server 200 by the user ID transmission unit 140 (steps A5 and A7 in FIGS. 2 and 3) and the processing for the application server by the one-time ID transmission unit 130 (step A6 in FIGS. 2 and 3). Whichever is the first, may be performed simultaneously.
- the one-time ID transmitted from the terminal 100 to the application server 301 in step A6 is received by the ID inquiry unit 311 on the application server 301, and the terminal user currently connected to the authentication server 200 based on the one-time ID.
- the authentication information is inquired (step A8 in FIGS. 2 and 3).
- the ID inquiry unit 311 inquires the authentication server 200 about the authentication information of the terminal user based on the one-time ID “a323912z9dw0afcdsl”.
- the ID inquiry unit 311 makes an inquiry to the authentication server represented by this address.
- the address of the authentication server is transmitted from the terminal 100 separately from the one-time ID, that address is used.
- the application server 301 has a list of addresses of known authentication servers in advance, and even if an ID is inquired using this list. Good.
- the server ID response unit 230 on the authentication server receives the authentication information inquiry by the one-time ID from the application server 301, the server ID response unit 230 obtains the corresponding one-time ID from the combination of the one-time ID and the user ID managed by the ID reception unit 210.
- the terminal user ID that is paired is retrieved to obtain a set (step A9 in FIGS. 2 and 3).
- the server ID response unit 230 searches the table (FIG. 4) in which the one-time ID and the terminal user ID are stored, and acquires “user001” as the terminal user ID. To do.
- the server ID response unit 230 selects the application server 301 that has made an inquiry from the set of the terminal user ID managed by the ID management unit 220 and the server user ID and password of each application server, and the terminal user ID.
- the server user ID and password corresponding to are acquired and returned to the application server 301 (step A10 in FIGS. 2 and 3).
- the ID response unit 230 responds to the inquiry from the table (FIG. 5) managed by the ID management unit 220 to the terminal user.
- the server user ID “yamada-taro” and password “Xed241w” corresponding to the ID “user001” are acquired.
- the ID response unit 230 transmits the server user ID “yamada-taro” and the password “Xed241w” to the application server 301.
- the ID management unit 220 on the authentication server is associated with a terminal user ID for each terminal user managed by the authentication server, and a set of a server user ID and a password for the user to log in to a service on each application server. (FIG. 5).
- a terminal user ID for each terminal user managed by the authentication server
- a server user ID and a password for the user to log in to a service on each application server.
- FIG. 5 the example which manages these information with the table of a database was shown, you may manage with the main memory etc. in a server.
- This set of server user ID and password is different for each application server, and it is necessary for the terminal user to register and issue to each application server in advance.
- the authentication information of this embodiment is a set of ID and password, but may be other authentication information.
- the application server 301 that has acquired the server user ID and password performs a login process for the terminal user and starts providing a service to the terminal user (step A11 in FIGS. 2 and 3).
- the terminal 100 since the terminal 100 transmits only one different one-time ID to each of the application servers 300, a specific terminal user is identified across the plurality of application servers 300, and the terminal user's It is possible to prevent the behavior on each application server 300 from being tracked.
- the authentication server 200 uses the one-time ID of the application server as the server user ID and password of the user corresponding to the application server managed in the authentication server 200. By transmitting in response to an inquiry, automatic single sign-on that does not require a user's manual login operation to each application server can be realized.
- Embodiment 2 The second embodiment of the present invention is characterized in that there are a plurality of authentication servers as shown in FIG.
- the terminal user performs user registration with an arbitrary plurality of authentication servers 200 (201 to 20N), and has a terminal user ID issued in advance.
- the server user ID and password for the terminal user to log in to each application server 300 may be managed in any ID management unit of the authentication server on which the terminal user has performed user registration.
- the address is embedded in the one-time ID.
- the authentication server 205 is used this time and the address of the authentication server 205 is “authentication.server205.co.jp”, this information is embedded in the one-time ID according to the procedure described in the first embodiment. Leave it in.
- the address of the authentication server may be transmitted to the application server separately from the one-time ID.
