WO2002103535A1 - Qualification certifying method using variable certification information - Google Patents

Qualification certifying method using variable certification information Download PDF

Info

Publication number
WO2002103535A1
WO2002103535A1 PCT/JP2001/005994 JP0105994W WO02103535A1 WO 2002103535 A1 WO2002103535 A1 WO 2002103535A1 JP 0105994 W JP0105994 W JP 0105994W WO 02103535 A1 WO02103535 A1 WO 02103535A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
authentication
connection
authentication information
variable
Prior art date
Application number
PCT/JP2001/005994
Other languages
French (fr)
Japanese (ja)
Inventor
Ryuji Kai
Original Assignee
Micromice Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Micromice Co., Ltd. filed Critical Micromice Co., Ltd.
Publication of WO2002103535A1 publication Critical patent/WO2002103535A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/403Solvency checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols

Definitions

  • the present invention relates to, for example, a qualification authentication method in which a certifier authenticates a person to be authenticated in order to ensure security in a network, and in particular, certification information using variable authentication information which is different every time authentication is performed. It relates to the method. Background art
  • connection service provider authenticates the certificationee's qualification using fixed authentication information such as a password and an ID.
  • these methods are roughly classified by applying public key cryptography.
  • the password may be stolen from the connected line if the password is stored in the authentication side, and the subject may disclose his password, which is his / her confidential information. It was extremely difficult to reliably ensure the security reasons such as it is necessary to ( Therefore, for example, the prover registers the authentication information to which the one-way function is applied to the verifier, and the same one-way function is applied to the pass received by the verifier at the time of authentication, and the results are compared. Although various encryption methods have been adopted, it can not be prevented that authentication information is stolen from the connected line.
  • the qualification authentication method presented in Japanese Patent Application Laid-Open No. 2-6 5 5 4 2 is the authentication information under the authentication information that has been verified in the previous registration, and authentication information used for authentication one after another.
  • the authentication information can be successively chained to authentication while the authentication information is safely updated by transmitting three information of the validity verification information of the authentication information that has been sent last time and used for the next authentication every authentication phase. It is possible.
  • the certification party in order to receive certification from the certification party, the certification party needs to use the two previously generated certification information (random numbers), and a processing program that occupies a relatively large area is required. It is necessary to store certification information in a storage medium such as an IC card, and there is a problem that a device for reading and writing such information and a device for generating random numbers are required. Further, according to the conventional qualification authentication method presented in the above-mentioned publication, the authentication side calculates the present authentication information and the next authentication information using a one-way function based on the random number, the user ID and the password, This is further subjected to an exclusive OR operation.
  • the verification parameter and the authentication information registered in the previous verification phase are compared, and if they match, it is judged that the current authentication has been established, and the next authentication information is registered as the next authentication parameter. It can be realized with a small program size and can perform secure authentication with little concern of being stolen on the connection line.
  • the conventional qualification authentication method presented in the above-mentioned publication does not require as much as four types of accreditation information as the qualification authentication method disclosed in the above-mentioned Japanese Patent Application Laid-Open No. 2-6 5 54 2
  • it can be realized with a relatively small program size, it is still possible to use a one-way function based on random numbers, user IDs, and passwords and calculate the one using a certain exclusive OR, except for the certifier. It needs to be encrypted so that it can not be deciphered, and the expense of creating programs and storage becomes an economic burden.
  • the certification information used for qualification is originally a fixed information, which is calculated using a one-way function based on a random number, a user ID, and a password, and is encrypted using a certain exclusive OR.
  • the program itself has to be rewritten also about the part to be encrypted using exclusive OR. It also has the disadvantage of having to
  • the present invention solves the problems associated with the conventional qualification authentication method using variable authentication information, and exerts more secure security in a simple manner, economically and economically, with no human burden. Is what makes it possible. Disclosure of the invention
  • the present invention relates to a connection track that is recorded in a log file over time when connected.
  • the authentication information determined based on the history information is stored in the storage devices of the authentication side and the authentication side, respectively, and the connection is disconnected, and the authentication stored in the authentication side at the next connection.
  • the information is compared with the authentication information stored in the authentication side to perform qualification authentication.
  • the authentication information is determined based on the connection history information recorded in the log file over time at the time of connection, that is, based on the information which changes every moment, the authentication information changes in each authentication phase, and There is no regularity between certification information each time, and even if stolen at connection time, necessary certification information is selected and determined in a moment, so it is not useful.
  • the log file is a file that records the usage status and connection usage history of a system that is widely used in storage devices such as disks, and is not limited to the network application.
  • the authentication information is a collection of character strings for a plurality of items in the selected log file, the authentication information is compared with the authentication information generated based on the character string in a single item. As a result, the combination of strings becomes complicated, and the security effect can be enhanced.
  • the authentication information when the authentication information is generated, authentication is performed on fixed information such as a password, license number, etc. known only to the person being authenticated. If the connection device itself, such as a terminal to be authenticated, is stolen after the authentication information is set to be incorporated in a predetermined position of the authentication information, the authentication information to be used from the next time is the above-mentioned person to be authenticated. The part of the fixed information only known to you is missing, or you can not get the certification even with the connection device.
  • FIG. 1 is an explanatory view showing an outline when the present invention is applied to a network
  • FIG. 2 is an explanatory view showing a generation process of variable authorization information according to the present invention
  • FIG. It is a schematic block diagram of an invention. BEST MODE FOR CARRYING OUT THE INVENTION
  • the drawings show an outline of a preferred embodiment in the case where the present invention is applied to a computer network, and a WWW server 1 on the service providing side and the WWW server 1 are connected to receive services.
  • Connection history information of the connection terminal and the WWW server 1 which is stored every moment in the log file of the WWW server 1 by connecting to the connection terminal 2 on the side of the side and further the WWW server 1 necessary for practicing the present invention
  • the next authentication information is generated and stored, and the authentication information stored last time is sent from the connection terminal 2 at the time of the current connection. It comprises the authentication information issuing server 4 for authenticating the authentication information stored in the incoming connection terminal 2.
  • the present invention establishes the authentication qualification using the history of the log file recorded at the time of connection as the authentication information, and performs qualification at the time of the first connection.
