WO2016194382A1 - Uniqueness-attaining apparatus that utilizes spontaneous decay of radioisotope - Google Patents
Uniqueness-attaining apparatus that utilizes spontaneous decay of radioisotope Download PDFInfo
- Publication number
- WO2016194382A1 WO2016194382A1 PCT/JP2016/002682 JP2016002682W WO2016194382A1 WO 2016194382 A1 WO2016194382 A1 WO 2016194382A1 JP 2016002682 W JP2016002682 W JP 2016002682W WO 2016194382 A1 WO2016194382 A1 WO 2016194382A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- identification
- terminal
- value
- pulse
- time
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/10—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols with particular housing, physical features or manual controls
Definitions
- the present invention realizes uniqueness of a device (element) and identifies the device, particularly authentication of a communication device connected to a network, authentication of electronic data (falsification, leakage prevention), and time authentication
- the present invention relates to a device that enables autonomously (without the need for an external certificate authority).
- IPv4 In the Internet, an IP address is used as an ID for distinguishing devices connected to the network.
- IPv4 As an IP address distribution method, IPv4 has been used in the beginning, but since the number of free IPv4 numbers has been exhausted due to a rapid increase in the number of connections, the IPv4 has been shifted to IPv6.
- MAC address is assigned to each device for managing the devices connected to the network.
- This MAC address is one of the foundations of UUID, which is a standard provided to prevent duplication on the network.
- UUID is a standard provided to prevent duplication on the network.
- ucode standard promoted by the Ubiquitous ID Center as an example of setting an ID according to the situation, not just an ID numbering.
- the data recorded in the storage device of the network or information communication device is digital data, and it cannot be distinguished from the copied data which is the original (autonomously with the device used for creation).
- a certificate authority is provided outside, and the digital data is digitally signed by a public key cryptosystem and confirmed.
- the system etc. are utilized (for example, refer patent document 1).
- a signer obtains a hash value of data, encrypts the hash value with a secret key, and issues it together with a document.
- the receiver calculates the hash value of the data and compares it with the hash value decrypted with the public key to confirm.
- time authentication is used as a mechanism for proving the time (when it was generated) when digital data was generated.
- a token for time authentication is issued by a certification authority (TSA) using a time standard authority (TA).
- TSA certification authority
- TA time standard authority
- a hash value of the token and digital data is created, and the hash value is checked again depending on an external certificate authority.
- IP address, MAC address, etc. are all determined by software and simply written as data in the memory, so they can be easily copied, and once copied (copied), Uniqueness is not guaranteed, and authentic devices cannot be identified.
- IPv6 is only numbering and management in one place is necessary to avoid duplication.
- the global rules are not fully implemented, it is roughly distributed to each country. Appropriately used. For this reason, even with IPv6, uniqueness cannot be guaranteed if the assigned numbers overlap.
- IPv6 As a problem of IPv6, it is necessary to manage the numbers of devices / devices that are no longer used and the numbers of devices that have failed or are discarded, and management for avoiding duplication of huge amounts of data is necessary. Disposal of the assigned number leads to the exhaustion of the number and is the same as the problem of IPv4 and does not solve the fundamental problem.
- the above-mentioned digital signature based on the public key cryptosystem is based on the uniqueness that it cannot be decrypted with the public key.
- the certificate authority is always obligated to securely manage the key, and therefore, security is strengthened.
- time authentication even if accurate time information is added to electronic information (time authentication), there is no guarantee that electronic information and time information will not be counterfeited or altered by others on the network.
- the present invention has been made in order to solve the above-described conventional problems, and an emitter including a radioisotope having a number of atoms larger than the total number of objects to be identified, and emission from the emitter by natural decay of a nucleus.
- Generation device hereinafter, abbreviated as APG (Atomic Pulse ⁇ ⁇ Generator)
- APG Automatic Pulse ⁇ ⁇ Generator
- ⁇ particles beta rays and / or ⁇ rays
- the number of pulses obtained by measuring the electrical pulses generated by the pulse generation device for a predetermined period (hereinafter referred to as the initial pulse number), the measurement date, and the pulse interval of the electrical pulses.
- a memory for storing the converted identification value (hereinafter referred to as initial identification value).
- the present invention is a system including at least two terminals, devices, and the like that transmit and receive information including digital data wirelessly or by wire, and one or both of the terminals includes the above-described pulse generation device and memory. And a system using the identification value of the device for authentication of the terminal or device and / or verification of the information.
- the detector according to the present invention outputs an electric pulse when a current flows due to radiation collision energy. Paying attention to the fact that this electric pulse has complete randomness based on quantum mechanics, if a device incorporating the element according to the present invention is connected to the connection point (node) of the information communication network, It is possible to realize a function of constantly changing a sequence of identification numerical values (including identification numerical values) that are never duplicated.
- the element according to the present invention is used as a basis for determining the ID of a node by appropriately using the transition identification numerical value sequence. If the access management of the information communication network is performed using the ID and the identification numerical value that transitions, the information communication network that cannot be copied or spoofed can be managed.
- FIG. 9 is a diagram showing attributes registered on the node side registered in the controller in the system of FIG. 8.
- FIG. 27 is an explanatory diagram illustrating an example of a system to which the device of FIG. 26 is applied. It is a block diagram which shows another embodiment of the device to which the apparatus based on this invention is applied. It is explanatory drawing which shows one Example of the system to which the device of FIG. 28 is applied. It is a flowchart which shows the key exchange operation
- An apparatus comprises a pulse generating device and a memory.
- the pulse generating device includes a radiator containing a radioisotope (RI) and a detector.
- the isotope of the radiator has a larger number of atoms than the total number of objects to be identified.
- the detector detects ⁇ particles, beta rays and / or ⁇ rays (hereinafter referred to as ⁇ particles) emitted from the radiator due to the natural decay of the nucleus, and generates an electric pulse.
- the number of pulses obtained by measuring the electrical pulse generated by the pulse generation device in advance for a predetermined period (hereinafter referred to as the initial pulse number), the measurement date, and the pulse interval of the electrical pulse are numerical values.
- the converted identification value (hereinafter referred to as the initial identification value) is stored.
- the pulse generation device of the apparatus according to the present invention comprises a radioisotope having a larger number of atoms than the total number of objects to be identified. The details are described below.
- the “element” refers to a device according to the present invention, but when a memory is not particularly required, a pulse generation device of the device is also referred to.
- the element is incorporated into an object to be identified, and is autonomously distinguished and numbered (by an identification value) with a decay pulse of the radioisotope (RI).
- each disk contains approximately 10 12 atoms.
- RI radioisotope
- each element when each element is manufactured with a radioisotope (RI), the atoms of the material spontaneously decay to become another element, and at that time, radiation is emitted.
- the decay of each atom is a stochastic event based on quantum mechanical principles such as the tunnel effect, so the probability that a single atom decays is constant in the unit time regardless of the observation period. is there.
- each element draws a different decay pattern depending on the number of atoms. For this reason, if each element has 10 12 or more atoms, it is considered that each element can be individually identified by the different decay pattern.
- the decay can be detected by ionization caused by gamma rays and alpha particles emitted during the decay. If you select a nuclide that emits only one ⁇ particle at the time of one decay, but not a gamma ray emitting nuclide that is released at the same time when it decays, and the decayed nucleus never emits an ⁇ particle, you can be sure of the distinction. It can be used as a possible element. In other words, even if there are 10 12 atoms, there is no decay of the same nucleus, and the independence of each atom at the time of decay is maintained.
- the atoms of each element decay exponentially depending on the decay coefficient, so if you know the number of atoms that decay during a given time, the number of atoms in each element at that time from the decay index Can be estimated. If the number of atoms can be estimated, the total amount (entropy) of the decay pattern variation of the element can be estimated, and the possibility of identifying each element in each observation period can be determined.
- N N 0 ⁇ ⁇ (1)
- the release of ⁇ particles due to the decay of one atom can be detected by a detector and converted into one electric pulse. It is a means that can recognize the change of one atom with a macro. Thereby, the number of electrical pulses can be treated as the number of decays.
- the number of atoms before the decay can be obtained by the above equation (2). (The detection efficiency in this case is assumed to be 100%. When the detection efficiency is 10%, the number of decays is required 10 times.)
- the decay constant of 241 Am (half-life: 432.2 years) is 5.08551 ⁇ 10 ⁇ 11 (seconds)
- the decay constant of 210Pb-210Po radiation equilibrium material (half-life: 22.3 years) is 9.856302 ⁇ 10 ⁇ 10 (seconds)
- the number of atoms is 78 trillion with 4 KBq, and the decay of each atom is a completely independent event, and even with 1 trillion distinction, it can be distinguished with a random number without collision.
- the number of atoms becomes 9.8 trillion, and it can be seen that 10 billion can be distinguished sufficiently.
- ⁇ / RTI> it is possible to easily manufacture an element having a physical truncability of 1 trillion scale (hereinafter referred to as a physically unclonable element (PUU)).
- POU physically unclonable element
- an element according to the present invention has an entropy radioisotope (RI) that exceeds the quantity of the object to be identified. The fact is that it can be verified by measuring the amount of radiation emitted for each element.
- RI entropy radioisotope
- Entropy is “amount of information” and can be measured in units of “bit”. Therefore, if the amount of information necessary to identify the uniqueness of a large number of elements can be extracted by a method other than the measurement of the number of pulses, it will be more efficient.
- the average length of time is calculated by the following formula. That is, it can be seen that the slope is the same as the exponential distribution corresponding to the decrease in the number of occurrences of natural decay.
- both the decay number reduction graph and the generated pulse interval distribution graph are the same equations that are strictly determined only by the number of radioisotope (RI) atoms and decay coefficient, so the radioisotope (RI) It can be assumed that the entropy for identifying the uniqueness of each element due to the natural decay of is strictly included in the variation of the pattern of the pulse generation interval of each element.
- each element to be identified contains more atoms than the total number of each element to be identified, measure the pulse interval due to gamma rays, beta rays, or ⁇ particles emitted by the nuclear decay. It can be digitized as information and used as an ID (index for identification).
- a gamma ray or beta ray measuring device can also obtain a numerical value for identification by a similar method.
- the decay of ⁇ particles can be converted into electric pulses by a detector, if the intervals of the electric pulses are counted at a reference frequency, the intervals can be quantified (quantized) by the number of counts.
- This reference frequency is called a sampling frequency, and a clock frequency of a digital circuit is usually used.
- the information amount is 8 bits.
- a maximum of 256 elements can be identified.
- the maximum number that can be identified by the bits obtained by quantization and the probability that the identification number collides can be calculated as shown in Table 2.
- the probability of occurrence of the phenomenon “collision” that gives the same value by the identification method by this method is the reciprocal of this, it becomes 9.0949 ⁇ 10 ⁇ 13 and collision occurs even if 10 12 elements are identified. I can think of it not.
- pulse generation strictly follows quantum mechanics, so if the sampling accuracy of quantization is increased, it is possible to increase the amount of information with one pulse to 40 bits, but technically an electronic circuit Therefore, quantization of about 8 bits is appropriate.
- the radioisotope (RI) disk or solution (after evaporation, only the metal atoms remain after evaporation) is attached to the detector, and the function that can be output as an electrical signal and the results of measuring the pulse are shown.
- An element including a memory capable of recording is manufactured.
- the generated electric pulse is measured, and the identification number (ID, identification value) determined by the above method is recorded from the pulse in the memory provided in the device.