- the application server makes an inquiry about the one-time ID to the authentication server using the ID inquiry unit in step A8 of FIGS. 2 and 3, the address of the authentication server embedded in the one-time ID received by the application server, Alternatively, using the separately received authentication server address, an authentication server to be inquired is determined, and the authentication server is inquired.
- the ID authentication system of the present invention can operate even in the configuration of FIG. 6 in which a plurality of authentication servers exist.
- the terminal user ID is not provided from the authentication server, but may be a terminal that can uniquely identify the terminal such as a MAC address (Media Access Control Control address).
- MAC address Media Access Control Control address
- the same terminal user ID may be shared by each terminal.
- those terminals may share the same terminal user ID.
- the present invention has applicability to an electronic commerce system on the Internet that requires user authentication, for example.
Abstract
Description
前記端末装置は、
一時的に使用されるワンタイムIDを生成するワンタイムID生成手段と、
前記ワンタイムID生成手段により生成されたワンタイムIDを前記サービス提供装置に対して送信するワンタイムID送信手段と、
前記ワンタイムID送信手段により送信したワンタイムIDと、ユーザを一意に識別するユーザIDとを前記認証サーバに対して、送信するユーザID送信手段を有し、
前記サービス提供装置は、
前記端末装置から送信されたワンタイムIDを受信し、前記認証サーバに対して、受信したワンタイムIDに対応する認証情報を問い合わせるID問い合わせ手段を有し、
前記認証サーバは、
ユーザIDと、前記サービス提供装置において認証するための認証情報を互いに関連付けて記憶する認証情報管理手段と、
前記端末装置から送信された前記ワンタイムIDとユーザIDとを受信するID受信手段と、
前記サービス提供装置からの問い合わせに含まれるワンタイムIDに対応する当該ユーザIDを、前記ID受信手段により受信された前記ワンタイムIDとユーザIDより取得し、さらに取得したユーザIDに基づいて前記認証情報管理手段において当該ユーザIDと関連づけられた認証情報を取得して、当該サービス提供装置に送信するサーバID応答手段を備えるものである。
端末装置においてワンタイムIDを生成し、
前記端末装置からサービス提供装置に対して前記ワンタイムIDを送信し、
前記端末装置から認証サーバに対して前記ワンタイムIDと、ユーザを一意に識別するためのユーザIDとを送信し、
前記サービス提供装置が、前記端末装置からワンタイムIDを受信し、そのワンタイムIDに基づいて前記認証サーバに一時的IDに対応する認証情報を問い合わせる処理を実行し、
前記認証サーバが、前記端末装置から前記ワンタイムIDと前記ユーザIDとを受信し、
前記認証サーバが、前記サービス提供装置からの問い合わせに含まれるワンタイムIDに対応するユーザIDを取得し、さらに当該ユーザIDに対応する認証情報を取得して、当該サービス提供装置にその認証情報を送信するものである。
ユーザがサービス提供装置にログインするための認証を実行するID認証プログラムが格納された非一時的なコンピュータ可読媒体であって、
端末装置から送信されたワンタイムIDとユーザIDとを取得し、
前記端末装置から前記ワンタイムIDを受信したサービス提供装置からの問い合わせに含まれるワンタイムIDに対応するユーザIDを取得し、さらに当該ユーザIDに対応する認証情報を取得して、当該サービス提供装置にする認証情報を送信し処理実行させる処理を認証サーバに対して実行させるものである。
以下、図面を参照して本発明の実施の形態について説明する。
まず、図1を用いて、本発明の実施の形態1にかかるID認証システムの構成について説明する。このID認証システムは、図1に示されるように、端末100、認証サーバ200、複数のアプリケーションサーバ群300(301~30N)を備えている。これらは、ネットワークに接続され、相互に通信を行うことができる。
本発明の実施の形態2は、図6に示すように認証サーバが複数個あることを特徴とするものである。この場合、端末ユーザは認証サーバ200(201~20N)のうちの任意の複数個の認証サーバに対してユーザ登録を行い、端末ユーザIDをあらかじめ発行してもらっておく。また各アプリケーションサーバ300に対して、当該端末ユーザがログインするためのサーバユーザID及びパスワードは、端末ユーザがユーザ登録を実施した認証サーバのうちのいずれのID管理部において管理されていてもよい。
Claims (8)
- 端末装置と、複数のサービス提供装置と、認証サーバとを備え、
前記端末装置は、
一時的に使用されるワンタイムIDを生成するワンタイムID生成手段と、
前記ワンタイムID生成手段により生成されたワンタイムIDを前記サービス提供装置に対して送信するワンタイムID送信手段と、