  • connection history that is the basis of authentication information for authentication. Therefore, connection is made after authentication of credentials using fixed authentication information such as a pass or ID to which conventional common key encryption is applied.
  • connection can be made securely by adopting a conventionally known encryption method, but usually, the plagiarism from the connection route is performed after the first connection, that is, after the publication. And plagiarism and detection at the time of initial connection are extremely rare, and there is almost no concern.
  • the qualification based on fixed information is switched to the qualification based on variable certification information at the same time as the initial connection is made, there is no concern about plagiarism etc. on the first connection. I can not say that.
  • connection history with the connection terminal 2 recorded every moment in the log file in the WWW server 1 is sent to the information collecting server 3.
  • connection history recorded in the log file many files exist over many items even if only text files are used. Therefore, sending all such a huge amount of connection history to the information collecting server 3 is not preferable because it causes a large burden both in terms of area and processing.
  • histories of five items including password, session log, access log date, access log, and other usage information, for example are collected. This is because the variable certification information created when there are few items to be selected is short-circuited, leaving safety concerns and creating a burden on area and processing if the number is more than necessary.
  • the certification information collected in the information collection server 3 in this manner is, for example, as shown in FIG. 2 (a), for example, among the plurality of items at any given time, Select the four character strings, edit the character string in which the selected string is gathered as shown in Fig. 2 (b) to generate the certification information, send it to the certification information issuance server 4, and issue the certification information.
  • the server 4 saves it as the next certification information and sends it to the WWW server 1. That is, unlike the case where seemingly irregular identification information is generated by calculating and encrypting necessary parameters and the like using a specific program as in the past, it is possible to be sure by merely editing the simple character string Irregular and difficult to steal variable authentication information very easily and mechanically.
  • the variable authentication information in the present invention can freely change not only the contents but also the number of digits itself each time, and can further enhance security as a random thing.
  • variable authentication information generated based on the connection history recorded in the log file in the information collection server 3 is stored in the authentication information issuance server 4 and the connection terminal 2.
  • the connection history based on the variable authentication information is constantly changing, and it becomes a problem as to when to generate authentication information by using the connection history, for example, at the time of disconnection, that is, the final
  • at least the last time, that is, certification information different from the certification information at the start of connection may be stored, and the connection history at any point in time may be considered. It is less important to use.
  • the stored authentication information is automatically sent to the authentication information issuance server 4 via the WWW server 1 and stored in the authentication information issuance server 4 by itself. If there is a match by comparing with a certain variable authorization information search, it is determined that the present authentication has been established, and the result can be sent to the WWW server 1 to advance to the next page. Also compare As a result, if they do not match, an indication to that effect is sent to the connected terminal 2 via the WWW server 1 to reject the connection.
  • the next variable certification information is generated and stored based on the connection history.
  • reference numeral 5 is a management terminal connected to the information collecting server 3 and, among the history sent to the WWW server 1, collected in the information collecting server 3 in order to generate authentication information. Editing conditions such as the number of items, the number of digits, etc., are set at a point away from the network, and while it is possible to achieve full automation, whether the entire facility functions regularly or irregularly. By changing the type and editing method of the information collected to generate variable recognition information, a higher security effect can be achieved.
  • the present invention can be applied to many other types such as a stand-alone PC or a server on a LAN.
  • a stand-alone PC or a server on a LAN.
  • client passwords managed by a network operating system on a LAN
  • network logs For example, it is easy to define client passwords managed by a network operating system on a LAN, network logs, session history of each client, mail transmission / reception history, etc.
  • the present invention issues variable authorization information for each number of clients on the LAN, there is no need to generate variable authorization information, so the increase in the number of clients does not reduce the effect of the present invention.
  • authentication information can be generated also for a portable terminal such as a mobile phone, for example, from connection history information such as a telephone number of a connected party, incoming call history, incoming time and connection time.
  • connection history information such as a telephone number of a connected party, incoming call history, incoming time and connection time.
  • an IC card or the like can be considered as one of connection terminals connected to a server via an interface, and it is likewise possible to practice the present invention.
  • connection history information such as a telephone number of a connected party, incoming call history, incoming time and connection time.
  • a storage medium such as a hard disk installed in an ordinary terminal can be considered as a storage location of variable recognition information in the connection terminal.
  • storage locations such as storage and transmission microchips It is desirable to place in By doing this, once saved, there is no fear of damage, failure or accidental loss as in the case of saving to a hard disk, and there is no need to perform the initial connection operation again.
  • a very low-capacity recording medium and program can be used, and there is no concern of economic burden even if a separate storage location is provided.
  • the user is advantage force s that can be performed comfortably connection operation without being aware of the procedure of credentials to be aware of the conventional connection at the time.
  • the present invention is determined based on the connection history information recorded in the log file over time as authentication information used for authentication of credentials required at the time of connection. It changes with each certification phase, and there is no regularity between certification information of each time, and even if stolen at connection time, necessary certification information is selected and decided within a moment, so it is not useful. It can be used as perfect security. .
  • the authentication information is determined by arbitrarily selecting a part of the character strings in each item constituting the connection history recorded in the log file. It is easy to use.
  • the authentication information is a collection of strings for a plurality of items in the selected log file
  • the authentication information may be compared to the authentication information generated based on the strings in a single item.
  • the combination is complicated and security effect can be enhanced, and when generating authentication information, authentication of fixed information such as pass number and license number etc. known only to the certified party is required after authentication information is specified.
  • the connection device itself such as a terminal to be authenticated has been stolen when it is set to be incorporated in the position
  • the authentication information to be used from the next time is fixed information known only to the person to be authenticated. It is best if you are sure to require security as parts are missing or you can not obtain certification even with the connection device.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Storage Device Security (AREA)

Abstract

Connection is cut while certification information determined on the basis of connection history information recorded chronogically in a log file at the connection time is stored in storage devices on both the certified and certifying sides. At the next connection time, the qualification is certified by comparing the certification information stored on the certified side and the certification information stored on the certifying side.