- ID identification number
- an element manufactured using the same material has an autonomous uniqueness, and an element (similar to a device incorporating the element) can be identified by an ID generated based on the uniqueness.
- this ID is recorded in the memory, it is possible to call this element from a remote location and know the value of the memory. Therefore, it is possible to remotely confirm that this element is the only element in the information communication network (an example will be described later).
- the value of the natural decay of the radioisotope (RI) is considered to be unique, but it is not limited to the time of manufacture (actually, it will be the initial measurement, the same shall apply hereinafter). If the measurement time can be obtained, it indicates the probability that the uniqueness of all the elements can be obtained at any time during the use period of the elements. In this case, however, it is necessary to incorporate a decrease in the number of pulses due to the decay constant. This adjustment can also be made by adjusting the sampling frequency instead of the pulse measurement time.
- the element according to the present invention can obtain an ID different from that of other elements by using a unique numerical confirmation method similar to that at the time of manufacture in an information communication network, and it can be continued remotely. Uniqueness can be reconfirmed. By using this characteristic, it is possible to simultaneously prevent duplication and forgery of the element ID.
- a method of recording an identification value every time access is taken. That is, in the memory provided in the element according to the present invention, a recording area for one similar ID is provided in addition to the ID at the time of manufacturing, and these are respectively referred to as “manufacturing ID (initial identification value)” and “current ID”. Also in a server that calls this element from a remote location, a similar item is provided in the reference table for identifying the element.
- the device When calling this device from a server remotely located on the information communication network, the device records the current ID generated by the measurement at the time of access in “Current ID”, and the remote server also checks the ID before accessing. It is recorded in the same item of the table that refers to the element to be performed.
- the server confirms the “current ID” acquired in addition to the manufacturing ID at the same time. When the two match, the server confirms that the element is authentic.
- the element side newly measures at the time of the access, updates the “current ID” with the ID of the result, the server acquires it, and updates its table.
- the device is accessed in an unauthorized manner, and the two IDs ("current ID” and "manufacturing ID”) are read or the communication route is eavesdropped and the two transmitted IDs are illegally transmitted. Even if the element is duplicated by obtaining, disguised by other means, and even if the "current ID” is generated using the same product, the value differs for all elements, It becomes very difficult to match the ID and the current ID at the same time, and the uniqueness can be continuously secured.
- POU Physically unclonable unit
- PUU basic form
- an element that cannot be physically duplicated is called a PUU
- an element according to the present invention is a PUU.
- an element (pulse generation device) according to the present invention will be described as a basic form of a PUU.
- the PUU will be described using an apparatus using ⁇ particles as a radiation source as an example. The same applies to devices that measure gamma rays and beta rays.
- the PUU is incorporated into the information communication device (node) connected to the network. Therefore, it is necessary to reduce the size.
- the element according to the present invention can provide a small device which can greatly take individual physical variations.
- a disk and a solution can be used as the ⁇ particle emitter to be used.
- a solution In the case of a disc, it is generally manufactured by a roll (rolling) method, but it is rarely made uniform by the manufacturing method, and there are many variations.
- the metal ⁇ particles When using a solution, the metal ⁇ particles are often stirred and dropped into the solution, and this method also varies. In either case, an ⁇ particle amount that does not serve as a radiation source is used below the provisions of BSS (International Basic Safety Standards) prescribed by IAEA (International Atomic Energy Agency). In the case of PUU, this variation also contributes to the uniqueness of the element.
- BSS International Basic Safety Standards
- IAEA International Atomic Energy Agency
- the detector containing the radioisotope (RI) is usually formed using a plastic or ceramic carrier, but in the case of manufacturing using a solution, it is suitable for thinning the carrier using a plastic film. As a result, the pulse generator can be remarkably reduced in size and reduced in power consumption as compared with a plastic or ceramic type. Further, if the solution is dropped by an inkjet or the like, the production efficiency is high and the manufacturing cost can be significantly reduced.
- FIG. 2A is a cross-sectional view showing a basic form of a PUU.
- the radiator (disk) 1 forms a disk containing a radioisotope (RI) that spontaneously collapses and emits radiation, for example.
- RI radioisotope
- the radiation emitted from this radioisotope (RI) is a nuclear reaction because the radiation emitted by the GM tube, Ge detector, scintillation detector, photodiode and Si semiconductor can be detected one by one. It generates very high energy, and each particle collides with the outer electrons of the atoms that make up the semiconductor element of the detector with sufficient energy to generate a signal to the semiconductor detector element. This is because it is generated.
- the illustrated detector 2 is composed of a semiconductor element such as a photodiode, and as a radiation detector, the quantum mechanical phenomenon of each atom can be known in a macro manner.
- PUU is manufactured with specifications that increase the variation of pulse generation devices.
- the addition method is devised so that the radioisotope (RI) solution or disk dropped onto the photodiode varies as a result of the RI distribution, the radiation incidence angle, and the like.
- the number of pulses is doubled in FIG. 2B. If it is made to FIG. 2C, the alpha particle discharge
- FIG. 3A shows the relationship between the incident angle and the pulse wave height of ⁇ particles incident on the detector 2.
- FIG. 3B shows the waveform of the detector output pulse. This output pulse has two elements, “height (voltage)” and “interval” as shown in the figure.
- the Bragg curve (not shown) is a well-known phenomenon that measures the long-term relationship between the energy and the distance from the randomly decaying radioisotope (RI) colliding with the air until it stops. It can also be seen that the pulse wave height (energy) is distributed up to the maximum energy.
- ⁇ As a counting method using the sample frequency (clock), it is possible to count with any number of bits such as 8 bits, 16 bits,. Depending on the speed of the clock, it may be counted as 8 bits or 16 bits, and an arbitrary number of bits may be added. At present, it is recommended to use a length of 128 bits or more as an identification value for encryption because of the calculation speed of an electronic computer used for decryption.
- the output pulse generated in the pulse generating device used in the present invention has a shape as shown in FIG. 3B. It is known that the height of this wave is proportional to the level of reaction energy of charged particles (here, ⁇ particles) with the detection element. This waveform can be converted into a numerical value by A / D conversion and digitally converting it into a numerical value of energy. This method is also applied to MCA as a measurement method for knowing the nuclide of a radioactive substance. By using this method, two identification numerical values that are completely independent of the pulse interval and the peak value can be acquired with one pulse.
- the pulse generation device of the present invention there is approximately 80 cps (counts / second) pulse generation.
- 80 identification values can be acquired simultaneously by measuring the pulse interval, and 80 identification values can be acquired simultaneously by A / D conversion of the pulse wave height.
- Each pulse is generated by an independent phenomenon, so the identification value is also independent. Therefore, even in one pulse generation device, the identification values generated from the pulse peak values as shown in Table 3 below and the identification values generated from the pulse intervals are combined in a matrix and 80 ⁇ 80 pieces per second are combined. An identification number can be generated.
- This method can be similarly made into a multidimensional matrix even if there are a plurality of pulse generators. Therefore, when a large amount of identification values are necessary in a short time such as computer simulation, a prototype of 5 mm square is used. By incorporating the required number of pulse generators in the same device, it can be easily assembled as a high-speed identification numerical value generator.
- FIG. 4 shows a circuit configuration when incorporating a plurality of pulse generation devices. Pulses generated by the pulse generation circuits (1) and (2) of multiple pulse generation devices are input to the hybrid circuit, and the synthesized pulses are output. It can be.
- the measurement voltage Vh of one normal pulse is determined, and the pulse width tw at that position is determined.
- Vh and tw are uniquely determined by circuit constants. Even if the double peak is removed, the number of clocks (identification numerical value) measured in the removed section remains the identification numerical value.
- a numerical sequence (identification numerical value) that serves as a basis for determining the IDs unique to all elements from the interval and height of the electric pulses generated by the ⁇ particles due to spontaneous decay from the radioisotope (RI).
- RI radioisotope
- This sequence is a stable one that cannot be predicted or reproduced due to different transitions in all elements due to the principle of quantum mechanics, and that does not change even with temperature, pressure, and electromagnetic waves.
- the ID of a node is determined by software using a predetermined algorithm, a number according to an agreement at the time of manufacture, and the like, which is much more advantageous than being predictable and reproducible.
- the device of the present invention is very convenient because it can realize a far superior performance at a low cost with only a few radioisotopes (RI), detectors and amplifiers.
- RI radioisotopes
- FIG. 7 shows an example of an application form of the PUU.
- the PUU shown in the figure is composed of a pulse generation device 4 and a memory 5, and is a model that does not have a power supply, and is preferably in the form of a chip (or tag) for handling (hereinafter referred to as Qtag). It is a model that can be reduced in price by mass production and that only enables identification of elements.
- the numerical values necessary for proof of uniqueness such as the above-described identification ID (initial identification numerical value) at the time of manufacture and the number of pulses, are recorded. Since it is used in combination with other devices, power is supplied from an external device.
- the PUU of this model only outputs pulses, and the PUU energy distribution and pulse interval measurement during operation are all performed by an external device.
- an output pulse from a pulse generation device is converted into an identification value, shaped and output.
- the uniqueness of PUU is that it can be manipulated as digital data that can be easily handled by information and communication equipment by taking out electrical pulses and converting them into arbitrary identification values. It can be converted and applied to information networks.
- the PUU according to the present invention is mounted on an IC card, an NFC element or the like having a short-range wireless communication function, and is built-in or integrally configured.
- the PUU according to the present invention and a semiconductor chip such as a PIC or MPU are mounted on a communication unit having an authentication function (may be in the form of a USB) and are built in or integrated. These will be described together with the description of the PUU usage mode described later.
- PUU Identification and authentication of devices terminal, nodes and information on the network
- Identification of devices Since there are senders and receivers in the network, it is necessary to confirm the uniqueness of the devices on the network from the other party. In this case, confirmation is performed by device identification and authentication.
- the device identification means that a device connected to the network has uniqueness, and this is performed by a unique ID number assigned to the device.
- an identification value generated at the time of manufacturing the PUU (at the time of initial measurement) can be used as the ID of the device. Since the numbering by other methods is based on software, absolute uniqueness is not guaranteed.
- the uniqueness of the PUU of the present invention is due to the radioisotope (RI) itself, even an element that merely outputs an electron pulse (pulse generation device) is treated as a PUU by processing the signal externally with software. be able to.
- the identification numbers are exchanged every time access is made on the network, recorded as a key, and stored at the next access. Implement by a method to check. Specific examples will be described later.
- the PUU according to the present invention can also be used when confirming that both are unique to each other.
- PUUs are provided at the sender and receiver, but the identification numbers generated from each other are not only used as a key for permitting access, but can also be used for encryption and decryption of the exchanged keys. The efficiency and safety are very high compared to this method. Specific examples will be described later.
- the PUU does not generate the same numerical value as the identification numerical value (including the initial identification numerical value) generated at a certain time at other times. For this reason, it is only necessary to embed the generated identification numerical value (for example, XOR and encrypt) to prevent theft of digital data. In order to prevent tampering after encryption, the hash value of the original digital data and the identification value is also obtained.
- the method of embedding identification numbers in digital data uses XOR for convenience.
- XOR is performed using 128-bit and 256-bit identification values (the number of bits can be arbitrarily set) as a method of XORing
- Burnham is encrypted using an identification value having the same length as a block of digital data.
