JP2005149341A - Authentication method and apparatus, service providing method and apparatus, information input apparatus, management apparatus, authentication guarantee apparatus, and program - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To perform access control for authentication processing and service provision requests even from a network having no accounts without requiring sharing in advance of secret information. <P>SOLUTION: A service providing server which a user requests to login first accepts authentication information of the user and management apparatus information (authenticating server information) (S102), specifies an authenticating server serving as a management apparatus as an inquiry destination on the basis of management apparatus information (S104), sends authentication information of the user to the specified authenticating server as the inquiry destination (S106), and performs authentication processing in the authenticating server as the inquiry destination which manages an account of the user (S108 to S116). The service providing server refers to an authentication result returned from the authenticating server as the inquiry destination to execute authentication processing about the user requesting to login (S120 to S126). After this user authentication, the server responds to a service request which the user desires. (S128 to S132). <P>COPYRIGHT: (C)2005,JPO&NCIPI

Description

  The present invention relates to an authentication method and apparatus for permitting access and providing a service by authenticating a user who uses a client device between a client device (for example, a user terminal) and a server device arranged in a network, The present invention relates to a service providing method and apparatus, and an information input apparatus, a management apparatus, an authentication guarantee apparatus, and a program used for these.

  More specifically, the present invention relates to a so-called single signon technique that enables access to a plurality of server devices of a communication network by a single authentication process.

  Along with the networking of computers, computers are used as terminal devices (client devices, user terminals). For example, there are increasing opportunities for individuals and companies to access external networks and receive information. A system (service providing system) has also been constructed for the purpose of providing a service to a user who uses a client device by connecting the server device and the client device over a network.

  In this service providing system, when providing a service such as providing information, an authentication process for authenticating an accessor is usually performed to provide the service only to registered users. , Managed the accessor's information individually.

  Here, when a plurality of server devices individually authenticate, the user must execute a procedure for receiving authentication for each server device, and it is necessary to use various user IDs and passwords. Management problems such as the trouble of updating also occur.

  Therefore, in order to improve user convenience and management functions, a single sign that allows users to access multiple servers with a single login as a mechanism for centrally managing authentication of multiple servers and access control of users A mechanism of turning on has been proposed.

  18 and 19 are diagrams showing an example of a conventional single sign-on mechanism. For example, in the single sign-on of the first example shown in FIG. 18, each authentication server 200 having an authentication processing unit 292 for confirming the identity is installed, and each service having an inquiry processing unit 120 and an accessibility determination processing unit 134. The providing server 100 and the authentication server 200 are connected to the network. The inquiry processing unit 120 of the service providing server 100 performs authentication by confirming authentication information to the authentication processing unit 292 of the authentication server 200 (confirms the identity). The access permission determination processing unit 134 starts providing a service when the authentication is successful, and disables access when the authentication fails. As a result, the authentication server 200 can manage user information in a centralized manner, and the user has one (common) for each service providing server 100 (A, B, and C in the figure). Since only the authentication information in the authentication server 200 needs to be held, convenience is improved.

  However, in the mechanism of the first example, when the service providing server 100 to be used belongs to a network with a different management entity, the authentication information is operated by an authentication server with a different management entity outside the network to which the management entity belongs. May occur, but there is a security problem. For example, the authentication information of the company A, the authentication information of the company B, and the authentication information of the company C are deposited in the common authentication server 200, but this is not impossible. Operational problems can arise from the perspective of managing personal information within the company. This is because it is a problem to share personal information such as passwords in each system.

  As a method for solving this problem, an authentication server (200a, 200b, 200c in the figure) is used for each network (91a, 91b, 91c in the figure) with different management entities, such as single sign-on in the second example shown in FIG. A mechanism has been proposed in which authentication servers are connected to each other via a network.

  In the mechanism of the second example, single sign-on is realized by not sharing information in each authentication server but sharing secret information in advance between the authentication servers. For example, when using the service providing server 100b in the network 91b with a different management subject using an account held by the authentication server 200a, the user first authenticates with the authentication server 200a in the network 91a with the account. Thus, a ticket indicating that the authentication has been received from the authentication server 200a is received. Then, the user first presents the ticket to the authentication server 200b in the network 91a. The authentication server 200b presented with the ticket verifies the validity of the ticket using secret information shared in advance between the authentication servers (here, between the authentication server 200a and the authentication server 200b).

  However, in the mechanism of the second example, since it is necessary to negotiate between authentication servers and share secret information in advance, single sign-on can be realized only with a network that has been negotiated in advance. Further, in order to have a user issue a ticket, the user can use other service providing servers only after being authenticated in the network where the account is registered.

  By the way, in recent years, an environment for connecting to a network from a terminal such as a wireless LAN spot or an Internet cafe, that is, an environment for connecting to a network anywhere and anytime has begun.

  However, in order to connect to the network, authentication is required when connecting to the network, that is, when it is used for the first time, from the standpoint of billing by the provider providing the network. Account registration is required for authentication, but if a provider providing a wireless LAN spot or the like is different, a new account registration is naturally required. That is, there is a problem that even if there is an environment (an environment that can be connected to a wireless LAN environment or a network) at a store or the like that enters for the first time, it cannot be used immediately unless account registration is completed.

  Also, in recent years, content (information) can be obtained by connecting to a Web server on the Internet from a store-installed terminal such as a copier or copier installed at a convenience store (convenience store) or a multifunction device having a FAX function or other functions. (Contents) can be obtained (downloaded) and the company's servers can be accessed. In providing a service using a store-installed terminal, a pay service may be used using a coin insertion machine.

  However, even if such an environment is in place, even if a store installation terminal installed in a store operator who does not have an account is in front of the user, first, authentication for using the store installation terminal is required. Necessary. In this case, in the mechanism of the second example described above, it is necessary to first authenticate in the network where the account is registered, but the store-installed terminal does not necessarily belong to the network where the account is registered (rather. (There are many cases that do not belong), so there is no way of receiving authentication in this state, and there is a problem that the store installation terminal cannot be used.

  In addition to the mechanisms of the first and second examples described above, various single sign-on mechanisms have been proposed (see, for example, Patent Documents 1 and 2).

JP 2002-032340 A JP 2002-335239 A

  For example, in Patent Document 1, as another method for solving the problem of the first example described above, a user authentication proxy device that performs user authentication on a website is provided between a user terminal and a web server, so that each network In other words, a mechanism has been proposed in which user authentication information is stored in a user authentication proxy device and authentication information input to each server is performed by this user authentication proxy device while allowing individual accounts to be used.

  However, in the mechanism described in Patent Document 1, since authentication information of all users is stored in the user authentication proxy device, a problem of trust for the user authentication proxy device occurs. Similarly to the above-described second example, other service providing servers cannot be used unless they are connected to the user authentication proxy device and authenticated (proxy authentication).

  Further, in Patent Document 2, as a modification of the second example described above, individual servers in a plurality of servers are used such that an authentication token authenticated by the first authentication server is used for user authentication by the second authentication server. Has been proposed to allow each server to share the user authentication status by managing the user authentication status in a distributed manner.

  Specifically, the first authentication server that has requested the content from the authentication client terminal operated by the user performs user authentication, holds the authentication state that is the result of this authentication execution, and indicates this authentication state. After creating an authentication token (first authentication process), the second authentication server that has requested the content from the authentication client terminal operated by the user uses the authentication token created in the first authentication process. Then, a process for user authentication is performed (second authentication process).

  However, in the mechanism described in Patent Document 2, as in the second example described above, other service providing servers can only be used after connecting to the first authentication server and receiving authentication.

  The present invention has been made in view of the above circumstances, and has a mechanism that allows each server to be used by a single authentication even when using servers installed in different networks with different management entities. The purpose is to provide. Preferably, it is an object to provide a mechanism that satisfies the two requirements that secret information is not shared in advance between networks having different management entities and that authentication processing and access control are performed even from a network that does not have an account. To do.

  An authentication method according to the present invention is an authentication method for authenticating a user who uses a device (a device for which a user requests login) arranged in a network, and manages user authentication information and an account for the user. An authentication processing information acquisition step for receiving management device information indicating a management device to be performed, and an inquiry for specifying the management device to be inquired for returning an authentication result necessary for performing authentication processing for the user based on the management device information Inquiry about the authentication result about the user obtained in the management device of the inquiry destination based on the sent identification information, the authentication information sending step of sending the user authentication information to the specified inquiry destination management device, and the sent authentication information An authentication result receiving process received from the previous management device and an authentication process for the user based on the received authentication result. It was assumed and a running process.

  In the authentication execution step, as a method of performing authentication processing for the user based on the received authentication result, a method of using the received authentication result as the authentication result of the step as it is, accepted management device information and received authentication result If the certificate issued by the certificate authority, which is a third-party organization for the management device, is received from the management device of the inquiry destination, this certificate is used. Any method of performing an authentication process for a user based on the certificate, the authentication result, and the management apparatus information can be employed.

  A service providing method according to the present invention is a service providing method for providing a service by authenticating a user who uses a service providing apparatus arranged in a network and permitting access to the service providing apparatus. A step of authenticating the user by executing the authentication method, and an access that permits the user to access the service providing apparatus when the authentication is successful and prohibits the user from accessing the service providing apparatus when the authentication fails. And a control step. That is, after authenticating using the authentication method of the present invention, a response to a service request desired by the user is made.

  An authentication apparatus according to the present invention is an apparatus suitable for carrying out the above-described authentication method according to the present invention, and accepts authentication information for a user and management apparatus information indicating a management apparatus that manages an account for the user. A processing information acquisition unit and an inquiry destination specifying processing unit for specifying an inquiry destination management device for returning an authentication result necessary for performing an authentication process on the user based on the management device information received by the authentication processing information acquisition unit An inquiry processing unit that sends the authentication information of the user received by the authentication processing information acquisition unit to the management apparatus of the inquiry destination specified by the inquiry destination identification processing unit, and the inquiry destination based on the authentication information sent by the inquiry processing unit. The authentication result for the user obtained by the management device is received from the management device of the inquiry destination, and the authentication for the user is performed based on the received authentication result. It was assumed and a authentication process executing section which performs processing.

  The service providing apparatus according to the present invention is an apparatus suitable for carrying out the service providing method according to the present invention, provided that the authentication apparatus according to the present invention and authentication by the authentication apparatus are successful. An access permission determination processing unit that permits a user to access the service providing apparatus and prohibits the user from accessing the service providing apparatus on the condition that the user has failed.

  An information input apparatus according to the present invention is an apparatus used in combination with the authentication apparatus or service providing apparatus according to the present invention, and is a management apparatus indicating a management apparatus that manages user authentication information and an account for the user It is assumed that a function unit that receives input of information and notifies the authentication device of the received authentication information and management device information is provided.

