JP2022170252A - Electronic information storage medium and program - Google Patents

Abstract

To provide an electronic information storage medium and a program that can reduce risk on security when executing secure communication between terminals via a public network.SOLUTION: When a SIM acquires terminal information from terminals T at its start-up, the SIM performs authentication of the terminals T by using terminal authentication information stored in an NVM 14 and the terminal information acquired from the terminals T; when succeeding in authentication of the terminals T, the SIM acquires user information from the terminals T, and performs authentication of a user by using user authentication information stored in the NVM 14 and the user information acquired from the terminals T or causes the terminals T to perform authentication of the user; and when succeeding in authentication of the user, the SIM transmits, to the terminals T, a parameter for authentication used in authentication processing to be a premise for executing secure communication between the terminals T.SELECTED DRAWING: Figure 4

Description

The present invention relates to a technical field of an authentication method for implementing secure communication between terminals via a public network.

In a public network such as the Internet, there is a method of transmitting/receiving data encrypted with a session key between end terminals as a method to realize a session with security between end terminals. Such an approach requires the session key to be pre-shared between the end terminals. As such, session keys are typically shared or derived prior to session establishment. Specifically, mutual public keys or common secret keys are exchanged in advance between end terminals, or public keys certified by a trusted third party (for example, CA (Certification Authority)) Session keys may not be transferred or exchanged before a session is established between end terminals, provided that authentication at the end terminals is pre-established, such as having a certificate at the end terminal. Become. For example, RFC (Request for Comments) 4567 uses S/MINE (Secure Multipurpose Internet Mail Extensions), IPsec (Security Architecture for Internet Protocol), etc., and session keys are transferred or exchanged over SDP (Session Description Protocol). It stipulates a protocol for the transmission of key information by means of a man-in-the-middle attack, etc. Prevents unauthorized use.

By the way, the conventional technology described above has a problem that authentication at the end terminal must be ensured in advance when sharing (transferring or exchanging) the session key. For example, it is assumed that the end terminals have mutually exchanged public or private keys in advance, or that the end terminals have a public key certificate certified by a trusted third party. Here, with regard to the former, it is often difficult to exchange keys between arbitrary end terminals in advance, and even if exchange is realized, there will be a problem that a huge number of keys must be properly managed. . The latter also has the problem that it is often difficult for all end terminals to have a trusted public key certificate.

As a method for solving the above problems, for example, in Patent Document 1, a third-party device holds authentication information used for authentication of each of the requesting device and the responding device, and sends each authentication request to the requesting device and the responding device. Upon receipt from each of the responding devices, the retained authentication information is used to authenticate each of the requesting and responding devices, and the authenticated authentication request by each of the requesting and responding devices results in a successful authentication. the session key is sent to the requesting device and the responding device so that the session key is shared between the requesting device and the responding device, and the requesting device requests that the requesting device be authenticated. A method is disclosed in which an authentication request to authenticate the response device is transmitted to the third party device, and the responding device transmits an authentication request requesting authentication of the responding device to the third party device.

Japanese Patent No. 4963425

However, in the method disclosed in Patent Document 1, authentication information such as an ID and password is used for authentication of the end terminal before session key sharing, so it is not authenticated whether the terminal being used is legitimate. . For example, if the above method is executed on a shared terminal that anyone can access, there are security risks such as leakage of authentication information and session keys.

Therefore, the present invention has been made in view of the above points, and an electronic information storage medium capable of reducing security risks when implementing secure communication between terminals via a public network, and The purpose is to provide a program.

In order to solve the above-mentioned problems, the invention according to claim 1 is an electronic information storage medium installed in a terminal, which includes terminal information approved as valid and terminal information approved as valid. a memory for storing user information and authentication parameters used in authentication processing that is a prerequisite for the terminal to perform secure communication with another terminal via a public network; and the electronic information storage medium. authenticates the terminal using a first obtaining means for obtaining terminal information from a controller of the terminal at the time of activation of the terminal, the terminal information stored in the memory, and the terminal information obtained by the first obtaining means a first authentication means; a second acquisition means for acquiring user information from the user when authentication of the terminal is successful; user information stored in the memory; and the user acquired by the second acquisition means. second authentication means for authenticating the user using information and transmission means for transmitting the authentication parameters to the controller of the terminal when the user authentication is successful. .

