WO2013098925A1 - 情報処理装置、情報処理システム、情報処理方法およびプログラム - Google Patents
情報処理装置、情報処理システム、情報処理方法およびプログラム Download PDFInfo
- Publication number
- WO2013098925A1 WO2013098925A1 PCT/JP2011/080103 JP2011080103W WO2013098925A1 WO 2013098925 A1 WO2013098925 A1 WO 2013098925A1 JP 2011080103 W JP2011080103 W JP 2011080103W WO 2013098925 A1 WO2013098925 A1 WO 2013098925A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- user terminal
- processing apparatus
- information processing
- instruction code
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/25—Mapping addresses of the same type
- H04L61/2503—Translation of Internet protocol [IP] addresses
- H04L61/256—NAT traversal
- H04L61/2571—NAT traversal for identification, e.g. for authentication or billing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
- H04L67/146—Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/061—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key exchange, e.g. in peer-to-peer networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/168—Implementing security features at a particular protocol layer above the transport layer
Definitions
- the present invention relates to a technique for managing communication with a user terminal using a communication identifier.
- the session ID is stored in the browser of the user terminal using a cookie, and the website identifies the user terminal using the session ID. Things have been done.
- an object of the present invention is to use a common communication identifier in a plurality of different websites.
- the present invention employs the following means in order to solve the above-described problems. That is, the present invention is an information processing apparatus that uses a communication identifier in communication with a user terminal, the information request receiving means for receiving an information request transmitted from the user terminal, and the communication to the user terminal.
- An instruction code generating means for generating an instruction code for connecting to another information processing apparatus that wants to use a common communication identifier with the identifier and receiving the common communication identifier from the other information processing apparatus, and in response to the information request
- information generating means for generating information including the instruction code, information including the instruction code generated by the information generating means, and the common communication identifier are used as the user.
- an information transmission means for transmitting to the terminal.
- the communication identifier is an identifier for identifying a communication with a user terminal or a user, such as a session ID, and providing a service for each user terminal or user.
- An information processing apparatus when receiving an information request such as a web page request from a user terminal, causes the user terminal to receive a common communication identifier from another information processing apparatus (for example, an HTML tag) is generated. Then, by including this instruction code in information (for example, a web page) transmitted in response to an information request, the user terminal is made to receive a common communication identifier from another information processing apparatus.
- another information processing apparatus For example, an HTML tag
- the instruction code generation means may generate a code capable of interrupting the interpretation of the information by the user terminal until the processing of the instruction indicated in the instruction code is completed as the instruction code.
- the information processing apparatus further includes authentication code generation means for generating an authentication code capable of authenticating that the instruction code is issued by the information processing apparatus, and the instruction code generation means includes the instruction code
- the user terminal connected to the other information processing apparatus may generate the instruction code so as to notify the other information processing apparatus of the authentication code included in the instruction code.
- the authentication code generation means calculates the authentication code using data including a shared key shared in advance between the information processing apparatus and the other information processing apparatus and the common communication identifier. May be.
- the authentication code generation means performs a one-way hash operation on data including a shared key shared in advance between the information processing apparatus and the other information processing apparatus and the common communication identifier. Thus, the authentication code may be calculated.
- the information processing apparatus further includes setting state determination means for determining whether or not a communication identifier has been set between the information processing apparatus and the user terminal, and the instruction code generation means includes the setting state determination means.
- the instruction code may be generated when it is determined that the communication identifier has not been set.
- the present invention is also an information processing apparatus that uses a communication identifier in communication with a user terminal, the information request receiving unit receiving an information request transmitted from the user terminal, and the information request receiving unit receiving the information request.
- Authentication means for authenticating whether or not the received information request is an information request transmitted in accordance with an instruction code notified from another information processing apparatus that wants to use a communication identifier common to the communication identifier; and
- An information processing apparatus comprising: information transmission means for transmitting the common communication identifier to the user terminal when the information request is authenticated as an information request transmitted according to the instruction code. is there.
- the information processing apparatus when the information processing apparatus according to the present invention receives an information request such as a script request from the user terminal, the information request is notified from another information processing apparatus that wants to use a common communication identifier. Whether or not the information request is transmitted according to the instruction code is authenticated, and when authenticated, a common communication identifier is transmitted to the user terminal.
- the information request receiving means receives a communication identifier used between the other information processing apparatus and the user terminal together with the information request, and the information transmitting means is received by the information request receiving means.
- the received communication identifier may be transmitted as the common communication identifier.
- the information request receiving means receives an authentication code that can authenticate that the instruction code is issued by the other information processing apparatus together with the information request, and the authentication means An authentication code may be used to authenticate whether the information request is an information request transmitted according to an instruction code notified from the other information processing apparatus.
