AUTHENTICATION SYSTEM, AUTHENTICATION SERVER, AUTHENTICATION METHOD, AND AUTHENTICATION PROGRAM

摘要

A validity judgment means 81 judges validity of each received service ID. A service availability judgment means 82 judges availability of a service utilizing a medium or device identified by a physical ID based on the received physical ID. An authentication information management means 84 stores at least a service ID and a judgment result of the service ID by the validity judgment means 81 in an authentication information storage means 83 in association with a key ID. A use right judgment means 85 judges a use right of a service to be utilized by the user from a service ID and a judgment result of the service ID in association with a key ID stored in the authentication information storage means 83 based on a policy defining a service available range depending on at least a combination of service IDs.

主权项

1. An authentication system comprising:
an authentication server for authenticating a user utilizing a service; and an authentication request terminal for making a service authentication request to the authentication server, wherein the authentication request terminal comprises an identification information transmission unit for transmitting a physical ID as identification information capable of uniquely identifying a medium or device used for authenticating a user utilizing a service, and a service ID as identification information defined per type of the medium or device to the authentication server, the authentication server comprise: a validity judgment unit for judging validity of each received service ID; a service availability judgment unit for judging availability of a service utilizing a medium or device identified by a physical ID based on the received physical ID; an authentication information management unit for, when it is judged that a service utilizing the medium or device is available, storing at least a service ID and a judgment result of the service ID by the validity judgment unit in association with a key ID in an authentication information storage unit with a combination of one or more service IDs capable of identifying one authentication request made by the user among received service IDs as the key ID; and a use right judgment unit for judging a use right of a service to be utilized by the user from a service ID and a judgment result of the service ID in association with a key ID stored in the authentication information storage unit based on a policy defining a service available range depending on at least the combination of service IDs, and the identification information transmission unit in the authentication request terminal transmits a physical ID of a previously-defined medium or device among one or more mediums or devices used for authentication, and one or more previously-defined service IDs in the medium or device used for authentication to the authentication server.