JPS63294152A - User confirming system - Google Patents

Abstract

PURPOSE:To eliminate a registration file kept in a service station, by producing infor mation which becomes necessary for producing a confirming composition which is required for passing a confirmation inspection in the service station in a password producing station and secretly keeping the composition in each station. CONSTITUTION:A password producing station 100 secretly sends a password PWi which is producing in corresponding to the information IDi declared by a user to a station i300 and confirming information Ii used by a service station 600 when the station 600 confirms the station i300 to the station i300 and the station i300 secretly keeps the password PWi obtained from the password producing station 100 and, when the station i300 utilizes the service station 600, calculates a confirming composition Vi which certifies the rightness of the station i300 by using the password PWi. After calculation, the station i300 transmits the confirming composition Vi to the service station. When the value calculated from the composition Vi in accordance with an inspecting procedure matches the confirming information, the service station 600 confirms the station i300 by using the information Ii. Therefore, no file is required at the service station and the policy for using registration files, such as updating of registration files, etc., becomes unnecessary.

Description

DETAILED DESCRIPTION OF THE INVENTION [Field of Industrial Application] The present invention relates to a user authentication method for confirming the legitimacy of users registered in a system.

[Conventional technology]

Traditionally, the most commonly used user authentication method is to
This method uses a password known only to the station (hereinafter referred to simply as the station).

This method requires measures to encrypt the data on the line to prevent the PIN numbers sent over the line from being misused by eavesdropping, and strict security measures for the PIN registration file to prevent the PIN numbers from being seen and tampered with at the service station. There are management issues, etc. Furthermore, problems arise in the operation of the registration file, such as an increase in the number of stations, an increase in the amount of memory for the registration file, and the need to update the registration file as new stations are added.

[Problem that the invention seeks to solve]

The present invention solves the problems of the conventional system in terms of security measures on lines and security numbers, as well as management and operation of security code registration files at service stations.

[Means to solve the problem]

In the present invention, instead of providing a registration file for PIN numbers at the service bureau, the information (PW) required to generate the authentication statement V that passes the authentication inspection at the service bureau,
User authentication is achieved by generating a password at a password generating station and having each station keep it secret. By removing the registration file stored in the service bureau, the strict management and operation of the registration file in the service bureau can be reduced.

In addition, by providing a time stamp component in the authentication text and adding a protocol that responds to a temporary message from a service station, it is possible to make it impossible for unauthorized stations to reuse the authentication text.
Eliminates the need for encryption measures for data on the line.

[For production]

The password generation station mentioned above uses the information (ID) declared by station 1.
(i: Personal identification information such as address 2 name, etc.) and authentication information used by the service station to authenticate station 1 (Ii: For example, service name on the service station 7 service that station 1 can use, password validity period, etc.) From pwi = (more i x engineering i) (
mod N) (]) However, N=PXQ (p and q are prime numbers) e x a = 7mod LOM ((p-/), (
q-/month (2) g is the Galois field a gp) and G F (Q
), generate a password (PWi), N, e, and g, secretly deliver PWi to station 1, and set N as public information.

e, g, and the station 1 publishes the public information and the random number R.
From the time stamp T and password (PWi), CK/ and CK,
2 is generated, and then an authentication statement v1 is calculated.

In other words, XR CK/ = PWi Xg (mod N)
(at 310, 2 = goXR(mad N
) (4) and then Vi=(from i,
T, CK/, 0K2) is created and sent to the service station, and the service station generates -0 - CK10/CKT/ IDj, (mod N
) By calculating (5), 11 (the reason will be explained later) is obtained. Based on this, check the service name, password validity period, etc. of the service center available to station 1, and authenticate station 1. do.

However, g is the primitive element of the Galois field GF(p) of a certain prime number p and the Galois field GF(q) of another prime number q, and N is the prime number p and q
(mocl N) represents the operation modulo N, and e is the product of (exa-/) such that it is a multiple of the least common multiple of (p-/) and (q-/). choose.

Furthermore, the service center calculates b−gU(moa N) (from the random number U and public information).
The inquiry text generated in step 6) is sent to station 1, and station 1
cx3 from R and h used to generate K/ and CK, 2
=b (modN)
(Response component CK3 generated by force and C of authentication sentence V1
CK using K2 component, 2U 30 to 3° (moa N)
Checking that (8) holds true, the station is a fraudulent station]
Detect impersonation.