According to a second aspect of the present invention, there is provided an electronic information storage medium mounted on a terminal, wherein the terminal information approved to be valid, the user information approved to be valid, and the terminal public A memory for storing authentication parameters used in authentication processing that is a prerequisite for implementing secure communication with another terminal via a network; a first acquiring means for acquiring terminal information; a first authenticating means for authenticating the terminal using the terminal information stored in the memory and the terminal information acquired by the first acquiring means; and the terminal when the authentication is successful, the user information stored in the memory is transmitted to the terminal, and the user authentication performed by the controller using the user information and the user information from the user is successful. transmitting means for transmitting the authentication parameter to the controller of the terminal when the authentication parameter is transmitted to the controller of the terminal.

The invention according to claim 3 is the electronic information storage medium according to claim 1 or 2, wherein the transmission means sends authentication information together with the authentication parameter to an authentication device provided in a private network via the controller of the terminal. and a third authentication means for transmitting a request and using the authentication request as a trigger to perform authentication processing with the authentication device.

The invention according to claim 4 sends an authentication request together with the authentication parameter transmitted from the electronic information storage medium to a computer included in a terminal in which the electronic information storage medium according to claim 1 or 2 is mounted, a step of transmitting to an authentication device provided in a private network; a step of performing authentication processing with the authentication device using the authentication request as a trigger; performing a key exchange via the authentication device for generating a shared key used in the secure communication with the terminal.

According to the present invention, it is possible to reduce security risks when performing secure communication between terminals via a public network.

1 is a diagram showing a schematic configuration example of a communication system S; FIG. 2 is a diagram showing a schematic configuration example of a terminal T; FIG. It is a figure which shows the schematic structural example of SIM. FIG. 10 is a sequence diagram showing the flow of processing when a terminal T and a user are authenticated using SIM; FIG. 10 is a sequence diagram showing the flow of processing when terminal T is authenticated using the core; FIG. 10 is a sequence diagram showing the flow of processing when key exchange is performed between terminals T using a core;

BEST MODE FOR CARRYING OUT THE INVENTION Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. The embodiments described below are embodiments in which the present invention is applied to a communication system.

[1. Outline configuration of communication system S]
First, a schematic configuration of a communication system S according to this embodiment will be described with reference to FIG. FIG. 1 is a diagram showing a schematic configuration example of a communication system S. As shown in FIG. As shown in FIG. 1, the communication system S includes a terminal T1, a terminal T2, a private network (private network) NW1, and a public network (public network) NW2 such as the Internet. Here, the terminal T1 and the terminal T2 are mobile terminals such as smartphones. In the following description, when terminal T1 and terminal T2 are collectively referred to as terminal T, the description is for terminal T1 and terminal T2 respectively. The terminal T is equipped with a SIM (Subscriber Identity Module). The SIM is an example of the electronic information storage medium of the present invention, and may be detachably mounted on the terminal T as an IC (Integrated Circuit) card. It may be an eUICC (Embedded Universal Integrated Circuit Card) mounted (for example, soldered) on the board.

The private network NW1 is a local communication network using technologies such as private LTE and local 5G, and is constructed in a specific area (eg, factory) by a company other than the mobile network operator (MNO). The private network NW1 consists of a wireless network including eNBs (base stations) and a core network including cores. The core functions as an MME (Mobility Management Entity) and an AUC (Authentication Centre), and is an example of an authentication device provided in the private network NW1. In the private network NW1, authentication processing is performed using a SIM prepared by a network builder (that is, a company other than the mobile communication service provider). In such authentication processing, for example, the AKA authentication method known in technologies such as normal LTE and 5G may be used, and a shared secret key shared between the core side and the terminal T side is used as an authentication parameter. . Such authentication parameters can be flexibly written into the SIM by the network builder.

FIG. 2 is a diagram showing a schematic configuration example of the terminal T. As shown in FIG. As shown in FIG. 2, the terminal T includes an I/F section 1, a wireless communication section 2, a storage section 3, an operation/display section 4, a control section 5 (an example of a controller), and the like. Note that the terminal T may be equipped with a fingerprint sensor. The fingerprint sensor reads the fingerprint from the pad of the user's finger of the terminal T and outputs the fingerprint data to the control unit 5 as user information. Thereby, the user information from the user is acquired by the control unit 5 . The I/F unit 1 serves as an interface with SIM. Examples of such interfaces include SPI (Serial Peripheral Interface), I ² C (Inter-Integrated Circuit), or ISO7816 interfaces. Note that the control unit 5 and SIM communicate via the I/F unit 1 according to, for example, an APDU (Application Protocol Data Unit) protocol.