  A management apparatus according to the present invention is an apparatus used in combination with the authentication apparatus and service providing apparatus according to the present invention, and includes an account information holding unit that holds user account information, and an authentication apparatus and service providing apparatus. The authentication processing is performed by comparing the received authentication information with the account information held in the account information holding unit, and the authentication processing unit is provided that sends the authentication result to the authentication device or the service providing device.

  An authentication assurance device according to the present invention is a device constituting the management device according to the present invention, and includes a certificate acquisition unit that acquires a certificate of the authentication assurance device from a predetermined certificate authority, and received user authentication information To the original authentication device, which is the primary authentication device that performs authentication processing for this user, receives the authentication result from the original authentication device, and the certificate acquisition unit acquires the received authentication result. And an inquiry processing unit that outputs it together with the document.

  The inventions described in the dependent claims define further advantageous specific examples of the authentication method and apparatus, the service providing method and apparatus, the management apparatus, and the authentication assurance apparatus according to the present invention. Furthermore, the program according to the present invention realizes the authentication method and apparatus, the service providing method and apparatus, or the information input apparatus, management apparatus, and authentication guarantee apparatus according to the present invention by software using an electronic computer (computer). It is suitable for. The program may be provided by being stored in a computer-readable storage medium, or may be distributed via wired or wireless communication means.

  According to the authentication method and the authentication device of the present invention, the device that the user requests to log in first receives the user authentication information and the management device information, and specifies the management device that is the inquiry destination based on the management device information. Then, the user authentication information is sent to the specified inquiry management apparatus. Then, authentication processing is performed on the management apparatus side that is the inquiry destination that manages the user's account. Thereafter, the device that the user has requested to log in refers to the authentication result returned from the inquiring management device, and executes the authentication process for the user who has requested the login.

  For this reason, even if the device for which the user requests login and the management device for which an account has been acquired in advance are connected to a different management entity network, the device for which the user has requested login By referring to the inputted management device information and specifying the management device of the inquiry destination, the user who has requested login connects to the management device from which the account has been acquired, and inquires whether the user can be authenticated. Is possible.

  Therefore, even if the device that the user requests to log in does not directly own an account, user authentication can be performed using the same account that has already been acquired. Unlike the structure of the second example shown in FIG. 19, it is not necessary to share secret information in advance.

  Further, according to the service providing method and the service providing apparatus of the present invention, after the user authentication is performed using the authentication method of the present invention, the service request desired by the user is responded. For this reason, even if the user does not directly own an account for the service providing apparatus requested by the user, the same account that has already been acquired is used to access the service providing apparatus of the user. You can control whether to allow access.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

<System overview>
FIG. 1 is a diagram showing a configuration outline of a service providing system using an authentication device and a service providing device according to the present invention. The service providing system 1 is configured to execute an authentication processing function and an access control function in a state where each device is connected to the network via an intranet (network 92, 94, 96) or the Internet 98. Yes. Specifically, the first type device 10 belonging to the providing server side having a function of providing a service to the user, and the authentication server side that performs processing related to user authentication as a management apparatus that manages an account for the user. The second type device 20 and the third type device 30 to which they belong are connected to each other via a communication network 90.

  As a network configuration of the communication network 90, for example, as illustrated, a first network 92, a second network 94, and a third network 96, each having a different management entity, are connected to each other via the Internet 98. It has become. The first type device 10 is connected to the first network 92, the second type device 20 is connected to the second network 94, and the third type device 30 is connected to the third network 96.

  The service providing system 1 is connected to the first network 92 in addition to the second type device 20 and the third type device 30 as a device belonging to the authentication server side that constitutes the management apparatus that performs processing related to user authentication. The first type authentication server 52 and the third type authentication server 56 connected to the third network 96 are provided.

  In such a configuration, the first type device 10 belonging to the providing server side is authenticated and authenticated by the user via the user terminal 40 or the operation panel (not shown) of the first type device 10. Based on the server information, the main management device that performs authentication for the user is specified, and the authentication information input by the user is sent to the specified management device.

  Note that the user terminal 40 may be any information processing device that can be connected to the service providing server 100 that the user does not have an account for, for example, a laptop computer (personal computer) or a PDA (Personal Digital) that is temporarily used. Assistant; portable information terminal).

  On the management device side, in cooperation with at least the authentication server, authentication processing is performed for the user who has requested access, and the authentication result and, if necessary, a certificate are returned to the first type device 10. The first type device 10 refers to the authentication server information input from the user and the authentication result or certificate received from the management apparatus side, performs the authentication process for the user who has requested access, and succeeds in the authentication. In the meantime, while providing the requested service is started, if authentication fails, access is prohibited (impossible), etc., based on the authentication result, whether or not the service request can be accessed is determined and controlled (access request) Approval process).

  The management apparatus that manages the account only needs to include at least an authentication server (authentication apparatus), and the device itself is connected to a second network 94 of a type that manages the user's account; The device itself is connected to the same network without managing the user's account, and is connected to the third network 96 of a type that obtains an authentication result from the original authentication device (original authentication device) that manages the user's account. There is a third type device 30.

  Further, as will be described later, the management device includes a main authentication server that performs authentication processing for a user, and an authentication assurance server (authentication assurance device) having an intermediary function for guaranteeing the authentication server. Also good. In this case, the authentication information input by the user is sent to the original authentication server via a server having an intermediary function such as an authentication guarantee server.

  In addition, the management apparatus includes a type that obtains a certificate from a certificate authority (CA) 300 that is a third-party certification authority and a type that does not obtain a certificate from the certificate authority 300. . The type that has obtained the certificate from the certificate authority 300 can be configured by itself (the second type authentication server in this example) that has obtained the certificate from the certificate authority 300. It is constructed by a combination of a type that has not obtained a certificate from the station 300 (in this example, a type 3 authentication server) and an authentication guarantee server that obtains a certificate from the certificate authority 300 and guarantees the type 3 authentication server. You can also

  For example, when the user has an account in the second type device 20 connected to the second network 94, the second type device 20 has a function of a second type authentication server. If the user has an account in the third type authentication server 56 connected to the third network 96 when using the third type device 30 connected to the third network 96, the third type The device 30 has a function of an authentication guarantee server.

  Here, the configuration of the service providing system 1 shown in FIG. 1 shows the mode of the best mode that incorporates all the elements of each embodiment described later. At least, the management apparatus side constructs a system by selectively using the necessary devices 20 and 30 and authentication servers 52 and 56 according to each embodiment described later. This will be specifically described below.

<First Embodiment>
FIG. 2 is a diagram showing a network configuration of the service providing system 1 according to the first embodiment. The difference from the overall outline shown in FIG. 1 is that the first type authentication server 52 is not provided. The configuration of the first embodiment requires user authentication when using the first type device 10 or the user terminal 40 in a state where the first type device 10 or the user terminal 40 is connected to the first network 92. It corresponds to the case.

  On the authentication server side, the second type device 20 has a function of an original authentication device in which the device itself manages user accounts. On the other hand, the third type device 30 side manages the account at the third type authentication server 56 (having the function of the original authentication device) in the third network 96 to which the own device belongs, Use account information.

<Configuration example 1>
FIG. 3 is a block diagram showing a specific configuration (configuration example 1) of the service providing system 1 focusing on the authentication function and the access control function in the network configuration of the first embodiment. Here, the first type device 10 will be described assuming that the first type device 10 functions as the service providing server 100 by taking a multifunction device installed in a convenience store or the like as an example.

  First, the function of the service providing server 100 is incorporated into the first type device 10 or the user terminal 40 shown in FIG. In the figure, an example in which the function of the service providing server 100 is incorporated in the first type device 10 is shown. The service providing server 100 (first type device 10) is input by an operation panel (not shown) or by a user. Authentication information J12 and authentication server information J22 are received from the user terminal 40 to be used. The authentication server information J22 is an example of management device information, and is information on an authentication server with which a user is authenticated.

  In the case of input via the operation panel of the service providing server 100, the information input device of the present invention is configured by the operation panel and the access interface unit 102, and the access interface unit 102 stores the user authentication information J12 and the account about the user. It has a function of an information receiving unit that receives input of management device information indicating a management device to be managed, and a notification unit that notifies the inquiry destination specifying processing unit 110 of authentication information and management device information received by the information receiving unit.

  On the other hand, in the case of input via the user terminal 40, although not shown, an information receiving unit that receives input of user authentication information J12 and management device information indicating a management device that manages an account for the user, A notification unit is provided for notifying the service providing server 100 of the authentication information and the management device information received by the information receiving unit.

  The authentication server information J22 only needs to be able to indicate the information of the server from which the account has been acquired. For example, a URL (Uniform Resource Locators) or an IP address (Internet Protocol Address) (collectively referred to as location information J24). Alternatively, it is possible to use a URL and the name of a procedure (procedure included in the program) for performing authentication.

  The service providing server 100 is connected to a second type authentication server 202 that has obtained a certificate from the certificate authority 300 and a third type authentication server 204 that has not obtained a certificate from the certificate authority 300 via a network. ing. The certificate authority 300 is an organization that ensures that the public key is valid when an electronic signature based on public key (key) encryption technology is used in electronic transactions, for example. Prevent fraud and other fraud by proving that is not a fake. If the authentication result J32 has a certificate received from the certificate authority 300, the service providing server 100 can use the authentication result J32 with confidence.

  The service providing server 100 includes an access interface unit 102 that is an example of an authentication processing information acquisition unit, an inquiry destination identification processing unit 110, an inquiry processing unit 120, an authentication processing unit 130, and an authentication server interface unit 150. Yes. The authentication processing unit 130 includes an authentication processing execution unit 132 that executes authentication processing based on the authentication result J32 sent (transmitted) from a predetermined authentication server and the authentication information J12 received by the access interface unit 102. An access permission determination processing unit 134 that controls whether or not the service request is accessible based on the authentication result of the execution unit 132.

  A portion of the service providing server 100 excluding the access permission determination processing unit 134 corresponds to the authentication apparatus of the present invention. The entire service providing server 100 including the accessibility determination processing unit 134 corresponds to the service provision of the present invention.

  On the authentication server side, there are a second type device 20 in which the device itself manages the user's account, and a third type device 30 in which the account is managed by the authentication server in the network to which the own device belongs.

  For example, first, the second type authentication server 202 corresponding to the second type device 20 acquires a certificate of its own device from a predetermined certificate authority 300 and holds it (certificate acquisition unit) 222; The authentication process is performed by verifying the account information holding unit 243 that holds the account information of the user and the authentication information J12 sent from the service providing server 100 against the account information held by the account information holding unit 243. An authentication processing unit 224.

