Real-time authentication integration system
The real-time authentication linkage system addresses the challenge of unauthorized AI agent processing by integrating with external authentication systems to verify and manage authentication status, ensuring secure and controlled execution.
Patent Information
- Authority / Receiving Office
- JP · JP
- Patent Type
- Applications
- Current Assignee / Owner
- 池本 健介
- Filing Date
- 2026-04-02
- Publication Date
- 2026-06-18
AI Technical Summary
Conventional systems fail to verify the authentication status in real-time for AI agents, leading to unauthorized processing execution and inadequate access control when authentication becomes invalid, especially in environments with multiple external authentication infrastructures.
A real-time authentication linkage system that integrates multiple AI agents with external authentication infrastructures to verify authentication status before processing, allowing for execution, suspension, or re-authentication requests based on real-time authentication verification.
Ensures appropriate authority management and execution control by verifying authentication status in real-time, optimizing security and convenience through tailored matching conditions for each process type and maintaining secure audit trails.
Smart Images

Figure 2026099877000001_ABST
Abstract
Description
Technical Field
[0001] The present invention relates to a real-time authentication cooperation system, and particularly to an information processing system in which a plurality of AI agents or AI decision-making modules execute processing. Before execution, the authentication status or authentication-related information obtained from an external authentication infrastructure or an external system is verified, and according to the result, execution, suspension or branching to a re-authentication request is performed.
Background Art
[0002] In recent years, systems in which an AI agent or an AI decision-making module (hereinafter collectively referred to as an "AI agent") automatically performs proposal generation, evaluation, integration, decision support or processing execution on an external system have been widely used. In such systems, appropriate authority management and authentication management are required according to the importance, confidentiality or impact degree of the processing executed by the AI agent on the external system. In conventional systems, it was common to perform authentication when a user logged in to the system, and all processing was permitted during that session. However, when an AI agent executes various processing over a long period of time, it is necessary to confirm in real time whether the authentication information at the time of login is still valid at the time of subsequent processing execution, and whether an appropriate authentication level corresponding to the type and importance of the processing is maintained. Also, in an environment where a plurality of external authentication infrastructures or external systems are involved, it is necessary to verify the expiration date, authority range, signature information, etc. of the authentication status or authentication-related information provided by each authentication infrastructure, and appropriately determine before processing execution. In particular, for data transmission to an external system or important decision support processing, even if the authentication status becomes invalid within a short time, it is necessary to immediately stop execution or branch to a re-authentication request.
[0003] To address these challenges, there is a need for a system that, before an AI agent executes processing, verifies the authentication status or authentication-related information obtained from an external authentication infrastructure or external system in real time, and then branches the process to execute, postpone, or request re-authentication based on the result. [Prior art documents] [Patent Documents]
[0004] [Patent Document 1] Japanese Patent Application No. 2026-005527 discloses a corporate management system equipped with machine-readable articles of incorporation, an AI execution engine, audit nodes, and an information sharing platform. While it shows the overall architecture of corporate management, it does not disclose an authentication integration system that works with an external authentication platform to verify authentication status in real time and branch to process execution, hold, or re-authentication request.
[0005] [Patent Document 2] Japanese Patent Application No. 2026-007023 discloses data items such as AI_registry_id, policy_version, and timestamp, as well as version control of approval policies, task generation, and audit trail recording. While it provides the basics of AI agent management, it does not disclose how to obtain authentication status from an external authentication platform, real-time matching, or automatic branching control of execution, suspension, and re-authentication requests.
[0006] [Patent Document 3] US20150242605A1 is a patent application relating to continuous authentication using mobile devices. It discloses continuous authentication using biometric and non-biometric information, but does not disclose a configuration in which multiple AI agents cooperate with an external authentication infrastructure to verify the authentication status in real time and automatically determine whether or not to proceed before execution.
