WO2009157482A1 - Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method and authentication method - Google Patents

Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method and authentication method Download PDF

Info

Publication number
WO2009157482A1
WO2009157482A1 PCT/JP2009/061513 JP2009061513W WO2009157482A1 WO 2009157482 A1 WO2009157482 A1 WO 2009157482A1 JP 2009061513 W JP2009061513 W JP 2009061513W WO 2009157482 A1 WO2009157482 A1 WO 2009157482A1
Authority
WO
WIPO (PCT)
Prior art keywords
server
authentication information
authentication
predetermined
information
Prior art date
Application number
PCT/JP2009/061513
Other languages
French (fr)
Japanese (ja)
Inventor
剛 越智
譲 富樫
幸雄 永渕
俊仁 波多野
Original Assignee
エヌ・ティ・ティ・コミュニケーションズ株式会社
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by エヌ・ティ・ティ・コミュニケーションズ株式会社 filed Critical エヌ・ティ・ティ・コミュニケーションズ株式会社
Publication of WO2009157482A1 publication Critical patent/WO2009157482A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication

Definitions

  • the present invention relates to a communication device that accesses a plurality of servers, an authentication information generation device that generates authentication information of a plurality of servers, an authentication system, an authentication information generation program executed by a communication terminal, an authentication information generation method, and an authentication method.
  • Non-Patent Document 1 In order to realize an integrated communication service that can be used from a communication terminal such as a PC (Personal Computer), it is necessary to integrate multiple systems and provide them as a single user interface. When such a plurality of systems are integrated, there is a single sign-on that allows access to all systems by logging in once. Single sign-on is described in Non-Patent Document 1, for example.
  • Single sign-on requires an ID / password management system that centrally manages user IDs and passwords for a plurality of systems. Each time a new user is added, data is registered in the ID / password management system. Work occurs. Each time the service provided to the user is expanded (a new system is added), various data setting operations are generated for the ID / password management system.
  • the data registration / setting work for such ID / password management system has a large work load especially when a different management / operation process is performed for each system, and also affects the operation cost.
  • the present invention has been made in view of the above circumstances, and an object of the present invention is to provide an authentication technology that can access a plurality of servers without complicating a user's login operation and suppresses the operational load and operational cost of the system. Is to provide.
  • the present invention provides a communication terminal that accesses a plurality of servers, the plurality of servers including a predetermined server and at least one other server, to the predetermined server.
  • An authentication request unit that performs an authentication request to the other server, and a generation unit that generates authentication information for the other server, wherein the authentication request unit is a predetermined server input by a user
  • the authentication information for the server is transmitted to the predetermined server as an authentication request, and the authentication information for the other server generated by the generation unit is transmitted to the other server as an authentication request.
  • the authentication information for the other server is generated based on the authentication information and the identification information of the other server.
  • the present invention is an authentication information generation device that generates authentication information of at least one other server other than the predetermined server, and an acquisition unit that acquires authentication information for the predetermined server from the predetermined server;
  • a generating unit configured to generate authentication information for the other server based on the acquired authentication information for the predetermined server and the identification information of the other server, and transmit the generated authentication information to the other server;
  • the present invention is an authentication system having a communication terminal that accesses a plurality of servers and an authentication information generation device that generates authentication information.
  • the plurality of servers include a predetermined server and at least one other
  • the authentication information generating device includes: an acquisition unit that acquires authentication information for the predetermined server from the predetermined server; the acquired authentication information for the predetermined server; and identification information of another server; A first generation unit that generates authentication information for another server and transmits the generated authentication information to the other server, and the communication terminal includes an authentication request to the predetermined server, and An authentication request unit that makes an authentication request to the other server, and a second generation unit that generates authentication information for the other server, the authentication request unit for a predetermined server input by a user Authenticate information
  • the authentication information for the other server generated by the generation unit is transmitted to the other server as an authentication request, and the second generation unit transmits the authentication information for the predetermined server. And authentication information for the other server is generated based on the identification information of the other server.
  • the present invention is also an authentication information generation program executed by a communication terminal that accesses a plurality of servers, wherein the plurality of servers include a predetermined server and at least one other server, and the communication terminal includes Based on the first authentication requesting step of transmitting the authentication information for the predetermined server input by the user as an authentication request to the predetermined server, the authentication information for the predetermined server, and the identification information of the other server A second generation step for generating authentication information for another server; a second authentication request step for transmitting the authentication information for another server generated in the second generation step to the other server as an authentication request; Is executed.
  • the present invention is an authentication information generation method for generating authentication information of at least one other server other than the predetermined server, which is performed by the authentication information generation apparatus, wherein the authentication information for the predetermined server is transmitted from the predetermined server. Generating the authentication information for the other server based on the acquired authentication information for the predetermined server and the identification information of the other server, and generating the generated authentication information to the other server Steps.
  • the present invention is an authentication method performed by an authentication system including a communication terminal that accesses a plurality of servers and an authentication information generation device that generates authentication information
  • the plurality of servers include a predetermined server, Including at least one other server, wherein the authentication information generating device acquires an authentication information for the predetermined server from the predetermined server, the acquired authentication information for the predetermined server, and another server A first generation step of generating authentication information for another server based on the identification information and transmitting the generated authentication information to the other server, wherein the communication terminal has a predetermined input by the user Based on the first authentication request step for transmitting the authentication information for the server as an authentication request to the predetermined server, the authentication information for the predetermined server, and the identification information of the other server, A second generation step of generating authentication information for the server, and a second authentication request step of transmitting the authentication information for the other server generated in the second generation step to the other server as an authentication request.
  • the present invention it is possible to access a plurality of servers without complicating a user's login operation, and it is possible to reduce the system operation load and operation cost.
  • FIG. 1 is a diagram illustrating an overall configuration of an authentication system to which an embodiment of the present invention is applied. It is a sequence diagram which shows the whole process of this embodiment. It is a figure which shows typically the pre-processing of an authentication information generation apparatus. It is a flowchart of the login process of a communication terminal.
  • FIG. 1 is an overall configuration diagram of an authentication system to which an embodiment of the present invention is applied.
  • the authentication system of this embodiment includes a communication terminal 1, an authentication information generation device 2, and a plurality of servers 3, 4, 5.
  • the plurality of servers 3, 4, and 5 are Web servers, for example, and provide various services to the communication terminal 1.
  • the plurality of servers 3, 4, 5 of the present embodiment includes a predetermined server 3 and at least one other server 4, 5 other than the predetermined server 3.
  • the other servers 4 and 5 are servers that cooperate with the predetermined server 3 only in an authentication process to be described later. However, functionally (for example, a service provided to the communication terminal 1) does not necessarily cooperate with the predetermined server 3. There is no need.
  • the predetermined server 3 is referred to as “main server A”, and the other servers 4 and 5 are referred to as “cooperation servers”.
  • the communication terminal 1 logs in (accesses) a plurality of servers 3, 4, 5 via a network 9 such as the Internet. It is assumed that the communication terminal 1 can log in (access) the cooperation server B4 and the cooperation server C5 after the login to the main server A3 is completed.
  • the illustrated communication terminal 1 generates an authentication request unit 11 that makes an authentication request to the main server A3 and the cooperation servers 4 and 5 and generates authentication information (for example, a user ID and a password) for the cooperation servers 4 and 5.
  • a storage unit 13 for storing status information and index values.
  • the authentication information generation device 2 generates authentication information of the cooperation servers 4 and 5.
  • the authentication information generation device 2 shown in the figure includes an acquisition unit 21 that acquires (receives) authentication information for the main server A3 from the main server A3 via the network 9, and a cooperation server based on the acquired authentication information for the main server A3. It has the production
  • the communication terminal 1 and the authentication information generation device 2 described above can use a general-purpose computer system including at least a CPU, a memory, and a communication control device for connecting to a network.
  • a general-purpose computer system including at least a CPU, a memory, and a communication control device for connecting to a network.
  • each function of each device is realized by the CPU executing a predetermined program loaded on the memory.
  • the functions of the communication terminal 1 and the authentication information generation device 2 are the CPU of the communication terminal 1 in the case of the program for the communication terminal 1, and the authentication information generation device 2 in the case of the program for the authentication information generation device 2. This is implemented by each CPU.
  • Each device includes an input device, an output device, and an external storage device as necessary.
  • FIG. 2 is a sequence diagram showing the overall processing of this embodiment.
  • the acquisition unit 21 of the authentication information generation device 2 acquires authentication information (ID: A, PWD: A) for the main server A from the main server A as a pre-process (S11). And the production
  • the generation unit 22 when the authentication information for the main server A for a plurality of users is acquired, the generation unit 22 generates the authentication information for the cooperation servers B and C for a plurality of users (S12, S14). It transmits to cooperation server B and C (S13, S15).
  • the linkage server B and the linkage server C store the authentication information received from the authentication information generation device 2 in storage devices (not shown) provided in the linkage server B and the linkage server C, respectively. Then, the authentication information generation apparatus 2 notifies the user of the communication terminal 1 of the authentication information for the main server A for the user by a predetermined method (for example, mailing, online via the network 9). (S16).
  • the user of the communication terminal 1 inputs the notified authentication information for the main server A to the communication terminal 1 and performs a login operation on the main server A.
  • the user previously downloads a communication terminal authentication program (such as a launcher) for accessing the main server A and the linked servers B and C via the network 9 from a predetermined server (for example, the authentication information generating device 2). And installed in the communication terminal 1. Thereby, the functions 11 to 13 (see FIG. 1) of the communication terminal 1 are realized.
  • a communication terminal authentication program such as a launcher