前記ワンタイムID送信手段により送信したワンタイムIDと、ユーザを一意に識別するユーザIDとを前記認証サーバに対して、送信するユーザID送信手段を有し、
前記サービス提供装置は、
前記端末装置から送信されたワンタイムIDを受信し、前記認証サーバに対して、受信したワンタイムIDに対応する認証情報を問い合わせるID問い合わせ手段を有し、
前記認証サーバは、
ユーザIDと、前記サービス提供装置において認証するための認証情報を互いに関連付けて記憶する認証情報管理手段と、
前記端末装置から送信された前記ワンタイムIDとユーザIDとを受信するID受信手段と、
前記サービス提供装置からの問い合わせに含まれるワンタイムIDに対応する当該ユーザIDを、前記ID受信手段により受信された前記ワンタイムIDとユーザIDより取得し、さらに取得したユーザIDに基づいて前記認証情報管理手段において当該ユーザIDと関連づけられた認証情報を取得して、当該サービス提供装置に送信するサーバID応答手段を有するID認証システム。 - 前記端末装置のワンタイムID生成手段は、前記認証サーバのアドレス情報を含むワンタイムIDを生成し、
前記サービス提供装置は、当該ワンタイムIDに含まれるアドレス情報により指定された認証サーバに対して問い合わせを行うことを特徴とする請求項1記載のID認証システム。 - 前記認証サーバのアドレス情報を含むワンタイムIDは、一時的な識別情報である文字列とドメイン名から構成されることを特徴とする請求項2記載のID認証システム。
- 前記ID認証システムは、複数の認証サーバを備えたことを特徴とする請求項2又は3記載のID認証システム。
- 端末装置においてワンタイムIDを生成し、
前記端末装置からサービス提供装置に対して前記ワンタイムIDを送信し、
前記端末装置から認証サーバに対して前記ワンタイムIDと、ユーザを一意に識別するためのユーザIDとを送信し、
前記サービス提供装置が、前記端末装置からワンタイムIDを受信し、そのワンタイムIDに基づいて前記認証サーバに一時的IDに対応する認証情報を問い合わせる処理を実行し、
前記認証サーバが、前記端末装置から前記ワンタイムIDと前記ユーザIDとを受信し、
前記認証サーバが、前記サービス提供装置からの問い合わせに含まれるワンタイムIDに対応するユーザIDを取得し、さらに当該ユーザIDに対応する認証情報を取得して、当該サービス提供装置にその認証情報を送信するID認証方法。 - 前記ワンタイムIDは、前記認証サーバのアドレス情報を含み、
前記サービス提供装置は、当該ワンタイムIDに含まれるアドレス情報により指定された認証サーバに対して問い合わせを行うことを特徴とする請求項5記載のID認証方法。 - 前記認証サーバのアドレス情報を含むワンタイムIDは、一時的な識別情報である文字列とドメイン名から構成されることを特徴とする請求項6記載のID認証方法。
- ユーザがサービス提供装置にログインするための認証を実行する処理をコンピュータに実行させるID認証プログラムが格納された非一時的なコンピュータ可読媒体であって、
端末装置から送信されたワンタイムIDとユーザIDとを取得し、
前記端末装置から前記ワンタイムIDを受信したサービス提供装置からの問い合わせに含まれるワンタイムIDに対応するユーザIDを取得し、さらに当該ユーザIDに対応する認証情報を取得して、当該サービス提供装置にする認証情報を送信し処理実行させる処理を認証サーバに対して実行させるID認証プログラムが格納された非一時的なコンピュータ可読媒体。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2011509193A JP5565408B2 (ja) | 2009-04-15 | 2010-03-24 | Id認証システム、id認証方法、認証サーバ、端末装置、認証サーバの認証方法、端末装置の通信方法、及びプログラム |
US13/256,698 US8875270B2 (en) | 2009-04-15 | 2010-03-24 | ID authentication system, ID authentication method, and non-transitory computer readable medium storing ID authentication program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2009-098998 | 2009-04-15 | ||
JP2009098998 | 2009-04-15 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010119626A1 true WO2010119626A1 (ja) | 2010-10-21 |
Family
ID=42982301
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2010/002073 WO2010119626A1 (ja) | 2009-04-15 | 2010-03-24 | Id認証システム、方法及びプログラムが格納された非一時的なコンピュータ可読媒体 |
Country Status (3)
Country | Link |
---|---|
US (1) | US8875270B2 (ja) |
JP (1) | JP5565408B2 (ja) |
WO (1) | WO2010119626A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPWO2013047093A1 (ja) * | 2011-09-29 | 2015-03-26 | 沖電気工業株式会社 | Id管理装置、プログラム、利用者端末、およびid管理システム |
JP2016038776A (ja) * | 2014-08-08 | 2016-03-22 | 公立大学法人首都大学東京 | サービス利用情報共有システム |
US10129030B2 (en) | 2014-03-12 | 2018-11-13 | Ntt Docomo, Inc. | Information delivery system, information delivery method, short-range communication device, information delivery apparatus, and server |