- the authentication unit calculates a result using data including a shared key shared in advance between the information processing apparatus and the other information processing apparatus and the communication identifier received by the information request receiving unit.
- the authentication code may be used to authenticate whether the information request is an information request transmitted according to an instruction code notified from the other information processing apparatus.
- the information transmission unit may transmit the common communication identifier to the user terminal together with a code not including a specific command for the user terminal.
- the present invention may be an information processing system including a first information processing apparatus and a second information processing apparatus that use a communication identifier in communication with a user terminal.
- the first information processing apparatus connects the information request receiving means for receiving an information request transmitted from the user terminal, the user terminal to the second information processing apparatus, and the common communication.
- An instruction code generating means for generating an instruction code for receiving an identifier from the second information processing apparatus, and information including the instruction code as information transmitted to the user terminal in response to the information request
- An information generating unit and an information transmitting unit configured to transmit the information including the instruction code generated by the information generating unit and the common communication identifier to the user terminal.
- the second information processing apparatus includes an information request receiving unit that receives an information request transmitted from the user terminal, and an information request received by the information request receiving unit from the first information processing apparatus.
- An authenticating unit for authenticating whether or not the information request is transmitted according to the notified instruction code; and when the information request is authenticated by the authenticating unit as an information request transmitted according to the instruction code.
- an information transmission means for transmitting the common communication identifier to the user terminal.
- the present invention can also be grasped as a method executed by a computer or a program executed by the computer.
- the present invention can also be understood as a program recorded on a recording medium readable by a computer, other devices, machines, or the like.
- a computer-readable recording medium is a recording medium that stores information such as data and programs by electrical, magnetic, optical, mechanical, or chemical action and can be read from a computer or the like.
- FIG. 1 is a diagram showing an outline of the configuration of a system according to the present embodiment.
- the system according to the present embodiment includes: a. Connected to each other via a network such as the Internet, a. com server 1A and b. com server 1B.
- the user terminal 9 is connected to the system according to the present embodiment via a network.
- Each of the com servers 1B may be configured by a single casing, or may be configured by a plurality of casings connected via a network or the like.
- the system according to the present embodiment includes the functions described below in the above environment, so that the same user terminal 9 can perform a. com server 1A and b. com. 1B, when the connection is made by the same user terminal 9, a. com server 1A and b.
- the com server 1B can recognize each.
- a. com and b. com can provide a cross-sectional service.
- FIG. 2 is a diagram showing an outline of the hardware configuration of the server according to the present embodiment.
- the com server 1B includes a control unit 10 including a CPU (Central Processing Unit) 11, a RAM (Random Access Memory) 12, a ROM (Read Only Memory) 13, and the like, an auxiliary storage device 14, an input device 15,
- the information processing apparatus includes an output device 16 and a network interface 17.
- the information processing apparatus does not have to have the same configuration as that described above.
- components can be omitted, replaced, or added as appropriate according to the embodiment.
- the user terminal 9 is an information processing apparatus including a control unit including a CPU, a RAM, a ROM, and the like, an auxiliary storage device, an input device, an output device, and a network interface (not shown). ).
- FIG. 3 is a diagram showing an outline of a functional configuration of each terminal constituting the system according to the present embodiment.
- the CPU 11 interprets and executes various programs expanded in the RAM 12, and controls various hardware provided in the server, whereby the information request receiving unit 21 and the setting state determining unit 22 are controlled.
- Functioning as an information processing apparatus including an authentication code generation unit 23, an instruction code generation unit 24, an information generation unit 25, an authentication unit 26, and an information transmission unit 27.
- an example in which all of these functions are executed by the general-purpose CPU 11 is described. However, some or all of these functions are realized by one or a plurality of dedicated processors. May be.
- the com server 1B holds a pre-shared key predetermined between servers. This pre-shared key is used in an authentication process described later.
- the server issues a session ID using Cookie, thereby managing communication between the user terminal 9 and the server and identifying the user terminal 9 or the user.
- the user terminal 9 includes a Web browser, a function for transmitting a request to a Web server specified by a URL (Uniform Resource Locator), and a function for receiving a Web page or script returned from the server in response to the request And a function of interpreting and executing the received web page, script, and the like. Further, the user terminal 9 has a cookie management table, and stores the cookie received from the Web server in the cookie management table in association with the domain name. Then, when connecting to the Web server, the user terminal 9 reads the cookie corresponding to the domain name of the Web server from the cookie management table, and notifies the server of the read cookie.
- a URL Uniform Resource Locator
- FIG. 4 is a flowchart showing a flow of session ID sharing processing according to the present embodiment. The processing shown in this flowchart is performed when the request transmitted by the user terminal 9 is a. com server 1A or b. The communication server 1B is triggered by the reception.
- step S101 and step S102 the request transmitted by the user terminal 9 is received, and the type of request is determined.