Description

明 細 書 可変認証情報を用いた資格認証方法 技術分野  Certification document Certification method using variable authentication information
本発明は、 例えばネットワークにおけるセキュリティを確保するため に認証者が被認証者を認証する資格認証方法に関するものであり、殊に、 認証する毎に異なる認証情報、 つまり、 可変認証情報を用いる資格認証 方法に関するものである。 背景技術  The present invention relates to, for example, a qualification authentication method in which a certifier authenticates a person to be authenticated in order to ensure security in a network, and in particular, certification information using variable authentication information which is different every time authentication is performed. It relates to the method. Background art
情報通信技術の進歩に伴い、 ネットワークを用いた情報通信網が発達 したが、 機密情報の転送や電子商取引などの分野においてはセキュリテ ィが要求され、 そのため、 認証者が被認証者を認証するための各種資格 認証手段が採られ或いは提示されている。  With the advancement of information communication technology, an information communication network using a network has been developed, but security is required in the fields of transfer of confidential information and electronic commerce, so that a certifier authenticates a subject. Various qualification certification measures are adopted or presented.
そして、 従来、 パスワード、 I Dなどの固定認証情報を用いて接続相 手ゃネットワークサービスの提供者が被認証者の資格を認証しているが、 これらの方法は大別して、 公開鍵暗号を応用したものと共通鍵暗号を応 用したものとがあり、 インターネット関連や通信プロトコルなどへの組 み込みにおいては、 例えばパスヮードのように高速処理が可能な共通鍵 暗号を応用した手段が用いられている。  Also, conventionally, the connection service provider authenticates the certificationee's qualification using fixed authentication information such as a password and an ID. However, these methods are roughly classified by applying public key cryptography. There are ones that use common key cryptography and ones that use common key cryptography, and for incorporating into Internet-related or communication protocols, for example, means that applies common key cryptography that can be processed at high speed such as a pass-word is used. .
ところが、 パスワードの認証による資格認定では、 パスワードが認証 側に保存してあるパスワードフアイルゃ接続中の回線などから盗まれる ことがあり、 また、 被認証者は自己の機密情報であるパスワードなどを 公開する必要があるなどの理由により確実にセキュリティを確保する とはきわめて困難であった ( そのため、 例えば被認証者が認証者にパスヮードを一方向性関数を施 した認証情報を登録しておき、 認証時に認証者が受信したパスヮードに 同じ一方向性関数を施しその結果を比較するというような暗号化手段が 採られているが、 接続中の回線から認証情報が盗まれることを防ぐこと はできない。 However, in the qualification by password authentication, the password may be stolen from the connected line if the password is stored in the authentication side, and the subject may disclose his password, which is his / her confidential information. It was extremely difficult to reliably ensure the security reasons such as it is necessary to ( Therefore, for example, the prover registers the authentication information to which the one-way function is applied to the verifier, and the same one-way function is applied to the pass received by the verifier at the time of authentication, and the results are compared. Although various encryption methods have been adopted, it can not be prevented that authentication information is stolen from the connected line.
また、 パスワードを公開する必要があるという点に関しては、 商取引 などの顧客認証には適用できるが、 同一レベルのユーザー同士の資格認 定には適していない。  In addition, although it can be applied to customer authentication such as commerce, it is not suitable for the qualification of users of the same level, in that the password needs to be disclosed.
そこで、 前記のような問題を解決するための手段としてパスヮードな どの認証情報を可変にしてより高いセキュリティを図る手段が、 例えば 特開平 2 _ 6 5 5 4 2号公報、 特開 2 0 0 1— 3 6 5 2 2号公報などに 提示されている。  Therefore, as means for solving the above-mentioned problems, means for achieving higher security by making authentication information such as a path variable variable is disclosed, for example, in Japanese Patent Application Laid-Open No. 2-654. — Presented in the publication No. 3 6 5 22 2 etc.
特開平 2— 6 5 5 4 2号公報に提示されている資格認証方法は、 前回 に登録されている正当性検証を行った認証情報のもとの認証情報、 次々 回に認証に用いる認証情報、 前回送信済みで次回の認証に用いる認証情 報の正当性検証情報の 3つの情報を認証フェーズ毎に送信することで認 証情報を安全に更新しながら次々と連鎖的に認証を行うことができるも のである。  The qualification authentication method presented in Japanese Patent Application Laid-Open No. 2-6 5 5 4 2 is the authentication information under the authentication information that has been verified in the previous registration, and authentication information used for authentication one after another. The authentication information can be successively chained to authentication while the authentication information is safely updated by transmitting three information of the validity verification information of the authentication information that has been sent last time and used for the next authentication every authentication phase. It is possible.
ところが、 被認証側が認証側の認証を受けるためには前回生成した 2 つの認定情報 (乱数) を使用する必要があり、 比較的大きな領域を占め る処理プログラムが必要であり、 認証者はそれらの認定情報を I Cカー ドのような記憶媒体に記憶させておく必要があり、 これらの情報を読み 書きする装置や乱数を発生する装置を必要とするなどの問題点があった。 また、前記公報に提示されている従来の資格認証方法は、被認証側は、 乱数、 ユーザ I D、 パスワードを基に今回の認証情報と次回の認証情報 を一方向性関数を用いて算出し、 これを更に、 排他的論理和を用いて被 認証者以外は解読できないように暗号化し、 これらを被認証者自身のュ 一ザ I Dと合わせて認証者に送信し、 今回の認証情報を基に一方向性関 数を用いて算出した正当性確認パラメータと前回の確認フェーズにおい て登録した認証情報とを比較し、 一致したら今回の認証が成立したと判 断し、 次回の認証情報を次回の認証パラメータとして登録するというも のであり、 簡易で小さいプログラムサイズで実現が可能であるとともに 接続回線上で盗まれる心配が少ない安全な認証を行えるものである。 However, in order to receive certification from the certification party, the certification party needs to use the two previously generated certification information (random numbers), and a processing program that occupies a relatively large area is required. It is necessary to store certification information in a storage medium such as an IC card, and there is a problem that a device for reading and writing such information and a device for generating random numbers are required. Further, according to the conventional qualification authentication method presented in the above-mentioned publication, the authentication side calculates the present authentication information and the next authentication information using a one-way function based on the random number, the user ID and the password, This is further subjected to an exclusive OR operation. It is encrypted so that it can not be decrypted except by the certifier, and these are combined with the user ID of the certifier's own and sent to the certifier, and the validity calculated using the one-way function based on the certification information this time. The verification parameter and the authentication information registered in the previous verification phase are compared, and if they match, it is judged that the current authentication has been established, and the next authentication information is registered as the next authentication parameter. It can be realized with a small program size and can perform secure authentication with little concern of being stolen on the connection line.