The wireless communication unit 2 is composed of a communication module for connecting to the private network NW1 and a communication module for connecting to the public network NW2. A communication module for connecting to the private network NW1 has a modem that detects an eNB within the communication range of the private network NW1, and is capable of wireless communication with the eNB. On the other hand, the communication module for connecting to the public network NW2 has a short-range wireless function such as Wi-Fi (registered trademark), and can perform wireless communication with a wireless router connected to the public network NW2. It is possible.

The storage unit 3 is composed of, for example, a non-volatile memory, and stores an operating system and application programs (including the program of the present invention). The terminal information of the terminal T is stored in advance in the storage unit 3 . The terminal information may be any information as long as it is unique to the terminal T, but an example is an International Mobile Equipment Identifier (IMEI) or a hash value generated from the IMEI. The operation/display unit 4 has an input function for receiving input from a user and a display function for displaying various information on a display (for example, a touch panel). The operation/display unit 4 outputs a password or the like input by the user to the control unit 5 as user information. Thereby, the user information from the user is acquired by the control unit 5 .

The control unit 5 (an example of a computer) is composed of, for example, a CPU (Central Processing Unit), a RAM (Random Access Memory), a ROM (Read Only Memory), and the like. The control unit 5 connects to the SIM via the I/F unit 1 and communicates with the SIM. The control unit 5 transmits to the SIM via the I/F unit 1 an activation command (reset command) for activating (resetting) the SIM at the start of communication. In response to this, after receiving an initial response (for example, ATR (Answer To Reset)) from the SIM, the control unit 5 reads the terminal information from the storage unit 3, and sends the terminal information to the SIM via the I/F unit 1. Send to In response, the SIM uses the terminal information to authenticate the terminal T. FIG.

Then, when the authentication of the terminal T is successful, the control unit 5 transmits user information obtained from the user through the operation/display unit 4 or the fingerprint sensor to the SIM through the I/F unit 1 . In response, the SIM uses the user information to authenticate the user. Alternatively, when the authentication of the terminal T is successful, the user may be authenticated using the user information acquired from the user by the control unit 5 . Then, when the user authentication is successful, the control unit 5 transmits an authentication request together with the authentication parameters acquired from the SIM to the core provided in the private network NW1 via the wireless communication unit 2, and is used as a trigger to perform authentication processing with the core. When the authentication related to the authentication process is successful in both the terminal T1 and the terminal T2, safe communication with countermeasures against eavesdropping and tampering is realized between the terminal T1 and the core and between the terminal T2 and the core. Therefore, using such communication, key exchange for generating a shared key (session key) used in secure communication between terminal T1 and terminal T2 is performed using core. This eliminates the need for prior issuance of a certificate or authentication by a trusted third party (for example, CA).

FIG. 3 is a diagram showing a schematic configuration example of a SIM. As shown in FIG. 3, the SIM includes an I/F section 11, RAM 12, ROM 13, NVM (Nonvolatile Memory) 14, CPU 15, and the like. The I/F section 11 serves as an interface with the control section 5 of the terminal T. FIG. When the activation command (reset command) from the terminal T is received by the I/F unit 11 , SIM is activated and an initial response is transmitted to the terminal T via the I/F unit 11 . The NVM 14 is, for example, non-volatile memory such as flash memory. The ROM 13 or NVM 14 stores an operating system and application programs.

In addition, the NVM 14 (an example of memory) stores terminal information approved to be valid (hereinafter referred to as "terminal authentication information") and user information approved to be valid (hereinafter referred to as "user authentication information"). ”) and an authentication parameter used in authentication processing (for example, AKA authentication) that is a prerequisite for implementing secure communication. Here, if the SIM is installed in the terminal T1, the NVM 14 stores the terminal authentication information of the terminal T1. On the other hand, if the SIM is installed in the terminal T2, the NVM 14 stores the terminal authentication information of the terminal T2. Approval of the validity of the terminal and the user is performed by, for example, the network builder of the private network NW1 (that is, a company other than the mobile communication carrier).