- the information request receiving unit 21 receives a request transmitted from the user terminal 9 (step S101).
- the request may be a web page request (information request) or a script request such as a common session ID setting script.
- the server determines whether the received request is a web page request or a script request (step S102). If it is determined that the request is a script request, the process proceeds to the common session ID setting process shown in step S107. On the other hand, if it is determined that the request is a Web page request, the process proceeds to step S103.
- step S103 it is determined whether or not a session ID has been assigned.
- the setting state determination unit 22 determines whether or not a session ID has been set between the server and the user terminal 9 by determining whether or not a session ID is set in the received request. If it is determined that the session ID has been set, the process proceeds to step S104. On the other hand, if it is determined that the session ID has not been set, the process proceeds to step S106.
- step S104 and step S105 a web page is generated and transmitted.
- the com server 1A generates a web page according to the request (step S104). Since the Web page generated here is generated in a state where the session ID has been assigned, the Web page may not include the common session ID setting tag. a.
- the com server 1A transmits the generated web page to the user terminal 9 that is the transmission source of the request received in step S101 (step S105).
- the user terminal 9 receives a web page corresponding to the web page request and outputs it on the user terminal 9. Thereafter, the processing shown in this flowchart ends.
- a common session ID setting page generation process is executed.
- the common session ID setting page generation process includes a plurality of Web sites (a.com and b. In this embodiment) as Web pages transmitted to the user terminal 9 that is the transmission source of the request received in step S101. com) to generate a Web page including an instruction code for setting a common session ID. Details of the common session ID setting page generation processing will be described later with reference to FIG. When the common session ID setting page generation processing ends, the processing shown in this flowchart ends.
- a common session ID setting process is executed.
- the common session ID generation process is a session ID common to a plurality of Web sites (in this embodiment, a.com and b.com) to the user terminal 9 that is the transmission source of the request received in step S101. Is a process for setting. Details of the common session ID setting process will be described later with reference to FIG. When the common session ID setting process ends, the process shown in this flowchart ends.
- FIG. 5 is a flowchart showing a flow of a common session ID setting page generation process according to the present embodiment.
- the process shown in this flowchart is started as the common session ID setting page generation process in step S106 in the session ID sharing process described with reference to FIG.
- the request is a.
- the case where the com server 1A receives will be described. However, if the request is b.
- the configuration is substantially the same except that the com server 1B is replaced.
- step S201 a session ID is generated.
- the server (a.com server 1A in this embodiment) issues a session ID for identifying communication with the user terminal 9 and the user terminal 9 issued to the user terminal 9 to which the session ID is not assigned. Generate. Thereafter, the process proceeds to step S202.
- a MAC Message Authentication Code, message authentication code
- the authentication code generation unit 23 generates a MAC used for authentication by another server (b.com server 1B in the present embodiment) that executes a common session ID setting process, which will be described later with reference to FIG.
- the MAC generated here includes an instruction code generated in step S203, which will be described later, as a. It can be authenticated that it is issued by the com server 1A. More specifically, the authentication code generation unit 23 performs a. com server 1A and b.
- the MAC is calculated by performing a one-way hash operation on the data including the pre-shared key shared in advance with the com server 1B and the common session ID.
- step S203 a tag for causing the user terminal 9 to acquire a common session ID setting script is generated.
- the instruction code generator 24 wants to use a common session ID for the user terminal 9 b. com server 1B, and the common session ID is b.
- An instruction code (tag) to be received from the com server 1B is generated.
- the common session ID refers to a. com server 1A and b. This is a session ID commonly used by the com server 1B.
- the instruction code generated by the instruction code generation unit 24 is connected to another server (here, the b.com server 1B) that uses the common session ID for the user terminal 9 that has received the Web page, and sets the common session ID. Contains instructions for requesting a script. At this time, the user terminal 9 to b.
- the URL used for connection to the com server 1B includes b.
- the domain name of the com server 1B, the session ID generated in step S201, and the MAC generated in step S202 are included.
- the instruction code generation unit 24 interprets instructions (tags) described after the instruction code until the user terminal 9 finishes the process indicated by the generated instruction code (tag). In other words, in other words, the user terminal 9 generates an instruction code that interrupts the process until the process indicated by the instruction code is completed.
- the instruction code is described as a tag that instructs to read and execute a script such as JavaScript (registered trademark) from another information processing apparatus (here, the b.com server 1B).
- the instruction code does not specify an option for interpreting the subsequent instruction (tag or the like) in advance before the instruction related to the instruction code (reading and executing the script) is completed.
- the browser of the user terminal 9 that has received the Web page does not interpret the tag described after the instruction code until the processing of the command described in JavaScript (registered trademark) is completed (processing is interrupted). ).