A1] and a E b (modN) represents that (, -b) is a multiple of N.

〔Example〕

FIG. 1 is a diagram showing the principle configuration of an embodiment of the present invention.

The password generation station (/00) uses the password generation device (/10) to generate integers N, e, and g, which are public information.
, and a password (PW) is generated from the information declared by the station and ■ used by the service station. and a secure communication channel (
Password PW and public information 1, e, and g are delivered to each station via ΩOO). For example, when a station joins a network, it is stored in a C card and handed over.

Below, we will explain how to configure the password generator (/10).
1 and the service station declared by station i (300)]
The negative password PWj used to authenticate
An example of generating the data will be explained with reference to FIG. 2.

FIG. 2 is a block diagram showing the configuration of the password generation device (//θ).

Step /: Generate different large prime numbers p and q using a prime number generator (///).

Step 2 Find the product N of prime numbers p and q using a square generator (//2).

Step 3: Using the LCM calculator (//3), (p-
Find the least common multiple of /) and (q-/).

Stepping: Using a random number generator (//4t), integer d
is generated and stored in the Confidentiality Memo + H9J).

Stenoft: Using the reciprocal calculator (/#:), eXd=
/ Find the integer e that yields mod L.

Extended Euclidean algorithm can be used to calculate the reciprocal of the integer e in division using modulus. The detailed procedure for reciprocal calculation is as follows.

Step! -/: Variable go is set to L, variable g1 is set to 0, variable u (1 and ■1 is set to /, variables uI and V.

Set 0 to , and / to top.

Stepter 2: If gi = 0, perform the calculation in F, and g
If j,=Q, perform step j-3.

Quotient of y divided by gl-/gl, gj+/ = gi-/-yX giui+/ =
uj, -/-yX ujvi-1-/ = vj, -
/−yX vj−i = i @−/.

Stepter 3: Let x=vj-/, and if χ≧0, let X be the reciprocal of e, and if X<O, let x-1-n be the reciprocal of e.

"The fact that d obtained by the calculation procedure described in item 1 yields eXd=/modL means that, for example, Dennis
by E, :” cryptography and
Data 5ecur], ty', /4DD,
l5ON-WESLEY PUBLICATION
COMPANY, pp, 37-4t♂, (19g,
2).

Step B: Random number generator (/Ha0 and primitive principal and interest calculator (//
7) is used to generate an integer g, which is the primitive root of the Galois fields GF(p) and GF(q).

Here, GF(p) is an operation that takes the remainder after dividing by p if the result of addition/multiplication is 9 or more (mod p)
This is a set that considers the following. The method for determining the primitive element on ()FCRI) is as follows.

Step l-/: Factorize p-/.

Here, it is assumed that it can be expressed as p-/=QtXQ2°2...×Qr0r.

Step 7-. 2: Check that the following relationship holds for j=/, . . . , r. If it holds true, the message "rgl'1 is a primitive element of GF(p)" is output, and if it does not hold, it outputs the message "g is not a primitive element of GP(p)".

m=p−//Qj g=/modp The validity of the above test procedure can be confirmed, for example, by Iwabe Takahashi: 1 Combinatorial Theory and its Applications “Iwanami Zensho 3/l, pp-10~Otsuhachi (/97!;' ), as shown in

Step 7: From the declared information of station 1, enter the authentication information Ii used by the service station, secret information d, and public information N into the exponentiation calculator with remainder (//I) to obtain the secret information used by station i. PWi is determined by calculating pwi = (from i x engineering 1) (1 (mod N).

The calculation method of power calculation with remainder used to calculate PWi is shown, for example, in Ikeno and Koyama, "Modern Cryptography Theory 1, Institute of Electronics and Communication Engineers, pp./l-/7 (/rifJ).

Next, with reference to FIG. 3, a method of configuring the authentication text generation device (310, 10) and authentication device (zlo) in FIG. 1 will be explained.

As a typical example, a case will be described below in which station i (300) uses a service station.