The CPU 15 functions as first acquisition means, second acquisition means, first authentication means, second authentication means, third authentication means, transmission means, and key exchange means in the present invention. Specifically, when the CPU 15 acquires (receives) terminal information from the control unit 5 of the terminal T via the I/F unit 11 when the SIM is activated, the CPU 15 combines the terminal authentication information stored in the NVM 14 with the terminal T control information. The terminal T is authenticated using the terminal information acquired from the unit 5 . In the authentication of the terminal T, for example, it is determined whether or not the terminal authentication information and the terminal information match, and if it is determined that they match, the authentication is successful, and thereafter, the terminal T is provided with a function as a SIM. be.

When the terminal T is successfully authenticated, the CPU 15 acquires user information from the control unit 5 of the terminal T via the I/F unit 11, and combines the user authentication information stored in the NVM 14 with the control unit 5 of the terminal T. The user is authenticated using the user information acquired from. In user authentication, for example, it is determined whether or not the user authentication information and the user information match, and if it is determined that they match, the authentication is successful, and thereafter the user is permitted to use the terminal T. . Alternatively, the CPU 15 may transmit the user authentication information stored in the NVM 14 to the control unit 5 of the terminal T via the I/F unit 11 when the authentication of the terminal T is successful. In this case, the user is authenticated by the control unit 5 of the terminal T using the user authentication information and the user information from the user, and the result is transmitted to the SIM. Allowed.

Then, when the user authentication is successful, the CPU 15 transmits the authentication parameters stored in the NVM 14 to the control section 5 of the terminal T via the I/F section 11 . As a result, an authentication request is transmitted from the terminal T to the core together with the authentication parameters, and authentication processing is performed with the core. When user authentication is successful, the CPU 15 transmits an authentication request together with the authentication parameters to the core via the control unit 5 of the terminal T, and uses the authentication request as a trigger to perform authentication processing with the core. you can go In this case, the control unit 5 of the terminal T converts the protocol of the authentication parameters and the authentication request from the SIM and transfers them to the core.

[2. Operation of communication system S]
Next, the operation of the communication system S will be explained.

(2.1. Authentication of terminal T and user using SIM)
First, terminal T and user authentication using SIM will be described with reference to FIG. FIG. 4 is a sequence diagram showing the flow of processing when terminal T and user are authenticated using SIM. In FIG. 4, when power is supplied to the terminal T with the SIM installed in the terminal T, or when a reset button provided on the terminal T is pressed, the control unit 5 issues a start command (reset command). is transmitted to the SIM via the I/F unit 1 (step S1). The SIM is activated upon receiving the activation command from the control unit 5, and transmits an initial response to the control unit 5 via the I/F unit 11 (step S2).

Next, upon receiving an initial response from the SIM, the control unit 5 reads the terminal information from the storage unit 3 and sends an authentication command (for example, a VERIFY command APDU) including the read terminal information to the SIM via the I/F unit 1. (step S3). Upon receiving the authentication command from the control unit 5, the SIM reads the terminal authentication information from the NVM 14, acquires the terminal information from the authentication command, and determines whether the terminal authentication information and the terminal information match. (step S4). That is, terminal T is authenticated. When the SIM determines that the terminal authentication information and the terminal information do not match (step S4: NO), the SIM transmits a response indicating authentication failure of the terminal T to the control unit 5 via the I/F unit 11. (step S5). In this case, error processing is performed by the control unit 5, and the terminal T is no longer provided with the SIM function. On the other hand, when the SIM determines that the terminal authentication information matches the terminal information (step S4: YES), the SIM transmits a response indicating successful authentication of the terminal T to the control unit 5 via the I/F unit 11. (Step S6).

Next, when receiving a response indicating successful authentication from the SIM, the control unit 5 causes the operation/display unit 4 to display information prompting the input of user information, and acquires the user information input by the user (step S7). . Next, the control unit 5 transmits a request command (for example, GET DATA command APDU) indicating a request for user authentication information to the SIM via the I/F unit 1 (step S8). Upon receiving the request command from the control unit 5, the SIM reads the user authentication information from the NVM 14 and transmits a response including the user authentication information to the control unit 5 via the I/F unit 11 (step S9).

