Unlock instant, AI-driven research and patent intelligence for your innovation.

Authentication coordination system and ID provider device

A technology of joint systems and joint departments, applied in transmission systems, digital data certification, electrical components, etc., can solve problems such as high cost of introduction, inability to simply import, and inability to share certification results

Active Publication Date: 2013-09-04
KK TOSHIBA +1
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The first problem is that the use of HTTP cookies is limited to a single domain, and HTTP cookies cannot be used to share authentication results between domains.
The second problem is that the SSO method of the access management product used in each domain is different depending on the vendor (vendor), so it cannot be simply introduced, but additional preparations are required
[0026] However, in order to implement this framework, it is necessary to modify the above-mentioned ID provider with the SAML function installed, and the import cost is very high

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Authentication coordination system and ID provider device
  • Authentication coordination system and ID provider device
  • Authentication coordination system and ID provider device

Examples

Experimental program
Comparison scheme
Effect test

no. 1 approach )

[0065] Below, refer to Figure 1 to Figure 15 The authentication association system of this embodiment will be described.

[0066] figure 1 It is a block diagram showing the basic configuration of the authentication cooperation system of this embodiment. This authentication cooperation system includes: an ID provider device 200 capable of executing a login (login) process on a user terminal 100 operated by a user; and a service provider device capable of transmitting service data to the user terminal 100 when the login process is successful. 300. In addition, there may be a plurality of service provider apparatuses 300, but only one is shown here. In addition, the user terminal 100, the ID provider device 200, and the service provider device 300 may be connected via a network, respectively.

[0067] The user terminal 100 has a normal computer function, and is a device capable of communicating with the ID provider device 200 and the service provider device 300. The utilize...

no. 2 approach )

[0160] refer to Figure 16 to Figure 19 The authentication association system of the second embodiment will be described.

[0161] This embodiment is the same as the first embodiment, from the state where SSO processing can be performed between the ID provider device 200 and the service provider device 300, and the user belonging to the organization where the ID provider device 200 is installed has not registered the account The status of registration in the service provider device 300 starts. In addition, the authentication cooperation system of this embodiment assumes that SSO is performed through the above-mentioned steps (1) to (6) similarly to the first embodiment.

[0162] In addition, there are various combinations of the user's login state and the origin of the SSO request from the user, but in this embodiment, the user's login state is not completed and the origin of the SSO request from the user starts from the service provider device 300 .

[0163] Here, refer to ...

no. 3 approach )

[0202] refer to Figure 20 to Figure 24 The authentication association system of the third embodiment will be described.

[0203] This embodiment is the same as the first embodiment, from the state where SSO processing can be performed between the ID provider device 200 and the service provider device 300, and the user in the organization belonging to the ID provider device 200 side has not registered an account. The state in the service provider device 300 starts.

[0204] In addition, there are various combinations of the login state of the user and the origin of the SSO request from the user, but in this embodiment, it is assumed that the login state of the user is the end state and the origin of the SSO request from the user starts from the ID provider device 200 (IDP start Model).

[0205] The IDP start model is a model that starts when the user terminal requests the ID provider for service provision from the service provider in the SSO step (1). Therefore, in this emb...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Without an SSO device of an ID provider being altered, and in accordance with a condition existing when a user requests an SSO, the invention enables an assessment of whether a service can be used without human intervention, said assessment being made when executing account registration and account coordination, which are executed with an SSO process. An ID provider device according to one embodiment of the invention is provided with: a policy information storage unit that stores policy information that indicates a user for whom sending of service data is to be permitted; an authentication coordination request advance processing unit that, upon receiving an authentication coordination request, performs a policy evaluation process and an account coordination process in a timing corresponding to a user terminal login status; and an authentication coordination request transfer unit that, upon receiving the authentication coordination request from a service provider device, transfers the authentication coordination request to the authentication coordination request advance processing unit.

Description

technical field [0001] Embodiments of the present invention relate to an authentication federation system and an ID provider device. Background technique [0002] There is single sign-on (Single Sign On, hereinafter referred to as SSO) as a technique for performing authentication association that enables use of a plurality of applications or services with one authentication procedure. In most cases, SSO integrates authentications of multiple applications in a single domain such as an intranet of a company. [0003] However, SSO between different domains (meaning between different WWW servers, hereinafter referred to as cross-domain) has been expected recently. Reasons for this include activation of corporate integration or mergers, overseas expansion, etc., and outsourcing such as SaaS (Software as a Service: Software as a Service) based on cloud computing that has begun to emerge. [0004] However, in order to realize cross-domain SSO, there is a problem that sharing auth...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/41G06F21/33
CPCG06F21/41H04L63/08H04L63/0815H04L63/20
Inventor 西泽实池田竜朗山田正隆江崎裕一郎田中诚一郎
Owner KK TOSHIBA