Station i uses the authentication statement generation device (310) to generate the password (PWi) stored in the confidential memory (3//),
The random number (R) generated by the random number generator (3/2), the time stamp (T) output by the timer (3/3), and the public information g and N
and e into a power calculator with remainder (3H), XR CK/ = PWi X g (moclN)C
K2=g8×R(modN) Find CK/ and CK,2, and connect the coupler (with IDi and T)
3/J') and enter Vi = (IDi, T, CK/, CK, 2
) to generate authentication statement v1.

On the other hand, the service station (3oθ) uses the authentication device (1, 10)
Using the CK/ extracted by the separator (&//) and public information, use the exponentiation calculator with remainder (t/, 2) to calculate CK
/8 (mod N) is calculated, and from the CK2 component and T component extracted by the separator (1, // ) and public information, use the remainder multiplication calculator (113) and the reciprocal calculator (t) to calculate /10K. , 2 (mod N), then use the reciprocal calculator (,g/J-) to find // IDi (mod N) from the IDi component extracted by the separator (J//) and the public information, and finally, A multiplier with remainder (
, <#) to calculate CK/”/cK2/ID1 (mod N).

At this time, from how to make CK/ and CK, 2, C! ni/”/
CK KoT/IDl Mi (Pwix gT XR) 6 /ge XRX T
/ID1= PWlXg 7g /IDimiPWi°/ Since I E l:Di Station 1 can be authenticated.

By the way, if an unauthorized person listens to the Vl transmitted on the line, memorizes it, and tries to impersonate station 1 by reusing it, in RD time type communication, the center station will check the time stamp T. Validity checks can detect fraud.

On the other hand, in storage-type communication, although the time stamp T has no meaning, fraud can be detected by adding the communication of the next inquiry text (11) and its response text (CK3) to the above procedure.

The equipment rows associated with the above procedure are shown in Figure 3.

The service station (300) uses the random number (U) generated by the random number generator (g/7) and the public information N and g using the remainder exponentiation calculator (O/K) to calculate +T = glJ (modN). An inquiry message is generated and sent to station 1.

Station 1ilSj: Received inquiry text, CK/ and C
To generate K2, a random number generator (3/2) generates a random number R and public information, and a remainder exponentiation calculator (3/2)
Using CK3-h (modN), a response sentence CK3 is generated and transmitted to the service station as the I-th component of the authentication sentence.

The service station uses a power calculator with remainder (& , l) to obtain CK, 2U (mocl N), extract it with a separator (tii), and use the ζCK3 component and public information to calculate CK3° (modN) using a power multiplier with remainder (1, 20). CK,2 (
mod N ) = CK, 3° (mod N) is verified.

At this time, from how to create CK, 2 and CK3, CK, 2
: g − (g) = (h) E CK3° (mocEN) holds, so the service station can perform user authentication by checking whether the above two values match.

In the above procedure, the service station can change the correct response text by issuing a different inquiry text each time, so even if an unauthorized person reuses the used authentication text v1, he or she will not be able to impersonate station 1.

Used here ///... prime number generator, //2... multiplier, //3
... LCM calculator, //ri... random number generator, // evening... secret memory, //z... reciprocal number calculator, //
7°゛°primitive element determiner, //, 1'... Power calculator with remainder, 310 and aio... Authentication sentence generator, 37/
...Secret memory, 3/2...Random number generator, 3/3
...Timer, 37 Hiro...Power calculator with remainder, 3
/j...Coupler, Otsu10...Authentication device, tii...
Separator, Otsu/, 2. t/3. otoig.

1;/9.1.20...Power calculator with remainder, J/
g, J/J-... Reciprocal number calculator, O/O... Multiplier with remainder, 1.77... Random number generator, Otsu 2/... Match checker, those skilled in the art will be able to use this book. It can be constructed in accordance with the gist of the invention, and can be constructed in any desired configuration, such as by using dedicated hardware or a program on a σL computer.

〔Effect of the invention〕

As explained above, since the registration file is not required at the service station, it is possible to reduce the amount of memory, and it is also possible to take measures for operating the registration file, such as updating the registration file when adding a new station or deleting a station. It disappears.

Even if an unauthorized person tries to impersonate a station that has authentication information 1 based on the declared information, formula (1) is used to obtain the password pw.
d used in is required. If the public information N is sufficiently large, it is difficult to factorize N, so p and q cannot be found, and Equation (2)
It is difficult to calculate d. Therefore, an unauthorized person cannot generate a password.

