Processing

Please wait...

Settings

Settings

Goto Application

1. WO2013008352 - AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD

Publication Number WO/2013/008352
Publication Date 17.01.2013
International Application No. PCT/JP2011/080040
International Filing Date 26.12.2011
IPC
G06F 21/20 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
20by restricting access to nodes in a computer system or computer network
G06F 21/24 2006.01
GPHYSICS
06COMPUTING; CALCULATING OR COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
24by protecting data directly, e.g. by labelling
CPC
G06F 21/41
GPHYSICS
06COMPUTING; CALCULATING; COUNTING
FELECTRIC DIGITAL DATA PROCESSING
21Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
30Authentication, i.e. establishing the identity or authorisation of security principals
31User authentication
41where a single sign-on provides access to a plurality of computers
H04L 9/3226
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3226using a predetermined code, e.g. password, passphrase or PIN
H04L 9/3228
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
9Cryptographic mechanisms or cryptographic; arrangements for secret or secure communication
32including means for verifying the identity or authority of a user of the system ; or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
3226using a predetermined code, e.g. password, passphrase or PIN
3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Applicants
  • 株式会社野村総合研究所 Nomura Research Institute, Ltd. [JP]/[JP] (AllExceptUS)
  • 新谷 敏文 SHINGAI, Toshifumi [JP]/[JP] (UsOnly)
  • 最首 壮一 SAISHU, Soichi [JP]/[JP] (UsOnly)
Inventors
  • 新谷 敏文 SHINGAI, Toshifumi
  • 最首 壮一 SAISHU, Soichi
Agents
  • 筒井 大和 TSUTSUI, Yamato
Priority Data
2011-15133608.07.2011JP
Publication Language Japanese (JA)
Filing Language Japanese (JA)
Designated States
Title
(EN) AUTHENTICATION SYSTEM AND AUTHENTICATION METHOD
(FR) SYSTÈME D'AUTHENTIFICATION ET PROCÉDÉ D'AUTHENTIFICATION
(JA) 認証システムおよび認証方法
Abstract
(EN)
Provided is an authentication system that provides a single sign-on to a plurality of servers and that enables simultaneous, parallel authentication while maintaining security between each server and system. Each server (100) has an authentication unit (120) that performs authentication; a client terminal (300) has an authentication request unit (311) that sends an authentication request to each server (100); and the authentication unit (120) has a server seed and user information (130) including a hashed password (132) being a password that has been hashed for each user ID, using the server seed. The server seed is sent in response to an authentication request to the client terminal (300), as a seed; the authentication request unit (311) sends to the server (100) a hash value being a password hashed using the seed received from the server (100); and the authentication unit (120) performs authentication by comparing the hash value received from the client terminal (300) and the hashed password (132) relating to the relevant user.
(FR)
L'invention concerne un système d'authentification qui fournit une signature unique à une pluralité de serveurs et qui permet une authentification simultanée en parallèle tout en maintenant la sécurité entre chaque serveur et le système. Chaque serveur (100) comporte une unité d'authentification (120) qui réalise une authentification ; un terminal client (300) comporte une unité de requête d'authentification (311) qui envoie une requête d'authentification à chaque serveur (100) ; et l'unité d'authentification (120) comporte un germe de serveur et des informations d'utilisateur (130) comprenant un mot de passe haché (132) qui est un mot de passe qui a été haché pour chaque identificateur (ID) d'utilisateur, à l'aide du germe de serveur. Le germe de serveur est envoyé en réponse à une requête d'authentification au terminal client (300), en tant que germe ; l'unité de requête d'authentification (311) envoie au serveur (100) une valeur de hachage qui est un mot de passe haché à l'aide du germe reçu à partir du serveur (100) ; et l'unité d'authentification (120) réalise une authentification par comparaison de la valeur de hachage reçue à partir du terminal client (300) et du mot de passe haché (132) relatif à l'utilisateur pertinent.
(JA)
 複数のサーバに対するシングルサインオンを可能とし、各サーバやシステム間でのセキュリティを確保しつつ、同時並行的に認証を行うことを可能とする認証システムを提供する。各サーバ100は認証処理を行う認証処理部120を有し、クライアント端末300は各サーバ100に対して認証の要求を送信する認証要求部311を有し、認証処理部120はサーバシーズとユーザID毎にパスワードをサーバシーズを用いてハッシュ化したハッシュ化パスワード132を含むユーザ情報130とを有し、認証の要求に対してシーズとしてサーバシーズをクライアント端末300に送信し、認証要求部311はパスワードをサーバ100から受信したシーズを用いてハッシュ化したハッシュ値をサーバ100に送信し、認証処理部120はクライアント端末300から受信したハッシュ値と対象のユーザに係るハッシュ化パスワード132とを比較して認証を行う。
Also published as
Latest bibliographic data on file with the International Bureau