しかしながら、 前記公報に提示されている従来の資格認証方法は、 前 記特開平 2— 6 5 5 4 2号公報に示されている資格認証方法のように 4 種類もの認定情報を必要としないので比較的小さいプログラムサイズで 実現可能であるが、 それでも、 乱数、 ユーザ I D、 パスワードを基に一 方向性関数を用いて算出されたものを一定の排他的論理和を用いて被認 証者以外は解読できないように暗号化する必要があり、 プログラムの作 成や記憶装置に費やす経費が経済的な負担になる。  However, the conventional qualification authentication method presented in the above-mentioned publication does not require as much as four types of accreditation information as the qualification authentication method disclosed in the above-mentioned Japanese Patent Application Laid-Open No. 2-6 5 54 2 Although it can be realized with a relatively small program size, it is still possible to use a one-way function based on random numbers, user IDs, and passwords and calculate the one using a certain exclusive OR, except for the certifier. It needs to be encrypted so that it can not be deciphered, and the expense of creating programs and storage becomes an economic burden.
また、 資格認定用いられる認定情報はもともと固定情報である乱数、 ユーザ I D、 パスヮードを基に一方向性関数を用いて算出されたものを 一定の排他的論理和を用いて暗号化したものであり、 更に安全を期すた めには、 乱数、 ユーザ I D、 パスワード等を定期的に変更する必要があ るばかり力、 排他的論理和を用いて暗号化する部分などについてプログ ラム自身も書き変えなければならない、 という欠点もある。  In addition, the certification information used for qualification is originally a fixed information, which is calculated using a one-way function based on a random number, a user ID, and a password, and is encrypted using a certain exclusive OR. For further security, it is necessary to change the random number, user ID, password, etc. regularly, and the program itself has to be rewritten also about the part to be encrypted using exclusive OR. It also has the disadvantage of having to
従って、 本発明は前記従来の可変認証情報を用いた資格認証方法が有 する問題点を解消し、簡単な方法で、経済的にも有利で人的負担もなく、 より確実なセキュリティを発揮することを可能とするものである。 発明の開示  Therefore, the present invention solves the problems associated with the conventional qualification authentication method using variable authentication information, and exerts more secure security in a simple manner, economically and economically, with no human burden. Is what makes it possible. Disclosure of the invention
本発明は、 接続時において経時的にログファイルに記録される接続履 歴情報を基にして決定される認証情報を、 被認証側および認証側の記憶 装置にそれぞれ保存させた状態で接続を切断し、 次回接続する際に前記 被認証側に保存しておいた認証情報と認証側に保存しておいた前記認証 情報とを比較して資格認証する。 The present invention relates to a connection track that is recorded in a log file over time when connected. The authentication information determined based on the history information is stored in the storage devices of the authentication side and the authentication side, respectively, and the connection is disconnected, and the authentication stored in the authentication side at the next connection. The information is compared with the authentication information stored in the authentication side to perform qualification authentication.
認証情報を接続時において経時的にログファイルに記録される接続履 歴情報、 つまり、 刻々と変化する情報を基にして決定することから、 認 定情報は認証フェーズ毎に変化しており、 また、 各回毎の認定情報間に 規則性が全くなく、 接続時に盗まれても必要な認定情報は一瞬の内に選 択されて決定されるので役立たない。 また、 認定情報の生成および確認 の際に特定のプログラムを用いて必要なパラメータなどを算出する必要 がなく、 被認証側ならびに認証側の両者において人的管理を要さず機械 管理が可能であるため秘密開示に関するリスクが軽減される。 特に、 被 認証者側においては最初の接続時を除き、 従来のようにパスヮードの記 憶や入力などの管理をする必要もなく、 公開による盗用の機会を極度に 減らすことができる。 尚、 ここで、 ログファイルとは広くディスクなど の記憶装置に機論されるシステムの利用状況や接続利用履歴を記録した ファイルをいい、 ネットワークの適用に限らない。  Since the authentication information is determined based on the connection history information recorded in the log file over time at the time of connection, that is, based on the information which changes every moment, the authentication information changes in each authentication phase, and There is no regularity between certification information each time, and even if stolen at connection time, necessary certification information is selected and determined in a moment, so it is not useful. In addition, there is no need to calculate necessary parameters and the like using a specific program when generating and confirming certification information, and machine management can be performed without requiring human management on both the certified side and the certification side. Therefore, the risks related to confidential disclosure are reduced. In particular, except for the first connection on the certifier side, there is no need to manage the password storage and input as in the past, and the opportunity for disclosure plagiarism can be extremely reduced. Here, the log file is a file that records the usage status and connection usage history of a system that is widely used in storage devices such as disks, and is not limited to the network application.
また、 本発明において、 前記認証情報がログファイルに記録される接 続履歴を構成する各項目における文字列の内の一部を任意に選択して決 定される場合には認定情報の生成、管理がきわめて簡単且つ容易である。 更に、 本発明において、 前記認証情報が前記選択されたログファイル における複数の項目についての文字列の集合体である場合には単一の項 目における文字列に基づいて生成された認証情報に比べて文字列の組み 合わせが複雑となりセキュリティ効果を高めることができる。  Further, in the present invention, generation of accreditation information when a part of the character string in each item constituting each connection history in which the authentication information is recorded in the log file is determined arbitrarily. Management is extremely easy and easy. Furthermore, in the present invention, when the authentication information is a collection of character strings for a plurality of items in the selected log file, the authentication information is compared with the authentication information generated based on the character string in a single item. As a result, the combination of strings becomes complicated, and the security effect can be enhanced.