As a result, user authentication becomes possible by the station 1 secretly keeping the PWi that can generate the authentication text V]- for which formula (5) becomes 11, and the registration file of the 11ii-certificate number at the service station becomes unnecessary. Become. This makes it possible to solve the management and operational problems of the PIN number registration file in the conventional system.

Furthermore, by setting information required by the service bureau, such as the password validity period, in the authentication information, it becomes possible to select services in more detail.

Furthermore, if we add the protocols for the makeshift sentence (h) and the response sentence component (0Kj), the fraudster will not be able to calculate U from equation (6), and will not be able to calculate R from equation (3) and equation (4). Since it cannot be determined, CK3 that passes equation (8) cannot be generated. Therefore, even if an attempt is made to impersonate the station by reusing the authentication text eavesdropped on the line, the correct CK3 cannot be generated, and the fraudulent act will be detected. Than this,
There is no need for security measures on the line, which were required in the conventional method.

[Brief explanation of drawings]

FIG. 1 is a basic configuration diagram of an embodiment of the present invention, FIG. 2 is a block diagram of a password generation device (/10) operating in a password generation station (100), and FIG. 3 is an explanation of an authentication code 200-. Secure communication channel, 300...Station 1, tit
o. ... station, evening 00 ... unsafe communication channel, 100.
・・Service station, ///・・Prime number generator, /Hashi・・
Multiplier, //3... LCM calculator, //G... Random number generator, //Even... Secret memory, //z... Reciprocal number calculator, //7... Primitive Principal and interest calculator, //I... Remainder exponentiation calculator, 310 to 10... Authentication statement generation device, 37C... Confidential memory, 3/2... Random number generator, 3/3... ...Timer, 37g...Power calculator with remainder, 3/! ... coupler, &/0-M proof device, l//-fN@M, J/, 2.1. /3゜Otsu/1
,1. /ri, 1.20・974J extra power t-1
xs, J/l/l. z/j...reciprocal number calculator, Ill...multiplier with remainder, J/7...random number generator, z2...coincidence checker.

Claims (3)

[Claims] (1) A service station that provides multiple services, multiple stations that use the services of a service station, and an authentication statement that proves the validity of the station that the station presents to the service station when using the service (
Source information for creating V) (hereinafter, password (P
A system consisting of a password generation station that generates and delivers information (denoted as W) to stations, and the password generation station uses the information (IDi) declared by station i and the information (IDi) declared by station i and when the service station authenticates station i. Password (P) generated corresponding to the authentication information (Ii) to be used
Wi) is secretly delivered to station i, and station i secretly manages the password (PWi) obtained from the generating station, and sends an authentication statement (PWi) that proves the legitimacy of station i when using the service station. Vi) is calculated using PWi and sent to the service station, and the service station uses the information of Ii to calculate the value calculated from the authentication statement (Vi) according to the inspection procedure as the authentication information (Ii). A user authentication method characterized by being able to know the name of a service that station i can receive and the period during which the service can be received. (2) In the user authentication method set forth in claim 1, the password generation station generates the password PWi and discloses public information to the service station and all stations, and the station secretly manages the password PW. , the CK1 component of the authentication text is generated using a random number R for perturbing the values of PW and password and a parameter T that can be made public.On the other hand, when the service station performs authentication processing from the random number and public information, the CK1 component of the CK1 component The CK2 composition of the authentication statement is generated so as to remove the disturbance factors that make it a random number, and (IDi, T, CK1, CK
2) is sent to the service bureau as a certification statement, and the service bureau checks the validity of the generation time using the publicly available parameter T included in the certification statement, and then returns the declaration information IDi obtained using the certification statement and public information. By removing the influence of declared information from the component containing authentication information Ii and obtaining authentication information, it is possible to know the service name and service period that station i can receive, and there is no need to encrypt line data. A certain user authentication method. (3) In the user authentication method set forth in claim 2, the service station generates a query h from the random number U and public information and sends it to station i, and station i generates the query h from the query h in paragraph 2. A response sentence CK3 is generated using the random number R and the public information and sent to the service station, and the service station determines that the value generated from the response sentence CK3 and the public information is the random number U used to generate the inquiry sentence h. A user authentication method that further improves security by detecting impersonation attacks by unauthorized persons by checking whether the CK2 text of the authentication statement matches a value generated from public information.