- 80 / second is generated as an identification value based on pulse interval measurement. Therefore, when a person is typing a sentence with a word processor, it is possible to cope with the Burnham cryptography. Since it is possible to generate the identification numbers necessary for the Burnham cipher in the time being typed in the word processor, the composition can be converted into an unbreakable cipher in real time.
- the identification value used here is a natural decay at time tn that has elapsed from t0 in equation (7) described later (an equation representing the change in the number of atoms with time of a radioisotope having a decay constant ⁇ ).
- This is an identification value generated from a pulse generated in the atomic nucleus and includes a time stamp of time tn, but since time tn is not specified, it is treated as tampering prevention when time is not included.
- Time authentication using PUU 1 Measurement of elapsed time based on the number of pulses of radioactive material and decay constant The number of atoms at time t is N (t).
- N (t) The number of atoms at time t.
- the number of counts from time 0 to time t is expressed by the following equation. This calculation also takes into account decay due to nuclear decay.
- the measurement error of the measured value is expressed by the following formula.
- the count number in one embodiment of the PUU (pulse generation device) according to the present invention is an average of 80 counts / second.
- the table below shows the values when there is no nuclear decay during the measurement time. Based on this, measurement errors in long-time measurement are as shown in the following table.
- the elapsed time from the time of manufacturing the apparatus can be estimated with an accuracy of 2 minutes. .
- the time of measurement can be used as an external time standard station or a signal such as GPS radio waves. It can be estimated autonomously without relying on it.
- the pulse measurement time required to obtain the desired accuracy depends on the intensity of radiation from the radiation source according to Table 4. Therefore, the required pulse measurement time can be greatly shortened by increasing the radiation capture rate as shown in FIGS. 2B and 2C, or by increasing the amount of radioactive material within the IAEA regulations.
- QTK Quantum timekeeping
- the PUU (including the pulse generation device) according to the present invention has a time management function (time keeping function) capable of measuring the elapsed time by the output pulse, and this is called quantum time keeping (QTK). “Quantum” means that this timekeeping function depends on the quantum mechanical characteristics of the output pulse of the PUU.
- the PUU according to the present invention can know the decay of the built-in radioisotope (RI) by the output electric pulse, the mass of the object can be measured like a radiocarbon dating method.
- the elapsed time can be estimated only by knowing the initial value of the number of pulses at the time of manufacture and the current number of pulses, without the need for measurement using an analyzer. However, since the generated pulse fluctuates, the estimated accuracy of the elapsed time depends on the length of time for measuring the number of pulses.
- An example of the PUU (pulse generation device) according to the present invention is 3.2 years up to 1.2 ⁇ 10 12 / cm 2 when measuring 80 cps at 0.67 mm square.
- a normal Internet bank authentication device is required to have a set life of 2 years (it cannot be used automatically), and this policy is met.
- the time can be estimated from the elapsed time from the time of manufacture by QTK.
- QTK Quantum Timekeeping
- transactions such as “when”, “who”, “what”, “how much”, etc., regarding transaction data (e.g., electricity meter measurement values, self-driving car rental fees) that are the basis of electronic commerce
- transaction data e.g., electricity meter measurement values, self-driving car rental fees
- the initial pulse value at the time of manufacture of the PUU connected to the node where the data is generated and the number of pulses at the time of the transaction are added.
- Significant effects can be expected, such as ensuring time and transaction details efficiently at low cost.
- the PUU time authentication function can also be used for digital data (document data, etc.) authentication.
- digital data is explicitly stored including its creation time, conventionally, for example, an external standard time station if it is connectable to the Internet, GPS time if it is a mobile device, The built-in RTC time data was also stored. However, the external standard time, GPS time, and RTC time data can be altered by the document creator.
- the time authentication data by the PUU cannot be altered even by the creator, the authenticity (uniqueness) of the explicit time data in the present invention is secured by the data generated by the PUU. Examples will be described later.
- the radiation is measured only for particles that are incident on a semiconductor having a certain area of ⁇ particles emitted in the sphere direction.
- the affected area change is about 1/1000, and it can be estimated that there is no change in the number of measurements.
- the accuracy of the source is 4.0 KBq ⁇ 15% at the time of manufacture, and varies from 3.6 KBq to 4.6 KBq.
- the source intensity is considered to have a normal distribution, and the number of Bq after manufacture is different.
- identification / authentication of devices (nodes) and information (digital data) on the network based on the identification numerical value itself is performed as follows, for example.
- authentication of a digital data transmission side terminal is performed as follows.
- the transmitting side terminal encrypts the measured “current pulse number” (the key of the time stamp is included) with the initial identification value registered in the PUU together with the hash value of the digital data, and transmits it to the management side (receiving side terminal).
- the management side receives the reception time (date and time) of the encrypted data is recorded, and the received data is decrypted with an initial identification value registered in advance, and the “current pulse number” is set. obtain.
- the date and time and the number of pulses (initial pulse number) at the time of manufacture (initial measurement) of the PUU attached to the transmission side terminal are registered in the memory in the PUU, and these data are also stored in advance on the management side (reception side terminal). It is registered.
- the decoded current pulse number From the decoded current pulse number, the initial pulse number registered in advance on the management side, and the decay constant (known) of the radioisotope, from the time of manufacture (at the time of initial measurement) based on the above-mentioned inverse calculation formula Can be estimated. Since the date and time at the time of manufacture is recorded in advance on the receiving side, when the estimated elapsed time is added to this date and time, the time when the “current number of pulses” is measured is estimated. The estimated time is compared with the reception time of the encrypted data that is recorded, and if it is determined that they match, the time (including time data such as the date of manufacture) is authenticated. It can be confirmed that the received digital data is transmitted from the authentic node. That is, the transmission side terminal is authenticated.
- the hash value of the digital data (information) is calculated at the transmitting terminal, encrypted with the initial identification value registered in the PUU, and transmitted to the management side (receiving terminal) together with the digital data (when time authentication is performed)
- the current pulse number measured at the transmitting terminal is also encrypted together with the hash value of the digital data and transmitted to the management side (receiving terminal)).
- the management side (receiving terminal) first calculates a hash value of the received digital data, and decrypts the received encrypted hash value with an initial identification value registered in advance. If the calculated hash value matches the decrypted hash value, it is determined that the digital data is not falsified or leaked. That is, digital data is authenticated. Details of the authentication will be described in an embodiment described later.
- time stamping method involves tampering with an external time transmission station that emits accurate time and a time stamp.
- a time stamp authority that can verify externally is indispensable, and time certification and electronic signature confirmation cannot be performed without the intervention of these external services.
- the system according to the present invention is based on the fact that the reliability of the key is ensured by using the hash calculation or encryption technology based on the authentic identification value, and the following functions are provided for the constituent elements of the information communication network. All can be verified without external access.
- Each node is equipped with a PUU to ensure the uniqueness of each node based on its physical infeasibility.
- a manufacturing (initial measurement) pulse stored in the PUU It is ensured that the elapsed time can be calculated backward from the number and the current pulse number (with the time stamp included).
- the data generated at each node is collectively added with the value of 1) authenticity (uniqueness), 2) generation time, 3) falsification, and leak detection by the PUU according to the present invention.
- FIG. 8 shows an embodiment of a system in which a PUU is attached to a device (sensor node) 6 on the sensor network. This embodiment illustrates a system that controls access of a sensor node based on a PUU's unique transition identification number.
- a sensor node indicates a user (client) side device (web camera shown), a terminal (PC), etc. connected to the network, and a controller 7 is also connected to the network (server) side (server) side ( Or a device, terminal, or the like on the other user side).
- the PUU is attached to the sensor node, and an ID (initial identification value) at the time of manufacture (initial measurement) of the PUU is registered in the master file 8 or a reference table in advance in the controller.
- the controller has attribute records as shown in FIG. 9 for each node, and manages the access of each node.
- PUU autonomously generates unique identification values based on quantum mechanics, it can be numbered based on the identification numbers, and individual nodes can be written by writing the numbered numbers (random numbers) into memory. Can be determined. However, it is possible to duplicate such a numerical value, and its authenticity (uniqueness) cannot be verified from a remote location via a network.
- the procedure for confirming the authenticity (uniqueness) of devices (nodes) on the network is as follows. (1) At the first access, the sensor node adds a newly generated ID (identification numerical value, the same applies hereinafter) (N1) (current ID) to the manufacturing ID (initial identification numerical value), and sends it to the controller. (2) The controller permits access if the manufacturing ID sent from the node matches the manufacturing ID registered in itself. At the same time, the sent new ID (N1) is registered (updated) as the current ID of the node. (3) At the next access, the sensor node adds the newly generated ID (N2) (new ID) to the current ID (the ID (N1 newly generated at the previous access)) to the controller. send.
- the controller permits access if the current ID sent from the node matches the current ID registered in itself.
- the sent new ID (N2) is registered (updated) as the current ID of the node.
- the PUU identification value transmitted and received is specific to a specific sensor node, and does not collide with the identification value from other nodes of the network. Therefore, by sequentially recording and confirming the transition of the identifying numerical value sequence, access control that guarantees uniqueness is realized. (5) Repeat thereafter.
- FIG. 10 shows an embodiment of a system in which PUUs are attached to both a terminal (sensor node) and a server (controller).
- a terminal sensor node
- a server controller
- a management (server) side or other device
- User side device User side device.
- the PUU used here has a built-in APG (Pulse Generation Device), which is shaped into identification numerical value (random number) data and output (called MQRNG (Micro Quantum Random Number Generator)) Is used.
- APG Pulse Generation Device
- MQRNG Micro Quantum Random Number Generator
- the procedure for authenticating authenticity is as follows.
- a common key K1 is registered in advance on both the terminal side and the server side, or an identification value T1 (random number) generated by the PUU on the terminal side is stored on the server side, and an identification value S1 generated by the server side PUU (Random number) is registered on the terminal side.
- the terminal is authenticated.
- the common key K1 or the identification value T1 is encrypted (XOR operation) with the identification value T2 (random number) generated by the terminal side
- the identification value S1 is encrypted with the generated identification value T2 ( XOR operation) and transmit these encrypted data to the server side.
- the identification value T2 can be obtained. Further, when the latter encrypted data is XORed with the acquired identification value T2, the identification value S1 can be acquired.
- the terminal is authenticated by checking the obtained identification value S1 against the identification value S1 registered in advance on the server side. At the same time, the acquired identification value T2 is recorded as a key. (3) Next, the server is authenticated.
- the identification numerical value S2 (random number) newly generated on the server side is used to encrypt (XOR operation) the identification numerical value T1 and the identification numerical value T2 registered as a key, and transmit these encrypted data to the terminal side.
- the identification value S2 can be obtained. Further, when the latter encrypted data is XORed with the acquired identification value S2, the identification value T2 can be acquired.
- the server is authenticated by collating and confirming the acquired identification value T2 and the terminal-side identification value T2. At the same time, the acquired identification value T2 is recorded as a key.
- new identification values are generated alternately as shown in the figure, encrypted with the previous identification values, and exchanged. (5) If the previous identification value can be confirmed using the previous identification value as a key, the new identification value is transmitted using the received identification value as a new key.
- the PUU is built in the sensor node that is the terminal, and the identification value generated there is exchanged in plain text as it is.
- the terminal is externally attached to the terminal and the server that are both ends of the network.