更にまた、 本発明において、 前記認証情報を生成する際に、 被認証者 だけが知っているパスワード、 免許証番号などのような固定情報を認証 した後に認証情報の所定の位置に組み込むように設定しておく場合には、 たとえば被認証側の端末など接続装置そのものが盗難に遭った場合に次 回から用いられる認証情報には前記被認証者だけが知っている固定情報 の部分が欠落し、 或いはその接続装置を用いても資格認証を得ることは できない。 図面の簡単な説明 Furthermore, in the present invention, when the authentication information is generated, authentication is performed on fixed information such as a password, license number, etc. known only to the person being authenticated. If the connection device itself, such as a terminal to be authenticated, is stolen after the authentication information is set to be incorporated in a predetermined position of the authentication information, the authentication information to be used from the next time is the above-mentioned person to be authenticated. The part of the fixed information only known to you is missing, or you can not get the certification even with the connection device. Brief description of the drawings
第 1図は、 本発明をネットワークについて実施した場合の概略を示す 説明図であり、 第 2図は、 本発明についての可変認定情報の生成過程を 示す説明図であり、 第 3図は、 本発明の概略構成図である。 発明を実施するための最良の形態  FIG. 1 is an explanatory view showing an outline when the present invention is applied to a network, FIG. 2 is an explanatory view showing a generation process of variable authorization information according to the present invention, and FIG. It is a schematic block diagram of an invention. BEST MODE FOR CARRYING OUT THE INVENTION
本発明をより詳細に説述するために、 添付の図面に従ってこれを説明 する。  In order to describe the invention in more detail, it will be described according to the attached drawings.
図面は本発明をコンピュータネットワークについて実施した場合の好 ましい一実施の形態についての概略を示すものであり、 サービスを提供 する側の WWWサーバ 1と前記 WWWサーバ 1に接続してサービスを受 ける側の接続端末 2、 更には本発明の実施に必要な前記 WWWサーバ 1 に接続して WWWサーバ 1のログファイルに刻々と蓄積される前記接続 端末と WWWサーバ 1 との接続履歴情報を随時取得するための情報収集 サーバ 3、 更には、 情報収集サーバ 3に収集された情報を基にして次回 の認証情報を生成、 保存するとともに前回に保存した認証情報と今回接 続時に接続端末 2から送られてくる接続端末 2に保存されていた認証情 報を認証するための認証情報発行サーバ 4とから構成される。  The drawings show an outline of a preferred embodiment in the case where the present invention is applied to a computer network, and a WWW server 1 on the service providing side and the WWW server 1 are connected to receive services. Connection history information of the connection terminal and the WWW server 1 which is stored every moment in the log file of the WWW server 1 by connecting to the connection terminal 2 on the side of the side and further the WWW server 1 necessary for practicing the present invention Based on the information collected by the information collection server 3 and the information collection server 3, the next authentication information is generated and stored, and the authentication information stored last time is sent from the connection terminal 2 at the time of the current connection. It comprises the authentication information issuing server 4 for authenticating the authentication information stored in the incoming connection terminal 2.
そして、 本発明は接続時に記録されるログファイルの履歴を認証情報 として認証資格を確立するものであり、 初回接続時には、 資格認定を行 うための認証情報の基となる接続履歴が全く存在しない。 そのため、 従 来の共通鍵暗号を応用したパスヮード、 I Dなどの固定認証情報を用い て資格を認証した後に接続する。 このとき、 例えば従来周知の暗号化手 段を採ることにより安全に接続することができるが、 通常、 接続経路か らの盗用は、 初回接続後以降、 つまり、 公開後以降に行われるものであ り、 初回接続時における盗用や察知はきわめてまれであり、 殆ど心配が ない。 殊に、 本実施の形態では、 初回接続がなされると同時に固定情報 を基にした資格認定から可変認定情報を基にした資格認定へと切り替わ るので初回接続時の盗用などついての心配はないといってよい。 Then, the present invention establishes the authentication qualification using the history of the log file recorded at the time of connection as the authentication information, and performs qualification at the time of the first connection. There is no connection history that is the basis of authentication information for authentication. Therefore, connection is made after authentication of credentials using fixed authentication information such as a pass or ID to which conventional common key encryption is applied. At this time, for example, connection can be made securely by adopting a conventionally known encryption method, but usually, the plagiarism from the connection route is performed after the first connection, that is, after the publication. And plagiarism and detection at the time of initial connection are extremely rare, and there is almost no concern. In particular, in the present embodiment, since the qualification based on fixed information is switched to the qualification based on variable certification information at the same time as the initial connection is made, there is no concern about plagiarism etc. on the first connection. I can not say that.
そして、 初回接続がなされると、 WWWサーバ 1内のログファイルに 刻々と記録される接続端末 2との間の接続履歴が情報収集サーバ 3に送 られる。  Then, when the first connection is made, the connection history with the connection terminal 2 recorded every moment in the log file in the WWW server 1 is sent to the information collecting server 3.
このとき、 ログファイルに記録される接続履歴にはたとえテキストフ ァィルだけの場合であつても多数の項目にわたつて多数のファィルが存 在する。 従って、 このような膨大な量の接続履歴を全て情報収集サーバ 3に送ることは領域的にも処理的にも多大な負担となり好ましくない。 本発明では、 これらの項目の内、 パスワードのような固定情報を基に した履歴を除いた可変情報の履歴の内で少なくとも 1つの項目について だけ着目して情報収集サーバ 3に送れば充分であるが、 本実施の形態で は図 2 ( a ) に示すように、 例えば、 パスワード、 セッションログ、 ァ クセスログ日付、 アクセスログ、 その他の利用情報などからなる 5項目 についての履歴を収集する。 これは選択する項目が少ないと作成する可 変認定情報が短絡的なものとなつて安全面で不安を残すことと必要以上 に多いと領域や処理の面で負担となるためである。  At this time, in the connection history recorded in the log file, many files exist over many items even if only text files are used. Therefore, sending all such a huge amount of connection history to the information collecting server 3 is not preferable because it causes a large burden both in terms of area and processing. In the present invention, it is sufficient to pay attention to at least one item in the history of variable information excluding the history based on fixed information such as password among these items and send it to the information collecting server 3 However, in the present embodiment, as shown in FIG. 2 (a), histories of five items including password, session log, access log date, access log, and other usage information, for example, are collected. This is because the variable certification information created when there are few items to be selected is short-circuited, leaving safety concerns and creating a burden on area and processing if the number is more than necessary.