  • the authentication request unit 11 of the communication terminal 1 accepts the login operation (S17), and the main server A receives the authentication information (ID: A, PWD: A) for the main server A input by the login operation via the network 9. (S18).
  • the main server A authenticates whether or not the received authentication information is valid authentication information (S19). Specifically, if the main server A matches the authentication information output to the authentication information generation device 2 in S11, the main server A determines that the authentication information is valid and permits login. Then, the main server A transmits the authentication result to the communication terminal 1 (S20). In the case of authentication OK (success), the login process is completed, and the communication terminal 1 can use the service provided by the main server A. On the other hand, in the case of authentication NG (failure), an error message or the like is displayed on the communication terminal 1.
  • the user After the login to the main server A is completed, the user inputs a login operation (access request) to the cooperation server B into the communication terminal 1.
  • the authentication request unit 11 of the communication terminal 1 accepts a login operation to the cooperation server B (S21)
  • the generation unit 22 uses the authentication information for the main server A input in S17.
  • Authentication information ID: B, PWD: B
  • the communication terminal 1 transmits the produced
  • the cooperation server B authenticates whether or not the received authentication information is valid authentication information (S24). Specifically, when the cooperation server B matches the authentication information received from the authentication information generation apparatus 2 in S13, the cooperation server B determines that the authentication information is valid and permits login. And the cooperation server B transmits an authentication result to the communication terminal 1 (S25). In the case of authentication OK (success), the login process is completed, and the communication terminal 1 can use the service provided by the cooperation server B. On the other hand, in the case of authentication NG (failure), an error message or the like is displayed on the communication terminal 1.
  • the user inputs a login operation (access request) to the cooperation server C to the communication terminal 1.
  • the authentication request unit 11 of the communication terminal 1 accepts a login operation to the cooperation server C (S26)
  • the generation unit 22 uses the authentication information for the main server A input in S17.
  • Authentication information ID: C, PWD: C
  • the communication terminal 1 transmits the produced
  • the cooperation server C authenticates whether or not the received authentication information is valid authentication information (S29). Specifically, when the server C matches the authentication information received from the authentication information generation device 2 in S15, the cooperation server C determines that the authentication information is valid and permits login. And the cooperation server C transmits an authentication result to the communication terminal 1 (S30). In the case of authentication OK (success), the login process is completed, and the communication terminal 1 can use the service provided by the cooperation server C. On the other hand, in the case of authentication NG (failure), an error message or the like is displayed on the communication terminal 1.
  • FIG. 3 is a diagram schematically showing the processing of the authentication information generating apparatus 2.
  • the acquisition unit 21 of the authentication information generation device 2 sends authentication information (ID: A # 1, PWD: A # 1) for the main server A for the communication terminal 1 (user # 1) from the main server A3 to the network. 9 or the like (S41).
  • generation part 22 produces
  • the index value (I) for example, it is conceivable to generate a character string from the authentication information using a one-way function such as MD5 (Message Digest 5).
  • MD5 Message Digest 5
  • the generation unit 22 stores the generated index value and the acquired authentication information in the index list storage unit 23 (S43).
  • the index list storage unit 23 stores authentication information and index values for the main server A for each user.
  • the generation unit 22 generates authentication information for the cooperation server B (ID: B # 1, PWD: B # 1) based on the index value (I) generated in S42 and stored in the index list storage unit 23. Is generated (S44). Specifically, the generation unit 22 inputs the index value (I) and the identification information (B) of the cooperation server B to the one-way function F such as MD5 by the following formula, thereby obtaining the cooperation server B. Generate authentication information for use.
  • One-way function F (I, B) ID B # 1, PWD B # 1
  • generation part 22 produces
  • the cooperation server C Generate authentication information for use.
  • One-way function F (I, C) ID C # 1, PWD C # 1
  • generation part 22 transmits the authentication information for cooperation server B4 to the cooperation server B, and the authentication information for cooperation server C5 to the cooperation server C5, respectively (S46, S47).
  • FIG. 4 is a flowchart of processing of the communication terminal 1.
  • the authentication request unit 11 of the communication terminal 1 accepts a login request to the main server A input by the user (S51).
  • the login request includes authentication information (ID: A # 1, PWD: A # 1) for the main server A notified from the authentication information generating device 2.
  • requirement part 11 transmits the authentication information which the user input to the main server A via the network 9 (S52).
  • the main server A authenticates whether or not the received authentication information is valid authentication information, and transmits the authentication result to the communication terminal 1.
  • authentication request unit 11 displays an error message and accepts re-input of authentication information (S51).
  • authentication OK uccess
  • the authentication request unit 11 stores the status “authenticated” of the authentication result in the storage unit 13 (S54). It is assumed that the initial status of the storage unit 13 is “not authenticated”.
  • the generation unit 12 generates an index value (I) that is a unique character string based on the authentication information of the main server A, and stores it in the storage unit 13 (S55).
  • the index value for example, it is conceivable to generate a character string from authentication information using a one-way function such as MD5.
  • a logic algorithm for generating the index value (I) by the generating unit 12 of the communication terminal 1 and a logic algorithm for generating the index value (I) by the generating unit 22 of the authentication information generating device 2 (FIG. 3: S42). Is the same.
  • requirement part 11 receives the access request to the cooperation server B which the user input (S61). It is assumed that the access request includes identification information (B) of the cooperation server B. Then, the generation unit 12 refers to the status stored in the storage unit 13 (S62). When the status is “authenticated” (S63), the index value (I) of the main server A generated and stored in S55 Based on the above, authentication information (ID B # 1, PWD B # 1) for the cooperation server B is generated (S64). Specifically, the generation unit 12 inputs the index value (I) and the identification information (B) of the cooperation server B to the one-way function F such as MD5 according to the following formula, so that the cooperation server B Generate authentication information for use.
  • the one-way function F such as MD5
  • One-way function F (I, B) ID B # 1, PWD B # 1
  • the logic algorithm in which the generation unit 12 of the communication terminal 1 generates authentication information for the cooperation server B and the logic algorithm in which the generation unit 22 of the authentication information generation apparatus 2 generates authentication information for the cooperation server B is the same.
  • the authentication request unit 11 displays an error message.
  • generation part 12 transmits the authentication information for cooperation server B to the cooperation server B via the network 9 (S65).
  • Cooperation server B authenticates whether or not the authentication information is valid authentication information, and transmits the authentication result to communication terminal 1.
  • authentication OK success
  • the communication terminal 1 can use the service provided by the cooperation server B.
  • authentication NG facialure
  • an error message or the like is displayed on the communication terminal 1.
  • the authentication request unit 11 receives an access request to the cooperation server C input by the user (S71). It is assumed that the access request includes identification information (C) of the cooperation server C. Then, similarly to S62 to S65, the generation unit 12 refers to the status stored in the storage unit 13 (S72), and when the status is “authenticated” (S73), the main server generated and stored in S55 Based on the index value (I) of A, authentication information (ID C # 1, PWD C # 1) for the cooperation server C is generated (S74). When the status is “not authenticated” (S73), the authentication request unit 11 displays an error message. And the production
  • the cooperation server C authenticates whether the authentication information is valid authentication information, and transmits the authentication result to the communication terminal 1.
  • authentication OK success
  • the communication terminal 1 can use the service provided by the cooperation server C.
  • authentication NG falseure
  • an error message or the like is displayed on the communication terminal 1.
  • the communication terminal 1 generates the authentication information of the cooperation servers B and C based on the authentication information of the main server A and transmits the authentication information to the cooperation servers B and C. Accordingly, the user can log in (access) the cooperation servers B and C without inputting the authentication information for the cooperation servers B and C themselves. That is, in this embodiment, a plurality of servers can be accessed without complicating the user's login operation.
  • the authentication information generation device 2 and the communication terminal 1 generate authentication information of identification information of the cooperation servers B and C using a common logic such as a one-way function.
  • a common logic such as a one-way function.
  • the present invention is not limited to the above-described embodiment, and various modifications are possible within the scope of the gist.
  • the authentication information user ID
  • Passwords are assigned different authentication information.
  • the existing Web server extracts all the user IDs already assigned to the user at any point in time, and is used up to the upper n digits (n ⁇ 1) in all the user IDs.
  • a character string that is not used (unused character string) is identified and notified to the authentication information generation apparatus.
  • the generation unit of the authentication information generation device uses the unused character string notified from the existing Web server as a prefix, and generates authentication information for the existing Web server (cooperation server) based on the authentication information of the main server In this case (FIG. 3: S44, S45), a user ID in which an unused character string (prefix) is set in the upper n digits of the user ID is generated.
  • the generation unit of the communication terminal uses an unused character string notified from the existing Web server or the authentication information generation device as a prefix, and uses the existing Web server (cooperation server) based on the authentication information of the main server.
  • Authentication information (FIG. 4: S64, S74), a user ID in which an unused character string (prefix) is set in the upper n digits of the user ID is generated.
  • the existing Web server (cooperation server) when the user ID is assigned to the user specific to the Web server thereafter, the specified unused character string is not used for the upper n digits of the user ID. Shall.
  • generating the authentication information for each cooperation server (FIG. 3: S44, S45, FIG. 4: S64, S74).
  • generating the authentication information for each cooperation server (FIG. 3: S44, S45, FIG. 4: S64, S74).
  • a unique number or character string, a URL of the cooperation server, or the like For example, it is conceivable to use a unique number or character string, a URL of the cooperation server, or the like.
  • Communication terminal 11 Authentication request unit 12: Generation unit 13: Storage unit 2: Authentication information generation device 21: Acquisition unit 22: Generation unit 23: Index list storage unit 3: Main server (predetermined server) A 4: Linked server (other server) B 5: Cooperation server (other server) C 9: Network

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

In order to able to access plural servers without complicating a log-in operation of a user to thereby reduce the operational load and operational cost of a system, a communication terminal (1) comprises an authentication request unit (11) for making an authentication request to a predetermined server (3) and an authentication request to a different server (4, 5), and a generation unit (12) for generating authentication information for the different server.  The authentication request unit (11) transmits authentication information for the predetermined server inputted by the user as the authentication request to the predetermined server (3) and transmits the authentication information for the different server generated by the generation unit (12) as the authentication request to the different server (4, 5).  The generation unit (12) generates the authentication information for the different server on the basis of the authentication information for the predetermined server and identification information relating to the different server (3, 4).