  The second type authentication server 202 sends an authentication result (authentication possible / impossible) J32 and a server certificate (device certificate) J42, which is its own certificate, to the service providing server 100. Note that the certificate holding unit 222 is not limited to acquiring and holding the certificate of the own apparatus from the certificate authority 300 in advance, and may be configured to acquire the certificate whenever necessary.

  Here, the second type authentication server 202 returns the authentication result J32 to the service providing server 100, and reinforces whether or not the authentication result J32 is actually from the authentication server (device) that made the inquiry. For the purpose, the server certificate J42 is used. The server certificate J42 describes what qualities the authentication server (device) that returned the authentication result J32 has under the guarantee of the certificate authority 300. As a result, the service providing server 100 receives the server certificate J42 in addition to the authentication result J32, thereby increasing the authenticity of the received authentication result J32.

  On the other hand, not all devices (authentication servers) can return the server certificate J42 to the service providing server 100. A third type authentication server 204 corresponding to the third type device 30 is prepared in such a case.

  The third type authentication server 56 connected to the third type authentication server 204 (third type device 30) includes an account information holding unit 243 that holds user account information and an authentication sent from the third type authentication server 204. An authentication processing unit 244 that performs authentication processing by verifying the information J12 against the account information held in the account information holding unit 243 and sends the authentication result J32 as a result to the third type authentication server 204 is provided. I have.

  The third type authentication server 204 (third type device 30) includes an inquiry processing unit 234 that sends an authentication result (authentication enabled / disabled) J32 to the service providing server 100. The inquiry processing unit 234 inquires the third type authentication server 56 for the authentication information J12, receives the authentication result J32, and sends it to the service providing server 100. As described above, the inquiry processing unit 234 itself does not directly perform the authentication process, but performs the authentication process by verifying the authentication information J12 in cooperation with the third type authentication server 56. It functions as an example of the authentication processing unit in the management apparatus. The same applies to the inquiry processing unit 284 described later.

  The third type authentication server 204 as the third type device 30 performs authentication processing in cooperation with the third type authentication server 56. However, like the third type authentication server 206, the user account An account information holding unit 264 that holds information may be provided to have the same configuration as the second type device 20 that does not include the certificate holding unit 222. In this case, without using the third type authentication server 56, the account information holding unit holds the authentication information J12 sent from the service providing server 100 in the authentication processing unit 264 by the third type authentication server 204 alone. It is possible to perform authentication processing by collating with existing account information and send the authentication result J32 as a result to the service providing server 100.

  FIG. 4 is a sequence diagram illustrating an example of a basic procedure of authentication processing and access control processing that can be employed in configuration example 1.

  In the configuration shown in FIG. 3, first, when user authentication is requested at the time of service request, authentication server information J22 is inputted together with authentication information J12 at the time of account acquisition such as a user name and a password (S100). This operation may be performed on the operation panel of the service providing server 100 (first type device 10). In addition, when the user terminal 40 used by the user is connected to the service providing server 100 that is a device that provides a service, the user terminal 40 may be performed on the operation screen of the user terminal 40 owned by the user. In this case, the user terminal 40 notifies the service providing server 100 (first type device 10) of the input authentication information J12 and authentication server information J22 via the first network 92. Note that this notification is not necessary when the user terminal 40 has the function of the service providing server 100.

  The access interface unit 102 receives the authentication information J12 and the authentication server information J22 input by the user (S102). The inquiry destination specifying unit 110 is a management device that performs authentication from a plurality of authentication servers connected via the authentication server interface unit 150 based on the authentication server information J22 received by the access interface unit 102. An authentication server (hereinafter also referred to as an inquiry authentication server) is specified (S104). At this time, it is not necessary to set the inquiry authentication server in advance, and it is sufficient to follow the authentication server information J22 input by the user each time the user logs in when requesting access to the service.

  The inquiry processing unit 120 inquires of the inquiry authentication server specified by the inquiry destination specifying processing unit 110 of the second type authentication server 202 or the third type authentication server 204 for authentication information (S106). Therefore, the inquiry processing unit 120 transmits the authentication information J12 received by the access interface unit 102 to the inquiry authentication server.

  The inquiry destination specifying processing unit 110 may store the following items and check them before making an inquiry. For example, whether the inquiry destination is included in a preset list of credible servers, or whether the inquiry destination is included in a preset list of untrusted servers.

  When the inquiry authentication server is the second type authentication server 202 (second type device 20), the authentication processing unit 224 performs authentication processing by verifying the authentication information J12 received from the service providing server 100 (S108-YES, S110). Thereafter, the authentication processing unit 224 sends the authentication result (authentication approval / disapproval) J32 and the server certificate J42 as its own certificate to the service providing server 100 (S112).

  On the other hand, when the inquiry authentication server is the third type authentication server 56, the authentication processing unit 244 cooperates with the third type authentication server 56 to verify the authentication information J12 received from the service providing server 100 and perform the authentication process. (S108-NO, S114). Thereafter, the authentication processing unit 244 sends an authentication result (authentication enabled / disabled) J32 to the service providing server 100 (S116).

  In the service providing server 100, the authentication server interface unit 150 receives the authentication result J32 from the inquiry authentication server, and also receives the server certificate J42 when the inquiry authentication server is the second type authentication server 202 (S120). ).

  The authentication processing execution unit 132 performs authentication processing according to a predetermined authentication policy. For example, when the server certificate J42 is obtained when the inquiry authentication server is the second type authentication server 202 (second type device 20), authentication is first performed with reference to the server certificate J42. (S121-YES, S122).

  Specifically, the authentication process execution unit 132 first checks the correctness of the authentication server from the authentication server information J22 and the server certificate J42. Here, the contents of the check are confirmation that the server certificate J42 is issued by a valid certificate authority 300 and confirmation that the server certificate J42 is a response from the same authentication server as the inquired authentication server.

  When the authentication server is valid (S123-YES), the authentication process execution unit 132 performs authentication using the authentication result J32 of the inquired authentication server and the information in the server certificate J42 (S124).

  For the authentication method, the authentication result J32 is used as it is as the authentication result when the correctness of the authentication server is proved by the server certificate J42, and the authentication server domain information certified by the server certificate J42 is used for authentication. There is a method. For example, in the latter case, a trusted domain list or an untrusted domain list is prepared in advance, and the authentication result J32 is set as the authentication result by comparing whether there is a match with the domain information of the authentication server in the list. Determine whether or not. Specifically, if the domain information is in the trust list, J32 is set as the authentication result, and if it is not in the trust list, the authentication is rejected regardless of the result of J32. The opposite is true when using an untrusted list.

  On the other hand, when the server certificate J42 is not obtained, the authentication processing execution unit 132 performs authentication based on the authentication result J32 and the authentication server information J22 received by the authentication server interface unit 150 from the inquiry authentication server (S126). . At this time, a trusted domain list or an untrusted domain list is prepared in advance, and the authentication result J32 is accepted as it is only when the domain information of the authentication server information J22 matches the domain in the trusted domain list. Otherwise, authentication is rejected regardless of the authentication result J32. Note that the authentication process execution unit 132 may use the authentication result J32 itself received from the inquiry authentication server as the authentication result in the authentication process execution unit 132.

  Here, “when the server certificate J42 is not obtained” means that the server certificate J42 is not obtained when the inquiry authentication server is the second type authentication server 202 (second type device 20). In addition, both cases where the inquiry authentication server is the third type device 30 are included.

  If the server certificate J42 is not obtained when the inquiry authentication server is the second type authentication server 202 (second type device 20), the authentication NG may be immediately made. This point depends on the authentication policy.

  In any case, after once authenticating with the inquiry authentication server, the service providing server 100 cooperates with the inquiry authentication server by using a conventional technique such as issuing a ticket or assigning an ID number, for example. Account management.

  The access permission determination processing unit 134 starts providing the requested service when the authentication processing by the authentication processing execution unit 132 is successful (S128-YES, S130), and accesses the access when the authentication processing fails. It is prohibited (impossible) (S128-NO, S132). Although the authentication processing execution unit 132 is interposed, the access permission determination processing unit 134 substantially receives the authentication result J32 (preferably also the server certificate J42) from the inquired authentication server and receives the authentication server information J22. Access control is performed based on the authentication result J32 and the server certificate J42.

<Specific processing; first example>
FIG. 5 is a sequence diagram illustrating an example of a procedure of a specific example (first specific process) of the authentication process that can be employed in the configuration example 1. Here, the user has registered an account in the second type authentication server 202 (second type device 20) of the type obtained from the certificate authority 300, and account information (for example, user ID) at that time And the password) are held in the account information holding unit 223.

  When the user wants to use the first type device 10 as the service providing server 100, the first type device 10 acquires the authentication information J12 and the information of the server that acquired the account as an example of the authentication server information J22 (for example, URL or IP address). ) Is entered to request a login (S200). At this time, the input may be input from a keyboard or the like of an operation panel (not shown) of the first type device 10. Or it is good also as a structure which inputs into the 1st type device 10 by reading the IC card not shown holding the information with the IC card reader not shown.

  Here, it is assumed that the URL of the second type device 20 that has issued the account is “dev2.net2.com”, ID (Identification; identifier “fuji”, and password “taro”. Enter the ID, password, and URL in the first type device 10. For example, enter it in a format such as “fuji: taro@dev2.net2.com.” If this format is determined in advance, Anything may be used, for example, a simple comma-separated list (eg, fuji, taro, dev2.net2.com).

  Next, the access interface unit 102 of the service providing server 100 receives the ID, password, and URL from the user (S202). The inquiry destination specifying unit 110 converts the input information (ID, password, URL) into an ID and password, which are an example of authentication information J12, and a URL (dev2.net2.com), which is an example of authentication server information J22. Separate (S204). Here, “dev2.net2.com”, ID, password, and URL can be separated if a format is determined in advance.

  In addition, based on the authentication server information J22, the inquiry destination specifying processing unit 110 specifies an authentication server that inquires the authentication information J12 from a plurality of authentication servers, and transmits the authentication information J12 to the specified inquiry processing unit 120. (S204). The inquiry processing unit 120 transmits the authentication information J12 to the authentication server specified by the inquiry destination specifying processing unit 110 (here, the second type authentication server 202 (second type device 20)), and inquires about authentication (S206). Here, the inquiry processing unit 120 transmits the ID (fuji) and the password (taro) as authentication information J12 to the authentication server “dev2.net2.com”.

  The second type authentication server 202 (second type device 20; dev2.net2.com) that has received the authentication information J12 verifies the authentication information J12 (checks the validity of the authentication) by the authentication processing unit 224 ( S210) If the authentication is valid, the authentication is OK. Otherwise, the authentication result J32 (authentication OK / NG) and the authentication server held by the certificate holding unit 222, that is, the second type A server certificate J42, which is a certificate of the authentication server 202 (dev2.net2.com), is sent to the service providing server 100 (S212).

