Performing a security action with regard to an access token based on clustering of access requests
US-2024406160-A1 · Dec 5, 2024 · US
Authentication system, method and storage medium
US2016248759A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2016248759-A1 |
| Application number | US-201615148058-A |
| Country | US |
| Kind code | A1 |
| Filing date | May 6, 2016 |
| Priority date | Nov 6, 2013 |
| Publication date | Aug 25, 2016 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An authentication system according to an embodiment is provided with a service providing apparatus, an IDaaS corporation apparatus, and an authentication providing apparatus. Based on the user ID and SSO request transmitted from the user terminal, the authentication providing apparatus executes authentication processing for the user. If the result of the authentication processing indicates success, the IDaaS corporation apparatus having SSO account information including the SSO account identifier identical to the user ID, permits SSO authentication to be executed for the service identified by the service account identifier included in the service account information associated with the SSO account information. The service providing apparatus transmits information related to the service to the user terminal.
First claim
Opening claim text (preview).
1 . An authentication system comprising: a service providing apparatus capable of communicating with a user terminal operated by a user; an IDaaS corporation apparatus, and an authentication providing apparatus, the service providing apparatus comprising a service account information memory that stores service account information including: (i) service account identifiers for identifying accounts of a service provided by the service providing apparatus; and (ii) a first federation ID, the IDaaS corporation apparatus comprising an SSO account information memory that stores single sign-on (SSO) account information including (i) a single sign-on (SSO) account identifier which is identical to a user ID for identifying the user, (ii) a first federation ID, and (iii) a second federation ID different from the first federation ID, the authentication providing apparatus comprising an authentication account information memory that stores authentication account information including: (i) an authentication account identifier for identifying an account of authentication processing corresponding to the user, (ii) a second federation ID which is identical to the second federation ID, and (iii) an authentication class indicative of a method of the authentication processing, wherein, based on the user ID and an SSO request transmitted from the user terminal, the authentication providing apparatus having authentication account information which is associated, by the second federation ID, with the SSO account information including the SSO account identifier identical to the user ID, executes authentication processing for the user who operates the user terminal, if a result of the authentication processing indicates success, the IDaaS corporation apparatus having SSO account information including the SSO account identifier identical to the user ID of the usr subjected to authentication processing, permits SSO authentication to be executed for the service identified by the service account identifier included in the service account information associated with the SSO account information by the first federation ID, and the service providing apparatus which provides the service for which the SSO authentication is permitted, transmits information related to the service to the user terminal which transmitted the user ID and the SSO request. 2 . The authentication system according to claim 1 , wherein the authentication providing apparatus comprises a first table memory storing an authentication class management table, in which an authentication class representing an authentication method and an authentication level representing the level of the authentication processing are described in association with each other, the SSO account information memory includes the authentication level, if something is wrong with the authentication processing, and the level of that authentication deteriorates, the authentication providing apparatus updates the authentication class management table in such a manner as to lower the authentication level of the authentication processing, and transmits to the IDaaS corporation apparatus the lowered authentication level and the authentication class associated therewith in the authentication account information, and upon receipt of the authentication level and authentication class from the authentication providing apparatus, the IDaaS corporation apparatus searches the SSO account information based on the received authentication class, and updates the SSO account information such that the authentication level searched for is lowered to the received authentication level. 3 . The authentication system according to claim 1 , wherein the authentication providing apparatus comprises a first table memory storing an authentication class management table in which an authentication class representing an authentication method, an authentication level representing the level of the authentication processing and an authentication class index including a name of an authentication provider of the authentication class are described in association with one another, the SSO account information memory does not include the authentication level but includes the authentication class index, the IDaaS corporation apparatus comprises a second table memory storing an authentication level management table in which an authentication level and an authentication class index are described in association with each other, if something is wrong with the authentication processing, and the level of that authentication deteriorates, the authentication providing apparatus updates the authentication class management table in such a manner as to lower the authentication level of the authentication processing, and transmits to the IDaaS corporation apparatus the authentication level lowered in the authentication class management table and the authentication class index associated therewith, and upon receipt of the authentication level and authentication class index from the authentication providing apparatus, the IDaaS corporation apparatus searches the authentication level management table based on the received authentication class index, and updates the authentication level management table such that the authentication level searched for is lowered to the received authentication level. 4 . An authentication system comprising an IDaaS corporation apparatus and an authentication providing apparatus capable of respectively communicating with a user terminal operated by a user and a service providing apparatus for providing the user with a service, the service providing apparatus storing service account information including (i) a service account identifier for identifying an accounts of the service provided by the service providing apparatus and (ii) a first federation ID, the IDaaS corporation apparatus comprising a single sign-on (SSO) account information memory that stores single sign-on (SSO) account information including (i) a single sign-on account identifier which is identical to a user ID for identifying the user, (ii) a first federation ID, and (iii) a second federation ID different from the first federation ID, the authentication providing apparatus comprising an authentication account information memory that stores authentication account information including (i) an authentication account identifier for identifying an account of authentication processing corresponding to the user, (ii) a second federation ID which is identical to the second federation ID, and (iii) an authentication class indicative of a method of the authentication processing, wherein, based on the user ID and an SSO request transmitted from the user terminal, the authentication providing apparatus having authentication account information which is associated, by the second federation ID, with the SSO account information including the SSO account identifier identical to the user ID, executes authentication processing for the user who operates the user terminal, if a result of the authentication processing indicates success, the IDaaS corporation apparatus having SSO account information including the SSO account identifier identical to the user ID of the user subjected to authentication processing, permits SSO authentication to be executed for the service identified by the service account identifier included in the service account information associated with the SSO account information by the first federation ID, and the service providing apparatus which provides the service for which the SSO authentication is permitted, transmits information related to the service to the user terminal which transmitted the user ID and the SSO request. 5 . An authentication method executed by an authentication system comprising: a service providing apparatus comprising a service account information
Assignees
Inventors
Classifications
by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity · CPC title
using biometrical features, e.g. fingerprint, retina-scan (cryptographic mechanisms or cryptographic arrangements for entity authentication using biological data H04L9/3231) · CPC title
where a single sign-on provides access to a plurality of computers · CPC title
Entity profiles · CPC title
- H04L63/0815Primary
providing single-sign-on or federations · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2016248759A1 cover?
- An authentication system according to an embodiment is provided with a service providing apparatus, an IDaaS corporation apparatus, and an authentication providing apparatus. Based on the user ID and SSO request transmitted from the user terminal, the authentication providing apparatus executes authentication processing for the user. If the result of the authentication processing indicates succ…
- Who is the assignee on this patent?
- Toshiba Kk, Toshiba Solutions Corp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0815. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Aug 25 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).