Next, when receiving a response from the SIM, the control unit 5 acquires user authentication information from the response, and determines whether or not the user authentication information matches the user information acquired in step S7 ( step S10). That is, the user of terminal T is authenticated. If the control unit 5 determines that the user authentication information matches the user information (step S10: YES), the control unit 5 transmits a request command indicating a request for authentication parameters to the SIM via the I/F unit 1. (step S11). Upon receiving the request command from the control unit 5, the SIM reads the authentication parameters from the NVM 14 and transmits a response including the authentication parameters to the control unit 5 via the I/F unit 11 (step S12). In this way, when the authentication parameters are transmitted from the SIM to the control unit 5, authentication of the terminal T using the core is performed. If it is determined that the user authentication information and the user information do not match (step S10: NO), error processing is performed by the control unit 5, and the user is not permitted to use the terminal T thereafter.

As another example of step S8, the control unit 5 may send an authentication command including the user information acquired in step S7 to the SIM instead of the request command. In this case, when receiving the authentication command from the control unit 5, the SIM reads the user authentication information from the NVM 14, acquires the user information from the authentication command, and determines whether or not the user authentication information matches the user information. If it is determined that the user authentication information matches the user information, a response including authentication parameters stored in the NVM 14 is transmitted to the control unit 5 .

(2.2. Authentication of terminal T using core)
Next, authentication of the terminal T using the core will be described with reference to FIG. FIG. 5 is a sequence diagram showing the flow of processing when the terminal T is authenticated using the core. In FIG. 5, when the control unit 5 of the terminal T receives the response including the authentication parameter from the SIM, the control unit 5 acquires the authentication parameter from the response, and transmits the authentication request together with the authentication parameter to the wireless communication unit 2 and the eNB. to the core via (step S21). As a result, authentication processing with the core is started. When the core receives the authentication parameters and the authentication request from the terminal T, the core calculates an authentication value based on the authentication parameters by a predetermined algorithm (for example, the algorithm of the AKA authentication method) (step S22). Next, the core transmits the calculation result indicating the authentication value calculated in step S22 and the authentication parameter to the terminal T via the eNB (step S23).

Next, when the control unit 5 receives the calculation result and the authentication parameter from the core, it calculates the authentication value by a predetermined algorithm (the same algorithm as the algorithm used in step S22) based on the authentication parameter ( step S24). Next, the control unit 5 confirms the calculation result from the core (step S25). For example, it is checked whether the authentication value indicated by the calculation result from the core matches the authentication value calculated in step S24. Next, when it is confirmed that both authentication values match, the control unit 5 transmits the calculation result indicating the authentication value calculated in step S24 to the core via the wireless communication unit 2 and the eNB (step S26 ). Note that if the two authentication values do not match, the process of step S26 is not performed.

Next, upon receiving the calculation result from the terminal T, the core confirms the calculation result (step S27). For example, it is confirmed whether the authentication value indicated by the calculation result from the terminal T and the authentication value calculated in step S22 match. Next, when it is confirmed that both authentication values match, the core transmits an authentication result indicating successful authentication to the terminal T via the eNB (step S28). In this way, when the authentication result indicating the authentication success is transmitted from the core to the terminal T, the key exchange between the terminals T using the core is performed. If the two authentication values do not match, an authentication result indicating authentication failure is sent to the terminal T. FIG.

(2.3. Key exchange between terminals T using core)
Next, key exchange between terminals T (terminal T1 and terminal T2) using the core will be described with reference to FIG. FIG. 6 is a sequence diagram showing the flow of processing when key exchange is performed between terminals T using the core. In the example of FIG. 6, it is assumed that authentication using SIM (2.1) and authentication using core (2.2) have been completed in each of terminal T1 and terminal T2, as described above. do.

In FIG. 6, the control unit 5 of the terminal T1 for which the authentication using the core (2.2) has succeeded generates a key pair (public key A and private key A') unique to the terminal T1 (step S31). ). Next, the control unit 5 of the terminal T1 transmits a key sharing request together with the public key A included in the key pair generated in step S31 to the core via the wireless communication unit 2 and eNB (step S32). When the core receives the public key A and the key sharing request from the terminal T1, the core transmits the public key A and the key sharing request to the terminal T2, which has successfully authenticated (2.2) using the core, via the eNB. Transfer (step S33). Note that if the authentication (2.2) of the terminal T2 using the core fails, information indicating rejection of the key sharing request is returned to the terminal T1.