  Upon receiving the authentication result J32 and the server certificate J42 from the second type authentication server 202 (S220), in the service providing server 100 (first type device 10), the authentication process execution unit 132 performs steps S122 to S122 shown in FIG. Similarly to S124, whether or not authentication is possible is determined based on the authentication information J32, the authentication server information J22 input first, and the sent server certificate J42 (S222). How to determine depends on the authentication policy. The subsequent steps are the same as steps S128 to S132 shown in FIG. 4 (S228 to S232).

  Here, the transmission / reception method between the service providing server 100 (first type device 10) and the authentication server (dev2.net2.com) may be any method as long as transmission and reception are possible. As an example, when SOAP (Simple Object Access Protocol) of HTTP (Hypertext Transfer Protocol) is used, the following may be performed. First, the service providing server 100 (first type device 10) executes SAOP with the URL of the authentication server and the name of the procedure (method) for performing authentication. At that time, authentication information J12 is taken as an argument. Here, the procedure name to be authenticated may be determined in advance or may be included in the authentication server information input by the user.

  In the second type authentication server 202 (dev2.net2.com) as the authentication server for which SOAP is called, the called procedure (method) is executed together with the authentication information J12 as an argument, and the result (authentication result) is SOAP. Is returned to the service providing server 100 as a return value. The delivery of the server certificate J42 can be confirmed by the service providing server 100 using, for example, SSL (Secure Sockets Layer).

  When the service providing server 100 connects to the second type authentication server 202 (dev2.net2.com) as an authentication server by SSL (more specifically, HTTPS), the server certificate J42 of the authentication server is sent to the service providing server 100. Will be sent. Accordingly, the service providing server 100, that is, the first type device 10 can confirm the certificate of the authentication server.

  As described above, in the configuration example 1 of the first embodiment, an account is acquired in advance by receiving a service request from a user by acquiring an account in advance in any management apparatus in another network environment. In the service providing server 100 that is not a server, the authentication server information J22, which is information on where to receive authentication, is input from the user together with the authentication information J12, so that the user can obtain an account to a different management entity. It is possible to inquire whether or not to authenticate an authentication server which is an example of a certain management apparatus.

  As a result, a user who does not have an account in the service providing server 100 can be authenticated using the same account that has already been acquired. In addition, the single sign-on function can be realized without the need for a management server that centrally manages the authentication status, and system construction costs and operation management costs can be reduced. In addition, it is not necessary to share secret information such as a user ID and a password in advance between the service providing server 100 and the authentication server that has acquired the account.

  In addition, once a user authenticates with a predetermined authentication server, the user is not required to authenticate again when logging in to a different server, and can connect to the network anytime and anywhere without advance preparation. In addition, authentication is not required every time a different server is used, and convenience is greatly improved.

  In addition, when a user who does not have an account in the service providing server 100, such as when a personal computer is temporarily used by a person who does not have an account, the user has an account in another authentication server. The service providing server 100 can perform authentication processing in cooperation with other authentication servers.

  In addition, since the service providing server 100 does not need to permit use of the guest account or grant a temporary account, security processing such as account registration or deletion or leakage of the guest account password is required during authentication processing. The problem can be prevented.

<Configuration Example 2; Modification of Configuration Example 1>
FIG. 6 is a block diagram illustrating a modified example (hereinafter referred to as “configuration example 2”) of the configuration example 1 of the service providing system 1. Here, it is assumed that the user has registered an account in the second type authentication server 202 (second type device 20) of the type that has obtained certification from the certificate authority 300.

  This configuration example 2 is characterized in that a storage medium (for example, a portable type such as an IC card) in which these pieces of information are stored in advance is used for inputting the authentication information J12 and the authentication server information J22. In the configuration example 2, in the first specific process, the authentication information J12 (specifically, the ID and password part) is transmitted in an encrypted state immediately after the information is input until the authentication server. The authentication server information J22 is characterized in that it can be transmitted in a normal data format without being encrypted so that the inquiry destination specifying unit 110 can recognize it immediately. In this configuration example 2, the IC card 310 is used as an information input device.

  In the first type device 10, when the IC card 310 is input to the IC card reader / writer 320, the authentication information J12 and the authentication server location information J24 which is an example of the authentication server information J22 are stored in the IC card 310 and the like. For example, a common key of the common key encryption method is stored, or a key of the authentication server is created between the authentication server and the IC card 310 by a public key encryption method, and the public key of the authentication server is stored in the IC card 310. Hereinafter, this common key and public key are collectively described as an authentication key.

  It is assumed that the IC card 310 has an encryption function using a predetermined encryption method. The encryption function may be an existing encryption method such as AES (Advanced Encryption Standard) or Triple DES (Data Encryption Standard) for common key encryption, or RSA (Rivest Shamir Adleman) for public key encryption.

  The second type authentication server 202 includes an authentication information holding unit 226 that stores the authentication information J12 and time information J14 received from the service providing server 100.

<Specific processing; second example>
FIG. 7 is a sequence diagram illustrating an example of a procedure of a specific example (second specific process) of the authentication process that can be adopted in the configuration example 2.

  When the user acquires an account in the second type device 20 as the second type authentication server 202, the user stores the authentication information J12 and the location information J24 in the IC card 310, and the second type authentication as the authentication server. An authentication key for authentication (here, the public key of the authentication server) is generated between the server 202 and the IC card 310 (via the service providing server 100), and this authentication key is stored in the IC card 310 (S300a, S300b).

  When the user inputs the IC card 310 to the IC card reader / writer 320, the IC card 310 encrypts the authentication information J12 stored therein and the time information J14 at that time with an authentication key (S301). . Thereafter, the encrypted authentication information J12C and time information J14C are notified to the service providing server 100 together with the authentication server location information J24 (an example of the authentication server information J22) stored in the IC card 310 (S302). ). This notification is realized by the IC card reader / writer 320 provided in the user terminal 40 or the service providing server 100 reading the information.

  The inquiry destination specifying unit 110 of the service providing server 100 separates the encrypted “authentication information J12C and time information J14C” from the location information J24 (S303). This can be separated if the format is determined in advance as in the first specific processing. Based on the separated location information J24, a second type authentication server 202 as an inquiry authentication server is specified from among a plurality of authentication servers as encrypted authentication information J12C and time information J14C. The encrypted authentication information J12C and time information J14C are transmitted to the specified second type authentication server 202 (second type device 20) as in the first specific process (S304, S306).

  In the type 2 device 20 as the type 2 authentication server 202 that has received the encrypted authentication information J12C and time information J14C, the authentication processing unit 224 encrypts the authentication information with the authentication key (or secret key) of the authentication server. The authentication information J12C and the time information J14C are decrypted to obtain the original authentication information J12 and time information J14 (S307).

  In the second type authentication server 202 which is an inquiry authentication server, the authentication processing unit 224 first stores the decrypted authentication information J12 and time information J14 as a database in the authentication information holding unit 226 (S308), and the time information J14 and the authentication information. It is confirmed whether there is no data having the same J12 in the past data (S309). If there is the same, the authentication processing unit 224 returns an authentication NG (S309—YES, S312). Furthermore, when the time information J14 is not within a certain time (for example, 1 minute), the authentication processing unit 224 may return an authentication NG (S309—YES, S312). Other parts are the same as those in the first specific process (S320 to S322).

  Next, when there is no same item, the authentication processing unit 224 checks the authentication information J12, and returns an authentication OK if the authentication information J12 is valid (S309-NO, S310, S312). Note that the authentication processing unit 224 may store only past data in the authentication information holding unit 226 within a certain time range when checking whether the time information J14 is within a certain time.

  Thus, according to the configuration example 2, when using a service providing server connected to another network, the authentication information J12 and the authentication server information J22 at the time of account acquisition are stored in advance as a storage medium such as the IC card 310. Since the IC card 310 is used as an information input device when the service providing server 100 is used, the authentication information J12 and the authentication server information J22 are notified to the service providing server 100. The user can easily input these information.

  The authentication server information J22 is information indicating the location of the authentication server at a remote location away from the service providing server 100, and is often information with a long character string. Although an input error occurs or is a success, these problems can be solved by using a storage medium. In addition, since there is no need for manual input from the keyboard, the problem of personal information leakage due to the incorporation of a key logger does not occur, so the degree of security is improved.

  In addition, the authentication information J12, which is personal information, is transmitted in an encrypted state between the time immediately after the user inputs information and the authentication server, that is, the route from the service providing server 100 to the inquiry authentication server. Since this is done, leakage of personal information can be prevented. Further, since the authentication server information J22 indicating the location of the authentication server has few problems of information leakage, the inquiry destination identification processing unit 110 is authenticated without being encrypted. When the server information J22 is received, it is possible to immediately start processing for specifying the query authentication server.

<Configuration Example 3; Modification of Configuration Example 2>
FIG. 8 is a block diagram showing a modified example (hereinafter referred to as “configuration example 3”) of the configuration example 2 of the service providing system 1. Here, it is assumed that the user has registered an account in the second type authentication server 202 (second type device 20) of the type that has obtained certification from the certificate authority 300. The functions of the IC card 310 and stored information may be the same as those in the configuration example 2 shown in FIG.

  In the second specific process, the configuration example 3 includes an IC card 310 serving as an information input device, a service providing server 100 (first type device 10), and a second type authentication server 202 (second type device 20). It is characterized in that it is possible to perform authentication by an entity authentication method using an encryption method or a cryptographic check function. Here, the challenge / response method is used as the entity authentication method, but other entity authentication methods that exhibit the same or similar functions and effects may be used.

  Although the block diagram itself focusing on the network configuration and the authentication function and the access control function is not different from the configuration example 2, in order to perform authentication by the challenge / response method, the IC card 310-service providing server 100 (first type device 10) -There is a difference in information exchanged between the second type authentication server 202 (second type device 20).

  Note that in the normal challenge / response method, exchanges are made between two parties, but this configuration example 3 is different in that exchanges are made between the three parties. In order to perform authentication by the challenge / response method among the three parties, each functional unit except the authentication processing unit 130 in the service providing server 100 relays the challenge key J52 and the response code J52C, which are code information for performing this authentication. Acts as a functional unit.

<Specific processing; third example>
FIG. 9 is a sequence diagram illustrating an example of a procedure of a specific example (third specific process) of the authentication process that can be adopted in the configuration example 3.

  For example, the service providing server 100, which is the first type device 10, acquires the location information J24 from the IC card 310 (S401), specifies an inquiry authentication server based on the location information J24 (S402), and specifies the specified inquiry. It connects to the second type authentication server 202 which is an authentication server. The authentication processing unit 224 of the connected second type authentication server 202 generates a challenge key J52 composed of a random bit string of about 128 bits, for example, and the IC on the client side via the inquiry processing unit 120 of the service providing server 100. It is sent to the card 310 (S403). The second type authentication server 202 prepares an authentication key for checking the response code J52C sent from the IC card 310.