Description

通信端末、認証情報生成装置、認証システム、認証情報生成プログラム、認証情報生成方法および認証方法Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method, and authentication method
 本発明は、複数のサーバにアクセスする通信装置、複数のサーバの認証情報を生成する認証情報生成装置、認証システム、通信端末が実行する認証情報生成プログラム、認証情報生成方法および認証方法に関する。 The present invention relates to a communication device that accesses a plurality of servers, an authentication information generation device that generates authentication information of a plurality of servers, an authentication system, an authentication information generation program executed by a communication terminal, an authentication information generation method, and an authentication method.
 PC(Personal Computer)などの通信端末から利用可能な統合コミュニケーションサービスを実現する上で、複数のシステムを統合し、1つのユーザインタフェースとして提供する必要がある。このような複数のシステムを統合した場合、一度ログインするだけで全てのシステムへのアクセスを許容させるシングルサインオンが存在する。シングルサインオンについては、例えば非特許文献1に記載されている。 In order to realize an integrated communication service that can be used from a communication terminal such as a PC (Personal Computer), it is necessary to integrate multiple systems and provide them as a single user interface. When such a plurality of systems are integrated, there is a single sign-on that allows access to all systems by logging in once. Single sign-on is described in Non-Patent Document 1, for example.
 シングルサインオンでは、複数のシステム毎のユーザIDおよびパスワードを一元的に管理するID・パスワード管理システムが必要となるが、新規ユーザが追加されるたびにこのID・パスワード管理システムにデータを登録する作業が発生する。また、ユーザに提供するサービスが拡張(新たなシステムが追加)するたびに、ID・パスワード管理システムに対して様々なデータ設定作業が発生する。 Single sign-on requires an ID / password management system that centrally manages user IDs and passwords for a plurality of systems. Each time a new user is added, data is registered in the ID / password management system. Work occurs. Each time the service provided to the user is expanded (a new system is added), various data setting operations are generated for the ID / password management system.
 このようなID・パスワード管理システムに対するデータ登録・設定作業は、特にシステム毎に異なる管理・運用プロセスを行っている場合に作業負荷が大きく、また運用コストにも影響する。 The data registration / setting work for such ID / password management system has a large work load especially when a different management / operation process is performed for each system, and also affects the operation cost.
 本発明は上記事情に鑑みてなされたものであり、本発明の目的は、ユーザのログイン操作を煩雑にすることなく複数のサーバにアクセスできるとともに、システムの運用負荷および運用コストを抑制する認証技術を提供することにある。 The present invention has been made in view of the above circumstances, and an object of the present invention is to provide an authentication technology that can access a plurality of servers without complicating a user's login operation and suppresses the operational load and operational cost of the system. Is to provide.
 上記課題を解決するために、本発明は、複数のサーバにアクセスする通信端末であって、前記複数のサーバには、所定のサーバと、少なくとも1つの他サーバとを含み、前記所定のサーバへの認証要求および、前記他サーバへの認証要求を行う認証要求部と、前記他サーバ用の認証情報を生成する生成部と、を有し、前記認証要求部は、ユーザが入力した所定のサーバ用の認証情報を認証要求として前記所定のサーバに送信するとともに、前記生成部が生成した他サーバ用の認証情報を認証要求として前記他サーバに送信し、前記生成部は、前記所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成する。 In order to solve the above-described problem, the present invention provides a communication terminal that accesses a plurality of servers, the plurality of servers including a predetermined server and at least one other server, to the predetermined server. An authentication request unit that performs an authentication request to the other server, and a generation unit that generates authentication information for the other server, wherein the authentication request unit is a predetermined server input by a user The authentication information for the server is transmitted to the predetermined server as an authentication request, and the authentication information for the other server generated by the generation unit is transmitted to the other server as an authentication request. The authentication information for the other server is generated based on the authentication information and the identification information of the other server.
 また、本発明は、所定のサーバ以外の少なくとも1つの他サーバの認証情報を生成する認証情報生成装置であって、前記所定のサーバから当該所定のサーバ用の認証情報を取得する取得部と、前記取得した所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成し、生成した認証情報を他サーバに送信する生成部と、を有する。 Further, the present invention is an authentication information generation device that generates authentication information of at least one other server other than the predetermined server, and an acquisition unit that acquires authentication information for the predetermined server from the predetermined server; A generating unit configured to generate authentication information for the other server based on the acquired authentication information for the predetermined server and the identification information of the other server, and transmit the generated authentication information to the other server;
 また、本発明は、複数のサーバにアクセスする通信端末と、認証情報を生成する認証情報生成装置とを有する認証システムであって、前記複数のサーバには、所定のサーバと、少なくとも1つの他サーバとを含み、前記認証情報生成装置は、前記所定のサーバから当該所定のサーバ用の認証情報を取得する取得部と、前記取得した所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成し、生成した認証情報を他サーバに送信する第1の生成部と、を有し、前記通信端末は、前記所定のサーバへの認証要求および、前記他サーバへの認証要求を行う認証要求部と、前記他サーバ用の認証情報を生成する第2の生成部と、を有し、前記認証要求部は、ユーザが入力した所定のサーバ用の認証情報を認証要求として前記所定のサーバに送信するとともに、前記生成部が生成した他サーバ用の認証情報を認証要求として前記他サーバに送信し、前記第2の生成部は、前記所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成する。 Further, the present invention is an authentication system having a communication terminal that accesses a plurality of servers and an authentication information generation device that generates authentication information. The plurality of servers include a predetermined server and at least one other The authentication information generating device includes: an acquisition unit that acquires authentication information for the predetermined server from the predetermined server; the acquired authentication information for the predetermined server; and identification information of another server; A first generation unit that generates authentication information for another server and transmits the generated authentication information to the other server, and the communication terminal includes an authentication request to the predetermined server, and An authentication request unit that makes an authentication request to the other server, and a second generation unit that generates authentication information for the other server, the authentication request unit for a predetermined server input by a user Authenticate information The authentication information for the other server generated by the generation unit is transmitted to the other server as an authentication request, and the second generation unit transmits the authentication information for the predetermined server. And authentication information for the other server is generated based on the identification information of the other server.
 また、本発明は、複数のサーバにアクセスする通信端末が実行する認証情報生成プログラムであって、前記複数のサーバには、所定のサーバと、少なくとも1つの他サーバとを含み、前記通信端末に、ユーザが入力した所定のサーバ用の認証情報を認証要求として前記所定のサーバに送信する第1の認証要求ステップと、前記所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成する第2の生成ステップと、前記第2の生成ステップで生成した他サーバ用の認証情報を認証要求として前記他サーバに送信する第2の認証要求ステップと、を実行させる。 The present invention is also an authentication information generation program executed by a communication terminal that accesses a plurality of servers, wherein the plurality of servers include a predetermined server and at least one other server, and the communication terminal includes Based on the first authentication requesting step of transmitting the authentication information for the predetermined server input by the user as an authentication request to the predetermined server, the authentication information for the predetermined server, and the identification information of the other server A second generation step for generating authentication information for another server; a second authentication request step for transmitting the authentication information for another server generated in the second generation step to the other server as an authentication request; Is executed.
 また、本発明は、認証情報生成装置が行う、所定のサーバ以外の少なくとも1つの他サーバの認証情報を生成する認証情報生成方法であって、前記所定のサーバから当該所定のサーバ用の認証情報を取得する取得ステップと、前記取得した所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成し、生成した認証情報を他サーバに送信する生成ステップと、を有する。 Further, the present invention is an authentication information generation method for generating authentication information of at least one other server other than the predetermined server, which is performed by the authentication information generation apparatus, wherein the authentication information for the predetermined server is transmitted from the predetermined server. Generating the authentication information for the other server based on the acquired authentication information for the predetermined server and the identification information of the other server, and generating the generated authentication information to the other server Steps.
 また、本発明は、複数のサーバにアクセスする通信端末と、認証情報を生成する認証情報生成装置とを有する認証システムが行う認証方法であって、前記複数のサーバには、所定のサーバと、少なくとも1つの他サーバとを含み、前記認証情報生成装置は、前記所定のサーバから当該所定のサーバ用の認証情報を取得する取得ステップと、前記取得した所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成し、生成した認証情報を他サーバに送信する第1の生成ステップと、を有し、前記通信端末は、ユーザが入力した所定のサーバ用の認証情報を認証要求として前記所定のサーバに送信する第1の認証要求ステップと、前記所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成する第2の生成ステップと、前記第2の生成ステップで生成した他サーバ用の認証情報を認証要求として前記他サーバに送信する第2の認証要求ステップと、を有する。 Further, the present invention is an authentication method performed by an authentication system including a communication terminal that accesses a plurality of servers and an authentication information generation device that generates authentication information, and the plurality of servers include a predetermined server, Including at least one other server, wherein the authentication information generating device acquires an authentication information for the predetermined server from the predetermined server, the acquired authentication information for the predetermined server, and another server A first generation step of generating authentication information for another server based on the identification information and transmitting the generated authentication information to the other server, wherein the communication terminal has a predetermined input by the user Based on the first authentication request step for transmitting the authentication information for the server as an authentication request to the predetermined server, the authentication information for the predetermined server, and the identification information of the other server, A second generation step of generating authentication information for the server, and a second authentication request step of transmitting the authentication information for the other server generated in the second generation step to the other server as an authentication request. .