- the instruction code generated by the instruction code generation unit 24 is higher than the description of the link of the Web page to another site, in other words, the link to the other site in the source code of the Web page.
- the link to other sites such as com can be prevented from being displayed by the browser. That is, the instruction code is described in the upper part of the Web page, and the script acquired by the instruction code is described in JavaScript (registered trademark). It is possible to prevent a common session ID from being set by clicking the com link. However, the information acquired by the instruction code is not limited to the information described by JavaScript (registered trademark).
- the instruction code is received by the user terminal in a different manner until the setting of the common session ID according to the instruction code is completed. It is only necessary to be able to prevent access to the com server.
- step S204 to step S206 a web page and a cookie are generated and transmitted.
- the information generation unit 25 generates a Web page including the tag (instruction code) generated in Step S203 as a Web page transmitted to the user terminal 9 in response to the Web page request (Step S204).
- the information generation unit 25 interprets the tag (instruction code) generated by the instruction code generation unit 24 in the source code of the Web page prior to the description such as the link to another site. -Describe in the location to be executed.
- the com server 1A generates a cookie for setting the session ID generated in step S201 to the user terminal 9 (step S205).
- the information transmission unit 27 transmits the Web page including the instruction code and the cookie including the session ID to the user terminal 9. Thereafter, the processing shown in this flowchart ends.
- step S206 a.
- the web page including the instruction code and the cookie including the session ID transmitted from the com server 1A are received by the user terminal 9.
- the user terminal 9 assigns the session ID included in the cookie to a. set as a session ID used for communication with the com server 1A.
- This session ID is set to b.
- the common session ID is also set as a session ID used for communication with the com server 1B.
- the user terminal 9 executes the instruction code included in the web page; b.
- the script is requested to the com server 1B.
- An instruction code is executed; b. Until the common session ID is set from the com server 1B, interpretation of subsequent tags in the Web page is suspended.
- FIG. 6 is a flowchart showing the flow of the common session ID setting process according to the present embodiment.
- the process shown in this flowchart is started as a common session ID setting process in step S107 in the session ID sharing process described with reference to FIG.
- the request is b.
- the case where the com server 1B receives will be described. However, if the request is a.
- com server 1A and b The configuration is substantially the same except that the com server 1B is replaced.
- a one-way hash for authenticating a request from the user terminal 9 is calculated.
- the URL used for connection to the com server 1B includes a.
- the session ID and MAC set by the com server 1A are included. Therefore, the authentication unit 26 uses the MAC included in the request received in step S101 to make a received script request a. It is authenticated whether or not the request is transmitted according to the instruction code notified from the com server 1A. More specifically, the authentication unit 26 performs a. com server 1A and b.
- the one-way hash calculation is performed on the data including the pre-shared key shared in advance with the com server 1B and the session ID received in step S101 (step S301). Then, the authentication unit 26 compares the result of the one-way hash calculation in step S301 with the MAC included in the request, so that the request for the common session ID setting script becomes a. It is authenticated whether the request is transmitted according to the instruction code notified from the com server 1A (step S302). Thereafter, the process proceeds to step S303.
- step S303 and step S304 if the authentication result is determined and the authentication fails, the script is transmitted without a cookie for setting the common session ID.
- step S302 when it is determined that the result of the one-way hash calculation and the MAC do not match (mismatch), the process proceeds to step S304, and b.
- the com server 1B transmits a script without a cookie for setting a common session ID to the user terminal 9 (step S304). Thereafter, the processing shown in this flowchart ends.
- the script transmitted here is not particularly limited. For example, it can be a script code (for example, “0;”) that does not include a specific command such as a display command for the user terminal 9.
- step S305 when it is determined that the result of the one-way hash calculation matches the MAC, the process proceeds to step S305.
- step S305 and step S306 a cookie is generated and transmitted together with the common session ID setting script.
- the authentication unit 26 makes a script request a. When it is authenticated that the request is transmitted according to the instruction code issued from the com server 1A, b.
- the com server 1B sets a cookie for setting the session ID received in step S101 (that is, the session ID used between the a.com server 1A and the user terminal 9) to the user terminal 9 as a common session ID.
- Generate step S305.
- the information transmitting unit 27 transmits the common session ID setting script and the cookie including the common session ID to the user terminal 9 (step S305).
- the common session ID setting script transmitted here is not particularly limited. For example, a script code (eg, “0;”) that does not include a specific command such as a display command for the user terminal 9 is used. I can do it. Thereafter, the processing shown in this flowchart ends.
- the cookie including the common session ID setting script and the common session ID transmitted from the com server 1B is received by the user terminal 9.
- the user terminal 9 sets the common session ID included in the cookie to b. set as a session ID used for communication with the com server 1B.
- the user terminal 9 resumes the interpretation of the Web page that has been interrupted for setting the common session ID, and outputs the Web page (display on a display or the like).