  The IC card 310 that has received the challenge key J52 encrypts the authentication information J12 and also encrypts the received challenge key J52 to generate a response code J52C (S404). The encrypted authentication information J12C and response code J52C are The data is sent to the service providing server 100 (S405). The service providing server 100 sends the authentication information J12C and the response code J52C to the second type authentication server 202 (S406).

  The authentication processing unit 224 of the second type authentication server 202 decrypts the authentication information J12C and the response code J52C using its own authentication key (S407), and holds the authentication information using the decrypted authentication information J12 and challenge key J52 as a database. The data is stored in the unit 226 (S408).

  After that, the authentication processing unit 224 decrypts the response code J52C to check whether there is any contradiction, that is, checks whether the challenge key J52 obtained by decryption is the one sent earlier (a legitimate challenge key J52). Thus, login authentication (client authentication) is performed (S409).

  If it is not a valid challenge key J52, the authentication processing unit 224 returns an authentication NG to the IC card 310 (S409-NO, S412). If it is a valid challenge key J52 (S409-YES), the second type authentication server 202 next checks the validity of the authentication based on the authentication information J12 (S410), and the authentication result J32 (authentication OK / Authentication NG) is sent (S412). Other portions are the same as those in the second specific process (S420 to S422).

  In the above description, as a response to the second type authentication server 202 of the IC card 310, the authentication information J12 and the challenge key J52 encrypted are returned, but instead of encryption, the authentication information J12 and the challenge key J52 are returned. A cryptographic check function value (for example, a hash value by a hash function) that is a one-way function having no inverse function is calculated for the combined bit string, and the result and ID information are returned to the second type authentication server 202. May be.

  In that case, the second type authentication server 202 takes a hash for the password obtained from the received hash value and the ID information and the challenge key J52, and can be justified if the values are the same. .

  As described above, according to the configuration example 3, the IC card 310 that inputs the authentication information J12 and the authentication server information J22, the service providing server 100 that provides the service, and the management device that manages the account for the user is an example. Authentication is performed by the challenge / response method among the three parties of the two-type authentication server 202 (second-type device 20). As a result, as in the configuration example 2, it is possible to perform authentication processing in cooperation with the second type authentication server 202 using the authentication information J12. In other words, in order to realize an authentication method similar to that of Configuration Example 2 in an entity authentication method such as a challenge / response method, it is necessary to perform entity authentication between three parties.

  After successful authentication processing using this challenge / response method, authentication processing is performed in cooperation with the second type authentication server 202 using the authentication information J12 in the same manner as in the configuration example 2. For this reason, even for users who do not have an account in the service providing server 100, it is possible to perform the authentication process without any inconvenience using the same account that has already been acquired, and it is necessary to share secret information in advance. Nor.

  Further, even if the service providing server 100 that provides the service is interposed between the IC card 310 as the information input device and the authentication server 202 that manages the account, the service providing server 100 stores the authentication server information J22. Based on the location information J24 as an example, the second type authentication server 202 as the inquiry authentication server can be identified and connected, and authentication processing in the challenge / response system can be performed without any inconvenience.

  Furthermore, since an encryption method called a challenge / response method or an entity authentication method using a cryptographic check function is adopted, the authentication strength can be increased. For example, in the configuration example 2, the authentication information J12 is encrypted and transmitted to the second type authentication server 202 to prevent information leakage. In this case, however, unauthorized use using the encrypted authentication information J12C ( (Replacement attack, etc.) cannot be protected.

  On the other hand, in the challenge / response method adopted in the configuration example 3, the challenge key J52 is changed every time of login. Since the process does not shift to the authentication process using the information J12C, as a result, unauthorized use using the encrypted authentication information J12C can be prevented.

Second Embodiment
FIG. 10 is a diagram illustrating a network configuration of the second embodiment of the service providing system 1. This second embodiment corresponds to the case where an authentication server that does not return the certificate of the authentication server is used, or the case where the authentication server is hidden from the outside.

  The difference from the configuration of the first embodiment shown in FIG. 2 is that the type of authentication server that has obtained the certificate from the certificate authority 300 is an authentication server that manages the user's account and The third type authentication server 206 that has not obtained the certification and the authentication guarantee server 208 that obtains the certification from the certificate authority 300 and guarantees the third type authentication server 206 are constructed. In this configuration, the third type authentication server 56 has the function of the third type authentication server 206 that manages the user's account, and the third type device 30 has the function of the authentication guarantee server 208.

<Configuration example 4>
FIG. 11 is a block diagram showing a specific configuration (configuration example 4) of the service providing system 1 focusing on the authentication function and the access control function in the network configuration of the second embodiment.

  On the authentication server side, a third type authentication server 206 (third type authentication server 56) connected to the authentication guarantee server 208 (third type device 30) includes an account information holding unit 263 that holds user account information, Authentication processing is performed by verifying the authentication information J12 sent from the third type authentication server 206 against the account information held by the account information holding unit 263, and the authentication result J32 that is the result is the third type. An authentication processing unit 264 to be sent to the authentication server 206 is provided.

  The authentication guarantee server 208 inquires the authentication server J2 for the authentication server certificate holding unit 282 that holds the certificate of the authentication guarantee server obtained from the certificate authority 300, and the authentication information J12 to the third type authentication server 206 and receives the authentication result J32. And a processing unit 284.

  The inquiry processing unit 284 of the authentication guarantee server 208 services the guarantee server certificate J44 indicating its own certificate held in the guarantee server certificate holding unit 282 together with the authentication result J32 obtained from the third type authentication server 56. It is sent to the providing server 100.

  By providing the server certificate J42 indicating the certificate of the third type authentication server 206 on the third type authentication server 206 side, the authentication guarantee server 208 does not include the guarantee server certificate holding unit 282 and itself. The server certificate J42 received from the third type authentication server 206 may be transferred to the service providing server 100 together with the authentication result J32 in place of the guarantee server certificate J44 indicating the certificate.

<Specific processing; fourth example>
FIG. 12 is a sequence diagram illustrating an example of a procedure of a specific example (fourth specific process) of the authentication process that can be employed in the configuration example 4. Here, the description will focus on the differences from the first specific processing procedure shown in FIG.

  The user, through an operation panel (not shown) of the service providing server 100 or from the user terminal 40 used by the user, authentication information J12 (for example, ID and password) and an authentication guarantee server (in this case, a first user responsible for user authentication). The authentication guarantee server information J26, which is the information of the three types of devices 30 / authentication guarantee server 208), is notified to the inquiry destination specifying unit 110 of the service providing server 100 that provides the service (S500, S502).

  The service providing server 100 notified of the authentication information J12 and the authentication assurance server information J26 inquires the authentication information J12 from the plurality of authentication assurance servers based on the authentication assurance server information J26 by the inquiry destination specifying processing unit 110. An authentication guarantee server (inquiry authentication guarantee server) is specified, and the specified information is transmitted to the inquiry processing unit 120 (S504). The inquiry processing unit 120 transmits the authentication information J12 to the authentication guarantee server specified by the inquiry destination specifying processing unit 110, and inquires about authentication (S506). At this time, the inquiry authentication guarantee server does not need to be set in advance, and follows the authentication server information J22 input by the user each time an access request is made.

  The inquired authentication assurance server 208 sends the authentication information J12 to the third type authentication server 206 that manages the account, and inquires about authentication (S508). The third type authentication server 206, to which the authentication information J12 has been transmitted, verifies the authentication information J12 (checks the validity of the authentication) by the authentication processing unit 264 (S510), and if the authentication is valid. Authentication result J32 (authentication OK / NG), which is authentication OK, otherwise authentication NG, is sent (S512).

  The inquiry processing unit 284 that has received the authentication result J32 sends the authentication result J32 and the guarantee server certificate J44, which is the certificate of the authentication guarantee server held by the guarantee server certificate holding unit 282, to the service providing server 100. (S514).

  In the service providing server 100 (first type device 10) to which the authentication result J32 and the guarantee server certificate J44 are sent, the authentication processing execution unit 132 sends the authentication result J32 and the authentication server information J22 that is input first, and the sent result. Based on the three pieces of information of the guaranteed server certificate J44, whether or not authentication is possible is determined according to a predetermined authentication policy (S520 to S528).

  For example, first, the authenticity of the authentication guarantee server is checked from the authentication guarantee server information J26 and the guarantee server certificate J44. Here, the contents of the check are confirmation that the certificate is issued by a valid certificate authority 300 and confirmation that the certificate is a response from the same authentication assurance server as the inquired authentication assurance server. If it is correct, authentication is performed using the authentication result of the inquired authentication assurance server and the information in the certificate of the authentication assurance server.

  If the authentication process execution unit 132 succeeds in the authentication process, the access permission determination processing unit 134 starts providing the requested service (S528-YES, S530), while if the authentication process fails, Access is prohibited (disabled) (S528-NO, S532).

  As described above, in the configuration example 4 of the second embodiment, in the service providing server 100, the authentication assurance server information J26 that is information on where to receive authentication is input together with the authentication information J12. The authentication assurance server can be inquired of the authentication guarantee server in the main body, and the authentication assurance server can inquire of the authentication server (the third type authentication server 206 in the previous example) whether the authentication is possible or not.

  As a result, when using an authentication server that does not return the certificate of the authentication server, hiding the authentication server from the outside, or using the existing authentication server as it is, the same as the configuration of the first embodiment, By acquiring an account with any of the management devices in the network environment, it is inconvenient for the user who does not have an account in the service providing server 100 to use the same account that has already been acquired. It is not necessary to share secret information in advance.

  If an existing authentication server has not obtained a certificate, there is no need to obtain a new certificate for the authentication server, and there is no need to change the existing authentication server (interface). An authentication effect similar to that of the first embodiment can be obtained by simply adding a device (here, the authentication guarantee server 208) to the environment. In this respect, the configuration example 4 of the second embodiment can be considered as an optimal example that can be taken in an actual realization.

<Configuration example 5>
FIG. 13 is a block diagram showing a modification (hereinafter referred to as configuration example 5) to configuration example 4 of the service providing system 1 in the network configuration of the second embodiment. This configuration example 5 is characterized in that an access approval process is performed (controls whether access is permitted) in units of groups (management subjects) to which the user belongs, and the configuration examples 1 to 4 include an access approval process at the individual user level. It is different from doing.

  As illustrated, the service providing server 100 includes an access control list holding unit 140 in addition to the configuration example 4. The access control list holding unit 140 holds a combination of each service and a management entity that can use the service (in other words, an unusable management entity) in association with each other.

