| US 7,519,992 B2 | ||
| Access control system, device, and program | ||
| Shingo Miyazaki, Yokohama (Japan); and Takehisa Kato, Kunitachi (Japan) | ||
| Assigned to Kabushiki Kaisha Toshiba, Tokyo (Japan) | ||
| Filed on May 28, 2003, as Appl. No. 10/445,911. | ||
| Claims priority of application No. 2002-158028 (JP), filed on May 30, 2002; and application No. 2003-141996 (JP), filed on May 20, 2003. | ||
| Prior Publication US 2004/0073814 A1, Apr. 15, 2004 | ||
| Int. Cl. G06F 7/04 (2006.01); G06F 7/58 (2006.01); G06F 12/00 (2006.01); G06F 12/14 (2006.01); G06F 13/00 (2006.01); G06F 17/30 (2006.01); G06K 19/00 (2006.01); H04L 9/32 (2006.01) | ||
| U.S. Cl. 726—21 | 3 Claims |
| 2. A service provider device which, upon receipt of a service request from a user device, verifies whether the user device
belongs to an authorized group, on the basis of a group signature scheme and, when a verification result indicates validity,
provides a service, comprising:
required authority retrieval means which retrieves required authority information on the basis of the service request received
from the user device;
challenge creation means which creates challenge information including unpredictable information on the basis of the service
request received from the user device;
proof request means which transmits a required authority proof request to request proof of the authority information retrieved
by the required authority retrieval means and the challenge information created by the challenge creation means to the user
device;
proof information verification means which, upon receipt of authority proof information from the user device in response to
transmission by the proof request means, verifies the authority proof information on the basis of the challenge information;
service information output means which, when the verification result by the proof information verification means indicates
validity, outputs service information so as to provide the service; and
usage management means which manages the authority proof information which has been verified to be valid by the proof information
verification means and usage history information corresponding to the authority proof information in such a way that they
are associated with each other and transmits the authority proof information, the usage history information, and an accounting
request to a group administration organization device at regular intervals,
wherein the group signature scheme is for proving that the user device belongs to an authorized group without identifying
a user, the authority proof information is a group signature in the group signature scheme, and the group signature is created
by an individual user, and
the group administration organization device, upon receipt of the authority proof information, the usage history information,
and the accounting request from the service provider device, verifies the authority proof information and when a verification
result indicates validity, identifies the user from the authority proof information based on the group signature scheme and
manages user information corresponding to the identification result and usage charge information in the usage history information
in such a way that they are associated with each other.
|