 本発明により、ユーザのログイン操作を煩雑にすることなく複数のサーバにアクセスできるとともに、システムの運用負荷および運用コストを抑制することができる。 According to the present invention, it is possible to access a plurality of servers without complicating a user's login operation, and it is possible to reduce the system operation load and operation cost.
本発明の一実施形態が適用された認証システムの全体構成を示す図である。1 is a diagram illustrating an overall configuration of an authentication system to which an embodiment of the present invention is applied. 本実施形態の全体処理を示すシーケンス図である。It is a sequence diagram which shows the whole process of this embodiment. 認証情報生成装置の事前処理を模式的に示す図である。It is a figure which shows typically the pre-processing of an authentication information generation apparatus. 通信端末のログイン処理のフローチャートである。It is a flowchart of the login process of a communication terminal.
 以下、本発明の実施の形態について説明する。 Hereinafter, embodiments of the present invention will be described.
 図1は、本発明の一実施形態が適用された認証システムの全体構成図である。本実施形態の認証システムは、通信端末1と、認証情報生成装置2と、複数のサーバ3、4、5とを有する。複数のサーバ3、4、5は、例えばWebサーバなどであって、通信端末1に各種のサービスを提供する。本実施形態の複数のサーバ3、4、5は、所定のサーバ3と、所定のサーバ3以外の少なくとも1つの他サーバ4、5とを有する。 FIG. 1 is an overall configuration diagram of an authentication system to which an embodiment of the present invention is applied. The authentication system of this embodiment includes a communication terminal 1, an authentication information generation device 2, and a plurality of servers 3, 4, 5. The plurality of servers 3, 4, and 5 are Web servers, for example, and provide various services to the communication terminal 1. The plurality of servers 3, 4, 5 of the present embodiment includes a predetermined server 3 and at least one other server 4, 5 other than the predetermined server 3.
 他サーバ4、5は、後述する認証処理においてのみ所定のサーバ3と連携するサーバであるが、機能上(例えば、通信端末1に提供するサービスなど)においては、所定のサーバ3と必ずしも連携する必要はない。以下、所定のサーバ3を「メインサーバA」と、他サーバ4、5を「連携サーバ」という。 The other servers 4 and 5 are servers that cooperate with the predetermined server 3 only in an authentication process to be described later. However, functionally (for example, a service provided to the communication terminal 1) does not necessarily cooperate with the predetermined server 3. There is no need. Hereinafter, the predetermined server 3 is referred to as “main server A”, and the other servers 4 and 5 are referred to as “cooperation servers”.
 通信端末1は、インターネットなどのネットワーク9を介して、複数のサーバ3、4、5にログイン(アクセス)する。なお、通信端末1は、メインサーバA3へのログインが完了した後に、連携サーバB4および連携サーバC5にログイン(アクセス)できるものとする。図示する通信端末1は、メインサーバA3および連携サーバ4、5に対して認証要求を行う認証要求部11と、連携サーバ4、5用の認証情報(例えばユーザID、パスワード等)を生成する生成部12と、ステータス情報およびインデックス値を記憶する記憶部13と、を有する。 The communication terminal 1 logs in (accesses) a plurality of servers 3, 4, 5 via a network 9 such as the Internet. It is assumed that the communication terminal 1 can log in (access) the cooperation server B4 and the cooperation server C5 after the login to the main server A3 is completed. The illustrated communication terminal 1 generates an authentication request unit 11 that makes an authentication request to the main server A3 and the cooperation servers 4 and 5 and generates authentication information (for example, a user ID and a password) for the cooperation servers 4 and 5. And a storage unit 13 for storing status information and index values.
 認証情報生成装置2は、連携サーバ4、5の認証情報を生成する。図示する認証情報生成装置2は、メインサーバA3からメインサーバA3用の認証情報をネットワーク9を介して取得(受信)する取得部21と、取得したメインサーバA3用の認証情報に基づいて連携サーバ3、4用の認証情報を生成する生成部22と、取得したメインサーバA3用の認証情報のインデックス値が記憶されるインデックスリスト記憶部23と、を有する。 The authentication information generation device 2 generates authentication information of the cooperation servers 4 and 5. The authentication information generation device 2 shown in the figure includes an acquisition unit 21 that acquires (receives) authentication information for the main server A3 from the main server A3 via the network 9, and a cooperation server based on the acquired authentication information for the main server A3. It has the production | generation part 22 which produces | generates the authentication information for 3 and 4, and the index list memory | storage part 23 in which the index value of the acquired authentication information for main server A3 is stored.
 上記説明した、通信端末1および認証情報生成装置2は、少なくともCPUと、メモリと、ネットワークと接続するための通信制御装置とを備えた汎用的なコンピュータシステムを用いることができる。このコンピュータシステムにおいて、CPUがメモリ上にロードされた所定のプログラムを実行することにより、各装置の各機能が実現される。 The communication terminal 1 and the authentication information generation device 2 described above can use a general-purpose computer system including at least a CPU, a memory, and a communication control device for connecting to a network. In this computer system, each function of each device is realized by the CPU executing a predetermined program loaded on the memory.
 例えば、通信端末1および認証情報生成装置2の各機能は、通信端末1用のプログラムの場合は通信端末1のCPUが、そして、認証情報生成装置2用のプログラムの場合は認証情報生成装置2のCPUがそれぞれ実行することにより実現される。なお、各装置は、必要に応じて入力装置、出力装置、外部記憶装置を備えるものとする。 For example, the functions of the communication terminal 1 and the authentication information generation device 2 are the CPU of the communication terminal 1 in the case of the program for the communication terminal 1, and the authentication information generation device 2 in the case of the program for the authentication information generation device 2. This is implemented by each CPU. Each device includes an input device, an output device, and an external storage device as necessary.
 次に、本実施形態の処理について説明する。 Next, the processing of this embodiment will be described.
 図2は、本実施形態の全体処理を示すシーケンス図である。 FIG. 2 is a sequence diagram showing the overall processing of this embodiment.
 認証情報生成装置2の取得部21は、事前処理として、メインサーバAから、メインサーバA用の認証情報(ID:A,PWD:A)を取得する(S11)。そして、認証情報生成装置2の生成部22は、取得した認証情報に基づいて、連携サーバB用の認証情報(ID:B,PWD:B)および連携サーバC用の認証情報(ID:C,PWD:C)を生成し(S12、S14)、生成した認証情報を連携サーバBおよび連携サーバCにそれぞれ送信する(S13、S15)。 The acquisition unit 21 of the authentication information generation device 2 acquires authentication information (ID: A, PWD: A) for the main server A from the main server A as a pre-process (S11). And the production | generation part 22 of the authentication information production | generation apparatus 2 is based on the acquired authentication information, the authentication information (ID: B, PWD: B) for cooperation server B, and the authentication information (ID: C,) for cooperation server C PWD: C) is generated (S12, S14), and the generated authentication information is transmitted to the cooperation server B and the cooperation server C, respectively (S13, S15).
 なお、S11において、複数のユーザ分のメインサーバA用の認証情報を取得した場合、生成部22は、複数のユーザ分の連携サーバB、C用の認証情報を生成し(S12、S14)、連携サーバB、Cに送信する(S13、S15)。 In S11, when the authentication information for the main server A for a plurality of users is acquired, the generation unit 22 generates the authentication information for the cooperation servers B and C for a plurality of users (S12, S14). It transmits to cooperation server B and C (S13, S15).
 連携サーバBおよび連携サーバCは、認証情報生成装置2から受信した認証情報を、連携サーバBおよび連携サーバCがそれぞれ備える記憶装置(不図示)に記憶する。そして、認証情報生成装置2は、所定の方法により(例えば、郵送、ネットワーク9を介したオンライン等)により、通信端末1のユーザに、当該ユーザのためのメインサーバA用の認証情報を通知する(S16)。 The linkage server B and the linkage server C store the authentication information received from the authentication information generation device 2 in storage devices (not shown) provided in the linkage server B and the linkage server C, respectively. Then, the authentication information generation apparatus 2 notifies the user of the communication terminal 1 of the authentication information for the main server A for the user by a predetermined method (for example, mailing, online via the network 9). (S16).
 通信端末1のユーザは、通知されたメインサーバA用の認証情報を通信端末1に入力し、メインサーバAに対してログイン操作を行う。なお、ユーザは、所定のサーバ(例えば認証情報生成装置2など)からネットワーク9を介して、メインサーバAおよび連携サーバB、Cにアクセスするための通信端末用認証プログラム(ランチャなど)をあらかじめダウンロードし、通信端末1にインストールしておくものとする。これにより、通信端末1の各機能11~13(図1参照)が実現される。 The user of the communication terminal 1 inputs the notified authentication information for the main server A to the communication terminal 1 and performs a login operation on the main server A. The user previously downloads a communication terminal authentication program (such as a launcher) for accessing the main server A and the linked servers B and C via the network 9 from a predetermined server (for example, the authentication information generating device 2). And installed in the communication terminal 1. Thereby, the functions 11 to 13 (see FIG. 1) of the communication terminal 1 are realized.
 通信端末1の認証要求部11は、ログイン操作を受け付け(S17)、ログイン操作で入力されたメインサーバA用の認証情報(ID:A,PWD:A)を、ネットワーク9を介してメインサーバAに送信する(S18)。 The authentication request unit 11 of the communication terminal 1 accepts the login operation (S17), and the main server A receives the authentication information (ID: A, PWD: A) for the main server A input by the login operation via the network 9. (S18).
 メインサーバAは、受信した認証情報が正当な認証情報であるか否かの認証を行う(S19)。具体的には、メインサーバAは、S11で認証情報生成装置2に出力した認証情報と一致する場合、正当な認証情報であると判別し、ログインを許可する。そして、メインサーバAは、認証結果を通信端末1に送信する(S20)。認証OK(成功)の場合、ログイン処理が完了し、通信端末1は、メインサーバAが提供するサービスを利用することができる。一方、認証NG(失敗)の場合、エラーメッセージなどが通信端末1に表示される。 The main server A authenticates whether or not the received authentication information is valid authentication information (S19). Specifically, if the main server A matches the authentication information output to the authentication information generation device 2 in S11, the main server A determines that the authentication information is valid and permits login. Then, the main server A transmits the authentication result to the communication terminal 1 (S20). In the case of authentication OK (success), the login process is completed, and the communication terminal 1 can use the service provided by the main server A. On the other hand, in the case of authentication NG (failure), an error message or the like is displayed on the communication terminal 1.