WO2019230594A1 (ja) * | 2018-05-30 | 2019-12-05 | 日本電信電話株式会社 | 管理装置、管理方法及び管理プログラム |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101924962B1 (ko) * | 2012-10-04 | 2018-12-04 | 엘지전자 주식회사 | 이동 단말기, 홈 어플라이언스 및 그 동작방법 |
US9467445B2 (en) * | 2013-11-08 | 2016-10-11 | Launchkey, Inc. | Systems and methods for group authentication |
US9736647B2 (en) * | 2014-03-19 | 2017-08-15 | Verizon Patent And Licensing Inc. | Method, apparatus, and system for network identifier supression |
US10291147B2 (en) * | 2016-09-29 | 2019-05-14 | Ge Global Sourcing Llc | Current reduction system for inverters connected to a common bus |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005519365A (ja) * | 2002-02-28 | 2005-06-30 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | 単一サインオンサービスにおけるユーザ識別子の取り扱い方法及び装置 |
JP2006004149A (ja) * | 2004-06-17 | 2006-01-05 | Kddi Corp | 利用者認証システムおよび方法 |
JP2006011989A (ja) * | 2004-06-28 | 2006-01-12 | Ntt Docomo Inc | 認証方法、端末装置、中継装置及び認証サーバ |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020122063A1 (en) * | 2000-12-29 | 2002-09-05 | Weinberg Carl B. | System and method for storing and displaying information |
JP2002334056A (ja) * | 2001-05-08 | 2002-11-22 | Infocom Corp | ログイン代行システム及びログイン代行方法 |
JP2005267529A (ja) | 2004-03-22 | 2005-09-29 | Fujitsu Ltd | ログイン認証方式、ログイン認証システム、認証プログラム、通信プログラムおよび記憶媒体 |
JP4472491B2 (ja) | 2004-11-02 | 2010-06-02 | オリンパス株式会社 | 電子機器 |
JP4652350B2 (ja) * | 2007-01-29 | 2011-03-16 | Necソフト株式会社 | リバースプロキシサーバ、その制御方法及びプログラム |
JP2008225573A (ja) | 2007-03-08 | 2008-09-25 | Terumo Corp | 代理サーバ、代理サーバのためのプログラム及び代理アクセス方法 |
-
2010
- 2010-03-24 US US13/256,698 patent/US8875270B2/en not_active Expired - Fee Related
- 2010-03-24 JP JP2011509193A patent/JP5565408B2/ja active Active
- 2010-03-24 WO PCT/JP2010/002073 patent/WO2010119626A1/ja active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005519365A (ja) * | 2002-02-28 | 2005-06-30 | テレフオンアクチーボラゲット エル エム エリクソン(パブル) | 単一サインオンサービスにおけるユーザ識別子の取り扱い方法及び装置 |
JP2006004149A (ja) * | 2004-06-17 | 2006-01-05 | Kddi Corp | 利用者認証システムおよび方法 |
JP2006011989A (ja) * | 2004-06-28 | 2006-01-12 | Ntt Docomo Inc | 認証方法、端末装置、中継装置及び認証サーバ |
Non-Patent Citations (1)
Title |
---|
"Jisedai Ninsho System SKIP9 Tsukaisute no One Time ID de Net Security no Gainen ga Kawaru One Time Password o Koeta Shin Solution", NIKKEI SYSTEM KOCHIKU NO.145, 26 April 2005 (2005-04-26), pages 170 - 171 * |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPWO2013047093A1 (ja) * | 2011-09-29 | 2015-03-26 | 沖電気工業株式会社 | Id管理装置、プログラム、利用者端末、およびid管理システム |
US9661496B2 (en) | 2011-09-29 | 2017-05-23 | Oki Electric Industry Co., Ltd. | ID management device, program, user terminal, and ID management system |