[0007] [Patent Document 4] US10951606B1 Continuous authentication through orchestration and risk calculation. While risk-based continuous authentication is disclosed, it does not describe the integration with external authentication infrastructure before AI agent processing, authentication status verification, or automatic branching control of execution, suspension, and re-authentication requests. [Non-patent literature]
[0008] [Non-Patent Document 1] Beyond Identity, "How is Continuous Authentication Different from Two-Factor Authentication" https: / / www.beyondidentity.com / resource / how-is-continuous-authentication-different-from-two-factor-authentication This article explains the difference between continuous authentication and two-factor authentication. It discusses the transition from static, temporary verification to dynamic, continuous identity verification, but does not cover external authentication infrastructure integration before AI agent processing, authentication status matching, or automatic branching of execution, hold, and re-authentication requests.
[0009] [Non-Patent Document 2] Twosense.ai, "Continuous Multi-Factor Authentication: How It Works" https: / / www.twosense.ai / blog / continuous-multi-factor-authentication-how-it-works This article discusses the mechanism of continuous multi-factor authentication. It talks about continuous MFA using behavioral biometrics, but it does not describe the integration with an external authentication infrastructure before processing by multiple AI agents, real-time verification of authentication status, or automatic branching of execution, hold, and re-authentication requests. [Overview of the project] [Problems that the invention aims to solve]
[0010] Conventional systems typically allowed all sessions based on login credentials, but lacked a mechanism to re-verify the authentication status in real time before execution. This resulted in problems such as processes being executed even after authentication was invalidated, or the appropriate authentication level not being maintained according to the type and importance of the process.
[0011] Furthermore, in environments involving multiple external authentication infrastructures or systems, there was a problem in that the mechanisms for verifying the consistency and expiration dates of authentication status or authentication-related information provided by each authentication infrastructure before processing were insufficient, resulting in inadequate access control for critical processes.
[0012] The present invention was made to solve the above problems, and aims to provide a real-time authentication linkage system that achieves appropriate authority management and execution control by comparing the authentication status or authentication-related information obtained from an external authentication infrastructure or external system in real time before processing is executed by an AI agent or AI decision module, and branching to execution, postponement, or re-authentication request according to the result. [Means for solving the problem]
[0013] A real-time authentication linkage system according to one aspect of the present invention is: Multiple AI agents or AI decision modules, An information processing system that performs at least part of proposal generation, evaluation, integration, decision support, or processing execution on an external system, An authentication linkage unit that acquires authentication status or authentication-related information corresponding to the execution of processing by the AI agent or AI decision module from an external authentication infrastructure or external system, Before the execution of the target process by the AI agent or AI decision module, At least any one of the content of the target process to be executed, the reference rule information, or the request time, and the authentication status or the authentication-related information are compared, an authentication verification unit that determines whether the target process to be executed can be executed; Based on the determination result by the authentication verification unit, an execution control unit that selects at least one of execution, suspension, or re-authentication request for the target process to be executed; an audit recording unit that stores the authentication status or the authentication-related information, the comparison result, and the selection result by the execution control unit as an audit record; It is provided with When it is determined by the authentication verification unit that execution is not possible or re-verification is required, the execution control unit stops the execution of the target process to be executed or branches to the process related to the re-authentication request. It is characterized by this.
[0014] In addition, the authentication-related information includes at least one of signature information, time information, authority range information, identifier information, and reference source information, and is characterized by this.
[0015] In addition, the authentication verification unit determines whether the authentication status or the authentication-related information is within the valid period based on the request time and the time information included in the authentication-related information, and is characterized by this.
[0016] In addition, the authentication verification unit applies different comparison conditions or determination conditions for each type of the target process to be executed, and is characterized by this.
[0017] In addition, when a re-authentication request is selected, the execution control unit transmits a notification to at least one of an administrator terminal, a supervisor terminal, or a user terminal, and is characterized by this.
[0018] Furthermore, the audit record unit is characterized by generating a hash value for each audit record and storing the hash value in association with the hash value corresponding to the record preceding the audit record.
[0019] Furthermore, the authentication linkage unit is characterized by acquiring authentication status or authentication-related information from multiple external authentication infrastructures or external systems.
[0020] Furthermore, the authentication verification unit is characterized in that, if it determines that reconfirmation is required based on the reference rule information or request time corresponding to the execution target process, it puts the execution target process on hold and branches to a process that requires additional confirmation or manual confirmation. [Effects of the Invention]
[0021] According to the present invention, before processing is executed by an AI agent or AI decision module, the authentication status or authentication-related information obtained from an external authentication infrastructure or external system is compared in real time, and the process is branched to execute, postpone, or request re-authentication depending on the result, thereby enabling appropriate authority management and execution control.