 メインサーバAへログインが完了した後、ユーザは、連携サーバBへのログイン操作(アクセス要求)を通信端末1に入力する。通信端末1の認証要求部11が、連携サーバBへのログイン操作を受け付けると(S21)、生成部22は、S17で入力されたメインサーバA用の認証情報にもとづいて、連携サーバB用の認証情報(ID:B,PWD:B)を生成する(S22)。そして、通信端末1は、生成した認証情報を連携サーバBに送信する(S23)。 After the login to the main server A is completed, the user inputs a login operation (access request) to the cooperation server B into the communication terminal 1. When the authentication request unit 11 of the communication terminal 1 accepts a login operation to the cooperation server B (S21), the generation unit 22 uses the authentication information for the main server A input in S17. Authentication information (ID: B, PWD: B) is generated (S22). And the communication terminal 1 transmits the produced | generated authentication information to the cooperation server B (S23).
 連携サーバBは、受信した認証情報が正当な認証情報であるか否かの認証を行う(S24)。具体的には、連携サーバBは、S13で認証情報生成装置2から受信した認証情報に一致する場合、正当な認証情報であると判別し、ログインを許可する。そして、連携サーバBは、認証結果を通信端末1に送信する(S25)。認証OK(成功)の場合、ログイン処理が完了し、通信端末1は、連携サーバBが提供するサービスを利用することができる。一方、認証NG(失敗)の場合、エラーメッセージなどが通信端末1に表示される。 The cooperation server B authenticates whether or not the received authentication information is valid authentication information (S24). Specifically, when the cooperation server B matches the authentication information received from the authentication information generation apparatus 2 in S13, the cooperation server B determines that the authentication information is valid and permits login. And the cooperation server B transmits an authentication result to the communication terminal 1 (S25). In the case of authentication OK (success), the login process is completed, and the communication terminal 1 can use the service provided by the cooperation server B. On the other hand, in the case of authentication NG (failure), an error message or the like is displayed on the communication terminal 1.
 また、メインサーバAへログインが完了した後、ユーザは、連携サーバCへのログイン操作(アクセス要求)を通信端末1に入力する。通信端末1の認証要求部11が、連携サーバCへのログイン操作を受け付けると(S26)、生成部22は、S17で入力されたメインサーバA用の認証情報にもとづいて、連携サーバC用の認証情報(ID:C,PWD:C)を生成する(S27)。そして、通信端末1は、生成した認証情報を連携サーバCに送信する(S28)。 In addition, after the login to the main server A is completed, the user inputs a login operation (access request) to the cooperation server C to the communication terminal 1. When the authentication request unit 11 of the communication terminal 1 accepts a login operation to the cooperation server C (S26), the generation unit 22 uses the authentication information for the main server A input in S17. Authentication information (ID: C, PWD: C) is generated (S27). And the communication terminal 1 transmits the produced | generated authentication information to the cooperation server C (S28).
 連携サーバCは、受信した認証情報が正当な認証情報であるか否かの認証を行う(S29)。具体的には、連携サーバCは、S15で認証情報生成装置2から受信した認証情報に一致する場合、正当な認証情報であると判別し、ログインを許可する。そして、連携サーバCは、認証結果を通信端末1に送信する(S30)。認証OK(成功)の場合、ログイン処理が完了し、通信端末1は、連携サーバCが提供するサービスを利用することができる。一方、認証NG(失敗)の場合、エラーメッセージなどが通信端末1に表示される。 The cooperation server C authenticates whether or not the received authentication information is valid authentication information (S29). Specifically, when the server C matches the authentication information received from the authentication information generation device 2 in S15, the cooperation server C determines that the authentication information is valid and permits login. And the cooperation server C transmits an authentication result to the communication terminal 1 (S30). In the case of authentication OK (success), the login process is completed, and the communication terminal 1 can use the service provided by the cooperation server C. On the other hand, in the case of authentication NG (failure), an error message or the like is displayed on the communication terminal 1.
 次に、図2に示す認証情報生成装置2の事前処理をより詳細に説明する。 Next, pre-processing of the authentication information generation apparatus 2 shown in FIG. 2 will be described in more detail.
 図3は、認証情報生成装置2の処理を模式的に示した図である。認証情報生成装置2の取得部21は、メインサーバA3から、通信端末1(ユーザ#1)のためのメインサーバA用の認証情報(ID:A#1,PWD:A#1)を、ネットワーク9などを介して取得する(S41)。 FIG. 3 is a diagram schematically showing the processing of the authentication information generating apparatus 2. The acquisition unit 21 of the authentication information generation device 2 sends authentication information (ID: A # 1, PWD: A # 1) for the main server A for the communication terminal 1 (user # 1) from the main server A3 to the network. 9 or the like (S41).
 そして、生成部22は、メインサーバA用の認証情報に基づいて、ユニークな文字列であるインデックス値(I)を生成する(S42)。インデックス値(I)は、例えば、MD5(Message Digest 5)などの一方向関数を用いて、認証情報から文字列を生成することが考えられる。そして、生成部22は、生成したインデックス値と、取得した認証情報とを、インデックスリスト記憶部23に記憶する(S43)。インデックスリスト記憶部23には、ユーザ毎に、メインサーバA用の認証情報およびインデックス値が記憶される。 And the production | generation part 22 produces | generates the index value (I) which is a unique character string based on the authentication information for main servers A (S42). For the index value (I), for example, it is conceivable to generate a character string from the authentication information using a one-way function such as MD5 (Message Digest 5). Then, the generation unit 22 stores the generated index value and the acquired authentication information in the index list storage unit 23 (S43). The index list storage unit 23 stores authentication information and index values for the main server A for each user.
 そして、生成部22は、S42で生成し、インデックスリスト記憶部23に記憶されたインデックス値(I)に基づいて、連携サーバB用の認証情報(ID:B#1,PWD:B#1)を生成する(S44)。具体的には、生成部22は、下記の式により、インデックス値(I)と、連携サーバBの識別情報(B)とを、MD5などの一方向関数Fに入力することにより、連携サーバB用の認証情報を生成する。 Then, the generation unit 22 generates authentication information for the cooperation server B (ID: B # 1, PWD: B # 1) based on the index value (I) generated in S42 and stored in the index list storage unit 23. Is generated (S44). Specifically, the generation unit 22 inputs the index value (I) and the identification information (B) of the cooperation server B to the one-way function F such as MD5 by the following formula, thereby obtaining the cooperation server B. Generate authentication information for use.
  一方向関数F(I,B)=ID B#1,PWD B#1
 また、生成部22は、インデックス値(I)に基づいて、連携サーバC用の認証情報(ID:C#1,PWD:C#1)を生成する(S45)。具体的には、S44と同様に、下記の式により、インデックス値(I)と、連携サーバCの識別情報(C)とを、MD5などの一方向関数Fに入力することにより、連携サーバC用の認証情報を生成する。 One-way function F (I, B) = ID B # 1, PWD B # 1
Moreover, the production | generation part 22 produces | generates the authentication information (ID: C # 1, PWD: C # 1) for cooperation server C based on index value (I) (S45). Specifically, as in S44, by inputting the index value (I) and the identification information (C) of the cooperation server C into the one-way function F such as MD5 by the following formula, the cooperation server C Generate authentication information for use.
  一方向関数F(I,C)=ID C#1,PWD C#1
 そして、生成部22は、連携サーバB4用の認証情報を連携サーバBに、連携サーバC5用の認証情報を連携サーバC5に、それぞれ送信する(S46、S47)。 One-way function F (I, C) = ID C # 1, PWD C # 1
And the production | generation part 22 transmits the authentication information for cooperation server B4 to the cooperation server B, and the authentication information for cooperation server C5 to the cooperation server C5, respectively (S46, S47).
 次に、図2のS17からS30の通信端末1のログイン処理をより詳細に説明する。 Next, the login process of the communication terminal 1 from S17 to S30 in FIG. 2 will be described in more detail.
 図4は、通信端末1の処理のフローチャートである。通信端末1の認証要求部11は、ユーザが入力したメインサーバAへのログイン要求を受け付ける(S51)。ログイン要求には、認証情報生成装置2から通知されたメインサーバA用の認証情報(ID:A#1,PWD:A#1)が含まれている。そして認証要求部11は、ユーザが入力した認証情報を、ネットワーク9を介してメインサーバAに送信する(S52)。 FIG. 4 is a flowchart of processing of the communication terminal 1. The authentication request unit 11 of the communication terminal 1 accepts a login request to the main server A input by the user (S51). The login request includes authentication information (ID: A # 1, PWD: A # 1) for the main server A notified from the authentication information generating device 2. And the authentication request | requirement part 11 transmits the authentication information which the user input to the main server A via the network 9 (S52).
 メインサーバAは、前述のとおり、受信した認証情報が正当な認証情報であるか否かの認証を行い、認証結果を通信端末1に送信する。認証NG(失敗)の場合(S53:NG)、認証要求部11は、エラーメッセージを表示するとともに、認証情報の再度の入力を受け付ける(S51)。認証OK(成功)の場合(S53:OK)、認証要求部11は、認証結果のステータス「認証済」を記憶部13に記憶する(S54)。なお、記憶部13の初期状態のステータスは「認証未」であるものとする。 As described above, the main server A authenticates whether or not the received authentication information is valid authentication information, and transmits the authentication result to the communication terminal 1. In the case of authentication NG (failure) (S53: NG), the authentication request unit 11 displays an error message and accepts re-input of authentication information (S51). In the case of authentication OK (success) (S53: OK), the authentication request unit 11 stores the status “authenticated” of the authentication result in the storage unit 13 (S54). It is assumed that the initial status of the storage unit 13 is “not authenticated”.
 そして、生成部12は、メインサーバAの認証情報を基づいて、ユニークな文字列であるインデックス値(I)を生成し、記憶部13に記憶する(S55)。インデックス値は、例えば、MD5などの一方向関数を用いて認証情報から文字列を生成することが考えられる。なお、通信端末1の生成部12がインデックス値(I)を生成するロジック・アルゴリズムと、認証情報生成装置2の生成部22がインデックス値(I)を生成するロジック・アルゴリズム(図3:S42)とは、同じものである。 Then, the generation unit 12 generates an index value (I) that is a unique character string based on the authentication information of the main server A, and stores it in the storage unit 13 (S55). As the index value, for example, it is conceivable to generate a character string from authentication information using a one-way function such as MD5. Note that a logic algorithm for generating the index value (I) by the generating unit 12 of the communication terminal 1 and a logic algorithm for generating the index value (I) by the generating unit 22 of the authentication information generating device 2 (FIG. 3: S42). Is the same.