- the PUU is mounted, and a process of encrypting each generated identification numerical value and the identification numerical value generated at the previous access (common key in the first access) by performing an XOR operation is added.
- the server can be authenticated from the terminal side, it is possible to detect a “real-time man-in-the-middle attack” in which the ID data is obtained by impersonating the server by interrupting the communication line and impersonating the terminal. Further, in this embodiment, since encryption / decryption is performed only by using the XOR instruction once and complicated processing is not required, efficient communication can be performed.
- the identification value of the PUU transmitted / received is specific to a specific sensor node, and does not collide with the identification value from other nodes of the network. Therefore, by sequentially recording and confirming the identification numerical sequence that is transitioning in both sides, access control that ensures the uniqueness of both sides of the network is realized. On the contrary, if the access is denied even though the sensor node is operating normally, it can be detected that the node may have been impersonated.
- a known technique such as CRC can be used in combination for communication line errors and master file errors.
- FIG. 11 shows another embodiment of a system in which a PUU is attached to a sensor node.
- time authentication is also performed.
- the initial pulse number number of pulses at initial measurement, initial pulse number
- initial date date at initial measurement
- identification value initial identification value
- current pulse number are stored in memory (PUU (Including memory).
- the initial number of pulses, the initial date, and the identification value are registered in advance in the master file or reference table corresponding to the node.
- the receiving side When receiving the “message with proof”, the receiving side records the date and time of reception, and first calculates the hash value of the digital data by the same calculation method as the transmitting side (the calculated value is assumed to be the hash value A). . If the digital data is encrypted, it is decrypted with the identification value and returned to plaintext.
- the “data authentication code” is decrypted with the identification value of the transmission side recorded in the table or the like to obtain the hash value of digital data (the decrypted one is the hash value B) and the current number of pulses. .
- the hash value A and the hash value B are compared. If they do not match, it is determined that the digital data has been tampered with. Also, by comparing the current number of pulses obtained by decoding and the initial number of pulses recorded in the table, the elapsed time since the PUU was manufactured can be estimated, and "III. PUU generates Time authentication can be performed as described in “Identification / Authentication of Devices (Terminals, Nodes) and Digital Data on the Network Based on the Identification Values themselves”. That is, it can be confirmed that the digital data has been issued by the authentic node (transmission side terminal).
- digital data authentication (falsification and prevention of leakage) and time authentication are realized by using the PUU.
- identification numerical values such as those in the first embodiment or the second embodiment are used. It is also possible to identify the transmission side or the transmission / reception side by exchange / update.
- FIG. 12A to FIG. 22 attach PUUs according to the present invention to both a transmission-side terminal (node, device) and a reception-side terminal (node, device) connected to the network, and transmit / receive information (digital data).
- 1 shows an example of a system.
- the PUU in this embodiment contains a radioisotope having an atomic number sufficiently exceeding the total number of objects to be identified (the total number of elements (pulse generation devices or PUUs) + the total number of communication over the communication usage period of both). ing.
- each terminal is a terminal that can transmit and receive, and can be a transmission side terminal or a reception side terminal.
- the PUU according to the present invention can be used not only to identify and authenticate each terminal but also to authenticate information (digital data) transmitted and received between terminals.
- the identification value generated by the PUU for each session is used as the encryption key (common key)
- the identification value (encryption key) is exchanged and updated for each session, so that safe and reliable communication can be performed. Since encryption and decryption can be performed only by XOR, an existing encryption algorithm is unnecessary.
- the terminal identification / authentication and information authentication will be described in detail below in accordance with the illustrated embodiment.
- the memory of the terminal on both sides of the transmission / reception (the memory built in the terminal or the memory built in the PUU may be used) has its own identification code (transmission side P1), common key (K1), identification code of the communication partner ( Register the receiving side P2).
- transmission side P1 transmission side
- K1 common key
- FIG. 12A (transmission side) and FIG. 12B (reception side) on the transmission side and reception side exemplify a case where these data are held in the form of a table.
- the terminal identification code can be represented by an initial identification value of the PUU.
- the transmission side terminal encrypts its own identification code (P1) in the table shown in FIG. 12A with the identification value (CA1) (referred to as communication identification value) generated by the PUU of the transmission side terminal. (XOR operation) to generate an encrypted mutual identification value (RA1). Further, an encrypted communication identification value (CCA1) is generated by XORing the common key (K1) with the identification value (CA1). The encrypted mutual identification value (RA1) and communication identification value (CCA1) are transmitted to the receiving terminal.
- CA1 identification value generated by the PUU of the transmission side terminal.
- the transmission side communication identification value (CA1 ′) is obtained. Can be obtained. A code with “′ (apostrophe)” indicates that it has been decoded. Further, when the encrypted mutual identification value (RA1) is XORed with the acquired communication identification value (CA1 '), the identification code (P1') can be acquired.
- the transmitting terminal is an authentic terminal
- the common key (K1) is the same for both the transmitting terminal and the receiving terminal, so the communication identification value (CA1 ′) decrypted by the receiving terminal is the communication key.
- the identification code (P1 ′) obtained by decoding the identification code (RA1) with the communication identification value (CA1 ′) is also equal to the identification code (P1).
- each value is different.
- the receiving terminal automatically generates a new identification value by its own PUU, and sets this as a communication identification value (CB1). Then, as shown in FIG. 14B, the other party (transmission side) decoded identification code (P1 ′), the other party decoded communication identification number (CA1 ′), and the own communication identification number (CB1) Create an “intercommunication code” with
- the receiving side terminal encrypts the identification code (P2) of the table shown in FIG. 12B by XORing with the communication identification value (CB1) as shown in FIG. 15A.
- a mutual identification value (RB1) is generated.
- an encrypted communication identification value (CCB1) is generated by XORing the common key (K1) with the communication identification value (CB1).
- the encrypted mutual identification value (RB1) and the encrypted communication identification value (CCB1) are transmitted to the transmitting terminal.
- An “intercommunication code” in which the identification numerical values (CA1) are arranged is created.
- the common key (K1) is the same for both the transmitting terminal and the receiving terminal, so the communication identification value (CB1 ′) decrypted by the transmitting terminal is the communication key.
- the identification value (CB1) is equal, and the identification code (P2 ′) obtained by decoding the identification code (RB1) with the communication identification value (CB1 ′) is also equal to the identification code (P2). If the receiving terminal is not a genuine terminal, each value is different.
- the transmitting terminal When newly communicating with the other party (receiving terminal), as shown in FIG. 17, first, the transmitting terminal automatically generates a new communication identification value (CA2) with the PUU of the terminal, With this new communication identification value (CA2), the communication identification value (CB1 ′) of the partner terminal of the mutual communication code (FIG. 16) with the other party and the decoded identification code (P2 ′) of the receiving side are XORed. Thus, the encrypted new communication identification value (CCA2) and identification code (RA2) are generated and transmitted to the other party.
- the intercommunication code with the other party is the one created at the time of ⁇ identification of the other party terminal>.
- the receiving terminal decrypts the received encrypted communication identification value (CCA2) by performing an XOR operation with its own communication identification value (CB1) in its own mutual communication code (FIG. 14B), and The decrypted communication identification value (CA2 ′) can be acquired (see FIG. 18).
- the received encrypted identification code (RA2) is further XORed with the decrypted communication terminal numerical value (CA2 ') of the other party terminal, so that the decrypted identification of itself (receiving terminal) is performed.
- a code (P2 ′′) is obtained. This is compared with its own identification code (P2).
- the transmitting terminal is authentic, the communication identification value (CB1 ′) decoded by the transmitting terminal is the communication identification value ( Therefore, the communication identification value (CA2 ′) decoded at the receiving terminal is equal to the communication identification value (CA2), and the identification code (RA2) is decoded with the communication identification value (CA2 ′).
- the code (P2 ′′) is also equal to the identification code (P2 ′) encrypted with the communication identification value (CA2).
- the identification code (P2 ′) decoded as described above is equal to the identification code (P2), and therefore the identification code (P2 ′′) is equal to the identification code (P2).
- the terminal is not a genuine terminal, the values are different. Therefore, when the identification code (P2 ′′) and the identification code (P2) are compared and matched, the transmitting terminal is genuine and the only terminal. This can be confirmed (see FIG. 18).
- the receiving side terminal automatically generates a communication identification value (CB2) with its own PUU, and uses the new communication identification value (CB2) as a partner of the mutual communication code (FIG. 14B).
- CB2 communication identification value
- XOR operation of the communication identification number (CA1 ′) and the decrypted identification code (P1 ′) on the transmitting side generates an encrypted new communication identification value (CCB2) and identification code (RB2), Transmit to the transmitting side (see FIG. 19).
- the receiving side terminal can confirm that the transmitting side terminal is an authentic terminal, the mutual communication code with the other party is obtained as shown in FIG. 20, and the communication identification value of the other party terminal is decoded (CA1 ′). To (CA2 ′) and the own communication identification value is updated from (CB1) to (CB2).
- the received encrypted identification code (RB2) is subjected to an XOR operation with the decrypted communication identification value (CB2 ′) of the counterpart terminal, thereby decrypting itself (receiving terminal).
- An identification code (P1 ′′) is obtained. If this is compared with its own identification code (P1), it can be confirmed that the receiving terminal is genuine and the only terminal.
- the transmitting terminal can confirm that the receiving transmitting terminal is an authentic terminal, the mutual communication code with the other party is obtained as shown in FIG. 21, and the communication identification value of the other party terminal is decoded (CB1 ′). ) To (CB2 ′) and the own communication identification value is updated from (CA1) to (CA2).
- the identification value (CB2 ′,...) As the updated encryption key on the transmitting side and the identification value (CA2 ′,... As the updated encryption key on the receiving side).
- the terminal on the transmitting side uses the identification numerical value (CA2) generated by the terminal at the time of exchanging the encryption key as digital data as information. ) (Which is recorded in the “Intercommunication Code” on the sending side) and sent to the receiving terminal.
- the receiving terminal encrypts the received encrypted digital data when the encryption key is exchanged.
- the digital data is decrypted using the identification numerical value (CA2 ′) registered in the key (recorded in the “mutual communication code” on the receiving side) (see FIG. 22).
- FIG. 30A and FIG. 30B show a flowchart of key exchange in this embodiment.
- the PUU of the transmitting terminal When the key exchange session is started (step S101), the PUU of the transmitting terminal generates an identification value (CA1) (step S102).
- the transmitting terminal generates a communication identification value (CCA1) encrypted using the generated identification value (CA1) and a mutual identification value (RA1) encrypted (step S103), and receives the terminal. (Step S104).
- the receiving terminal When the receiving terminal receives the encrypted mutual identification value (RA1) and the communication identification value (CCA1) (step S105), it decrypts the encrypted communication identification value (CCA1) with the common key (K1). The communication identification value (CA1 ′) is acquired, and the encrypted mutual identification value (RA1) is decrypted with the acquired communication identification signal (CA1 ′) to acquire the transmission side identification code (P1 ′) (step S106). ). Next, the PUU of the receiving terminal generates an identification value (CB1) (step S107). The receiving terminal generates a communication identification value (CCB1) encrypted using the generated identification value (CB1) and a mutual identification value (RB1) encrypted (step S108), and the transmitting terminal (Step S109).
- the transmitting terminal When the transmitting terminal receives the encrypted communication identification value (CCB1) and the mutual identification value (RB1) (step S110), it decrypts the encrypted communication identification value (CCB1) with the common key (K1).