[0022] Furthermore, by applying different matching or judgment conditions for each type of processing, the balance between security and convenience can be optimized. In addition, by storing audit records using hash chaining, audit trails can be maintained in a format that allows for tamper detection. [Brief explanation of the drawing]
[0023] [Figure 1] This figure shows the overall configuration of the real-time authentication linkage system according to Embodiment 1 of the present invention. [Figure 2] This diagram shows a list of the types of processing that the AI agent will perform. [Figure 3]This figure shows the processing flow according to Embodiment 2 of the present invention. [Figure 4] This table shows the correspondence between processing type and matching conditions. [Figure 5] This table shows the strictness level of the matching criteria. [Figure 6] This diagram shows the flow for determining whether an action can be executed. [Figure 7] This diagram shows the hash chain of audit records. [Figure 8] This diagram illustrates the integration of multiple authentication platforms. [Figure 9] This diagram shows the branching paths for pending / additional confirmation. [Figure 10] This figure shows the hardware configuration of the real-time authentication linkage system according to Embodiment 9 of the present invention. [Modes for carrying out the invention] [Examples]
[0024] (Overall structure) Figure 1 shows the overall configuration of a real-time authentication linkage system according to Embodiment 1 of the present invention. This system comprises multiple AI agents 10, an authentication linkage unit 20, an authentication verification unit 30, an execution control unit 40, an audit recording unit 50, an external authentication infrastructure 60, and an administrator terminal 70.
[0025] AI agent 10 performs at least part of proposal generation, evaluation, integration, decision support, or execution of processing on external systems. Examples of the types of processing performed by AI agent 10 include document generation processing (T1-1), data inference processing (T1-2), suitability evaluation processing (T2-1), quality evaluation processing (T2-2), result integration processing (T3-1), data aggregation processing (T3-2), recommendation presentation processing (T4-1), risk warning processing (T4-2), data transmission processing (T5-1), API execution processing (T5-2), configuration change processing (T6-1), audit reference processing (T6-2), etc. (see Figure 2).
[0026] The authentication linkage unit 20 obtains authentication status or authentication-related information corresponding to the processing execution by the AI agent 10 from the external authentication infrastructure 60 or an external system. Authentication-related information includes signature information, time information, authority scope information, identifier information, referrer information, etc.
[0027] The authentication matching unit 30, before the AI agent 10 executes the target process, compares the content of the target process, reference rule information, or request time with the authentication status or authentication-related information to determine whether the target process can be executed. The authentication matching unit 30 applies different matching conditions or determination conditions for each type of target process.
[0028] The execution control unit 40 selects at least one of the following actions for the execution target process based on the determination result by the authentication verification unit 30: execute, postpone, or request re-authentication. If the authentication verification unit 30 determines that execution is not possible or that re-verification is required, the execution control unit 40 stops the execution of the execution target process or branches to the process related to the re-authentication request.
[0029] The audit record unit 50 stores the authentication status or authentication-related information, the matching result, and the selection result by the execution control unit 40 as an audit record. The audit record unit 50 generates a hash value for each audit record and stores the hash value in association with the hash value corresponding to the record preceding the audit record (hash chaining). This makes it possible to detect tampering with the audit record.
[0030] The external authentication infrastructure 60 is an external system that provides authentication status or authentication-related information. Examples include an authentication infrastructure that implements standard authentication protocols such as OAuth 2.0 and OpenID Connect, or an organization's single sign-on (SSO) infrastructure. In this embodiment, it is possible to obtain authentication status or authentication-related information from multiple external authentication infrastructures 60.
[0031] The administrator terminal 70 is a terminal used by the system administrator or supervisor, and receives notifications when a re-authentication request occurs. It can also refer to audit records and audit the processing execution history by the AI agent 10. [Examples]
[0032] (Processing flow) Figure 3 shows the processing flow according to Embodiment 2 of the present invention. In this embodiment, before the AI agent 10 executes the target processing, the authentication cooperation unit 20, the authentication verification unit 30, and the execution control unit 40 cooperate to verify the authentication status in real time and determine whether or not to execute.