このようにして情報収集サーバ 3に集められた認定情報は、 図 2 ( a ) に示すように例えば任意の時間における前記複数の項目の内、 それぞれ 4個の文字列を選択し、 この選択列を図 2 ( b ) に示すように集合させ た文字列を編集して認定情報を生成し、 認証情報発行サーバ 4へと送つ て認証情報発行サーバ 4内で次回の認定情報として保存するとともに、 WWWサーバ 1へと送信する。 つまり、 従来のような特定のプログラム を用い必要なパラメータ等を算出して暗号化することで一見不規則な認 定情報を生成する場合と異なり、 前記簡単な文字列の編集をするだけで 確実に不規則で盗用が困難な可変認証情報をきわめて簡単且つ機械的に 生成することができる。 加えて、 本発明における可変認証情報は、 内容 だけでなく、 桁数そのものも毎回自由に変化させることが可能であり、 更に付不規則なものとしてセキュリティを高めることもできる。 The certification information collected in the information collection server 3 in this manner is, for example, as shown in FIG. 2 (a), for example, among the plurality of items at any given time, Select the four character strings, edit the character string in which the selected string is gathered as shown in Fig. 2 (b) to generate the certification information, send it to the certification information issuance server 4, and issue the certification information. The server 4 saves it as the next certification information and sends it to the WWW server 1. That is, unlike the case where seemingly irregular identification information is generated by calculating and encrypting necessary parameters and the like using a specific program as in the past, it is possible to be sure by merely editing the simple character string Irregular and difficult to steal variable authentication information very easily and mechanically. In addition, the variable authentication information in the present invention can freely change not only the contents but also the number of digits itself each time, and can further enhance security as a random thing.
更に、 WWWサーバ 1に送られた認定情報は、接続端末 2に送られる。 従って、 接続終了時には、 前記情報収集サーバ 3においてログファイル に記録された接続履歴を基に生成された可変認定情報が、 認証情報発行 サーバ 4と接続端末 2とに保存される。 このとき、 可変認定情報の基と なる接続履歴は刻々と変化しているものであって、 いつの接続履歴を以 つて認定情報を生成するかが問題になるが、例えば接続切断時、 つまり、 最終のもの、 或いは接続から一定時間経過した時のもの等が考えられる 力 本発明では少なくとも前回、 つまり、 接続開始時の認定情報と異な る認定情報が保存されればよく、 いつの時点での接続履歴を用いるかは 余り重要でない。 ただ、 可変認定情報の内容が接続中に逐次変化してい る場合には接続回線を介しての盗用の防止に対してきわめて有効である。 そして、 次回の接続端末 2から接続する時には前記保存されていた認 定情報が WWWサーバ 1を介して認証情報発行サーバ 4へと自動的に送 られ、 認証情報発行サーバ 4において自己に保存してある可変認定情報 検索とを比較して一致したならば今回の認証が成立したと判断してその 結果を WWWサーバ 1に送り、 次の頁へ進むことができる。 また、 比較 した結果、 不一致の場合にはその旨の表示を WWWサーバ 1を介して接 続端末 2へ送信して接続を拒否する。 Further, the authorization information sent to the WWW server 1 is sent to the connection terminal 2. Therefore, at the time of connection termination, variable authentication information generated based on the connection history recorded in the log file in the information collection server 3 is stored in the authentication information issuance server 4 and the connection terminal 2. At this time, the connection history based on the variable authentication information is constantly changing, and it becomes a problem as to when to generate authentication information by using the connection history, for example, at the time of disconnection, that is, the final In the present invention, at least the last time, that is, certification information different from the certification information at the start of connection may be stored, and the connection history at any point in time may be considered. It is less important to use. However, if the content of the variable certification information changes continuously during connection, it is extremely effective for preventing theft through the connection line. Then, the next time connection is made from the connection terminal 2, the stored authentication information is automatically sent to the authentication information issuance server 4 via the WWW server 1 and stored in the authentication information issuance server 4 by itself. If there is a match by comparing with a certain variable authorization information search, it is determined that the present authentication has been established, and the result can be sent to the WWW server 1 to advance to the next page. Also compare As a result, if they do not match, an indication to that effect is sent to the connected terminal 2 via the WWW server 1 to reject the connection.
比較認証して一致し資格を得て接続された場合には、 前記と同様に接 続履歴に基づいて更に次回の可変認定情報が生成、 保存される。  In the case of comparison and authentication, matching, and qualification and connection, similar to the above, the next variable certification information is generated and stored based on the connection history.
また、 第 1図で、 符号 5は情報収集サーバ 3に接続された管理端末で あり、 前記 WWWサーバ 1に送られた履歴の内、 認証情報を生成するた めに情報収集サーバ 3に集めらる項目や桁数などの編集条件をネッ トヮ ークから離れた個所において設定するものであり、 完全自動化を図るこ とができるとともに、 定期或いは不定期的に設備全体が機能しているか 否かを確認し、 更に、 可変認識情報を生成するために収集する情報につ いての種類や編集手段を変更することでより高いセキリュティ効果をあ げることもできる。  Further, in FIG. 1, reference numeral 5 is a management terminal connected to the information collecting server 3 and, among the history sent to the WWW server 1, collected in the information collecting server 3 in order to generate authentication information. Editing conditions such as the number of items, the number of digits, etc., are set at a point away from the network, and while it is possible to achieve full automation, whether the entire facility functions regularly or irregularly. By changing the type and editing method of the information collected to generate variable recognition information, a higher security effect can be achieved.