- the communication identification value (CB1 ′) is acquired, and the encrypted mutual identification value (RB1) is decrypted with the acquired communication identification signal (CB1 ′) to obtain the reception side identification code (P2 ′) (step S111).
- the PUU of the transmission side terminal When the transmission side terminal newly starts communication with the reception side terminal, the PUU of the transmission side terminal generates an identification value (CA2) (step S112).
- the transmitting terminal generates a communication identification value (CCA2) encrypted using the generated identification value (CA2) and a mutual identification value (RA2) encrypted (step S113), and receives the terminal. (Step S114).
- the receiving terminal receives the encrypted mutual identification value (RA2) and the communication identification value (CCA2) (step S115), the encrypted communication identification value (CCA2) is converted into its own communication identification value (CB1).
- the communication identification value (CA2 ′) is obtained by decryption, and the encrypted mutual identification value (RA2) is decrypted by the obtained communication identification signal (CA2 ′) to obtain the transmission side identification code (P2 ′′) ( Step S116).
- the receiving side terminal determines that the transmitting side terminal is not authentic (step S118), and performs communication with the transmitting side terminal.
- the identification code (P2 ′′) is equal to the identification code (P2) (Yes in step S117)
- the receiving terminal determines that the transmitting terminal is authentic (step S120).
- the receiving terminal If the transmitting terminal is authentic, the receiving terminal then generates a communication identification value (CB2) (step S121).
- the receiving side terminal generates a communication identification number (CCB2) encrypted using the generated identification number (CB2) and a mutual identification number (RB2) encrypted (step S122), and the transmitting side terminal (Step S123).
- the receiving terminal updates the communication identification value of the counterpart terminal from (CA1 ') to (CA2'), and updates its own communication identification value from (CB1) to (CB2) (step S124).
- the transmitting terminal receives the encrypted mutual identification value (RB2) and the communication identification value (CCB2) (step S125), the encrypted communication identification value (CCB2) is converted into its own communication identification value (CA1).
- the communication identification value (CB2 ′) is obtained by decryption, and the encrypted mutual identification value (RB2) is decrypted by the obtained communication identification signal (CB2 ′) to obtain the transmission side identification code (P1 ′′) ( Step S126).
- the transmission side terminal determines that the reception side terminal is not authentic (step S128), and performs communication with the reception side terminal.
- the identification code (P1 ′′) is equal to the identification code (P1) (Yes in step S127)
- the transmission side terminal determines that the reception side terminal is authentic (step S130).
- the transmitting terminal then transmits the data body to the receiving terminal (step S131), the communication identification value of the counterpart terminal is changed from (CB1 ′) to (CB2 ′), and self Is updated from (CA1) to (CA2) (step S132), and the encryption key exchange is terminated (step S133).
- FIG. 23 shows household appliances in the home.
- connection network management That is, a case where Qtag is incorporated in a home network device (internal or external) and used for mapping is shown.
- a wireless and wired LAN is constructed at home, a PC and a Web camera are connected to the wireless LAN, and a disk, a game machine, and a NAS (network connection storage) are connected to the wired LAN through a hub.
- Qtag is incorporated in a wireless LAN base unit, PC, Web camera, game machine, and NAS.
- FIG. 24 illustrates a short-range wireless communication type device (hereinafter referred to as a QNFC tag) in which an NFC (Near Field Communication) tag or an IC card is combined with a PUU element (APG module) according to the present invention.
- a QNFC tag a short-range wireless communication type device
- NFC Near Field Communication
- APG module PUU element
- the APG module is incorporated in an NFC tag including a loop antenna, an antenna tuning unit, a TX impedance matching / RX filter stage, and an RFID transceiver IC.
- a host PC, MPU, etc.
- PC PC, MPU, etc.
- IC card with an NFC function such as a transportation card
- a history ID that fluctuates based on an identification value (random number) generated for each session on the card side / server side can be recorded in a recording partition in the IC card
- IC card authenticity and theft detection can be easily realized. If there are a plurality of partitions, a secure IC card that can handle a plurality of services can be manufactured.
- Bluetooth registered trademark
- Zigbee registered trademark
- FIG. 25 shows an embodiment in the case of performing parts management (in the illustrated embodiment, a handy terminal is used) in aircraft manufacturing, operation, maintenance, and repair using a device in which a PUU element is incorporated in an RFID.
- a QNFC tag is incorporated into the part.
- RFID chip
- NFC short-range wireless communication
- the data entered in the RFID chip is digital data, it can be copied, and there is a risk of forgery such as counterfeit parts and expiration date.
- the above-mentioned Qtag is a PUU model that does not have a power supply and is composed of an APG and a memory. However, the unit shown in FIG. 26 is equipped with a power supply, and the APG and PIC (Peripheral Interface Controller, peripheral device connectivity control IC). ) And a PUU model that can perform a discrimination function calculation by PIC.
- APG and PIC Peripheral Interface Controller, peripheral device connectivity control IC.
- This unit is installed in devices that are actively asked for authenticity, especially network devices. Since the generated pulse can be self-calculated by the built-in PIC, random numbers can be arbitrarily output. Therefore, it can be accommodated in a node in the network and used by embedding it in communication of other data transmitted and received as necessary.
- a / D conversion that quantizes the voltage is necessary to analyze the energy distribution of the pulse. If it is difficult to realize this with a single PIC, the voltage classification is aggregated to an extent that is effective for identification, and an electronic voltage discrimination circuit is provided according to the classification, and the output is A / D converted. Alternatively, a simple method may be used. This circuit may be provided on the pulse generation circuit side. A structure having two PICs for signal processing / recording and communication may be used.
- the current pulse value can always be measured and updated in the background, and it can respond to data requests such as time authentication in real time.
- FIG. 27 shows a case where the unit according to the eighth embodiment is applied to personal authentication for Internet banking.
- a terminal-side quantum authentication unit (QAU) (and a server-side quantum communication unit (QCU)) corresponds to the unit according to the eighth embodiment.
- QAU terminal-side quantum authentication unit
- QCU server-side quantum communication unit
- quantum authentication refers to an authentication function based on uniqueness using the natural decay of a radioisotope according to the present invention.
- both the user terminal and the bank are equipped with PUUs (quantum authentication unit (QAU) on the terminal side and quantum communication unit (QCU) on the bank server side).
- QAU quantum authentication unit
- QCU quantum communication unit
- FIG. 28 shows a type of PUU that has an MPU and sufficient memory, has a high computational capacity, and can perform authentication.
- This unit is composed of an APG, a memory, an MPU, an I / O interface, and the like, and is a model for applications that require advanced verification functions and certification functions. Since the measurement is continued in the background in the same manner as the unit (PIC type) according to the eighth embodiment, necessary parameters can always be prepared.
- This unit has the following characteristics. -Operates with a constant power supply. -Built-in A / D converter enables precise classification of energy distribution, so more identification numbers (random numbers) can be generated in a short time. • There is sufficient memory capacity to store continuous measurements.
- a CPU function that can perform hash calculation for electronic signatures. -Node validity can be added to data that always flows through the network.
- a quantum authentication function is realized that can autonomously calculate and assign a signature that proves uniqueness, time authentication, etc., to a measurement value generated at that node or data requested by others.
- FIG. 29 shows an example in which the unit according to the tenth embodiment is applied to the security of an in-vehicle information network of an automobile (the architecture of the in-vehicle LAN is based on IPA data).
- a quantum authentication unit (QAU) and a quantum communication management unit (QCMU) correspond to the units according to the tenth embodiment.
- an inspection terminal is connected wirelessly (such as Wi-Fi) to an inspection interface (DiagnosisicInterface) of a CU (Communication Unit), and the vehicle performs mobile communication with the CU using GPS. Communication between CtoC (between vehicles) is possible.
- consumer devices such as mobile devices are connected to HU (Head Unit) via USB and Bluetooth (registered trademark) via a wired or wireless connection, and a TRSM (tire pressure monitoring system with a tire pressure sensor) ) Is wirelessly connected to a CSC (Chassis & Safety) chassis / safety controller.
- the current automobile is not only capable of moving with the engine and the car body, but also a large number of information communication devices are built in, and an "in-vehicle LAN (CAN)" is constructed, and various facilities (terminals, devices) and It can be connected to an information network outside the vehicle.
- CAN vehicle LAN
- it has already been performed to wirelessly connect to an inspection terminal through an “inspection interface” or to monitor the tire air pressure by a wirelessly connected tire sensor. If sufficient security is not secured for such wireless connections, security may be broken due to fraud such as hacking, the vehicle may be unlocked illegally, safe driving may be hindered, It will cause a great deal of damage such as information loss.
- communication between cars is expected to advance in accordance with the development of collision prevention and autonomous driving functions. If security is insufficient, these communication functions will be disturbed, causing accidents and The risk of scandals is also expected to increase.
- a QCMU element or QAU element having an advanced communication information processing function according to the present invention on an important controller (PTC, CSC, BEM, HU, etc.) of an in-vehicle LAN (CAN) as illustrated, for example.
- PTC personal computer
- CSC central processing unit
- BEM in-vehicle LAN
- all communication of CAN is performed only with an authentic partner, and unauthorized access from outside can be completely eliminated.
- the high-speed and high-efficiency encryption function using the XOR instruction as shown in the third and fourth embodiments can be used, so that reliable security can be ensured by encrypting all communication messages. .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mathematical Physics (AREA)
- Measurement Of Radiation (AREA)
Abstract
Description
本願発明に係る装置は、パルス生成デバイスとメモリとを有する。パルス生成デバイスは放射性同位元素(RI)を含む放射体と検出器を含む。放射体の同位元素は、被識別対象の総数よりも多い数の原子を有する。検出器は、放射体から原子核の自然崩壊で放出されるα粒子、ベータ線及び/又はγ線(以下α粒子等という)を検出し電気パルスを生成する。メモリには、予め、そのパルス生成デバイスで生成された電気パルスを所定の期間計測することで得たパルス数(以下、初期パルス数という)、その測定日付、ならびにその電気パルスのパルス間隔を数値化した識別数値(以下、初期識別数値という)とを記憶する。 Apparatus for realizing uniqueness An apparatus according to the present invention comprises a pulse generating device and a memory. The pulse generating device includes a radiator containing a radioisotope (RI) and a detector. The isotope of the radiator has a larger number of atoms than the total number of objects to be identified. The detector detects α particles, beta rays and / or γ rays (hereinafter referred to as α particles) emitted from the radiator due to the natural decay of the nucleus, and generates an electric pulse. In the memory, the number of pulses obtained by measuring the electrical pulse generated by the pulse generation device in advance for a predetermined period (hereinafter referred to as the initial pulse number), the measurement date, and the pulse interval of the electrical pulse are numerical values. The converted identification value (hereinafter referred to as the initial identification value) is stored.
以下、素子は、被識別対象に組み込み、放射性同位元素(RI)の崩壊パルスで自律的に区別して付番(識別数値による)することを想定する。 1) Number of radioisotope atoms in the element according to the present invention Hereinafter, the element is incorporated into an object to be identified, and is autonomously distinguished and numbered (by an identification value) with a decay pulse of the radioisotope (RI). Suppose.
N=N0×λ ・・・(1) As described above, the number N at which the number of N 0 atoms decays in one second is represented by the decay constant λ, as shown in the following formula.