Next, upon receiving the public key A and the key sharing request from the core, the control unit 5 of the terminal T2 generates a key pair (public key B and private key B') unique to the terminal T2 (step S34). Next, the control unit 5 of the terminal T2 transmits the public key B included in the key pair generated in step S34 and a key sharing response to the core via the wireless communication unit 2 and the eNB (step S35). Upon receiving the public key B and the key sharing response from the terminal T2, the core transfers the public key B and the key sharing response to the terminal T1 via the eNB (step S36).

Next, when the control unit 5 of the terminal T1 receives the public key B and the key sharing response from the core, based on the public key B and the private key A' included in the key pair generated in step S31, the terminal T1 A shared key (session key) with T2 is generated (step S37). On the other hand, the control unit 5 of the terminal T2 shares with the terminal T1 based on the public key A received together with the key sharing request as described above and the secret key B' included in the key pair generated in step S34. A key (session key) is generated (step S38). The shared key is generated by a known key calculation method (for example, an ECDH (Elliptic curve Diffie-Hellman key exchange) calculation method). Thereafter, terminal T1 and terminal T2 perform secure communication using the generated common key.

As described above, according to the above embodiment, when the SIM acquires the terminal information from the terminal T at its startup, the SIM uses the terminal authentication information stored in the NVM 14 and the terminal information acquired from the terminal T to The terminal T is authenticated, and when the authentication of the terminal T is successful, the user information is acquired from the terminal T, and the user authentication information stored in the NVM 14 and the user information acquired from the terminal T are used to authenticate the user. or the terminal T authenticates the user. Since the parameters are configured to be transmitted to the terminal T, it is possible to reduce the security risk when performing secure communication between the terminals T via the public network.

1 I/F unit 2 Wireless communication unit 3 Storage unit 4 Operation/display unit 5 Control unit 11 I/F unit 12 RAM
13 ROMs
14 NVM
15 CPUs
T1 terminal T2 terminal NW1 private network NW2 public network S communication system S

Claims (4)

An electronic information storage medium installed in a terminal,
Terminal information approved to be valid, user information approved to be valid, and authentication that is a prerequisite for the terminal to perform secure communication with another terminal via a public network a memory in which authentication parameters used in processing are stored;
a first acquisition means for acquiring terminal information from a controller of the terminal when the electronic information storage medium is activated;
a first authentication means for authenticating the terminal using the terminal information stored in the memory and the terminal information acquired by the first acquisition means;
a second acquiring means for acquiring user information from the user when the authentication of the terminal is successful;
a second authentication means for authenticating the user using the user information stored in the memory and the user information acquired by the second acquisition means;
a transmission means for transmitting the authentication parameter to a controller of the terminal when the user is successfully authenticated;
An electronic information storage medium comprising: An electronic information storage medium installed in a terminal,
Terminal information approved to be valid, user information approved to be valid, and authentication that is a prerequisite for the terminal to perform secure communication with another terminal via a public network a memory in which authentication parameters used in processing are stored;
a first acquisition means for acquiring terminal information from a controller of the terminal when the electronic information storage medium is activated;
a first authentication means for authenticating the terminal using the terminal information stored in the memory and the terminal information acquired by the first acquisition means;
When authentication of the terminal is successful, the user information stored in the memory is transmitted to the terminal, and authentication of the user is performed by the controller using the user information and user information from the user. sending means for sending the authentication parameters to the controller of the terminal when the is successful;
An electronic information storage medium comprising: the transmission means transmits an authentication request together with the authentication parameter to an authentication device provided in a private network via a controller of the terminal;
a third authentication means for performing authentication processing with the authentication device using the authentication request as a trigger;
3. The electronic information storage medium according to claim 1, further comprising: A computer included in a terminal in which the electronic information storage medium according to claim 1 or 2 is mounted,
a step of transmitting an authentication request together with the authentication parameter transmitted from the electronic information storage medium to an authentication device provided in a private network;
a step of performing authentication processing with the authentication device using the authentication request as a trigger;
a step of performing key exchange via the authentication device for generating a shared key used in the secure communication between the terminal and the other terminal when authentication is successful in the authentication process;
A program characterized by causing the execution of

Images