尚、 本実施の形態ではセキュリティポリシ一が明確で最も適用しゃす い通常のネットワークに本発明を実施した場合について説明したが、 本 発明はスタンドアロンのパソコンや L A N上のサーバなどの他の多くの 種類の通信環境において実施することが可能であり、 例えば、 L A N上 のネッ トワークオペレーティングシステムが管理するクライアントパス ワードや、 ネットワークログ、 各クライアントのセッションの履歴ゃメ ールの送受信履歴など定義付けしやすく、 また、 本発明は L A N上の各 クライアント数に対して、 可変認定情報は発行するが、 生成する必要は ないので、 クライアント数の増大によって本発明の効果が減少すること がない。 更に、 本発明は、 例えば携帯電話のような携帯端末についても、 例えば接続相手の電話番号、 着信履歴、 着信時刻や接続時間などの接続 履歴情報から認証情報を生成することができる。 更に、 I Cカードなど もインタ一フェイスを介してサーバに接続する接続端末の 1つとして考 えることができ、 同様にして本発明の実施が可能であることはいうまで もない。 Although this embodiment has described the case where the present invention is applied to a normal network having a clear and most applied security policy, the present invention can be applied to many other types such as a stand-alone PC or a server on a LAN. For example, it is easy to define client passwords managed by a network operating system on a LAN, network logs, session history of each client, mail transmission / reception history, etc. In addition, although the present invention issues variable authorization information for each number of clients on the LAN, there is no need to generate variable authorization information, so the increase in the number of clients does not reduce the effect of the present invention. Furthermore, according to the present invention, authentication information can be generated also for a portable terminal such as a mobile phone, for example, from connection history information such as a telephone number of a connected party, incoming call history, incoming time and connection time. Furthermore, it can be considered that an IC card or the like can be considered as one of connection terminals connected to a server via an interface, and it is likewise possible to practice the present invention. Nor.
また、 接続端末における可変認識情報の保存個所として通常の端末內 に設置されるハ一ドディスクのような記録媒体が考えられるが、 例えば 保存用ならびに送信用のマイクロチップの如き保存個所を接続回路に配 置しておくことが望ましい。 このようにすることにより、 一旦保存して おけば、 ハードディスクに保存した場合のように破損や故障或いは誤つ て消失させてしまう心配がなく、再度の初回接続操作の必要がなくなる。 殊に、 接続端子側には乱数を扱うような複雑なプログラムが必要ないの できわめて低容量の記録体とプログラムで済むことから別途に保存個所 を設けても経済的負担になる心配がなく、 また、 通常のプログラムなど と別にすることにより、 使用者が従来接続時に意識する資格認証という 手順を意識することがなく気楽に接続操作を行うことができるという利 点力 sある。 産業上の利用可能性 In addition, a storage medium such as a hard disk installed in an ordinary terminal can be considered as a storage location of variable recognition information in the connection terminal. For example, storage locations such as storage and transmission microchips It is desirable to place in By doing this, once saved, there is no fear of damage, failure or accidental loss as in the case of saving to a hard disk, and there is no need to perform the initial connection operation again. In particular, since there is no need for a complicated program that handles random numbers on the connection terminal side, a very low-capacity recording medium and program can be used, and there is no concern of economic burden even if a separate storage location is provided. in addition, by separately from such as an ordinary program, the user is advantage force s that can be performed comfortably connection operation without being aware of the procedure of credentials to be aware of the conventional connection at the time. Industrial applicability
以上のように、 本発明は、 接続時において必要とされる資格認証に用 レ、る認証情報として経時的にログフアイルに記録される接続履歴情報を 基にして決定することから、認定情報は認証フェーズ毎に変化しており、 また、 各回毎の認定情報間に規則性が全くなく、 接続時に盗まれても必 要な認定情報は一瞬の内に選択されて決定されるので役立たないのでき わめて完璧なセキュリティとして利用することができる。。  As described above, the present invention is determined based on the connection history information recorded in the log file over time as authentication information used for authentication of credentials required at the time of connection. It changes with each certification phase, and there is no regularity between certification information of each time, and even if stolen at connection time, necessary certification information is selected and decided within a moment, so it is not useful. It can be used as perfect security. .
また、 認定情報の生成および確認の際に特定のプログラムを用いて必 要なパラメータなどを算出する必要がなく、 被認証側ならびに認証側の 両者において人的管理を要さず機械管理が可能であるため秘密開示に関 するリスクが軽減される。 加えて、 必ずしもパスワードを公開する必要 がないので同一レベルのユーザー同士の資格認定にも適用可能である。 特に、 被認証者側においては最初の接続時を除き、 従来のようにパス ヮードの記憶や入力などの管理をする必要もなく、 公開や接続時のパス ヮードファイルなどからパスヮードが盗用されたとしてもパスヮード自 体を認定情報の生成の基としていないので何ら支障がなく用いることが できる。 In addition, there is no need to calculate necessary parameters and the like using a specific program when generating and confirming certification information, and machine management can be performed without requiring human management on both the certified side and the certification side. As a result, the risk of confidential disclosure is reduced. In addition, it is also applicable to the same level of user-to-user qualification as it is not necessary to disclose the password. In particular, there is no need to manage the storage and input of the path as in the past, except in the case of the first connection on the side of the certifier, and even if the path is stolen from the path file at the time of publication or connection. Since the passcode itself is not used as a basis for generating the certification information, it can be used without any problem.
また、 認証情報がログファイルに記録される接続履歴を構成する各項 目における文字列の内の一部を任意に選択して決定される場合には認定 情報の生成、 管理がきわめて簡単且つ容易であり、 簡易に利用すること ができる。  In addition, it is extremely easy and easy to generate and manage certification information if the authentication information is determined by arbitrarily selecting a part of the character strings in each item constituting the connection history recorded in the log file. It is easy to use.
更に、 認証情報が前記選択されたログファイルにおける複数の項目に ついての文字列の集合体である場合には単一の項目における文字列に基 づいて生成された認証情報に比べて文字列の組み合わせが複雑となりセ キユリティ効果を高めることができ、 認証情報を生成する際に、 被認証 者だけが知っているパスヮード、 免許証番号などのような固定情報を認 証した後に認証情報の所定の位置に組み込むように設定しておく場合に は、 たとえば被認証側の端末など接続装置そのものが盗難に遭った場合 に次回から用いられる認証情報には前記被認証者だけが知っている固定 情報の部分が欠落し、 或いはその接続装置を用いても資格認証を得るこ とはできないので確実にセキュリティを要求される場合に最適である。  Furthermore, if the authentication information is a collection of strings for a plurality of items in the selected log file, the authentication information may be compared to the authentication information generated based on the strings in a single item. The combination is complicated and security effect can be enhanced, and when generating authentication information, authentication of fixed information such as pass number and license number etc. known only to the certified party is required after authentication information is specified. In the case where the connection device itself such as a terminal to be authenticated has been stolen when it is set to be incorporated in the position, the authentication information to be used from the next time is fixed information known only to the person to be authenticated. It is best if you are sure to require security as parts are missing or you can not obtain certification even with the connection device.

