Patent application number | Description | Published |
20090327706 | ACCOUNT MANAGEMENT SYSTEM, ROOT-ACCOUNT MANAGEMENT APPARATUS, DERIVED-ACCOUNT MANAGEMENT APPARATUS, AND PROGRAM - A root-account management apparatus generates an electronic signature based on a survival condition and a secret key when an authentication result of a user of a client apparatus is proper, and transmits derived-account credence element information including the survival condition, the electronic signature and a public key certificate to a derived-account management apparatus. The derived-account management apparatus creates derived-account information which becomes valid when the survival condition is satisfied so that the derived-account information includes both the derived-account credence element information which becomes invalid when a validity term of the public key certificate expires and a biometric information template of the user which is valid regardless of this validity term. Accordingly, even if an authentication element as a root (public key certificate) becomes invalid, a derived authentication element (biometric information template) can be prevented from becoming invalid. | 12-31-2009 |
20100043070 | FILE-ACCESS CONTROL APPARATUS AND PROGRAM - In a file-access control system according to an embodiment of this invention, control data in accordance with actions made is imparted, as an obligation-type policy, to a document file. Next, a policy evaluation control unit evaluates and executes the obligation-type policy imparted to the document file in accordance with the action to the document file. The execution of the obligation-type policy includes the controlling of a document application on the basis of an obligation fulfillment action. Therefore, an active control can be performed in accordance with any manipulation made to the document, and the access to the document can be changed. | 02-18-2010 |
20100180124 | VERIFICATION APPARATUS AND PROGRAM - According to one embodiment of the present invention, the first authentication context includes the template certificate indicative of the validity of a template and the first apparatus evaluation certificate indicative of the validity of the first apparatus evaluating information whilst the second authentication context includes the second apparatus evaluating certificate indicative of the validity of the second apparatus evaluating information. And the template certificate and the first and second evaluation certificates are verified when verifying the first and second authentication contexts. Thus, the validity of the template used for authentication or the apparatus evaluating information included in the authentication context can be verified. | 07-15-2010 |
20100191967 | CLIENT APPARATUS, SERVER APPARATUS, AND PROGRAM - A client apparatus receives a message including a random number from a server apparatus during the handshake of agreement process, creates a biometric negotiation message including the biometric authentication method information and sends the biometric negotiation message to the server apparatus. Then, the client apparatus executes a biometric authentication based on biometric authentication method information notified from the server apparatus and encrypts the random number based on the private key. In addition, the client apparatus generates an authenticator from a result of the biometric authentication, the biometric authentication method information, the encrypted random number, and the client certificate, and sends to the server apparatus an authentication context including these. The server apparatus verifies the authentication context and establishes a secure session in one handshake. | 07-29-2010 |
20110185413 | SYSTEM, APPARATUS, AND PROGRAM FOR BIOMETRIC AUTHENTICATION - A client apparatus transmits environmental information acquired from an environmental information acquisition device as well as a biometric authentication information matching result to a server apparatus. The server apparatus verifies the validity of the environmental information such as a luminance as well as the validity of the biometric authentication information matching result. If an environment is problematic, the server apparatus notifies the client apparatus that the environmental information is problematic. The client apparatus overcomes the problem of the environment such as the luminance based on the notification from the server apparatus and then retries a biometric authentication. The possibility of re-failure due to the environmental problem can be reduced during a retry of the biometric authentication. | 07-28-2011 |
20120162688 | ACCESS CONTROL SYSTEM, APPARATUS, AND PROGRAM - According to one embodiment, a deriving operation control device obtains derivation control information and a derivation attribute. A deriving operation propriety determination unit extracts the number of times of previously-performed derivation from the derivation attribute. The deriving operation propriety determination unit extracts the upper limit number of times enabling derivation from the derivation control information and determines that a deriving operation is possible when the number of times of previously-performed derivation is equal to or below the upper limit number of times enabling derivation. A deriving operation execution unit executes the deriving operation. | 06-28-2012 |
20130247142 | AUTHENTICATION FEDERATION SYSTEM AND ID PROVIDER DEVICE - According to one embodiment, the ID provider device stores pieces of policy information for each service provider ID. The ID provider device outputs a policy evaluation request including the user ID used in the log-in processing and the service provider ID in the authentication federation request when the log-in processing is successful. The ID provider device reads the policy information in accordance with the service provider ID in the policy evaluation request. The ID provider device judges whether to permit the transmission of the service data in accordance with whether environmental conditions of the user for the execution of a service conform to the read policy information. | 09-19-2013 |
20130250335 | ACCESS CONTROL SYSTEM, APPARATUS, AND PROGRAM - According to one embodiment, a deriving operation control device obtains derivation control information and a derivation attribute. A deriving operation propriety determination unit extracts the number of times of previously-performed derivation from the derivation attribute. The deriving operation propriety determination unit extracts the upper limit number of times enabling derivation from the derivation control information and determines that a deriving operation is possible when the number of times of previously-performed derivation is equal to or below the upper limit number of times enabling derivation. A deriving operation execution unit executes the deriving operation. | 09-26-2013 |