N = N 0 × λ (1)
N0=N/λ ・・・(2)
つまり、毎秒の崩壊数Nが計測できれば、それを崩壊定数で除したものが、そのときの原子数として推計できる。 From the above formula, the number of atoms of the group can be determined as in the following formula.
N 0 = N / λ (2)
That is, if the number of decays N per second can be measured, the number of atoms divided by the decay constant can be estimated as the number of atoms at that time.
210Pb-210Po放射平衡物質(半減期:22.3年)の崩壊定数は、
9.856302×10-10(秒)
The decay constant of 210Pb-210Po radiation equilibrium material (half-life: 22.3 years) is
9.856302 × 10 −10 (seconds)
前述の如く、素子内蔵の原子数によって識別可能性を持つことができ、各素子の所定の時間のパルス数を計量すると原子数が推定できる。しかしながら素子の識別を行う手段として、原子核崩壊に基づくパルス数を累計して計量する方法は時間がかかり効率的ではない。 2) Method for obtaining numerical values for device identification by pulse measurement As described above, it is possible to identify by the number of atoms built in the device, and when the number of pulses of each device for a predetermined time is measured, the number of atoms is Can be estimated. However, a method for accumulating and measuring the number of pulses based on nuclear decay as a means for identifying elements is time consuming and inefficient.
すなわち、時刻t=0にひとつの事象が起こったとして、隣接する次のパルスが起きるまでの時間間隔を示す分布関数をまず導いてみる。 Fortunately, it is considered that the interval information of the radiation emission pulse due to spontaneous decay corresponds to this.
That is, assuming that one event occurs at time t = 0, first, a distribution function indicating a time interval until the next adjacent pulse occurs is derived.
I1(t)dt=P(0)×λdt ・・・(3)
右辺の第一項は前述の放射性崩壊の式となりポアソン分布の議論に直接従う。記録された事象の数がλtとなるべき時間の間に事象がぜんぜん起こらない確率を求めると、
P(0)=(λt)0e-λt/0!=e-λt ・・・(4)
を得る。これを(3)式に代入すると、
I1(t)dt=λe-λt×dt ・・・(5)
これは間隔の増大に応じたパルス発生頻度が自然対数べき乗によって崩壊係数に応じて減少する指数関数である。 The probability of the next event occurring during the minute time dt after the time t is examined. In this case, the event does not occur in the time interval from zero to t, and thereafter, one event occurs while the time is incremented by the minute time dt. If the probability of collapse (decay constant) is λ,
I 1 (t) dt = P (0) × λdt (3)
The first term on the right-hand side is the above-mentioned equation for radioactive decay and directly follows the discussion of Poisson distribution. Finding the probability that no event will occur during the time that the number of recorded events should be λt,
P (0) = (λt) 0 e −λt / 0! = E -λt (4)
Get. Substituting this into equation (3) gives
I 1 (t) dt = λe− λt × dt (5)
This is an exponential function in which the pulse generation frequency according to the increase in the interval decreases according to the decay coefficient by the natural logarithm power.
前項の素子においてメモリに記録されているIDは単なる情報であるため、それが複製あるいは偽装されたものであるか、オリジナルであるかを判別することはできない。従って情報通信ネットワークにおいては、素子の唯一性を維持するために複製及び偽装の防止ができる機能を備える必要がある。 3) Method of confirming the continuity of uniqueness by digitizing pulse intervals at different times Since the ID recorded in the memory in the element in the previous section is merely information, is it copied or impersonated? It cannot be determined whether it is original. Therefore, in the information communication network, it is necessary to provide a function capable of preventing duplication and impersonation in order to maintain the uniqueness of the element.
1)PUUの一実施形態(基本形態)
前述の如く、物理的に複製が不可能な素子をPUUと呼び、本発明に係る素子は、PUUである。以下、本発明に係る素子(パルス生成デバイス)をPUUの基本形態として説明する。なお、ここでは、放射源としてα粒子を使用した装置を例にPUUを説明する。ガンマ線、ベータ線について計測する装置についても同様である。 Physically unclonable unit (PUU)
1) One embodiment of PUU (basic form)
As described above, an element that cannot be physically duplicated is called a PUU, and an element according to the present invention is a PUU. Hereinafter, an element (pulse generation device) according to the present invention will be described as a basic form of a PUU. Here, the PUU will be described using an apparatus using α particles as a radiation source as an example. The same applies to devices that measure gamma rays and beta rays.
PUUで生成されたパルスは、パルス波高だけでなく、パルスの間隔も非常に高い精度でランダムである。従って、このパルスのそれぞれのパルス間隔を一定のサンプル(クロック)周波数で計測した数値を並べた数列は、量産されたすべてのPUUにおいて、所定量の放射性同位元素(RI)を装着した場合でも異なった値となる。これを適正に組み合わせれば1.0E+12(1兆)のノードであっても異なったIDを生成することができる。IDの利用を容易ならしめるために、パルス間隔(パルス間隔をクロック周波数でカウントする)がポアソン分布に従うことを利用して、関数を用いて一様な識別数値に変換するなどしてもよい。 2) Determination of ID by PUU The pulses generated by the PUU are random not only with the pulse height but also with a very high accuracy in the pulse interval. Therefore, the numerical sequence in which numerical values obtained by measuring the pulse intervals of each pulse at a constant sample (clock) frequency are different even when a predetermined amount of radioisotope (RI) is mounted in all mass-produced PUUs. Value. If these are combined appropriately, different IDs can be generated even with a node of 1.0E + 12 (1 trillion). In order to make the use of the ID easier, the function may be used to convert the pulse interval (the pulse interval is counted by the clock frequency) into a uniform identification value by using a Poisson distribution.
本発明に用いられるパルス発生デバイスに生じる出力パルスは、図3Bのような形をしている。この波の高さは荷電粒子(ここではα粒子)の検出素子との反応エネルギーレベルに比例していることが知られている。この波形をA/D変換してエネルギーの大きさの数値にデジタル変換して数値化できる。この方法はMCAとして、放射性物質の核種を知る測定法にも応用されている。この方法を用いることにより、1個のパルスで、パルス間隔と波高値の全く独立した2個の識別数値値を取得することが出来る。本発明のパルス生成デバイスの一実施例では、約80cps(カウント/秒)のパルス発生がある。パルス数を80cpsとした場合、パルス間隔の計測により、80個の識別数値を、パルス波高のA/D変換により、80個の識別数値を同時に取得することが出来る。 3) Means for Increasing the Total Amount of Variation in PUU Collapse Pattern The output pulse generated in the pulse generating device used in the present invention has a shape as shown in FIG. 3B. It is known that the height of this wave is proportional to the level of reaction energy of charged particles (here, α particles) with the detection element. This waveform can be converted into a numerical value by A / D conversion and digitally converting it into a numerical value of energy. This method is also applied to MCA as a measurement method for knowing the nuclide of a radioactive substance. By using this method, two identification numerical values that are completely independent of the pulse interval and the peak value can be acquired with one pulse. In one embodiment of the pulse generation device of the present invention, there is approximately 80 cps (counts / second) pulse generation. When the number of pulses is 80 cps, 80 identification values can be acquired simultaneously by measuring the pulse interval, and 80 identification values can be acquired simultaneously by A / D conversion of the pulse wave height.
図7は、PUUの応用形態の一例を示す。図示のPUUは、パルス生成デバイス4とメモリ5により構成され、電源を持たないモデルで、取り扱い上、チップ(又はタグ)状とするのが好ましい(以下Qtagと称する)。量産により、低価格化が可能で、単に素子の識別だけを可能とするモデルである。 4) Other embodiment (application form) of PUU
FIG. 7 shows an example of an application form of the PUU. The PUU shown in the figure is composed of a
I.ネットワーク上の機器(端末、ノード)及び情報の識別及び認証
1)機器の識別
ネットワークでは送り手と受け手があるので、ネットワーク上の機器の唯一性が相手から確認されることが必要である。この場合、確認は、機器の識別と認証によって行われる。機器の識別とは、ネットワークに接続している機器が唯一性を有することであり、これは、機器に付与された唯一性のあるID番号によってなされる。本発明に係るPUUを機器に装着する場合は、PUUの製造時(初期計測時)に生成された識別数値をその機器のIDとすることができる。他の方法による付番はソフトウェアによることになるので、絶対的な唯一性が保証されない。本発明のPUUの唯一性は放射性同位元素(RI)そのものに起因するので、単に電子パルスを出力する素子(パルス生成デバイス)であっても、その信号を外部でソフトウェア処理することでPUUとして扱うことができる。 Usage form of PUU Identification and authentication of devices (terminals, nodes) and information on the network 1) Identification of devices Since there are senders and receivers in the network, it is necessary to confirm the uniqueness of the devices on the network from the other party. In this case, confirmation is performed by device identification and authentication. The device identification means that a device connected to the network has uniqueness, and this is performed by a unique ID number assigned to the device. When the PUU according to the present invention is attached to a device, an identification value generated at the time of manufacturing the PUU (at the time of initial measurement) can be used as the ID of the device. Since the numbering by other methods is based on software, absolute uniqueness is not guaranteed. Since the uniqueness of the PUU of the present invention is due to the radioisotope (RI) itself, even an element that merely outputs an electron pulse (pulse generation device) is treated as a PUU by processing the signal externally with software. be able to.
識別された機器がネットワーク上で唯一性があり、他に複製がなく、真正であって、成りすましを行っているものでないことを認めることを「認証」という。 2) Device authentication Acknowledging that an identified device is unique on the network, has no other copy, is authentic, and is not impersonating is called "authentication".
本発明に係るPUUは、ある時刻に発生した識別数値(初期識別数値も含む)と同じ数値を他の時刻で発生することはない。このためデジタルデータの盗用防止には生成した識別数値を埋め込む(例えば、XORして暗号化する)だけで良い。暗号化後の改ざん防止をするためには、もとのデジタルデータと識別数値のハッシュ値も求める。 3) Information (digital data) authentication (data leakage, duplication, tampering prevention)
The PUU according to the present invention does not generate the same numerical value as the identification numerical value (including the initial identification numerical value) generated at a certain time at other times. For this reason, it is only necessary to embed the generated identification numerical value (for example, XOR and encrypt) to prevent theft of digital data. In order to prevent tampering after encryption, the hash value of the original digital data and the identification value is also obtained.
1)放射性物質のパルス数と崩壊定数に基づく経過時間の測定
時刻tにおける原子数をN(t)とする。それぞれの放射性同位体には固有の崩壊定数があり、N(t)個の原子が存在すればΔt秒間経過によって原子数はλN(t)Δt個減少すると定義されている。
すなわち、
ΔN=N(t+Δ)-N(t)=-λN(t)Δt
ΔN/Δt=-λN(t)
が成り立つ。Δt→0の極限を取れば微分方程式
dN/dt=-λN(t)
であり、この解はt=0のとき、N(0)=N0であることから、
N(t)=N0e-λt
となる。これが、崩壊定数λをもつ放射性同位体の時間経過にともなう原子数の変化を表す式である。この原子数はその時刻に放出される放射線の数と比例しているので、原子数は発生する放射線の数(パルス数、カウント数)を測定することで推定できる。 II. Time authentication using PUU 1) Measurement of elapsed time based on the number of pulses of radioactive material and decay constant The number of atoms at time t is N (t). Each radioisotope has an intrinsic decay constant, and it is defined that if there are N (t) atoms, the number of atoms decreases by λN (t) Δt over the course of Δt seconds.