- the session ID used between the com server 1B and the user terminal 9 is the same session ID.
- the cookie includes information other than the session ID, such as an identifier used by a load balancer for load balancing of the server. May be.
- a common session ID can be used in a plurality of different Web sites. For this reason, even when the Web browser provided in the user terminal 9 manages Cookies for each domain name, a cross-site cross-site service is provided to the user in a plurality of Web sites related to different domain names. Is possible. For example, shopping carts can be shared among a plurality of Web sites using different domains.
- a method of sharing the session ID among a plurality of servers a method of identifying the user terminal 9 or the user by including the session ID in the URL when the user terminal 9 accesses the server can be considered.
- a method of identifying the user terminal 9 or the user by including the session ID in the URL when the user terminal 9 accesses the server can be considered.
- the system according to the present embodiment can share the session ID more securely.
- the server (b.com server 1B in the above embodiment) requested to issue the common session ID from the user terminal 9 has issued the instruction code (in the above embodiment). It is possible to authenticate whether or not the a.com server 1A) is a server that shares a pre-shared key in advance, and set a common session ID only for the user terminal 9 having an authentic instruction code.
- the system according to the present embodiment is more secure than the conventional system in this respect.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer And Data Communications (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
図1は、本実施形態に係るシステムの構成の概略を示す図である。本実施形態に係るシステムは、インターネット等のネットワークを介して互いに通信可能に接続された、a.comサーバ1Aおよびb.comサーバ1Bを備える。また本実施形態に係るシステムには、ネットワークを介して、ユーザ端末9が接続される。なお、a.comサーバ1Aおよびb.comサーバ1Bは、夫々、単一の筐体によって構成されてもよいし、ネットワーク等を介して接続された複数の筐体によって構成されてもよい。
次に、図4から図6を用いて、本実施形態に係る処理の詳細を説明する。なお、本実施形態において説明される処理の具体的な内容および順序等は、実施する上での一例である。具体的な処理内容および順序等は、実施の形態に応じて適宜選択されてよい。
本実施形態に係るシステムによれば、異なる複数のWebサイトにおいて、共通のセッションIDを用いることが可能となる。このため、ユーザ端末9に備えられるWebブラウザが、ドメイン名毎にCookieを管理する場合にも、異なるドメイン名に係る複数のWebサイトにおいて、サイトをまたがった横断的なサービスをユーザに提供することが可能となる。例えば、異なるドメインを用いる複数のWebサイトにおいて、ショッピングカートの共通化等が可能となる。
9 ユーザ端末
Claims (16)
- ユーザ端末との間の通信において通信識別子を用いる情報処理装置であって、
前記ユーザ端末から送信された情報要求を受信する情報要求受信手段と、
前記ユーザ端末に、前記通信識別子と共通の通信識別子を用いたい他の情報処理装置に接続させ、前記共通の通信識別子を該他の情報処理装置から受信させる指示コードを生成する指示コード生成手段と、
前記情報要求に応じて前記ユーザ端末に対して送信される情報として、前記指示コードを含む情報を生成する情報生成手段と、
前記情報生成手段によって生成された前記指示コードを含む情報および前記共通の通信識別子を、前記ユーザ端末宛に送信する情報送信手段と、
を備える、情報処理装置。 - 前記指示コード生成手段は、前記指示コードとして、該指示コードに示された命令の処理が終了するまで前記ユーザ端末による前記情報の解釈を中断可能なコードを生成する、
請求項1に記載の情報処理装置。 - 前記指示コードが該情報処理装置によって発行されたものであることを認証可能な認証コードを生成する認証コード生成手段を更に備え、
前記指示コード生成手段は、前記指示コードを受けて前記他の情報処理装置に接続する前記ユーザ端末が、前記指示コードに含まれる前記認証コードを前記他の情報処理装置に通知するように、前記指示コードを生成する、
請求項1または2に記載の情報処理装置。 - 前記認証コード生成手段は、該情報処理装置と前記他の情報処理装置との間で予め共有された共有鍵、および前記共通の通信識別子を含むデータを用いて、前記認証コードを算出する、
請求項3に記載の情報処理装置。 - 前記認証コード生成手段は、該情報処理装置と前記他の情報処理装置との間で予め共有された共有鍵、および前記共通の通信識別子を含むデータに対して一方向ハッシュ演算を行うことで、前記認証コードを算出する、