[0033] Step S1: The AI agent 10 notifies the authentication linkage unit 20 of the details of the process to be executed (process type, reference rule information, request time, etc.).
[0034] Step S2: The authentication linkage unit 20 obtains the authentication status or authentication-related information corresponding to the execution target process from the external authentication infrastructure 60 or an external system. Authentication-related information includes signature information, time information, authority scope information, identifier information, referrer information, etc.
[0035] Step S3: The authentication matching unit 30 matches at least one of the contents of the execution target process notified in step S1, the reference rule information, or the request time with the authentication status or authentication-related information obtained in step S2 (see Figure 3). The specific conditions for matching will be described in detail in Examples 3 and 4.
[0036] Step S4: The authentication verification unit 30 determines whether or not the execution of the target process can be performed based on the verification result in step S3. If all verification conditions are met, proceed to step S5; if any one of the conditions is not met, proceed to step S6.
[0037] Step S5: The execution control unit 40 grants permission to the AI agent 10 to execute the execution target process that has been determined to be executable.
[0038] Step S6: The execution control unit 40 selects at least one of the following actions for the execution target process that has been determined to be unexecutable or requiring reconfirmation: hold, request re-authentication, or stop execution. If a request for re-authentication is selected, a notification is sent to the administrator terminal 70, supervisor terminal, or user terminal. Details of the hold / additional confirmation branch will be described in detail in Example 8.
[0039] After step S5 or step S6, the audit record unit 50 saves the authentication status or authentication-related information, the matching result, and the selection result by the execution control unit 40 as an audit record. Whether the action was performed or not, the reason is also saved as an audit record. Details of the method for saving the audit record will be described in detail in Example 6. [Examples]
[0040] (Matching conditions for each processing type) In this embodiment, As specific conditions for matching in step S3 as shown in Example 2, the matching conditions or determination conditions that the authentication matching unit 30 applies to each type of processing to be executed will be explained. Figure 4 is a table showing the correspondence between processing types and matching conditions. Representative processing types are described below.
[0041] (T1-1: Document generation process) The document generation process is the process of generating documents such as reports and contract drafts. The authentication and verification unit 30 applies the following verification conditions: (1) The authentication expiration date is within the validity period. (2) The scope of permissions includes "document creation", (3) The difference between the execution time and the authentication acquisition time must be within 30 minutes. If all of these conditions are met, the process is deemed permissible; if even one is not met, a re-authentication request is issued. Since the document generation process is relatively low-risk, the time difference limit is set to 30 minutes.
[0042] (T2-1: Conformity assessment process) The conformity assessment process is a process that performs evaluations such as policy conformity determination and risk assessment. The authentication matching unit 30 applies the following matching conditions: (1) The authentication expiration date is within the validity period. (2) The scope of permissions includes "evaluation execution", (3) The difference between the execution time and the authentication acquisition time must be within 20 minutes. (4) Refer to the latest version of the rules. If all of these conditions are met, the process is deemed permissible; if even one is not met, a recertification request is issued. Because accuracy of the basis for judgment is crucial in the conformity assessment process, a requirement to refer to the latest rule version has been added.
[0043] (T3-1: Result Integration Processing) The results integration process is the process of integrating and merging multiple proposals and data. The authentication matching unit 30 applies the following matching conditions: (1) The authentication expiration date is within the validity period. (2) The scope of permissions includes "integrated execution", (3) The difference between the execution time and the authentication acquisition time must be within 15 minutes. (4) Consistency with multiple authentication infrastructures must be confirmed. If all of these conditions are met, the process is deemed executable. If any of the conditions are not met, the process is branched to either hold, request re-authentication, or stop execution, based on the result of the authentication verification unit 30. When integrating multiple agents, it is crucial to verify consistency with multiple authentication infrastructures. Details of the integration of multiple authentication platforms will be described in detail in Example 7.