 そして、認証要求部11は、ユーザが入力した連携サーバBへのアクセス要求を受け付ける(S61)。このアクセス要求には、連携サーバBの識別情報(B)が含まれているものとする。そして、生成部12は、記憶部13に記憶されたステータスを参照し(S62)、ステータスが「認証済」の場合に(S63)、S55で生成・記憶したメインサーバAのインデックス値(I)に基づいて、連携サーバB用の認証情報(ID B#1,PWD B#1)を生成する(S64)。具体的には、生成部12は、下記の式により、インデックス値(I)と、連携サーバBの識別情報(B)とを、MD5などの一方向関数Fに入力することにより、連携サーバB用の認証情報を生成する。 And the authentication request | requirement part 11 receives the access request to the cooperation server B which the user input (S61). It is assumed that the access request includes identification information (B) of the cooperation server B. Then, the generation unit 12 refers to the status stored in the storage unit 13 (S62). When the status is “authenticated” (S63), the index value (I) of the main server A generated and stored in S55 Based on the above, authentication information (ID B # 1, PWD B # 1) for the cooperation server B is generated (S64). Specifically, the generation unit 12 inputs the index value (I) and the identification information (B) of the cooperation server B to the one-way function F such as MD5 according to the following formula, so that the cooperation server B Generate authentication information for use.
  一方向関数F(I,B)=ID B#1,PWD B#1
 なお、通信端末1の生成部12が連携サーバB用の認証情報を生成するロジック・アルゴリズムと、認証情報生成装置2の生成部22が連携サーバB用の認証情報を生成するロジック・アルゴリズム(図3:S44)とは、同じものである。 One-way function F (I, B) = ID B # 1, PWD B # 1
In addition, the logic algorithm in which the generation unit 12 of the communication terminal 1 generates authentication information for the cooperation server B and the logic algorithm in which the generation unit 22 of the authentication information generation apparatus 2 generates authentication information for the cooperation server B (see FIG. 3: S44) is the same.
 ステータスが「認証未」の場合(S63)、認証要求部11は、エラーメッセージを表示する。そして、生成部12は、連携サーバB用の認証情報を、ネットワーク9を介して連携サーバBに送信する(S65)。連携サーバBは、認証情報が正当な認証情報であるか否かの認証を行い、認証結果を通信端末1に送信する。認証OK(成功)の場合、通信端末1は、連携サーバBが提供するサービスを利用することができ、認証NG(失敗)の場合、エラーメッセージなどが通信端末1に表示される。 If the status is “not authenticated” (S63), the authentication request unit 11 displays an error message. And the production | generation part 12 transmits the authentication information for cooperation server B to the cooperation server B via the network 9 (S65). Cooperation server B authenticates whether or not the authentication information is valid authentication information, and transmits the authentication result to communication terminal 1. In the case of authentication OK (success), the communication terminal 1 can use the service provided by the cooperation server B. In the case of authentication NG (failure), an error message or the like is displayed on the communication terminal 1.
 また、認証要求部11は、ユーザが入力した連携サーバCへのアクセス要求を受け付ける(S71)。このアクセス要求には、連携サーバCの識別情報(C)が含まれているものとする。そして、生成部12は、S62からS65と同様に、記憶部13に記憶されたステータスを参照し(S72)、ステータスが「認証済」の場合に(S73)、S55で生成・記憶したメインサーバAのインデックス値(I)に基づいて、連携サーバC用の認証情報(ID C#1,PWD C#1)を生成する(S74)。ステータスが「認証未」の場合(S73)、認証要求部11は、エラーメッセージを表示する。そして、生成部12は、連携サーバC用の認証情報を、ネットワーク9を介して連携サーバCに送信する(S75)。連携サーバCは、認証情報が正当な認証情報であるか否かの認証を行い、認証結果を通信端末1に送信する。認証OK(成功)の場合、通信端末1は、連携サーバCが提供するサービスを利用することができ、認証NG(失敗)の場合、エラーメッセージなどが通信端末1に表示される。 Further, the authentication request unit 11 receives an access request to the cooperation server C input by the user (S71). It is assumed that the access request includes identification information (C) of the cooperation server C. Then, similarly to S62 to S65, the generation unit 12 refers to the status stored in the storage unit 13 (S72), and when the status is “authenticated” (S73), the main server generated and stored in S55 Based on the index value (I) of A, authentication information (ID C # 1, PWD C # 1) for the cooperation server C is generated (S74). When the status is “not authenticated” (S73), the authentication request unit 11 displays an error message. And the production | generation part 12 transmits the authentication information for cooperation server C to the cooperation server C via the network 9 (S75). The cooperation server C authenticates whether the authentication information is valid authentication information, and transmits the authentication result to the communication terminal 1. In the case of authentication OK (success), the communication terminal 1 can use the service provided by the cooperation server C. In the case of authentication NG (failure), an error message or the like is displayed on the communication terminal 1.
 以上説明した本実施形態では、通信端末1が、メインサーバAの認証情報に基づいて連携サーバB、Cの認証情報を生成し、連携サーバB、Cに送信する。これにより、ユーザは、連携サーバB、C用の認証情報を自ら入力することなく連携サーバB、Cにログイン(アクセス)することができる。すなわち、本実施形態では、ユーザのログイン操作を煩雑にすることなく複数のサーバにアクセスできる。 In the present embodiment described above, the communication terminal 1 generates the authentication information of the cooperation servers B and C based on the authentication information of the main server A and transmits the authentication information to the cooperation servers B and C. Accordingly, the user can log in (access) the cooperation servers B and C without inputting the authentication information for the cooperation servers B and C themselves. That is, in this embodiment, a plurality of servers can be accessed without complicating the user's login operation.
 また、本実施形態では、認証情報生成装置2および通信端末1は、一方向関数などの共通のロジックを用いて連携サーバB、Cの識別情報の認証情報を生成する。これにより、各サーバ間の管理・運用プロセスを変更することなく、また、管理・運用コストを低減し、新たな連携サーバDを追加する際のシステム開発コストの増大を抑止することができる。 In the present embodiment, the authentication information generation device 2 and the communication terminal 1 generate authentication information of identification information of the cooperation servers B and C using a common logic such as a one-way function. As a result, the management / operation process between the servers is not changed, the management / operation cost is reduced, and an increase in system development cost when a new linked server D is added can be suppressed.
 なお、本発明は上記の実施形態に限定されるものではなく、その要旨の範囲内で数々の変形が可能である。例えば、既存のWebサーバを上記実施形態の連携サーバとして適用する場合、当該Webサーバには既にユーザが存在し、これらのユーザには上記実施形態で生成される連携サーバ用の認証情報(ユーザID、パスワード)とは異なる体系の認証情報が割り当てられている。 Note that the present invention is not limited to the above-described embodiment, and various modifications are possible within the scope of the gist. For example, when an existing Web server is applied as the cooperation server of the above embodiment, there are already users in the Web server, and the authentication information (user ID) for the cooperation server generated in the above embodiment is included in these users. , Passwords) are assigned different authentication information.
 この場合、既存のWebサーバ(連携サーバ)は、任意の時点において、既にユーザに割り当てた全てのユーザIDを対象として抽出し、全てのユーザIDにおいて上位n桁(n≧1)までで使われていない文字列(未使用文字列)を特定し、認証情報生成装置に通知する。 In this case, the existing Web server (cooperation server) extracts all the user IDs already assigned to the user at any point in time, and is used up to the upper n digits (n ≧ 1) in all the user IDs. A character string that is not used (unused character string) is identified and notified to the authentication information generation apparatus.
 認証情報生成装置の生成部は、既存のWebサーバから通知された未使用文字列をプリフィックスとして使用し、メインサーバの認証情報に基づいて当該既存のWebサーバ(連携サーバ)用の認証情報を生成する際には(図3:S44、S45)、ユーザIDの上位n桁に未使用文字列(プリフィックス)を設定したユーザIDを生成することとする。 The generation unit of the authentication information generation device uses the unused character string notified from the existing Web server as a prefix, and generates authentication information for the existing Web server (cooperation server) based on the authentication information of the main server In this case (FIG. 3: S44, S45), a user ID in which an unused character string (prefix) is set in the upper n digits of the user ID is generated.
 また、通信端末の生成部も同様に、既存のWebサーバまたは認証情報生成装置から通知された未使用文字列をプリフィックスとして使用し、メインサーバの認証情報に基づいて当該既存のWebサーバ(連携サーバ)用の認証情報を生成する際には(図4:S64、S74)、ユーザIDの上位n桁に未使用文字列(プリフィックス)を設定したユーザIDを生成することとする。一方、既存のWebサーバ(連携サーバ)では、これ以降、当該Webサーバ固有のユーザに対してユーザIDを割り当てる際には、ユーザIDの上位n桁には前記特定した未使用文字列を使用しないものとする。 Similarly, the generation unit of the communication terminal uses an unused character string notified from the existing Web server or the authentication information generation device as a prefix, and uses the existing Web server (cooperation server) based on the authentication information of the main server. ) Authentication information (FIG. 4: S64, S74), a user ID in which an unused character string (prefix) is set in the upper n digits of the user ID is generated. On the other hand, in the existing Web server (cooperation server), when the user ID is assigned to the user specific to the Web server thereafter, the specified unused character string is not used for the upper n digits of the user ID. Shall.
 なお、連携サーバとして既存のWebサーバを適用する度に、個々のWebサーバ毎の未使用文字列を特定し、プリフィックスとして用いるものとする。 Each time an existing Web server is applied as a linkage server, an unused character string for each Web server is specified and used as a prefix.
 また、上記実施形態において、各連携サーバ用の認証情報を生成する際に使用する各連携サーバの識別情報(B)、(C)には(図3:S44、S45、図4:S64、S74)、例えば、ユニークな番号または文字列、連携サーバのURLなどを用いることが考えられる。 Moreover, in the said embodiment, identification information (B) and (C) of each cooperation server used when producing | generating the authentication information for each cooperation server (FIG. 3: S44, S45, FIG. 4: S64, S74). For example, it is conceivable to use a unique number or character string, a URL of the cooperation server, or the like.
 1 :通信端末
 11:認証要求部
 12:生成部
 13:記憶部
 2 :認証情報生成装置
 21:取得部
 22:生成部
 23:インデックスリスト記憶部
 3 :メインサーバ(所定のサーバ)A
 4 :連携サーバ(他サーバ)B
 5 :連携サーバ(他サーバ)C
 9 :ネットワーク 1: Communication terminal 11: Authentication request unit 12: Generation unit 13: Storage unit 2: Authentication information generation device 21: Acquisition unit 22: Generation unit 23: Index list storage unit 3: Main server (predetermined server) A
4: Linked server (other server) B
5: Cooperation server (other server) C
9: Network