請求項4に記載の情報処理装置。 - 該情報処理装置と前記ユーザ端末との間で通信識別子が設定済みか否かを判定する設定状態判定手段を更に備え、
前記指示コード生成手段は、前記設定状態判定手段によって前記通信識別子が設定済みでないと判定された場合に、前記指示コードを生成する、
請求項1から5の何れか一項に記載の情報処理装置。 - ユーザ端末との間の通信において通信識別子を用いる情報処理装置であって、
前記ユーザ端末から送信された情報要求を受信する情報要求受信手段と、
前記情報要求受信手段によって受信された情報要求が、前記通信識別子と共通の通信識別子を用いたい他の情報処理装置から通知された指示コードに従って送信された情報要求であるか否かを認証する認証手段と、
前記認証手段によって、前記情報要求が、前記指示コードに従って送信された情報要求であると認証された場合に、前記共通の通信識別子を、前記ユーザ端末宛に送信する情報送信手段と、
を備える、情報処理装置。 - 前記情報要求受信手段は、前記情報要求と併せて、前記他の情報処理装置と前記ユーザ端末との間で用いられる通信識別子を受信し、
前記情報送信手段は、前記情報要求受信手段によって受信された前記通信識別子を、前記共通の通信識別子として送信する、
請求項7に記載の情報処理装置。 - 前記情報要求受信手段は、前記情報要求と併せて、前記指示コードが前記他の情報処理装置によって発行されたものであることを認証可能な認証コードを受信し、
前記認証手段は、前記認証コードを用いて、前記情報要求が、前記他の情報処理装置から通知された指示コードに従って送信された情報要求であるか否かを認証する、
請求項8に記載の情報処理装置。 - 前記認証手段は、該情報処理装置と前記他の情報処理装置との間で予め共有された共有鍵と前記情報要求受信手段によって受信された前記通信識別子とを含むデータを用いた算出結果と、前記認証コードとを比較することで、前記情報要求が、前記他の情報処理装置から通知された指示コードに従って送信された情報要求であるか否かを認証する、
請求項9に記載の情報処理装置。 - 前記情報送信手段は、前記ユーザ端末に対する具体的な命令を含まないコードと共に、前記共通の通信識別子を、前記ユーザ端末宛に送信する、
請求項7から10の何れか一項に記載の情報処理装置。 - ユーザ端末との間の通信において通信識別子を用いる第一の情報処理装置および第二の情報処理装置を備える情報処理システムであって、
前記第一の情報処理装置は、
前記ユーザ端末から送信された情報要求を受信する情報要求受信手段と、
前記ユーザ端末に、前記第二の情報処理装置に接続させ、前記共通の通信識別子を該第二の情報処理装置から受信させる指示コードを生成する指示コード生成手段と、
前記情報要求に応じて前記ユーザ端末に対して送信される情報として、前記指示コードを含む情報を生成する情報生成手段と、
前記情報生成手段によって生成された前記指示コードを含む情報および前記共通の通信識別子を、前記ユーザ端末宛に送信する情報送信手段と、を備え、
前記第二の情報処理装置は、
前記ユーザ端末から送信された情報要求を受信する情報要求受信手段と、
前記情報要求受信手段によって受信された情報要求が、前記第一の情報処理装置から通知された指示コードに従って送信された情報要求であるか否かを認証する認証手段と、
前記認証手段によって、前記情報要求が、前記指示コードに従って送信された情報要求であると認証された場合に、前記共通の通信識別子を、前記ユーザ端末宛に送信する情報送信手段と、を備える、
情報処理システム。 - ユーザ端末との間の通信において通信識別子を用いる情報処理装置のコンピュータによって、
前記ユーザ端末から送信された情報要求を受信する情報要求受信ステップと、
前記ユーザ端末に、前記通信識別子と共通の通信識別子を用いたい他の情報処理装置に接続させ、前記共通の通信識別子を該他の情報処理装置から受信させる指示コードを生成する指示コード生成ステップと、
前記情報要求に応じて前記ユーザ端末に対して送信される情報として、前記指示コードを含む情報を生成する情報生成ステップと、
前記情報生成ステップにおいて生成された前記指示コードを含む情報および前記共通の通信識別子を、前記ユーザ端末宛に送信する情報送信ステップと、
が実行される、情報処理方法。 - ユーザ端末との間の通信において通信識別子を用いる情報処理装置のコンピュータによって、
前記ユーザ端末から送信された情報要求を受信する情報要求受信ステップと、
前記情報要求受信ステップにおいて受信された情報要求が、前記通信識別子と共通の通信識別子を用いたい他の情報処理装置から通知された指示コードに従って送信された情報要求であるか否かを判定する判定ステップと、
前記判定ステップにおいて、前記情報要求が、前記指示コードに従って送信された情報要求であると判定された場合に、前記共通の通信識別子を、前記ユーザ端末宛に送信する情報送信ステップと、
が実行される、情報処理方法。 - ユーザ端末との間の通信において通信識別子を用いる情報処理装置のコンピュータを、
前記ユーザ端末から送信された情報要求を受信する情報要求受信手段と、
前記ユーザ端末に、前記通信識別子と共通の通信識別子を用いたい他の情報処理装置に接続させ、前記共通の通信識別子を該他の情報処理装置から受信させる指示コードを生成する指示コード生成手段と、
前記情報要求に応じて前記ユーザ端末に対して送信される情報として、前記指示コードを含む情報を生成する情報生成手段と、
前記情報生成手段によって生成された前記指示コードを含む情報および前記共通の通信識別子を、前記ユーザ端末宛に送信する情報送信手段と、
として機能させるプログラム。 - ユーザ端末との間の通信において通信識別子を用いる情報処理装置のコンピュータを、
前記ユーザ端末から送信された情報要求を受信する情報要求受信手段と、
前記情報要求受信手段によって受信された情報要求が、前記通信識別子と共通の通信識別子を用いたい他の情報処理装置から通知された指示コードに従って送信された情報要求であるか否かを認証する認証手段と、
前記認証手段によって、前記情報要求が、前記指示コードに従って送信された情報要求であると認証された場合に、前記共通の通信識別子を、前記ユーザ端末宛に送信する情報送信手段と、
として機能させるプログラム。
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2011/080103 WO2013098925A1 (ja) | 2011-12-26 | 2011-12-26 | 情報処理装置、情報処理システム、情報処理方法およびプログラム |
JP2012535479A JP5383923B1 (ja) | 2011-12-26 | 2011-12-26 | 情報処理装置、情報処理システム、情報処理方法およびプログラム |
