US Pat. No. 10,659,461

SYSTEM, METHOD, AND RECORDING MEDIUM STORING PROGRAM FOR AUTHENTICATION

ISAO CORPORATION, Tokyo ...

1. An authentication system comprising:a first terminal;
a second terminal; and
an authentication subsystem, wherein
the first terminal transmits first identification information inputted into the first terminal and a first request for push authentication to the authentication subsystem,
the authentication subsystem matches the first identification information received from the first terminal against second identification information stored in association with a unique ID of the second terminal, and if the second identification information matching the first identification information exists, transmits a push authentication operation start request to the second terminal based on the unique ID of the second terminal stored in association with the second identification information,
upon receiving the push authentication operation start request, the second terminal prompts a user, for the push authentication, to perform a predetermined operation other than inputting any of knowledge authentication information, ownership authentication information, and biometric authentication information, and when the predetermined operation is performed by the user, transmits a push authentication operation completion notification to the authentication subsystem,
before the first terminal transmits the first identification information and the first request for push authentication to the authentication subsystem,
the second terminal transmits a second request for push authentication and the unique ID of the second terminal to the authentication subsystem,
the authentication subsystem matches the unique ID of the second terminal received from the second terminal against the unique ID of the second terminal stored in association with the second identification information, and if the stored unique ID of the second terminal matching the received unique ID of the second terminal exists, stores a push authentication permission flag in association with the stored second identification information,
after the first terminal transmits the first identification information and the first request for push authentication to the authentication subsystem,
the authentication subsystem matches the first identification information received from the first terminal against the second identification information stored in association with the unique ID of the second terminal, and if the second identification information matching the first identification information exists, checks whether or not the push authentication permission flag is stored in association with the stored second identification information, and
if the push authentication permission flag is not stored in association with the stored second identification information, the authentication subsystem does not transmit the push authentication operation start request to the second terminal, or performs other authentication failure processing.

US Pat. No. 10,594,485

SYSTEM, METHOD, PROGRAM, AND RECORDING MEDIUM STORING PROGRAM FOR AUTHENTICATION

ISAO CORPORATION, Tokyo ...

1. An authentication system comprising:an authentication subsystem, the authentication subsystem comprising at least one first processor, at least one second processor and at least one storage;
a first terminal, the first terminal transmitting a code image authentication start request and authentication start trigger information to the at least one first processor in response to a trigger of an authentication start to the first terminal; and
a second terminal, wherein
the at least one first processor:
generates a first token based on reception of the code image authentication start request;
generates a code image key and stores in the at least one storage the code image key in association with the first token;
generates a code image including the code image key and stores the code image at a predetermined URL of the at least one storage; and
transmits the first token and the URL at which the code image is stored to the first terminal;
the first terminal accesses the URL received from the at least one first processor and acquires the code image, displays the code image on a screen of the first terminal, and transmits the received first token to the at least one first processor by asynchronous communication,
the at least one first processor registers the first token received from the first terminal as a key in the at least one second processor,
the second terminal reads the code image displayed on the screen of the first terminal, acquires the code image key, and transmits a login request, a unique ID of the second terminal, and the code image key to the at least one first processor,
the at least one first processor i) checks whether the received unique ID of the second terminal is a unique ID of the second terminal registered in advance, and ii) when the received unique ID of the second terminal is the unique ID of the second terminal registered in advance, checks whether the received code image key is stored in the at least one storage, and
when the received code image key is stored in the at least one storage,
the at least one first processor retrieves the first token stored in the at least one storage using the received code image key as a key, and transmits a first response code to the at least one second processor using the first token as a key,
the at least one second processor transmits the first response code to the at least one first processor that registers the first token as the key in the at least one second processor, and
the at least one first processor transmits the received first response code to the first terminal by the asynchronous communication.