Claims (11)

  1.  複数のサーバにアクセスする通信端末であって、前記複数のサーバには、所定のサーバと、少なくとも1つの他サーバとを含み、
     前記所定のサーバへの認証要求および、前記他サーバへの認証要求を行う認証要求部と、
     前記他サーバ用の認証情報を生成する生成部と、を有し、
     前記認証要求部は、ユーザが入力した所定のサーバ用の認証情報を認証要求として前記所定のサーバに送信するとともに、前記生成部が生成した他サーバ用の認証情報を認証要求として前記他サーバに送信し、
     前記生成部は、前記所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成すること
     を特徴とする通信端末。     A communication terminal for accessing a plurality of servers, wherein the plurality of servers include a predetermined server and at least one other server,
    An authentication request to the predetermined server and an authentication request unit for making an authentication request to the other server;
    A generating unit that generates authentication information for the other server,
    The authentication request unit transmits authentication information for a predetermined server input by a user to the predetermined server as an authentication request, and uses the authentication information for another server generated by the generation unit as an authentication request to the other server. Send
    The communication terminal generates the authentication information for the other server based on the authentication information for the predetermined server and the identification information of the other server.
  2.  請求項1記載の通信端末であって、
     前記認証要求部は、前記所定のサーバへの認証要求に対する認証結果を記憶部に記憶し、
     前記生成部は、前記記憶部の認証結果が認証済の場合に、前記他サーバ用の認証情報を生成すること
     を特徴とする通信端末。     The communication terminal according to claim 1,
    The authentication request unit stores an authentication result for an authentication request to the predetermined server in a storage unit,
    The generation unit generates the authentication information for the other server when the authentication result of the storage unit is authenticated.
  3.  請求項1記載の通信端末であって、
     前記生成部は、前記所定のサーバ用の認証情報から文字列を生成し、当該文字列と前記他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成すること
     を特徴とする通信端末。     The communication terminal according to claim 1,
    The generation unit generates a character string from the authentication information for the predetermined server, and generates authentication information for another server based on the character string and the identification information of the other server. Terminal.
  4.  所定のサーバ以外の少なくとも1つの他サーバの認証情報を生成する認証情報生成装置であって、
     前記所定のサーバから当該所定のサーバ用の認証情報を取得する取得部と、
     前記取得した所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成し、生成した認証情報を他サーバに送信する生成部と、を有すること
     を特徴とする認証情報生成装置。     An authentication information generation device that generates authentication information of at least one other server other than a predetermined server,
    An acquisition unit for acquiring authentication information for the predetermined server from the predetermined server;
    A generating unit that generates authentication information for the other server based on the acquired authentication information for the predetermined server and the identification information of the other server, and transmits the generated authentication information to the other server. A featured authentication information generation device.
  5.  請求項4記載の認証情報生成装置であって、
     前記生成部は、前記所定のサーバ用の認証情報から文字列を生成し、当該文字列と他サーバの識別情報とにもとづいて他サーバ用の認証情報を生成すること
     を特徴とする認証情報生成装置。     An authentication information generating device according to claim 4,
    The generating unit generates a character string from the authentication information for the predetermined server, and generates authentication information for the other server based on the character string and the identification information of the other server. apparatus.
  6.  複数のサーバにアクセスする通信端末と、認証情報を生成する認証情報生成装置とを有する認証システムであって、前記複数のサーバには、所定のサーバと、少なくとも1つの他サーバとを含み、
     前記認証情報生成装置は、
      前記所定のサーバから当該所定のサーバ用の認証情報を取得する取得部と、
      前記取得した所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成し、生成した認証情報を他サーバに送信する第1の生成部と、を有し、
     前記通信端末は、
      前記所定のサーバへの認証要求および、前記他サーバへの認証要求を行う認証要求部と、
      前記他サーバ用の認証情報を生成する第2の生成部と、を有し、
      前記認証要求部は、ユーザが入力した所定のサーバ用の認証情報を認証要求として前記所定のサーバに送信するとともに、前記生成部が生成した他サーバ用の認証情報を認証要求として前記他サーバに送信し、
      前記第2の生成部は、前記所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成すること
     を特徴とする認証システム。     An authentication system having a communication terminal that accesses a plurality of servers and an authentication information generation device that generates authentication information, wherein the plurality of servers include a predetermined server and at least one other server,
    The authentication information generation device includes:
    An acquisition unit for acquiring authentication information for the predetermined server from the predetermined server;
    A first generation unit that generates authentication information for another server based on the acquired authentication information for the predetermined server and the identification information of the other server, and transmits the generated authentication information to the other server; Have
    The communication terminal is
    An authentication request to the predetermined server and an authentication request unit for making an authentication request to the other server;
    A second generation unit that generates authentication information for the other server,
    The authentication request unit transmits authentication information for a predetermined server input by a user to the predetermined server as an authentication request, and uses the authentication information for another server generated by the generation unit as an authentication request to the other server. Send
    The second generation unit generates authentication information for another server based on the authentication information for the predetermined server and the identification information of the other server.
  7.  請求項6記載の認証システムであって、
     前記通信端末の認証要求部は、前記所定のサーバへの認証要求に対する認証結果を記憶部に記憶し、
     前記第2の生成部は、前記記憶部の認証結果が認証済の場合に、前記他サーバ用の認証情報を生成すること
     を特徴とする認証システム。     The authentication system according to claim 6,
    The authentication request unit of the communication terminal stores an authentication result for an authentication request to the predetermined server in a storage unit,
    The second generation unit generates the authentication information for the other server when the authentication result of the storage unit is authenticated.
  8.  請求項6記載の認証システムであって、
     前記第1の生成部および前記第2の生成部は、前記所定のサーバ用の認証情報から文字列を生成し、当該文字列と前記他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成すること
     を特徴とする認証システム。     The authentication system according to claim 6,
    The first generation unit and the second generation unit generate a character string from the predetermined server authentication information, and authenticate the other server based on the character string and the identification information of the other server. An authentication system characterized by generating information.
  9.  複数のサーバにアクセスする通信端末が実行する認証情報生成プログラムであって、前記複数のサーバには、所定のサーバと、少なくとも1つの他サーバとを含み、
     前記通信端末に、
      ユーザが入力した所定のサーバ用の認証情報を認証要求として前記所定のサーバに送信する第1の認証要求ステップと、
      前記所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成する第2の生成ステップと、
      前記第2の生成ステップで生成した他サーバ用の認証情報を認証要求として前記他サーバに送信する第2の認証要求ステップと、を実行させること
     を特徴とする認証情報生成プログラム。     An authentication information generation program executed by a communication terminal that accesses a plurality of servers, the plurality of servers including a predetermined server and at least one other server,
    In the communication terminal,
    A first authentication requesting step of transmitting authentication information for a predetermined server inputted by a user to the predetermined server as an authentication request;
    A second generation step of generating authentication information for the other server based on the authentication information for the predetermined server and the identification information of the other server;
    And a second authentication request step of transmitting the authentication information for the other server generated in the second generation step to the other server as an authentication request.
  10.  認証情報生成装置が行う、所定のサーバ以外の少なくとも1つの他サーバの認証情報を生成する認証情報生成方法であって、
     前記所定のサーバから当該所定のサーバ用の認証情報を取得する取得ステップと、
     前記取得した所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成し、生成した認証情報を他サーバに送信する生成ステップと、を有すること
     を特徴とする認証情報生成方法。     An authentication information generation method for generating authentication information of at least one other server other than a predetermined server, performed by an authentication information generation device,
    An acquisition step of acquiring authentication information for the predetermined server from the predetermined server;
    Generating the authentication information for the other server based on the acquired authentication information for the predetermined server and the identification information of the other server, and generating the generated authentication information to the other server. A characteristic authentication information generation method.
  11.  複数のサーバにアクセスする通信端末と、認証情報を生成する認証情報生成装置とを有する認証システムが行う認証方法であって、前記複数のサーバには、所定のサーバと、少なくとも1つの他サーバとを含み、
     前記認証情報生成装置は、
      前記所定のサーバから当該所定のサーバ用の認証情報を取得する取得ステップと、
      前記取得した所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成し、生成した認証情報を他サーバに送信する第1の生成ステップと、を有し、
     前記通信端末は、
      ユーザが入力した所定のサーバ用の認証情報を認証要求として前記所定のサーバに送信する第1の認証要求ステップと、
      前記所定のサーバ用の認証情報と、他サーバの識別情報とにもとづいて、他サーバ用の認証情報を生成する第2の生成ステップと、
      前記第2の生成ステップで生成した他サーバ用の認証情報を認証要求として前記他サーバに送信する第2の認証要求ステップと、を有すること
     を特徴とする認証方法。     An authentication method performed by an authentication system that includes a communication terminal that accesses a plurality of servers and an authentication information generation device that generates authentication information. The plurality of servers include a predetermined server, at least one other server, Including
    The authentication information generation device includes:
    An acquisition step of acquiring authentication information for the predetermined server from the predetermined server;
    A first generation step of generating authentication information for the other server based on the acquired authentication information for the predetermined server and the identification information of the other server, and transmitting the generated authentication information to the other server; Have
    The communication terminal is
    A first authentication requesting step of transmitting authentication information for a predetermined server inputted by a user to the predetermined server as an authentication request;
    A second generation step of generating authentication information for the other server based on the authentication information for the predetermined server and the identification information of the other server;
    An authentication method comprising: a second authentication request step of transmitting the authentication information for the other server generated in the second generation step to the other server as an authentication request.
PCT/JP2009/061513 2008-06-27 2009-06-24 Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method and authentication method WO2009157482A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2008-169377 2008-06-27
JP2008169377 2008-06-27