[0044] (T4-1: Recommended presentation process) The recommendation process is a process that provides decision support, such as presenting the optimal solution and prioritizing options. The authentication verification unit 30 applies the following verification conditions: (1) The authentication expiration date is within the validity period. (2) The scope of authority includes "decision support", (3) The difference between the execution time and the authentication acquisition time must be within 10 minutes. (4) Referencing the latest version of the rules, (5) The user identifier must match. If all of these conditions are met, the process is deemed executable. If any of the conditions are not met, the process is branched to either hold, request re-authentication, or stop execution, based on the result of the authentication verification unit 30. Because the recommendation process involves important decisions, strict conditions are applied.
[0045] (T5-1: Data transmission process) The data transmission process involves external integration, such as posting data to external systems. The authentication and verification unit 30 applies the following verification conditions: (1) The authentication expiration date is within the validity period. (2) The scope of permissions includes "external transmission". (3) The difference between the execution time and the authentication acquisition time must be within 5 minutes. (4) The signature information is valid. (5) Confirmation that the system is compatible with the recipient authentication infrastructure. If all of these conditions are met, the process will be deemed permissible. If even one of them is not met, the process will be stopped and a re-authentication request will be issued. Due to the significant impact on external systems, the strictest conditions are applied.
[0046] (T6-1: Configuration change process) The configuration change process involves management processes such as changing system parameters and updating rules. The authentication matching unit 30 applies the following matching conditions: (1) The authentication expiration date is within the validity period. (2) The scope of permissions includes "administrator", (3) The difference between the execution time and the authentication acquisition time must be within 3 minutes. (4) The signature information is valid. (5) Multi-factor authentication must be completed. If all of these conditions are met, the process will be deemed permissible. If even one of them is not met, the process will be stopped and a re-authentication request will be issued. Due to the extremely significant impact on the system, the strictest conditions are applied. [Examples]
[0047] (Level of strictness of matching criteria) In this embodiment, The matching conditions for each processing type shown in Example 3 are systematically classified by their degree of strictness.Figure 5 is a table showing the strictness levels of the matching conditions. In this embodiment, the strictness of the matching conditions is classified into four levels (L1: Standard, L2: Medium, L3: Strict, L4: Most Strict) according to the importance and external impact of the processing type.
[0048] (L1: Standard) The L1 standard level applies to relatively low-risk processes such as T1-1 document generation, T2-2 quality assessment, and T3-2 data aggregation. The time difference limit is 30 minutes, and only basic permission checks are performed. The decision-making criteria are relatively lenient, prioritizing convenience.
[0049] (L2: Moderate) The L2 intermediate level is applied to processes that prioritize accuracy and consistency, such as T1-2 data inference, T2-1 conformance assessment, and T3-1 result integration. It can be set within a time difference limit of 15-20 minutes, with rule version verification and signature verification as additional conditions. The judgment policy prioritizes accuracy and consistency.
[0050] (L3: Strict) The L3 strictness level applies to processes involving significant decisions, such as T4-1 recommendation issuance, T4-2 risk warnings, and T6-2 audit references. The time difference limit is 10 minutes, and additional conditions include rule version verification, identifier matching, and signature verification. The decision policy emphasizes application to significant decisions.
[0051] (L4: Strictest) The L4 strictest level applies to processes involving external impacts and system changes, such as T5-1 data transmission, T5-2 API execution, and T6-1 configuration changes. The time difference limit can be set within a range of 3-5 minutes, and multi-factor authentication and external authentication infrastructure integration verification are additional conditions. The judgment policy emphasizes application to external impacts and system changes.
[0052] In this way, by changing the strictness of the matching conditions according to the importance and external impact of the processing type, it is possible to optimize the balance between security and convenience. [Examples]
[0053] (Execution feasibility determination flow) In this embodiment, the determination procedure of the authentication verification unit 30 in steps S3 and S4 shown in Example 2 will be explained in more detail. Figure 6 shows the execution feasibility determination flow. The authentication verification unit 30 determines whether execution is possible using the following procedure.
[0054] Step S10: Identify the type of process to be executed. The process type is identified based on the processing details notified by the AI agent 10.
[0055] Step S11: Obtain the matching conditions corresponding to the processing type. The matching conditions are obtained from a predefined matching conditions table (see Figure 4) for each processing type.