  Further, in the third type authentication server 206 as the management apparatus of the inquiry destination, the account information holding unit 263 includes information on the management entity to which the user belongs and information on the management entity to which the own device (type 3 authentication server 206) belongs. It can be matched. For example, the management entity or domain to which the authentication guarantee server belongs is identified by the guarantee server certificate returned from the authentication guarantee server (the third type device 30). Therefore, the authentication processing unit 264 compares the authentication information received from the service providing server 100 with the management entity information obtained from the guarantee server certificate held by the account information holding unit 263, and determines the management entity to which the user belongs. Identify.

  The process of associating the user with the management entity may be realized by obtaining a guarantee server certificate and performing a collation process at the stage of receiving authentication information from the service providing server 100. Further, at the stage of obtaining the guarantee server certificate, the account information holding unit 263 may store the user ID, the password, and the management subject in association with each other. In addition, since it is sufficient to acquire the guarantee server certificate and perform the verification process when the authentication information is received from the service providing server 100, the account information holding unit 263 stores the user ID, the password, and the management entity in association with each other. It is not essential to keep it.

<Specific processing; fifth example>
FIG. 14 is a sequence diagram illustrating an example of a procedure of a specific example (fifth specific process) of the authentication process that can be adopted in the configuration example 5.

  The processing (S500 to S528) until the authentication processing execution unit 132 determines whether authentication is possible according to a predetermined authentication policy based on the three information of the authentication result J32, the authentication server information J22, and the guarantee server certificate J44. This is almost the same as the above-described fourth concrete process.

  In step S500, the authentication information J12 to be notified (input) to the service providing server 100 may be only the ID and password as in the fourth specific process, and the notification (input) of the management subject is not required. .

  When the authentication information J12 is verified and the authentication process is performed on the management apparatus side, the authentication processing unit 264 of the third type authentication server 206 authenticates at the user individual level, and the user who has requested access to which management entity Authentication (referred to as management subject authentication) is also performed (S510).

  Thereafter, the authentication processing unit 264 sends management entity information J38 indicating the management entity to which the user belongs to the inquiry processing unit 284 together with the authentication result J32 (S512). The inquiry processing unit 284 sends the received authentication result J32 and management entity information J38 to the service providing server 100 (S514). When the server certificate J42 is also sent, the management subject information J38 may be described in the server certificate J42. This facilitates management of the management entity information J38 in the data transmission process.

  The authentication processing execution unit 132 performs authentication by referring to the user personal level authentication result J32 received from the authentication processing unit 224. When the authentication processing by the authentication processing execution unit 132 is completed and the authentication at the user personal level is successful (S528-YES), the access permission determination processing unit 134 determines the service requested by the user and the guarantee server certificate. Based on the management entity information J38 described in the certificate of the authentication guarantee server obtained from J44, the access control list holding unit 140 is searched to determine whether or not access is possible (S540). For example, when a user requesting a service belongs to a management entity that can use the service, the user can access the service.

  The access permission determination processing unit 134 provides a service to the user if it is accessible (S542-YES, S544), while prohibiting the access if it is not possible, and notifies the user accordingly (S542-NO, S546).

  As described above, according to the configuration example 5 of the second embodiment, each service and a management entity that can use the service or a combination of management entities that cannot use the service are stored as a list. After the authentication process, the management entity to which the user belongs is further judged whether the service requested by the user can be provided, so the user can use the same account that has already been acquired. It is possible to control whether or not access is possible in units of management subjects to which the user belongs.

  In effect, it is not necessary to perform access approval processing at the individual user level, so that information prepared in the access control list holding unit 140 can be reduced, access list management is facilitated, and memory capacity is reduced. You can also.

  As a mechanism for performing an access approval process in units of management subjects, a system in which an access right (Access Right) is given in units of groups (hereinafter referred to as a group access right method) is known. However, in the conventional group access right scheme, when a system administrator (corresponding to the authentication server in this example) sets an access right for a group to which the user belongs, the user accesses the service providing server 100. Is configured to input an access ID and password for each group.

  For this reason, the user must identify the group to which the user belongs and input the access ID and password for each group, and thus needs to know these pieces of information. For the user and the authentication server, it is necessary to manage the access ID and password in units of groups in addition to the access ID and password at the personal level that are normally used, and the management becomes complicated.

  In addition, not only access approval processing but also authentication processing must be performed on a group basis. In order to perform the authentication process at the individual level and the access approval process at the group level, consider a modification in which the access ID and password at the group level are entered in addition to the access ID and password at the individual level. However, it takes time to input, and it becomes necessary to transmit all information on a one-to-one basis for processing, which complicates data management.

  On the other hand, in the configuration example 5 of the second embodiment, based on the personal level access ID and password input by the user, the authentication process is performed at the personal level, and the access approval process is performed in units of management subjects. Therefore, the above-described problem of input labor and data management complexity do not occur.

  Also, the management entity in the access control by the management entity is identified by, for example, the management entity or domain to which the authentication assurance server belongs from the assurance server certificate returned from the authentication assurance server (type 3 device 30). Access control can be performed, and it is not always necessary to associate and register the management subject in advance with the third type authentication server 206, and it is only necessary to collate each time an inquiry is made. This is very different from the conventional access control in units of groups, in which it is essential to register the user and the management subject in association with each other in advance.

  As described above, the configuration that includes the access control list holding unit 140 to control access permission in units of groups to which the user belongs is not limited to the configuration of the second embodiment, but the above-described configuration. The configuration examples 1 to 3 of the embodiment can be applied in the same manner, and the same effects can be enjoyed.

  In the authentication process in step S510 of the above procedure, the authentication processing unit 224 performs authentication at the user individual level, but may perform authentication at the management entity level. In this case, the authentication processing unit 224 sends the management subject level authentication result J32 to the service providing server 100 together with the management subject information J38. Even when such a modification is added, the above-described problems of input labor and data management are not caused.

<Third Embodiment>
FIG. 15 is a diagram showing a network configuration of the service providing system 1 according to the third embodiment. The third embodiment corresponds to a case where authentication by the first type authentication server 52 is required when the user terminal 40 connects to the first network 92.

  2 is different from the configuration shown in FIG. 2 in that the first type authentication server 52 has the same functional units as the service providing server 100 in the first embodiment, that is, the access interface unit 102, the inquiry destination specifying processing unit 110, and the inquiry processing. And the authentication server interface unit 150.

  The management apparatus side includes a certificate holding unit 222 and an authentication processing unit 224 (both not shown; refer to FIG. 3), and has a function of the second type authentication server 202 that manages an account for a user, and performs authentication. A type 2 device 20 of the type that has obtained certification from the station 300 is provided.

  According to the configuration of the third embodiment, a user terminal is obtained by acquiring an account in advance in a management apparatus of another network environment (the second type authentication server 202 as the second type device 20 in the figure). When the 40 is connected to the first network 92, the authentication process can be performed without any inconvenience using the same account acquired in advance as in the configuration of the first embodiment. The network can be used without earning a user ID or password for each provider (for example, Internet provider). Also, the network operator can authenticate a user who has not registered his / her account.

  Conventionally, for example, a wireless LAN spot can not join even if the network provider currently provided is different (unless the account is registered in advance), the third embodiment is applied. This is an effective configuration in that it can be solved.

<Fourth embodiment>
FIG. 16 is a diagram illustrating a network configuration of the fourth embodiment of the service providing system 1. In the fourth embodiment, in the third embodiment, the third type authentication server 56 connected to the third network 96 in FIG. 1 manages the user's account, and the authentication guarantee server 208 is the third type. In this configuration, the seed device 30 is modified, and the management apparatus side is the same as the configuration example 4 shown in FIG.

  The fourth embodiment is different only in the mechanism of authentication processing on the management apparatus side, and the processing of the first type authentication server 52 is not different from the case of the third embodiment and can enjoy the same effect.

  Although the second to fourth embodiments have been shown as modifications of the network configuration with respect to the first embodiment, these are only examples of the modifications, and the authentication processing function and the access process shown in the above embodiment. Each functional element that realizes the function can be appropriately rearranged. Thereby, the authentication process and the access process shown in the above embodiment can be applied to every scene where the authentication process function and the access process function are used.

<Configuration using electronic computer>
Note that the mechanism for performing the authentication process and the access control process described in the above embodiment is not limited to hardware, and is realized by software using an electronic computer (computer) based on a program code that realizes the function. It is also possible to do. Therefore, a program suitable for realizing the service providing method according to the present invention and various devices (service providing server and authentication server) for implementing the method by software using an electronic computer (computer) or this program is stored. The computer-readable storage medium can also be extracted as an invention. By adopting a mechanism that is executed by software, it is possible to enjoy the advantage that the processing procedure and the like can be easily changed without changing hardware.

  When a series of processing is executed by software, a program constituting the software is a computer (such as an embedded microcomputer) incorporated in dedicated hardware, or a CPU (Central Processing Unit) Installation of SOC (System on a Chip) or various programs that implement a desired system by mounting functions such as MPU (Micro Processing Unit), logic circuit, and storage device on one chip And installed on a general-purpose personal computer capable of executing various functions from the recording medium. Or the program which comprises software may be provided via communication networks, such as a wire communication or radio | wireless.

  The recording medium causes a change state of energy such as magnetism, light, electricity, etc. according to the description content of the program to the reading device provided in the hardware resource of the computer, and in the form of a corresponding signal. The program description can be transmitted to the reader. For example, a magnetic disc (including a flexible disc), an optical disc (CD-ROM (Compact Disc-Read Only Memory)), a DVD (which is distributed to provide a program to a user separately from a computer, (Including Digital Versatile Disc), magneto-optical disc (including MD (Mini Disc)), or package media (portable storage media) made of semiconductor memory, etc. It may be configured by a ROM, a hard disk, or the like in which a program is recorded that is provided to the user in a state.

  For example, a storage medium that records a program code of software that implements a function for performing authentication processing and access control processing is supplied to the system or apparatus, and the computer (or CPU or MPU) of the system or apparatus is stored in the storage medium. Even when the program code is read out and executed, the same effect as that achieved by hardware can be achieved. In this case, the program code itself read from the storage medium realizes functions of authentication processing and access control processing.

  Further, by executing the program code read by the computer, not only functions for performing authentication processing and access control processing are realized, but also an OS (operating system) running on the computer based on the instructions of the program code. Basic software) may perform a part or all of the actual processing, and a function of performing authentication processing and access control processing may be realized by the processing.

  Further, after the program code read from the storage medium is written in a memory provided in a function expansion card inserted into the computer or a function expansion unit connected to the computer, the function expansion is performed based on the instruction of the program code. There may be a case where the CPU or the like provided in the card or the function expansion unit performs part or all of the actual processing, and the function of performing the authentication processing and the access control processing is realized by the processing.