US14/315,905 US9762535B2 (en) | 2011-12-26 | 2014-06-26 | Information processing apparatus, system, method and medium |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2011/080103 WO2013098925A1 (ja) | 2011-12-26 | 2011-12-26 | 情報処理装置、情報処理システム、情報処理方法およびプログラム |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/315,905 Continuation US9762535B2 (en) | 2011-12-26 | 2014-06-26 | Information processing apparatus, system, method and medium |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013098925A1 true WO2013098925A1 (ja) | 2013-07-04 |
Family
ID=48696495
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/080103 WO2013098925A1 (ja) | 2011-12-26 | 2011-12-26 | 情報処理装置、情報処理システム、情報処理方法およびプログラム |
Country Status (3)
Country | Link |
---|---|
US (1) | US9762535B2 (ja) |
JP (1) | JP5383923B1 (ja) |
WO (1) | WO2013098925A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6401367B1 (ja) * | 2017-10-20 | 2018-10-10 | ヤフー株式会社 | サーバ装置、生成方法及び生成プログラム |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103457913B (zh) * | 2012-05-30 | 2017-10-13 | 阿里巴巴集团控股有限公司 | 数据处理方法、通信终端、服务器及系统 |
CN105554730A (zh) * | 2015-12-21 | 2016-05-04 | 联想(北京)有限公司 | 一种通讯方法、服务器、终端 |
WO2018168802A1 (ja) * | 2017-03-15 | 2018-09-20 | 株式会社Gsユアサ | 蓄電装置 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006095400A1 (ja) * | 2005-03-07 | 2006-09-14 | Fujitsu Limited | 情報提供方法および情報提供システム |
WO2011013617A1 (ja) * | 2009-07-31 | 2011-02-03 | 楽天株式会社 | クッキー処理装置、クッキー処理方法、クッキー処理プログラム、クッキー処理システム及び情報通信システム |
JP2011227816A (ja) * | 2010-04-22 | 2011-11-10 | Sharp Corp | 認証サーバ、複合機、複合機制御システム、プログラムおよび記録媒体 |
Family Cites Families (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2001265680A (ja) * | 2000-03-15 | 2001-09-28 | Fujitsu Ltd | 複数メディアのセッションを管理する装置および方法 |
JP2002334057A (ja) | 2001-05-11 | 2002-11-22 | Hitachi Ltd | 負荷分散時のセッション継続方法 |
US7356687B2 (en) * | 2002-05-21 | 2008-04-08 | General Instrument Corporation | Association of security parameters for a collection of related streaming protocols |
US20050283826A1 (en) * | 2004-06-22 | 2005-12-22 | Sun Microsystems, Inc. | Systems and methods for performing secure communications between an authorized computing platform and a hardware component |
JP4208081B2 (ja) * | 2004-12-27 | 2009-01-14 | インターナショナル・ビジネス・マシーンズ・コーポレーション | 複数のウェブサイトにパーソナライズされた価値を追加するためのシステム、ウェブサーバ、方法およびプログラム |
US8060916B2 (en) * | 2006-11-06 | 2011-11-15 | Symantec Corporation | System and method for website authentication using a shared secret |
US8635535B2 (en) * | 2007-10-16 | 2014-01-21 | D&B Business Information Solutions Limited | Third-party-secured zones on web pages |
US20090210863A1 (en) * | 2008-02-19 | 2009-08-20 | Google Inc. | Code-based website experiments |
JP4988003B2 (ja) * | 2010-03-29 | 2012-08-01 | シャープ株式会社 | 複合機、複合機制御システム、プログラムおよび記録媒体 |
US8256664B1 (en) * | 2010-04-09 | 2012-09-04 | Google Inc. | Out-of band authentication of browser sessions |
US8505106B1 (en) * | 2010-06-30 | 2013-08-06 | Amazon Technologies, Inc. | Cross site request forgery mitigation in multi-domain integrations |
US8966446B1 (en) * | 2010-09-29 | 2015-02-24 | A9.Com, Inc. | Systems and methods of live experimentation on content provided by a web site |