That is,
ΔN = N (t + Δ) −N (t) = − λN (t) Δt
ΔN / Δt = −λN (t)
Holds. If the limit of Δt → 0 is taken, the differential equation dN / dt = −λN (t)
Since this solution is N (0) = N 0 when t = 0,
N (t) = N 0 e -λt
It becomes. This is an equation representing the change in the number of atoms with time of a radioisotope having a decay constant λ. Since the number of atoms is proportional to the number of radiation emitted at that time, the number of atoms can be estimated by measuring the number of generated radiation (number of pulses, number of counts).
以上を整理すると次のようになる。 Also, most information communication equipment has an internal clock device (real-time clock RTC) built-in for design reasons. If this device is combined with the autonomous time authentication function of this device, the detailed time management function using this RTC is combined. An autonomous time authentication function having practically sufficient functions can be provided.
The above is organized as follows.
本発明では、使用されるPUUに一定量の放射性同位元素(RI)が組みこまれ、その同位元素から放射線は、時間の経過とともに発生源の原子が減少していくので、漸減する特徴がある。PUUの製造後は放射性同位元素(RI)の量が増えることはないので、放射線の量が製造時(初期計測時)からの経過時間を表せる。 (1) Quantum timekeeping (QTK) function In the present invention, a certain amount of radioisotope (RI) is incorporated into the PUU used, and the radiation from the isotope is changed from the source atom over time. Since it decreases, there is a feature that gradually decreases. Since the amount of radioisotope (RI) does not increase after the PUU is manufactured, the amount of radiation can represent the elapsed time from the manufacturing (initial measurement).
本発明に係るPUUは出力される電気パルスで内蔵の放射性同位元素(RI)の崩壊を知ることができるので、放射性炭素年代測定法などのように、対象物を質量分析器にかけて測定するなどの手間を要せずに、製造時のパルス数の初期値と現在のパルス数を知るだけで、経過時間を推定できる。ただし、発生パルスはゆらぎがあるので経過時間の推定精度はパルス数を測定する時間の長さに依存する。 (2) Measurement of elapsed time Since the PUU according to the present invention can know the decay of the built-in radioisotope (RI) by the output electric pulse, the mass of the object can be measured like a radiocarbon dating method. The elapsed time can be estimated only by knowing the initial value of the number of pulses at the time of manufacture and the current number of pulses, without the need for measurement using an analyzer. However, since the generated pulse fluctuates, the estimated accuracy of the elapsed time depends on the length of time for measuring the number of pulses.
本発明に係るPUUにおいては、ダイオードへのα粒子照射により、ダイオードの損傷が始まる。α粒子の検出は、この損傷によりはじき出される電子を直接計測する方法であるので、照射による損傷は避けられない。そして、ダイオード内のSi原子が無くなれば、α粒子の検出が出来なくなる、即ち、「寿命」である。 2) Consideration of alpha particle irradiation damage of detector diode In the PUU according to the present invention, the diode starts to be damaged by the alpha particle irradiation to the diode. Since the detection of α particles is a method of directly measuring electrons repelled by this damage, damage due to irradiation is inevitable. If the Si atoms in the diode disappear, α particles cannot be detected, that is, “life”.
本発明では、QTKによって製造時からの経過時間より時刻が推定できる。この時刻情報を内蔵しているパルスに由来する識別数値と、ネットワークに転送するデータのハッシュ値の計算を行い電子署名を行うと、転送データの時刻証明と改ざんの検知を実現することができる。即ち、タイムスタンプや電子署名を行うためには外部の認証局の機能が必用なのに対して、本発明はPUUの唯一性とQTK機能によって時刻とデータの信用性を担保できる。従って、本発明では、外部の助けなしに自律的にタイムスタンピングが実施できる。 3) Application of Quantum Timekeeping (QTK) Function to Time Authentication In the present invention, the time can be estimated from the elapsed time from the time of manufacture by QTK. By calculating the identification value derived from the pulse incorporating this time information and the hash value of the data to be transferred to the network and performing the electronic signature, it is possible to realize the time proof of the transferred data and the detection of falsification. That is, the function of an external certificate authority is necessary to perform time stamps and electronic signatures, whereas the present invention can guarantee the reliability of time and data by the uniqueness of the PUU and the QTK function. Therefore, in the present invention, time stamping can be performed autonomously without external help.
前述した「I.ネットワーク上の機器(端末、ノード)及び情報の確認(識別及び認証)」においては、機器に装着した本発明に係るPUU(物理的な複製が不可能な素子)が、PUU毎に異なる遷移をする識別数値を生成し、それを継続して管理する方法に依っている。しかし、この方法とは別に、本発明のPUUで生成される識別数値自体から機器(端末、ノード)及び情報(デジタルデータ)の識別・認証(時刻認証も含む)を行うことができる。 III. Identification / authentication of devices (terminals, nodes) and digital data on the network based on the identification values themselves generated by the PUU In “I. Confirmation of devices (terminals, nodes) and information on the network (identification and authentication)” Is based on a method in which a PUU (an element that cannot be physically duplicated) according to the present invention attached to a device generates an identification value that makes a different transition for each PUU and manages it continuously. However, apart from this method, identification / authentication (including time authentication) of equipment (terminal, node) and information (digital data) can be performed from the identification numerical value itself generated by the PUU of the present invention.
送信側端末では、計測した「現在のパルス数」(タイムスタンプの鍵を内在)をデジタルデータのハッシュ値とともにPUUに登録された初期識別数値で暗号化して管理側(受信側端末)に送信する。管理側(受信端末)では、暗号化されたデータの受信時刻(日時)を記録するとともに、その受信したデータを予め登録してあった初期識別数値で復号化して、「現在のパルス数」を得る。 First, authentication of a digital data transmission side terminal is performed as follows.
The transmitting side terminal encrypts the measured “current pulse number” (the key of the time stamp is included) with the initial identification value registered in the PUU together with the hash value of the digital data, and transmits it to the management side (receiving side terminal). . On the management side (receiving terminal), the reception time (date and time) of the encrypted data is recorded, and the received data is decrypted with an initial identification value registered in advance, and the “current pulse number” is set. obtain.
上記認証の詳細は、後述の実施例において説明する。 The management side (receiving terminal) first calculates a hash value of the received digital data, and decrypts the received encrypted hash value with an initial identification value registered in advance. If the calculated hash value matches the decrypted hash value, it is determined that the digital data is not falsified or leaked. That is, digital data is authenticated.
Details of the authentication will be described in an embodiment described later.
(実施例1)
図8は、センサネットワーク上の機器(センサーノード)6にPUUを取り付けたシステムの一実施例を示す。この実施例は、PUUの固有に遷移する識別数値に基づきセンサーノードのアクセスを制御するシステムを例示する。 IV. Application of PUU to network system (Example 1)
FIG. 8 shows an embodiment of a system in which a PUU is attached to a device (sensor node) 6 on the sensor network. This embodiment illustrates a system that controls access of a sensor node based on a PUU's unique transition identification number.
(1)初回のアクセス時に、センサーノードは、製造時のID(初期識別数値)に新規に生成したID(識別数値、以下同様)(N1)(現在のID)を付加してコントローラに送る。
(2)コントローラはノードから送付された製造時のIDが自身に登録されている製造時のIDと一致すればアクセスを許可する。と同時に、送付された新規なID(N1)を当該ノードの現在のIDとして登録(更新)する。
(3)次回のアクセス時では、センサーノードは、現在のID(前回のアクセス時に新規に生成したID(N1))に新規に生成したID(N2)(新規のID)を付加してコントローラに送る。
(4)コントローラはノードから送付された現在のIDが自身に登録されている現在のIDと一致すればアクセスと許可する。と同時に、送付された新規なID(N2)を当該ノードの現在のIDとして登録(更新)する。
上記のネットワーク処理においては、記述の通り、送受されるPUUの識別数値は特定のセンサーノードに固有のものであり、ネットワークの他のノードからの識別数値と衝突することはない。従って、遷移していく識別数値列を順次記録・確認していくことで、唯一性が担保されるアクセスコントロールが実現する。
(5)以後、同様に繰り返す。 The procedure for confirming the authenticity (uniqueness) of devices (nodes) on the network is as follows.
(1) At the first access, the sensor node adds a newly generated ID (identification numerical value, the same applies hereinafter) (N1) (current ID) to the manufacturing ID (initial identification numerical value), and sends it to the controller.
(2) The controller permits access if the manufacturing ID sent from the node matches the manufacturing ID registered in itself. At the same time, the sent new ID (N1) is registered (updated) as the current ID of the node.
(3) At the next access, the sensor node adds the newly generated ID (N2) (new ID) to the current ID (the ID (N1 newly generated at the previous access)) to the controller. send.
(4) The controller permits access if the current ID sent from the node matches the current ID registered in itself. At the same time, the sent new ID (N2) is registered (updated) as the current ID of the node.
In the above network processing, as described, the PUU identification value transmitted and received is specific to a specific sensor node, and does not collide with the identification value from other nodes of the network. Therefore, by sequentially recording and confirming the transition of the identifying numerical value sequence, access control that guarantees uniqueness is realized.
(5) Repeat thereafter.
図10は、端末(センサーノード)とサーバー(コントローラ)の双方にPUUを取り付けたシステムの一実施例を示す。端末(センサーノード)は、実施例1と同様に、ネットワークに接続されたユーザ(クライアント)側の機器を示し、サーバー(コントローラ)は、同じくネットワークに接続された管理(サーバー)側(又は他のユーザ側)の機器を示す。なお、ここで使用するPUUは、APG(パルス生成デバイス)を内蔵し、識別数値(乱数)データに整形して出力するタイプ(MQRNG(Micro Quantum Random Number Generator、超小型量子乱数発生器)という)を使用している。 (Example 2)
FIG. 10 shows an embodiment of a system in which PUUs are attached to both a terminal (sensor node) and a server (controller). Similarly to the first embodiment, a terminal (sensor node) indicates a user (client) side device connected to the network, and a server (controller) is a management (server) side (or other device) also connected to the network. User side device. The PUU used here has a built-in APG (Pulse Generation Device), which is shaped into identification numerical value (random number) data and output (called MQRNG (Micro Quantum Random Number Generator)) Is used.
(1)予め端末側とサーバー側の双方に共通鍵K1を登録するか、又は、端末側のPUUで生成した識別数値T1(乱数)をサーバー側に、サーバー側のPUUで生成した識別数値S1(乱数)を端末側に登録しておく。
(2)まず、端末の認証を行う。最初のアクセスの際に、端末側が生成した識別数値T2(乱数)で共通鍵K1又は識別数値T1を暗号化(XOR演算)し、また、生成した識別数値T2で前記識別数値S1を暗号化(XOR演算)し、これらの暗号化したデータをサーバー側に送信する。サーバー側では、受信した前者の暗号化データを手元の共通鍵K1又は識別数値T1でXOR演算して復号化すると、識別数値T2を取得できる。また後者の暗号化データを、取得した識別数値T2でXOR演算すると、識別数値S1を取得できる。この取得した識別数値S1と予めサーバー側に登録した識別数値S1と照合し確認することにより端末が認証される。併せて、取得した識別数値T2を鍵として記録する。
(3)次に、サーバーの認証を行う。サーバー側で新たに生成した識別数値S2(乱数)で、識別数値T1及び鍵として登録した識別数値T2をそれぞれ暗号化(XOR演算)し、これらの暗号化したデータを端末側に送信する。端末側では受信した前者の暗号化データを手元の識別数値T1でXOR演算して復号化すると、識別数値S2を取得できる。また後者の暗号化データを、取得した識別数値S2でXOR演算すると、識別数値T2を取得できる。この取得した識別数値T2と端末側の識別数値T2とを照合し確認することによりサーバーが認証される。併せて、取得した識別数値T2を鍵として記録する。
(4)次回以降は図のように交互に新たな識別数値を生成して、前回の識別数値で暗号化してそれを交換する。
(5)前回の識別数値を鍵として前回の鍵の確認ができれば受信した識別数値を新たな鍵として、自分の新しい識別数値を送信する。 In the illustrated embodiment, the procedure for authenticating authenticity (uniqueness) is as follows.