  The program is provided as a file describing a program code that implements a function for performing authentication processing and access control processing. In this case, the program is not limited to being provided as a batch program file, but is a system configured by a computer. Depending on the hardware configuration, it may be provided as an individual program module.

  FIG. 17 is a diagram illustrating an example of a hardware configuration when the user terminal 40 and the various devices 10, 20, and 30 that configure the service providing system 1 are configured using an electronic computer. Here, a multifunction device installed in a convenience store or the like as the first type device 10 will be described as an example.

  As software incorporated in the computer apparatus 900, for example, a copy application, a printer application, a facsimile (FAX) application, or a processing program for another application, the same as that in a conventional multi-function peripheral is incorporated. Also, for authentication processing or access control processing for the device to process an image read by the scanner unit or to send / receive data to / from the outside via a network interface unit in response to a request for accessing a Web site This program is also included.

  As shown in the figure, a computer device 900 is an example of a CPU 910 that performs operation control of the entire device and other processing and control functions, a ROM 930 that is an example of a nonvolatile storage unit, and an example of a rewritable storage unit. And a certain RAM 940.

  The computer apparatus 900 also has an interface function between a display I / F (interface) unit 950 that performs an interface function with the display unit 922, and a touch panel 924a and operation keys 924b that configure the operation unit 924. An input I / F unit 952 that forms an interface, a printer I / F unit 954 that makes an interface function between the printer unit 927, a scanner I / F unit 956 that makes an interface function between the scanner unit 928, and an accounting process A billing I / F unit 957 that functions as an interface with the unit 929, and a network I / F unit (terminal adapter unit) 958 that functions as an interface with the communication network 90. The billing processing unit 929 is for providing a service using a store installation terminal as a paid service using a coin insertion machine (not shown).

  The network I / F unit 958 mediates communication data exchange with a communication network such as ISDN or the Internet. As a result, the user first uses the multi-function peripheral configured by the computer device 900 to access the Web server and download the desired image data, thereby obtaining a print output based on the downloaded image data. Will be able to.

  It should be noted that a processing circuit 960 for performing a part of these functional portions by hardware may be provided instead of performing all the processing for performing the authentication processing or access control processing functions in the multifunction peripheral by software.

  The computer apparatus 900 further includes a memory reader 972 that reads image data from various types of recording media 902 such as a nonvolatile semiconductor memory card such as a flash memory, and a memory writer 973 that writes image data to the recording media 902. A memory IF unit 970 that functions as an interface with the recording medium 902 and an internal bus 980 including an address bus and a data bus that connect the units to each other are provided. Image data and control data are exchanged between the hardware via the internal bus 980.

  Further, the computer device 900 is a recording / reading device for reading and recording data from a storage medium such as a hard disk device 974, a flexible disk (FD) drive 976, or a CD-ROM (Compact Disk ROM) drive 978. An apparatus may be provided. In addition to FD996 and CD-ROM998, portable recording media include optical recording media such as DVD, magnetic recording media such as MD, magneto-optical recording media such as PD, tape media, magnetic recording media, A semiconductor memory such as an IC card or a miniature card can be used.

  The scanner unit 928, the FD 996, the CD-ROM 998, or the recording medium 902 has a function as an image input source, and can provide image data that can be used for image output for providing an image output service to the user. Is.

  The hard disk device 974, the flexible disk drive 976, and the CD-ROM drive 978 are used for registering program data for causing the CPU 910 to perform software processing, for example. The program may be stored in another recording medium such as a nonvolatile semiconductor memory card such as a flash memory.

  The ROM 930 has a program storage area for storing a control program for the CPU 910 to perform various processes, and another data storage area required for the CPU 910 to perform various processes. For example, the ROM 930 stores in advance in the program storage area a program necessary for the CPU 910 to perform authentication processing and access control processing functions. Further, the program storage area stores programs such as BIOS (Basic Input / Output System), OS (Operating Systems; basic software) and GUI (Graphical User Interface) processing (not shown). The CPU 910 implements the functions of the units described in the above embodiments by executing the program in the ROM 930 while using the BIOS, OS, and GUI processing.

  The RAM 940 is a work area used as a work memory when the CPU 910 executes various processes. The RAM 940 is an image storage area for storing image data captured from the outside, for displaying an image on the display unit 922, or on the printer unit 927. A page buffer area for storing raster data (bitmap image) for printing and printing, a bitmap area for storing bitmap images used for image processing, or an area for storing other image data to be processed Yes.

  The memory reading unit 970 stores the image data from the recording medium 902 inserted in a media unit (not shown) in the RAM 940 and the hard disk device 974.

  The display I / F unit 150 passes the raster data expanded in the page buffer in the RAM 940 to the display unit 922 while following the control by the CPU 910. As a result, the display unit 922 displays raster data based on image data captured from the outside. Similarly, the printer I / F unit 954 passes the raster data expanded in the page buffer in the RAM 940 to the printer unit 927 under the control of the CPU 910. As a result, the printer unit 927 prints and outputs an image on a predetermined recording medium in accordance with raster data based on image data captured from the outside.

  For example, the CPU 910 constituting the main part of the central control unit sequentially displays necessary GUI screens on the display unit 922 based on a control program stored in the ROM 930 or the hard disk device 974 in advance, and displays the control program and the touch panel 924a. On the basis of the user input given to the user, a web server (not shown) is accessed to download the content desired by the user (here, the output target image), and the printer unit 927 prints out the content.

  At this time, as described in each of the above-described embodiments, the CPU 910 permits the user to use the multifunction device after performing user authentication by inquiring of an authentication server that the user already has an account. Furthermore, it controls access to the Web server.

  This allows the user to have an account on an authentication server connected to another network, even if he / she does not have an account directly for using the multifunction device or accessing the Web server. The account can be used to use the multifunction machine and access the Web server.

  In the above description, the multifunction device as the first type device 10 has been described as an example. However, the second type device 20 and the third type device 30 on the management apparatus side can also be configured by a computer device. Needless to say. In this case, a configuration including at least a portion surrounded by an alternate long and short dash line in FIG. 17 from which the printer I / F unit 954, the scanner I / F unit 956, and the like are removed, which is a component unique to the multifunction machine, may be used.

It is the figure which showed the outline | summary of the structure of the service provision system. It is the figure which showed the network structure of 1st Embodiment of the service provision system. It is the block diagram which showed the structural example 1 of the service provision system. FIG. 10 is a sequence diagram illustrating an example of a basic procedure of authentication processing and access control processing that can be employed in configuration example 1. FIG. 11 is a sequence diagram illustrating an example of a first specific processing procedure of authentication processing that can be employed in configuration example 1; It is the block diagram which showed the structural example 2 of the service provision system. It is the sequence diagram which showed an example of the 2nd specific process sequence of the authentication process which can be taken in the structural example 2. FIG. It is the block diagram which showed the structural example 3 of the service provision system. It is the sequence diagram which showed an example of the 3rd specific process sequence of the authentication process which can be taken in the structural example 3. FIG. It is the figure which showed the network structure of 2nd Embodiment of the service provision system. It is the block diagram which showed the structural example 4 of the service provision system in the network structure of 2nd Embodiment. It is the sequence diagram which showed an example of the 4th specific process sequence of the authentication process which can be taken in the structural example 4. It is the block diagram which showed the modification (henceforth the structural example 5) with respect to the structural example 4 of the service provision system 1 in the network structure of 2nd Embodiment. It is the sequence diagram which showed an example of the 5th specific process sequence of the authentication process which can be taken in the structural example 5. It is the figure which showed the network structure of 3rd Embodiment of the service provision system. It is the figure which showed the network structure of 4th Embodiment of the service provision system. It is the figure which showed an example of the hardware constitutions in the case of comprising the user terminal and various devices which comprise a service provision system using an electronic computer. It is a figure which shows the 1st example of the structure of the conventional single sign-on. It is a figure which shows the 2nd example of the structure of the conventional single sign-on.

Explanation of symbols

  DESCRIPTION OF SYMBOLS 1 ... Service provision system, 10 ... 1st type device, 20 ... 2nd type device, 30 ... 3rd type device, 40 ... User terminal, 52 ... 1st type authentication server, 56 ... 3rd type authentication server, 90 ... Communication network, 100 ... service providing server, 102 ... access interface unit, 110 ... inquiry destination specifying processing unit, 120 ... inquiry processing unit, 130 ... authentication processing unit, 132 ... authentication processing execution unit, 134 ... access permission determination processing unit, DESCRIPTION OF SYMBOLS 140 ... Access control list holding | maintenance part, 150 ... Authentication server interface part, 200 ... Authentication server, 202 ... 2nd type authentication server, 204 ... 3rd type authentication server, 206 ... 3rd type authentication server, 208 ... Authentication guarantee server, 222: Certificate holding unit, 223 ... Account information holding unit, 224 ... Authentication processing unit, 226 ... Authentication information holding unit, 234 ... Inquiry processing 243 ... Account information holding unit, 244 ... Authentication processing unit, 263 ... Account information holding unit, 264 ... Authentication processing unit, 282 ... Guarantee server certificate holding unit, 284 ... Query processing unit, 300 ... Certification authority, 310 ... IC Card, 320 ... IC card reader / writer

Claims (35)