Publications (1)

Publication Number Publication Date
WO2009157482A1 true WO2009157482A1 (en) 2009-12-30

Family

ID=41444546

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2009/061513 WO2009157482A1 (en) 2008-06-27 2009-06-24 Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method and authentication method

Country Status (2)

Country Link
JP (1) JP2010033562A (en)
WO (1) WO2009157482A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012103744A (en) * 2010-11-05 2012-05-31 Jr East Mechatronics Co Ltd Information processor, id data management method and program
JP2015108903A (en) * 2013-12-03 2015-06-11 日本電信電話株式会社 Distributed information cooperation system and data operation method therefor and program
JP2016128998A (en) * 2015-01-09 2016-07-14 日立電線ネットワークス株式会社 Authentication system
US9769154B2 (en) 2012-04-25 2017-09-19 Rowem Inc. Passcode operating system, passcode apparatus, and super-passcode generating method

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101780860B1 (en) * 2015-06-10 2017-09-21 강찬고 System for combining cloud service with e-mail service and method thereof

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002073562A (en) * 2000-09-04 2002-03-12 Ntt Communications Kk Method and device for accessing plural sites by single user password
JP2002312320A (en) * 2001-04-18 2002-10-25 Life:Kk Access control system and access control method
WO2004061691A1 (en) * 2002-12-26 2004-07-22 Fujitsu Limited Password control device
JP2006268719A (en) * 2005-03-25 2006-10-05 Nec Corp Password authentication system and method
JP2007193464A (en) * 2006-01-18 2007-08-02 Nippon Hoso Kyokai <Nhk> Digital broadcasting receiver, content providing system, and authentication management system
JP2008009607A (en) * 2006-06-28 2008-01-17 Fuji Xerox Co Ltd Information processing system and control program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2002073562A (en) * 2000-09-04 2002-03-12 Ntt Communications Kk Method and device for accessing plural sites by single user password
JP2002312320A (en) * 2001-04-18 2002-10-25 Life:Kk Access control system and access control method
WO2004061691A1 (en) * 2002-12-26 2004-07-22 Fujitsu Limited Password control device
JP2006268719A (en) * 2005-03-25 2006-10-05 Nec Corp Password authentication system and method
JP2007193464A (en) * 2006-01-18 2007-08-02 Nippon Hoso Kyokai <Nhk> Digital broadcasting receiver, content providing system, and authentication management system
JP2008009607A (en) * 2006-06-28 2008-01-17 Fuji Xerox Co Ltd Information processing system and control program

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2012103744A (en) * 2010-11-05 2012-05-31 Jr East Mechatronics Co Ltd Information processor, id data management method and program
US9769154B2 (en) 2012-04-25 2017-09-19 Rowem Inc. Passcode operating system, passcode apparatus, and super-passcode generating method
JP2015108903A (en) * 2013-12-03 2015-06-11 日本電信電話株式会社 Distributed information cooperation system and data operation method therefor and program
JP2016128998A (en) * 2015-01-09 2016-07-14 日立電線ネットワークス株式会社 Authentication system

Also Published As

Publication number Publication date
JP2010033562A (en) 2010-02-12

Similar Documents

Publication Publication Date Title
JP5296726B2 (en) Web content providing system, web server, content providing method, and programs thereof
US20080040773A1 (en) Policy isolation for network authentication and authorization
US8191127B2 (en) Information processing apparatus and method
US20100138899A1 (en) Authentication intermediary server, program, authentication system and selection method
US9544769B2 (en) Method for providing application service
US20110225641A1 (en) Token Request Troubleshooting
JP4960738B2 (en) Authentication system, authentication method, and authentication program
JP2009043042A (en) Authentication system and authentication method
JP2006252418A (en) Single sign-on cooperation method using authentication information, system thereof, mediation server, operation method, and operation program
WO2009157482A1 (en) Communication terminal, authentication information generation device, authentication system, authentication information generation program, authentication information generation method and authentication method
JP6240102B2 (en) Authentication system, authentication key management device, authentication key management method, and authentication key management program
JP6574265B2 (en) Authentication control system, server device, authentication control method, and program
CN103179108B (en) Application authentication method and computer system
JP5383923B1 (en) Information processing apparatus, information processing system, information processing method, and program
US10735399B2 (en) System, service providing apparatus, control method for system, and storage medium
JP6829698B2 (en) Authentication system and authentication method
CN111817860B (en) Communication authentication method, device, equipment and storage medium
JP2011076430A (en) System and method for managing authentication id
JP4837060B2 (en) Authentication apparatus and program
Kim et al. Vulnerability detection mechanism based on open API for multi-user's convenience
JP2017134535A (en) System and control method for the same system
JP6130941B2 (en) Authentication apparatus, method, and program
JP2017004296A (en) Authentication system and authentication method
JP2004171056A (en) Server, method and program for distributing one-time password generation program, and computer readable recording medium and distribution system for this program
CN116707852A (en) Security authentication method and device for network application, computer and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 09770192

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 09770192

Country of ref document: EP

Kind code of ref document: A1