US10129030B2 (en) | 2014-03-12 | 2018-11-13 | Ntt Docomo, Inc. | Information delivery system, information delivery method, short-range communication device, information delivery apparatus, and server |
JP2016038776A (ja) * | 2014-08-08 | 2016-03-22 | 公立大学法人首都大学東京 | サービス利用情報共有システム |
WO2019230594A1 (ja) * | 2018-05-30 | 2019-12-05 | 日本電信電話株式会社 | 管理装置、管理方法及び管理プログラム |
JP2019207656A (ja) * | 2018-05-30 | 2019-12-05 | 日本電信電話株式会社 | 管理装置、管理方法及び管理プログラム |
Also Published As
Publication number | Publication date |
---|---|
US8875270B2 (en) | 2014-10-28 |
JP5565408B2 (ja) | 2014-08-06 |
JPWO2010119626A1 (ja) | 2012-10-22 |
US20120023561A1 (en) | 2012-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP5565408B2 (ja) | Id認証システム、id認証方法、認証サーバ、端末装置、認証サーバの認証方法、端末装置の通信方法、及びプログラム | |
CN101009561B (zh) | 用于imx会话控制和认证的系统和方法 | |
US9608814B2 (en) | System and method for centralized key distribution | |
EP2705642B1 (en) | System and method for providing access credentials | |
US8646057B2 (en) | Authentication and authorization of user and access to network resources using openid | |
US8978100B2 (en) | Policy-based authentication | |
EP3228069B1 (en) | Stack fusion architecture including distributed software clusters to enable software communication services | |
CN108496380B (zh) | 服务器和存储介质 | |
US9930028B2 (en) | Method to enroll a certificate to a device using SCEP and respective management application | |
JP5239341B2 (ja) | ゲートウェイ、中継方法及びプログラム | |
US20080184354A1 (en) | Single sign-on system, information terminal device, single sign-on server, single sign-on utilization method, storage medium, and data signal | |
EP1909430A1 (en) | Access authorization system of communication network and method thereof | |
KR20090017629A (ko) | 프레즌스 서버의 사용자 상태 원격 업데이트 | |
US11165768B2 (en) | Technique for connecting to a service | |
TW201127098A (en) | User-based authentication for realtime communications | |
US20110196978A1 (en) | Service providing system and service providing method | |
EP2071806B1 (en) | Receiving/transmitting agent method of session initiation protocol message and corresponding processor | |
JP4472566B2 (ja) | 通信システム、及び呼制御方法 | |
JP4950095B2 (ja) | サービス提供システム、サービス提供方法およびサービス提供プログラム | |
JP4950096B2 (ja) | サービス提供システム、サービス提供方法およびサービス提供プログラム | |
JP6848275B2 (ja) | プログラム、認証システム及び認証連携システム | |
JP2006229265A (ja) | ゲートウェイシステム | |
JP6055546B2 (ja) | 認証装置、認証方法、およびプログラム | |
US8589519B2 (en) | Method and device for uniform resource identifier handling of user device | |
US9830207B2 (en) | Message communication system and operation method thereof |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 10764213 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2011509193 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 13256698 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 10764213 Country of ref document: EP Kind code of ref document: A1 |