An authentication method for authenticating a user using a device placed on a network,
An authentication processing information acquisition step for receiving authentication information of the user and management device information indicating a management device that manages an account for the user;
Based on the management device information, an inquiry destination specifying step for specifying the management device as an inquiry destination for returning an authentication result necessary for performing authentication processing for the user;
An authentication information sending step of sending the user's authentication information to the specified management apparatus of the inquiry destination;
An authentication result receiving step for receiving, from the inquiry destination management device, the authentication result for the user obtained by the inquiry destination management device based on the sent authentication information;
And an authentication execution step of performing an authentication process for the user based on the received authentication result. The authentication method according to claim 1, wherein the authentication execution step performs an authentication process for the user based on the received management device information and the received authentication result. A certificate receiving step for receiving a certificate issued from a predetermined certificate authority for the management device from the management device of the inquiry destination,
The authentication method according to claim 1, wherein the authentication execution step performs an authentication process for the user based on the received management apparatus information, the received authentication result, and a certificate. The management device for managing the account includes an original authentication device in an original authentication device that performs authentication processing for the user, and an authentication assurance device that guarantees the original authentication device,
The inquiry destination specifying step specifies the authentication assurance device to be inquired for returning an authentication result necessary for performing authentication processing for the user based on the management device information,
In the authentication information sending step, the user authentication information is sent to the original authentication device via the specified authentication assurance device.
The authentication result receiving step receives the authentication result for the user obtained by the original authentication device based on the sent authentication information via the authentication assurance device. The authentication method according to any one of the above. 5. The certificate receiving step receives a certificate issued from a predetermined certificate authority for the authentication guarantee device from the authentication guarantee device that constitutes the inquiry destination management device. The authentication method described. After the inquiry destination identifying step, an information input device for inputting the authentication information of the user and the management device information and an entity authentication step of performing authentication by an entity authentication method between the inquiry destination management device,
The authentication method according to any one of claims 1 to 5, wherein the authentication execution step is performed on the condition that authentication by the entity authentication method is successful. A service providing method for authenticating a user who uses a service providing apparatus arranged in a network and providing a service by permitting access to the service providing apparatus,
Performing the authentication for the user by executing the authentication method according to any one of claims 1 to 6;
An access control step of permitting access to the service providing device by the user when the authentication is successful, and prohibiting access to the service providing device by the user when the authentication fails. How to provide. As the access control step, the service is provided for each management entity to which the user belongs based on the service requested by the user and the information on the management entity to which the user belongs obtained from the inquiry management device The service providing method according to claim 7, wherein access to the device is determined. 9. The service providing method according to claim 8, wherein the access control step acquires information on a management entity to which the user belongs based on a management entity to which the inquiry management apparatus belongs. The step of authenticating the user performs authentication of the user by executing the authentication method according to claim 3 or 5.
As the access control step, based on the service requested by the user and information on the management entity described in a certificate issued from the certificate authority, the management entity unit to which the user belongs The service providing method according to claim 8 or 9, wherein access permission to the service providing apparatus is determined. In the step of performing authentication for the user, the access control step is performed on the condition that the authentication has been successful in units of individual users.
11. The step of authenticating the user, wherein the user is prohibited from accessing the service providing apparatus on the condition that authentication in an individual user unit has failed. The service providing method according to any one of the above. An authentication device for authenticating a user who uses a device placed on a network,
An authentication processing information acquisition unit that receives authentication information of the user and management device information indicating a management device that manages an account for the user;
Based on the management device information received by the authentication processing information acquisition unit, an inquiry destination specifying processing unit that specifies the management device that is an inquiry destination for sending back an authentication result necessary for performing authentication processing for the user;
An inquiry processing unit that sends the authentication information of the user accepted by the authentication processing information acquisition unit to the management device of the inquiry destination identified by the inquiry destination identification processing unit;
Based on the authentication information sent by the inquiry processing unit, the authentication result for the user obtained by the inquiry destination management apparatus is received from the inquiry destination management apparatus, and based on the received authentication result, An authentication apparatus comprising: an authentication process execution unit that performs an authentication process for the user. The authentication process execution unit performs an authentication process on the user based on the authentication result received from the management apparatus that is the inquiry destination and the management apparatus information received by the authentication process information acquisition unit. The authentication device according to claim 12. The authentication process execution unit receives a certificate issued from a predetermined certificate authority for the management apparatus from the management apparatus of the inquiry destination, the received certificate, the authentication result, and the authentication process information The authentication apparatus according to claim 13, wherein authentication processing for the user is performed based on management apparatus information received by the acquisition unit. The management device that manages the account includes an original authentication device that is an original authentication device that performs authentication processing for the user, and an authentication assurance device that guarantees the original authentication device,
The inquiry destination specifying processing unit specifies the authentication assurance device of the inquiry destination for returning an authentication result necessary for performing the authentication process,
The inquiry processing unit sends the user authentication information to the original authentication device via the authentication assurance device of the inquiry destination specified by the inquiry destination specifying processing unit,
The authentication processing execution unit receives the authentication result for the user obtained by the original authentication device based on the authentication information sent by the inquiry processing unit via the authentication assurance device. The authentication device according to any one of claims 12 to 14. 13. The authentication processing execution unit receives a certificate issued from a predetermined certificate authority for the authentication assurance device from the authentication assurance device that constitutes the inquiry destination management device. 15. The authentication device according to any one of 15 to 15. Code information for performing authentication by the entity authentication method between the user authentication information and an information input device that inputs management device information indicating a management device that manages an account for the user and the inquiry management device It has a function part to relay,
The authentication according to any one of claims 12 to 16, wherein the authentication processing execution unit performs an authentication process on the user on condition that the authentication by the entity authentication method is successful. apparatus. In a service providing apparatus that is arranged on a network and authenticates a user who uses the apparatus and permits access to the apparatus and provides a service,
An authentication device according to any one of claims 12 to 17,
An access permission determination processing unit that permits access to the service providing apparatus by the user on the condition that the authentication by the authentication apparatus has been successful, and prohibits access to the service providing apparatus by the user on the condition that the authentication has failed. A service providing device comprising: An access control list holding unit that holds a service and a combination of management entities that can use the service in association with each other;
Based on the service requested by the user and the information of the management entity described in the certificate issued from the certificate authority, the access permission determination processing unit 19. The service providing apparatus according to claim 18, wherein information held is searched to determine whether or not access to the service providing apparatus is permitted in units of management entities to which the user belongs. The authentication apparatus receives a certificate issued from a predetermined certificate authority for the management apparatus from the inquiry management apparatus at the authentication processing execution unit, and receives the received certificate and the authentication result. And, based on the management device information received by the authentication processing information acquisition unit, performs authentication processing for the user,
The access permission determination processing unit is configured for each management entity to which the user belongs based on a service requested by the user and information on the management entity to which the user belongs, obtained from the management apparatus together with the certificate. The service providing apparatus according to claim 19, wherein access permission to the service providing apparatus is determined. The access permission determination processing unit determines whether the access is possible on the condition that the authentication device has succeeded in the authentication for each individual user, and on the condition that the authentication in the individual user unit has failed. The service providing apparatus according to claim 19 or 20, wherein a user is prohibited from accessing the service providing apparatus. An information input device used in combination with an authentication device for authenticating a user who uses a device arranged in a network,
A function unit that receives input of authentication information of the user and management device information indicating a management device that manages an account for the user, and notifies the authentication device of the received authentication information and management device information; An information input device characterized by the above. A management device used in combination with an authentication device for authenticating a user who uses a device placed on a network,
An account information holding unit for holding user account information;
An authentication processing unit that performs authentication processing by comparing received authentication information with account information held by the account information holding unit, and sends an authentication result to the authentication device. apparatus. It has a certificate acquisition unit that acquires its own certificate from a predetermined certificate authority,
The management apparatus according to claim 23, wherein the authentication processing unit sends the certificate acquired by the certificate acquisition unit together with the authentication result. An original authentication device, which is an original authentication device that performs authentication processing for the user;
The management apparatus according to claim 23 or 24, further comprising an authentication guarantee apparatus that guarantees the original authentication apparatus. The account information holding unit holds information of a management entity to which the user belongs,
The authentication processing unit identifies the management entity to which the user belongs by collating with the account information held by the account information holding unit based on the authentication information of the user, and information on the specified management entity The management apparatus according to any one of claims 23 to 25, wherein the management apparatus is sent to the authentication apparatus. The account information holding unit holds information on a management entity to which the user belongs as information on a management entity to which the management device belongs,
The authentication processing unit identifies the management entity to which the user belongs by comparing the received authentication information with the information of the management entity as account information held by the account information holding unit. The management apparatus according to claim 26. A certificate acquisition unit that acquires the certificate of the device itself from a predetermined certificate authority,
The management device according to claim 27, wherein the authentication processing unit sends the certificate acquired by the certificate acquisition unit to the authentication device together with information on the specified management entity. The management apparatus according to claim 28, wherein the authentication processing unit describes the specified management subject information in a certificate acquired by the certificate acquisition unit and sends the information to the certificate device. An authentication assurance device used for authenticating a user who uses a device placed on a network,
A certificate acquisition unit that acquires a certificate of the authentication assurance device from a predetermined certificate authority; and
The received authentication information of the user is sent to the original authentication device, which is a primary authentication device that performs authentication processing for the user, receives the authentication result from the original authentication device, and the received authentication result is An authentication assurance device comprising: an inquiry processing unit that outputs together with a certificate acquired by a certificate acquisition unit. A program for authenticating a user using a device arranged on a network using a computer,
The computer,
An authentication processing information acquisition unit that receives authentication information of the user and management device information indicating a management device that manages an account for the user;
Based on the management device information received by the authentication processing information acquisition unit, an inquiry destination specifying processing unit that specifies the management device that is an inquiry destination for sending back an authentication result necessary for performing authentication processing for the user;
An inquiry processing unit that sends the authentication information of the user accepted by the authentication processing information acquisition unit to the management device of the inquiry destination identified by the inquiry destination identification processing unit;
Based on the authentication information sent by the inquiry processing unit, the authentication result for the user obtained by the inquiry destination management apparatus is received from the inquiry destination management apparatus, and based on the received authentication result, A program that functions as an authentication process execution unit that performs an authentication process for the user. A program for performing processing of authenticating a user who uses a service providing apparatus arranged on a network and permitting access to the service providing apparatus and providing a service using a computer,
The computer,
An authentication processing information acquisition unit that receives authentication information of the user and management device information indicating a management device that manages an account for the user;
Based on the management device information received by the authentication processing information acquisition unit, an inquiry destination specifying processing unit that specifies the management device that is an inquiry destination for sending back an authentication result necessary for performing authentication processing for the user;
An inquiry processing unit that sends the authentication information of the user accepted by the authentication processing information acquisition unit to the management device of the inquiry destination identified by the inquiry destination identification processing unit;
Based on the authentication information sent by the inquiry processing unit, the authentication result for the user obtained by the inquiry destination management apparatus is received from the inquiry destination management apparatus, and based on the received authentication result, An authentication process execution unit that performs an authentication process for the user, and permits access to the server device of the user on the condition that the authentication by the authentication process execution unit is successful, and on the condition that the user fails A program that functions as an access permission determination processing unit that prohibits access to a service providing apparatus. A program for performing, using a computer, processing for notifying an authentication device of information necessary for authenticating a user who uses a device placed on a network,
The computer,
An information reception unit that receives input of authentication information of the user and management device information indicating a management device that manages an account for the user, and notifies the authentication device of authentication information and management device information received by the information reception unit A program characterized by functioning as a notification unit. A program for performing, using a computer, processing for notifying an authentication device of information necessary for authenticating a user who uses a device placed on a network,
The computer,
An account information holding unit for holding user account information;
A program that performs authentication processing by collating received authentication information with account information held in the account information holding unit and functions as an authentication processing unit that outputs an authentication result. A program for performing, using a computer, processing for notifying an authentication device of information necessary for authenticating a user who uses a device placed on a network,
The computer,
A certificate acquisition unit for acquiring a certificate from a predetermined certificate authority;
The received authentication information of the user is sent to the original authentication device, which is a primary authentication device that performs authentication processing for the user, receives the authentication result from the original authentication device, and the received authentication result is A program that functions as an inquiry processing unit that is output together with a certificate acquired by a certificate acquisition unit.

Images