[0056] Step S12: Verify the authentication status and authentication-related information for each matching condition. For example, verify the authentication expiration date, scope of authority, the difference between the execution time and the authentication acquisition time, signature information, consistency with multiple authentication infrastructures, etc.
[0057] Step S13: Match against the judgment conditions. Determine whether each matching condition satisfies the judgment conditions.
[0058] Step S14: Determine whether all conditions are met. If all conditions are met, proceed to Step S15; if even one condition is not met, proceed to Step S16.
[0059] Step S15: The execution control unit determines that the process is executable and proceeds to execution. The execution control unit 40 grants permission to the AI agent 10 to execute the process that has been determined to be executable.
[0060] Step S16: The process branches to hold, request re-authentication, or stop execution. Based on the determination result, the execution control unit 40 selects at least one of the following: hold (additional confirmation / manual confirmation), request re-authentication, or stop execution. If a request for re-authentication is selected, a notification is sent to the administrator terminal 70, supervisor terminal, or user terminal.
[0061] Step S17: Save the audit record. The audit record unit 50 saves the authentication status or authentication-related information, the verification result, and the selection result by the execution control unit 40 as an audit record. Whether the action was performed or not, the reason is also saved as an audit record. [Examples]
[0062] (Hash chain of audit records) This embodiment will describe in detail the method for saving audit records by the audit record unit 50 as shown in Example 1. Figure 7 shows a hash chain of audit records. The audit record unit 50 generates a hash value for each audit record and stores the hash value in association with the hash value corresponding to the record preceding the audit record.
[0063] Specifically, a hash value H(N) is generated for audit record N. The hash value H(N) is generated using the contents of audit record N and the hash value H(N-1) of the preceding audit record (N-1) as input. This allows audit records to be linked in chronological order, and if any record is tampered with, the hash values of subsequent records will be mismatched, making it possible to detect tampering.
[0064] For generating hash values, it is desirable to use a cryptographic hash function such as SHA-256. The contents of the audit record should include authentication status, authentication-related information, matching conditions, matching results, judgment results, selection results by the execution control unit, and execution time. [Examples]
[0065] (Integration of multiple authentication systems) This embodiment will explain in detail the configuration in which the authentication cooperation unit 20 shown in Example 1 acquires authentication status or authentication-related information from multiple external authentication infrastructures 60. Figure 8 shows a diagram illustrating the integration of multiple authentication infrastructures. In this embodiment, the authentication integration unit 20 acquires authentication status or authentication-related information from multiple external authentication infrastructures 60.
[0066] For example, the authentication status can be obtained from both the organization's single sign-on infrastructure (authentication infrastructure A) and the authentication infrastructure of an external service (authentication infrastructure B), and the consistency between the two can be verified. The authentication verification unit 30 determines whether the authentication status obtained from both authentication infrastructures is consistent, and if it is not consistent, it branches to an additional verification or a re-authentication request.
[0067] By integrating multiple authentication platforms, it becomes possible to ensure a higher level of security. In particular, for data transmission to external systems and critical decision support processes, it is desirable to verify the consistency of authentication status obtained from multiple authentication platforms. [Examples]
[0068] (Pending / Further confirmation branch) In this embodiment, we will explain the details of the branching process in step S6 shown in Example 2, specifically the branching to hold and additional confirmation. Figure 9 shows the branching for hold / additional confirmation. When the authentication verification unit 30 determines that reconfirmation is required based on the reference rule information or request time corresponding to the execution target process, it holds the execution target process and branches to a process that requires additional confirmation or manual confirmation.
[0069] For example, in the recommendation presentation process, if the difference between the execution time and the authentication acquisition time exceeds 10 minutes, the authentication verification unit 30 determines that reconfirmation is required, and the execution control unit 40 puts the process on hold. For the put-on process, a notification is sent to the administrator terminal 70, and the administrator or supervisor performs additional confirmation or manual confirmation.
