Migration of credentials and/or domains between trusted hardware subscription modules
US-9032473-B2 · May 12, 2015 · US
Information processing system and authentication method
US2016127356A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016127356-A1 |
| Application number | US-201514919891-A |
| Country | US |
| Kind code | A1 |
| Filing date | Oct 22, 2015 |
| Priority date | Oct 31, 2014 |
| Publication date | May 5, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An information processing system includes a service utilizing device and at least one information processing device to provide a service for the service utilizing device. A temporary code issuing unit to issue a temporary code is provided in the information processing device. A device authentication token generation unit is provided in the service utilizing device and generates a device authentication token by using the temporary code obtained from the information processing device. A device authentication ticket issuing unit is provided in the information processing device and verifies whether the device authentication token obtained from the service utilizing device is valid by using the temporary code and issues a device authentication ticket depending on a verification result. An access unit is provided in the service utilizing device and accesses a resource in the information processing device by using the device authentication ticket obtained from the information processing device.
First claim
Opening claim text (preview).
What is claimed is: 1 . An information processing system, comprising: a service utilizing device; at least one information processing device configured to provide a service for the service utilizing device; a temporary code issuing unit configured to issue a temporary code provided in the at least one information processing device; a device authentication token generation unit provided in the service utilizing device and configured to generate a device authentication token by using the temporary code obtained from the at least one information processing device; a device authentication ticket issuing unit provided in the at least one information processing device and configured to verify whether or not the device authentication token obtained from the service utilizing device is valid by using the temporary code and to issue a device authentication ticket depending on a verification result; and an access unit provided in the service utilizing device and configured to access a resource in the at least one information processing device by using the device authentication ticket obtained from the at least one information processing device. 2 . The information processing system of claim 1 , wherein the at least one information processing device includes a device authentication password issuing unit configured to issue a device authentication password together with the issuance of the device authentication ticket, and the device authentication ticket issuing unit verifies whether or not the device authentication password obtained from the service utilizing device is valid and to issue the device authentication ticket depending on the verification result. 3 . The information processing system of claim 2 , wherein the at least one information processing device limits a number of times that the device authentication token generation unit can generate the device authentication token by using the temporary code or a number of times that the device authentication ticket issuing unit can issue the device authentication ticket by using the device authentication password. 4 . The information processing system of claim 1 , wherein the service utilizing device stores the device authentication token in a memory area that can restrict access from the outside. 5 . The information processing system of claim 1 , wherein the device authentication token generation unit is configured to generate the device authentication token by encrypting the temporary code and device information of the service utilizing device. 6 . The information processing system of claim 1 , wherein the at least one information processing device is configured to manage the service utilizing device by using tenant information issued to each tenant to which the service utilizing device belongs, and the access unit is configured to access the resource of the at least one information processing device by using the device authentication ticket and the tenant information obtained from the at least one information processing device. 7 . The information processing system of claim 1 , wherein the service utilizing device includes a determination unit configured to determine an authentication method of protecting the resource of the at least one information processing device utilizing an API (Application Programming Interface) from access in response to a request to utilize the API received from a user. 8 . The information processing system of claim 1 , wherein the at least one information processing device includes an authentication unit configured to determine an authentication method of protecting the resource of the at least one information processing device utilizing an API (Application Programming Interface) from access in response to a request to utilize the API received from the service utilizing device. 9 . An authorization method executed by an information processing system including a service utilizing device, and at least one information processing device configured to provide a service for the service utilizing device, the method comprising steps of: issuing a temporary code from the at least one information processing device; generating a device authentication token by the service utilizing device by using the temporary code obtained from the at least one information processing device; verifying whether the device authentication token obtained from the service utilizing device is valid by using the temporary code by the at least one information processing device; issuing a device authentication ticket from the at least one information processing device depending on a verification result; and accessing a resource of the at least information processing device by using the device authentication ticket obtained from the at least one information processing device by the service utilizing device.
Assignees
Inventors
Classifications
based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint · CPC title
- H04L63/0838Primary
using one-time-passwords · CPC title
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016127356A1 cover?
- An information processing system includes a service utilizing device and at least one information processing device to provide a service for the service utilizing device. A temporary code issuing unit to issue a temporary code is provided in the information processing device. A device authentication token generation unit is provided in the service utilizing device and generates a device authent…
- Who is the assignee on this patent?
- Fukuda Yasuharu, Nakajima Masato, Ohzaki Hiroki, and 2 more
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0838. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu May 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).