Claims

請 求 の 範 囲 The scope of the claims
1 . 接続時において経時的にログファイルに記録される接続履歴情報を 基にして決定される認証情報を、 被認証側および認証側の記憶装置にそ れぞれ保存させた状態で接続を切断し、 次回接続する際に前記被認証側 に保存しておいた認証情報と認証側に保存しておいた前記認証情報とを 比較して資格認証することを特徴とする可変認証情報を用いた資格認証 方法。 1. The connection is disconnected while the authentication information determined based on the connection history information recorded in the log file over time at the time of connection is stored in the storage devices of the authentication side and the authentication side. The variable authentication information is characterized by comparing the authentication information stored in the authentication side with the authentication information stored in the authentication side when connecting next time. Certification method.
2 . 前記認証情報がログファイルに記録される接続履歴を構成する各項 目における文字列の内の一部を任意に選択して決定される請求の範囲第 2. The claim that the authentication information is determined by arbitrarily selecting a part of the character string in each item constituting the connection history recorded in the log file.
1項記載の可変認証情報を用いた資格認証方法。 A qualification authentication method using variable authentication information described in item 1.
3 . 前記認証情報が前記選択された複数の項目における文字列の集合体 である請求の範囲第 1項または第 2項の可変認証情報を用いた資格認証 方法。  3. A qualification authentication method using variable authentication information according to claim 1 or 2, wherein the authentication information is a collection of character strings in the plurality of selected items.
4 . 前記認証情報に固定情報が含まれている請求の範囲第 1項、 第 2項 または第 3項記載の可変認証情報を用いた資格認証方法。 4. A qualification authentication method using variable authentication information according to claim 1, 2 or 3 in which fixed information is included in the authentication information.
PCT/JP2001/005994 2001-06-13 2001-07-11 Qualification certifying method using variable certification information WO2002103535A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2001178156A JP2002366523A (en) 2001-06-13 2001-06-13 Qualification authentication method using variable authentication information
JP2001-178156 2001-06-13

Publications (1)

Publication Number Publication Date
WO2002103535A1 true WO2002103535A1 (en) 2002-12-27

Family

ID=19018901

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2001/005994 WO2002103535A1 (en) 2001-06-13 2001-07-11 Qualification certifying method using variable certification information

Country Status (3)

Country Link
JP (1) JP2002366523A (en)
TW (1) TW522702B (en)
WO (1) WO2002103535A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111246501A (en) * 2018-11-29 2020-06-05 国基电子(上海)有限公司 Network connection method, network device, and computer-readable storage medium

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4623938B2 (en) * 2003-02-28 2011-02-02 Necエンジニアリング株式会社 Security method and method in private communication
JP4793628B2 (en) * 2005-09-01 2011-10-12 横河電機株式会社 OS startup method and apparatus using the same
WO2007086121A1 (en) * 2006-01-26 2007-08-02 Fujitsu Limited Authentication information update system, program, and terminal
JP2007226827A (en) * 2007-04-23 2007-09-06 Nomura Research Institute Ltd Log-in request receiving device and access management device
JP5071636B2 (en) * 2007-06-28 2012-11-14 大日本印刷株式会社 Password verification system and method created from log information
JP5012261B2 (en) * 2007-07-02 2012-08-29 大日本印刷株式会社 Password issuing system
JP5811121B2 (en) * 2013-03-22 2015-11-11 日本電気株式会社 Terminal device authentication system
KR101555195B1 (en) 2013-07-31 2015-09-24 주식회사 씽크풀 Method and system for providing dynamic password
JP2016006656A (en) * 2015-07-17 2016-01-14 日本電気株式会社 Terminal device, terminal device authentication system, authentication information generation method for terminal device and authentication information generation program for terminal device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6446152A (en) * 1987-08-14 1989-02-20 Hitachi Ltd Password switching system
JP2000029841A (en) * 1998-07-14 2000-01-28 Ibix Kk Impersonation prevention method/device
JP2001005781A (en) * 1999-06-18 2001-01-12 Life Gijutsu Kenkyusho:Kk Communication system for protected information

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6446152A (en) * 1987-08-14 1989-02-20 Hitachi Ltd Password switching system
JP2000029841A (en) * 1998-07-14 2000-01-28 Ibix Kk Impersonation prevention method/device
JP2001005781A (en) * 1999-06-18 2001-01-12 Life Gijutsu Kenkyusho:Kk Communication system for protected information

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111246501A (en) * 2018-11-29 2020-06-05 国基电子(上海)有限公司 Network connection method, network device, and computer-readable storage medium

Also Published As

Publication number Publication date
TW522702B (en) 2003-03-01
JP2002366523A (en) 2002-12-20

Similar Documents

Publication Publication Date Title
US6912659B2 (en) Methods and device for digitally signing data
US7596704B2 (en) Partition and recovery of a verifiable digital secret
JP4866863B2 (en) Security code generation method and user device
US20140181520A1 (en) Method using a single authentication device to authenticate a user to a service provider among a plurality of service providers and device for performing such a method
CN106488452B (en) Mobile terminal safety access authentication method combining fingerprint
RU2584500C2 (en) Cryptographic authentication and identification method with real-time encryption
KR101753859B1 (en) Server and method for managing smart home environment thereby, method for joining smart home environment and method for connecting communication session with smart device
US20020031225A1 (en) User selection and authentication process over secure and nonsecure channels
US20150113283A1 (en) Protecting credentials against physical capture of a computing device
KR20030074483A (en) Service providing system in which services are provided from service provider apparatus to service user apparatus via network
JP2009510644A (en) Method and configuration for secure authentication
JPH113033A (en) Method for identifying client for client-server electronic transaction, smart card and server relating to the same, and method and system for deciding approval for co-operation by user and verifier
IL137099A (en) Method for carrying out secure digital signature and a system therefor
WO2009101549A2 (en) Method and mobile device for registering and authenticating a user at a service provider
JP2004530331A (en) Cryptographic authentication using a temporary (ephemeral) module
US20090106829A1 (en) Method and system for electronic reauthentication of a communication party
CN101621794A (en) Method for realizing safe authentication of wireless application service system
JP3980145B2 (en) Cryptographic key authentication method and certificate for chip card
JP3362780B2 (en) Authentication method in communication system, center device, recording medium storing authentication program
JPH07325785A (en) Network user identifying method, ciphering communication method, application client and server
US20020091932A1 (en) Qualification authentication method using variable authentication information
WO2002103535A1 (en) Qualification certifying method using variable certification information
JP3872616B2 (en) User authentication method on the Internet using a shared key encryption IC card
US20030097559A1 (en) Qualification authentication method using variable authentication information
JP2004013560A (en) Authentication system, communication terminal, and server

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA CN KR US

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR

121 Ep: the epo has been informed by wipo that ep was designated in this application
32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: COMMUNICATION UNDER RULE 69 EPC (EPO FORM 1205A DATED 18.03.2004)

122 Ep: pct application non-entry in european phase