[0070] If the additional checks are completed and no problems are found, the execution control unit 40 permits the execution of the process. On the other hand, if the additional checks reveal that there are problems, the execution control unit 40 stops the execution of the process and branches to either a re-authentication request or process termination. [Examples]
[0071] (Hardware configuration) Figure 10 shows the hardware configuration of a real-time authentication collaboration system according to Embodiment 9 of the present invention. This system comprises a CPU 101, memory 102, storage 103, network interface 104, and input / output interface 105.
[0072] The CPU 101 executes the programs deployed in the memory 102 to realize the functions of the authentication cooperation unit 20, the authentication verification unit 30, the execution control unit 40, and the audit record unit 50. The memory 102 is a volatile memory such as RAM, and temporarily stores programs and data. The storage 103 is a non-volatile storage device such as an HDD or SSD, and permanently stores programs, data, audit records, etc.
[0073] The network interface 104 is an interface for communication with the external authentication infrastructure 60, the administrator terminal 70, the AI agent 10, etc. The input / output interface 105 is an interface for connecting to input / output devices such as a keyboard, mouse, and display. [Industrial applicability]
[0074] The real-time authentication linkage system of the present invention is applicable to all information processing systems in which an AI agent or AI decision module automatically performs complex processing. For example, it can be applied to corporate business systems, financial institution risk management systems, medical institution diagnostic support systems, government agency review support systems, and so on. [Explanation of symbols]
[0075] 10 AI Agents 20 Authentication Integration Department 30 Authentication Verification Unit 40 Execution Control Unit 50 Audit Records Department 60 External Authentication Infrastructure 70 Administrator terminal 101 CPU 102 memory 103 Storage 104 Network Interfaces 105 Input / Output Interfaces
Claims
1. An information processing system in which multiple AI agents or AI decision modules perform at least part of proposal generation, evaluation, integration, decision support, or processing execution on an external system, An authentication linkage unit that acquires authentication status or authentication-related information corresponding to the execution of processing by the AI agent or AI decision module from an external authentication infrastructure or external system, Before the execution of the target process by the AI agent or AI decision module, an authentication matching unit compares the content of the target process, reference rule information, or request time with the authentication status or authentication-related information to determine whether or not the target process can be executed. Based on the determination result by the authentication verification unit, an execution control unit selects at least one of the following for the execution target process: execute, hold, or request re-authentication; An audit record unit that stores the authentication status or authentication-related information, the matching result, and the selection result by the execution control unit as an audit record, Equipped with, The execution control unit, when the authentication verification unit determines that execution is impossible or requires re-verification, stops the execution of the target process or branches to the process related to the re-authentication request. A real-time authentication collaboration system characterized by the following features.
2. In the real-time authentication linkage system described in claim 1, The aforementioned authentication-related information includes at least one of the following: signature information, time information, authority scope information, identifier information, and referrer information. A real-time authentication collaboration system characterized by the following features.
3. In the real-time authentication linkage system according to claim 1 or 2, The authentication verification unit determines, based on the requested time and the time information included in the authentication-related information, whether the authentication status or authentication-related information is within its validity period. A real-time authentication collaboration system characterized by the following features.
4. In the real-time authentication linkage system according to any one of claims 1 to 3, The authentication matching unit applies different matching conditions or determination conditions for each type of processing to be executed. A real-time authentication collaboration system characterized by the following features.
5. In the real-time authentication linkage system according to any one of claims 1 to 4, The execution control unit, when a re-authentication request is selected, sends a notification to at least one of the administrator terminal, supervisor terminal, or user terminal. A real-time authentication collaboration system characterized by the following features.
6. In the real-time authentication linkage system according to any one of claims 1 to 5, The audit record unit generates a hash value for each audit record and stores the hash value in association with the hash value corresponding to the record preceding the audit record. A real-time authentication collaboration system characterized by the following features.
7. In the real-time authentication linkage system according to any one of claims 1 to 6, The aforementioned authentication linkage unit acquires authentication status or authentication-related information from multiple external authentication infrastructures or external systems. A real-time authentication collaboration system characterized by the following features.
8. In the real-time authentication linkage system according to any one of claims 1 to 7, If the authentication verification unit determines that re-verification is required based on the reference rule information or request time corresponding to the execution target process, it will suspend the execution target process and branch to a process that requires additional verification or manual verification. A real-time authentication collaboration system characterized by the following features.