-
2011
- 2011-12-26 WO PCT/JP2011/080103 patent/WO2013098925A1/ja active Application Filing
- 2011-12-26 JP JP2012535479A patent/JP5383923B1/ja active Active
-
2014
- 2014-06-26 US US14/315,905 patent/US9762535B2/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2006095400A1 (ja) * | 2005-03-07 | 2006-09-14 | Fujitsu Limited | 情報提供方法および情報提供システム |
WO2011013617A1 (ja) * | 2009-07-31 | 2011-02-03 | 楽天株式会社 | クッキー処理装置、クッキー処理方法、クッキー処理プログラム、クッキー処理システム及び情報通信システム |
JP2011227816A (ja) * | 2010-04-22 | 2011-11-10 | Sharp Corp | 認証サーバ、複合機、複合機制御システム、プログラムおよび記録媒体 |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6401367B1 (ja) * | 2017-10-20 | 2018-10-10 | ヤフー株式会社 | サーバ装置、生成方法及び生成プログラム |
JP2019079130A (ja) * | 2017-10-20 | 2019-05-23 | ヤフー株式会社 | サーバ装置、生成方法及び生成プログラム |
Also Published As
Publication number | Publication date |
---|---|
US20140310341A1 (en) | 2014-10-16 |
JPWO2013098925A1 (ja) | 2015-04-30 |
JP5383923B1 (ja) | 2014-01-08 |
US9762535B2 (en) | 2017-09-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8572691B2 (en) | Selecting a web service from a service registry based on audit and compliance qualities | |
US11336449B2 (en) | Information processing apparatus, computer program product, and resource providing method | |
US20130086630A1 (en) | Dynamic identity switching | |
CN102682009A (zh) | 一种用户登录网页的方法及系统 | |
JP2017513151A (ja) | プライベートクラウド接続装置クラスタアーキテクチャ | |
CN103428179A (zh) | 一种登录多域名网站的方法、系统以及装置 | |
CN113569229B (zh) | 同步登录方法和装置、以及存储介质和电子设备 | |
US9609068B2 (en) | Session management system, session management apparatus, and non-transitory computer readable medium | |
CN112491776A (zh) | 安全认证方法及相关设备 | |
US10652332B2 (en) | System, method, and apparatuses for dynamic authorization | |
JP5383923B1 (ja) | 情報処理装置、情報処理システム、情報処理方法およびプログラム | |
CN109951487A (zh) | 一种Portal认证方法和装置 | |
CN114416169A (zh) | 基于微前端的数据处理方法、介质、装置和计算设备 | |
WO2009157482A1 (ja) | 通信端末、認証情報生成装置、認証システム、認証情報生成プログラム、認証情報生成方法および認証方法 | |
KR20190101464A (ko) | 파라미터들을 통한 인증 정보 전달 | |
US20100250607A1 (en) | Personal information management apparatus and personal information management method | |
US9590990B2 (en) | Assigning user requests of different types or protocols to a user by trust association interceptors | |
JP4573559B2 (ja) | 分散認証システム、負荷分散装置及び認証サーバ、並びに負荷分散プログラム及び認証プログラム | |
JP6244771B2 (ja) | 情報処理システム、処理装置、分散処理方法、及び、プログラム | |
JP4837060B2 (ja) | 認証装置及びプログラム | |
CN115102724B (zh) | 一种双Token跨端跳转系统的登录方法、系统 | |
JP5749222B2 (ja) | アクセス許可制御システム、アクセス許可制御方法 | |
CN110945503A (zh) | 用户认证服务提供方法、网页服务器及用户终端 | |
JP6156116B2 (ja) | セッション管理システム、セッション管理装置、及びプログラム | |
CN114039773B (zh) | 连接建立方法、装置、设备及计算机可读存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
ENP | Entry into the national phase |
Ref document number: 2012535479 Country of ref document: JP Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 11878805 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11878805 Country of ref document: EP Kind code of ref document: A1 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 11878805 Country of ref document: EP Kind code of ref document: A1 |