(1) A common key K1 is registered in advance on both the terminal side and the server side, or an identification value T1 (random number) generated by the PUU on the terminal side is stored on the server side, and an identification value S1 generated by the server side PUU (Random number) is registered on the terminal side.
(2) First, the terminal is authenticated. In the first access, the common key K1 or the identification value T1 is encrypted (XOR operation) with the identification value T2 (random number) generated by the terminal side, and the identification value S1 is encrypted with the generated identification value T2 ( XOR operation) and transmit these encrypted data to the server side. On the server side, when the former encrypted data received is decrypted by performing an XOR operation with the common key K1 or the identification value T1, the identification value T2 can be obtained. Further, when the latter encrypted data is XORed with the acquired identification value T2, the identification value S1 can be acquired. The terminal is authenticated by checking the obtained identification value S1 against the identification value S1 registered in advance on the server side. At the same time, the acquired identification value T2 is recorded as a key.
(3) Next, the server is authenticated. The identification numerical value S2 (random number) newly generated on the server side is used to encrypt (XOR operation) the identification numerical value T1 and the identification numerical value T2 registered as a key, and transmit these encrypted data to the terminal side. On the terminal side, when the former encrypted data received is decrypted by XOR operation with the identification value T1 at hand, the identification value S2 can be obtained. Further, when the latter encrypted data is XORed with the acquired identification value S2, the identification value T2 can be acquired. The server is authenticated by collating and confirming the acquired identification value T2 and the terminal-side identification value T2. At the same time, the acquired identification value T2 is recorded as a key.
(4) From the next time onward, new identification values are generated alternately as shown in the figure, encrypted with the previous identification values, and exchanged.
(5) If the previous identification value can be confirmed using the previous identification value as a key, the new identification value is transmitted using the received identification value as a new key.
これらとは逆にセンサーノードが正常に作動しているにも関わらず、アクセス拒否がなされた場合は、そのノードについて成りすましが行われた可能性があることが検知できる。 Also in this embodiment, the identification value of the PUU transmitted / received is specific to a specific sensor node, and does not collide with the identification value from other nodes of the network. Therefore, by sequentially recording and confirming the identification numerical sequence that is transitioning in both sides, access control that ensures the uniqueness of both sides of the network is realized.
On the contrary, if the access is denied even though the sensor node is operating normally, it can be detected that the node may have been impersonated.
図11は、センサーノードにPUUを取り付けたシステムの別の実施例を示す。この実施例では、時刻認証も行っている。なお、ノード側では、当初のパルス数(初期計測時のパルス数、初期パルス数)、当初日付(初期計測時の日付)、識別数値(初期識別数値)及び現在のパルス数をメモリ(PUUのメモリを含む)に記録する。サーバー側では、予め、前記ノードに対応してその当初のパルス数、当初日付、識別数値をマスターファイルまたは参照テーブル等に登録しておく。 (Example 3)
FIG. 11 shows another embodiment of a system in which a PUU is attached to a sensor node. In this embodiment, time authentication is also performed. On the node side, the initial pulse number (number of pulses at initial measurement, initial pulse number), initial date (date at initial measurement), identification value (initial identification value), and current pulse number are stored in memory (PUU (Including memory). On the server side, the initial number of pulses, the initial date, and the identification value are registered in advance in the master file or reference table corresponding to the node.
イ)データの作成者ではなく、第三者による改ざんの有無、時刻の証明が得られる。
ロ)否認防止が可能となる。第三者によって証明される秘密鍵による暗号化が行われるので、送信者以外に暗号化が不可能であるため、送信者はその送信を否認できない。 (1) Method by CA and TSA i) Proof of tampering and time by a third party, not the data creator.
B) Non-repudiation can be prevented. Since encryption is performed using a secret key certified by a third party, encryption cannot be performed by anyone other than the sender, and therefore the sender cannot deny the transmission.
イ)外部にCAやTSAを置かないので、第三者証明は存在しない。ただし送信者のPUUは唯一性があるので、第三者の証明がなくても、送信者を証明できる。
ロ)識別数値はあらかじめ受信者に送られており、証明付きメッセージには含まれていないため、識別数値とハッシュの両方を改ざんして、途中改ざんの判別をすりぬけることができない。
ハ)タイムスタンプにおいても、メッセージに当初パルス数が含まれていないため、途中でパルス数を改ざんして日付をいつわることができない。
ニ)送信者は唯一性のある識別数値で暗号化を行っているので、自己の送信を否認できない。
ホ)受信者以外の改ざんを防止できるので自動車の車内ネット(CAN)等のような技術的なデータ通信には十分な機能となる(外部からの攪乱予防が目的)。 (2) Method by PUU i) Since no CA or TSA is placed outside, there is no third party certification. However, since the sender's PUU is unique, it is possible to prove the sender without the third party's certification.
B) Since the identification value is sent to the recipient in advance and is not included in the message with the certificate, it is impossible to pass through the identification value and the hash to determine whether it has been tampered with in the middle.
C) Even in the time stamp, since the number of pulses is not initially included in the message, the date cannot be changed by altering the number of pulses in the middle.
D) Since the sender is encrypting with a unique identification number, the sender cannot refuse the transmission.
E) Since it is possible to prevent tampering by anyone other than the receiver, the function is sufficient for technical data communication such as in-car nets (CAN) of automobiles (for the purpose of preventing disturbance from the outside).
図12A乃至図22は、ネットワークに接続された送信側の端末(ノード、機器)及び受信側の端末(ノード、機器)の双方に本発明に係るPUUを取り付け、情報(デジタルデータ)を送受するシステムの一実施例を示す。この実施例におけるPUUには、被識別対象の総数(素子(パルス生成デバイス又はPUU)の総数+双方の通信の利用期間を通じた総通信回数)を十分に上回る原子数の放射性同位元素が含有されている。なお、送信側、受信側の区別は便宜的で、双方向通信の場合は、それぞれの端末が送受信可能な端末であって、送信側端末となることも、受信側端末となることもできる。 Example 4
FIG. 12A to FIG. 22 attach PUUs according to the present invention to both a transmission-side terminal (node, device) and a reception-side terminal (node, device) connected to the network, and transmit / receive information (digital data). 1 shows an example of a system. The PUU in this embodiment contains a radioisotope having an atomic number sufficiently exceeding the total number of objects to be identified (the total number of elements (pulse generation devices or PUUs) + the total number of communication over the communication usage period of both). ing. Note that the distinction between the transmission side and the reception side is convenient, and in the case of bidirectional communication, each terminal is a terminal that can transmit and receive, and can be a transmission side terminal or a reception side terminal.
予め送受信双方の側の端末のメモリ(端末に内蔵のメモリでも、PUU内蔵のメモリでも可)には、自己の識別符号(送信側P1)、共通鍵(K1)、通信の相手方の識別符号(受信側P2)を登録しておく。なお、送信側、受信側は図12A(送信側)及び図12B(受信側)は、これらのデータをテーブルの形式で保有する場合を例示する。なお、端末の識別符号はPUUの初期識別数値で表すことができる。 The terminal identification / authentication and information authentication will be described in detail below in accordance with the illustrated embodiment.
The memory of the terminal on both sides of the transmission / reception (the memory built in the terminal or the memory built in the PUU may be used) has its own identification code (transmission side P1), common key (K1), identification code of the communication partner ( Register the receiving side P2). Note that FIG. 12A (transmission side) and FIG. 12B (reception side) on the transmission side and reception side exemplify a case where these data are held in the form of a table. The terminal identification code can be represented by an initial identification value of the PUU.
まず、送信側端末では、図13に示すように、送信側端末のPUUで生成された識別数値(CA1)(通信識別数値という)で図12Aに示すテーブルの自己の識別符号(P1)を暗号化(XOR演算)して暗号化された相互識別数値(RA1)を生成する。また、識別数値(CA1)で共通鍵(K1)をXOR演算することにより暗号化された通信識別数値(CCA1)を生成する。暗号化された相互識別数値(RA1)と通信識別数値(CCA1)は受信側端末に送信される。 <Authentication of partner terminal>
First, as shown in FIG. 13, the transmission side terminal encrypts its own identification code (P1) in the table shown in FIG. 12A with the identification value (CA1) (referred to as communication identification value) generated by the PUU of the transmission side terminal. (XOR operation) to generate an encrypted mutual identification value (RA1). Further, an encrypted communication identification value (CCA1) is generated by XORing the common key (K1) with the identification value (CA1). The encrypted mutual identification value (RA1) and communication identification value (CCA1) are transmitted to the receiving terminal.
相手側(受信側端末)と新規に通信を行う際には、図17に示すように、まず送信側端末で、その端末のPUUで新たな通信識別数値(CA2)を自動的に生成させ、この新たな通信識別数値(CA2)で、相手方との相互通信コード(図16)の相手方端末の通信識別数値(CB1’)および受信側の復号化された識別符号(P2’)をXOR演算することにより暗号化された新通信識別数値(CCA2)および識別符号(RA2)を生成し、これらを相手方に送信する。なお、相手方との相互通信コードは、直前の<相手方端末の識別>の際に作成されたものを使用する。 <Key exchange>
When newly communicating with the other party (receiving terminal), as shown in FIG. 17, first, the transmitting terminal automatically generates a new communication identification value (CA2) with the PUU of the terminal, With this new communication identification value (CA2), the communication identification value (CB1 ′) of the partner terminal of the mutual communication code (FIG. 16) with the other party and the decoded identification code (P2 ′) of the receiving side are XORed. Thus, the encrypted new communication identification value (CCA2) and identification code (RA2) are generated and transmitted to the other party. The intercommunication code with the other party is the one created at the time of <identification of the other party terminal>.
送信側及び受信側それぞれの端末を認証し暗号鍵の交換を行った後に、送信側の端末は情報としてのデジタルデータを前記の暗号鍵の交換の際にその端末で生成された識別数値(CA2)(送信側の「相互通信コード」に記録されている)を用いて暗号化し受信側の端末に送り、受信側の端末は受け取った暗号化されたデジタルデータを暗号鍵の交換の際に暗号鍵として登録した識別数値(CA2’)(受信側の「相互通信コード」に記録されている)を用いてデジタルデータを復号化する(図22参照)。 <Data communication>
After authenticating the terminals on the transmitting side and the receiving side and exchanging the encryption key, the terminal on the transmitting side uses the identification numerical value (CA2) generated by the terminal at the time of exchanging the encryption key as digital data as information. ) (Which is recorded in the “Intercommunication Code” on the sending side) and sent to the receiving terminal. The receiving terminal encrypts the received encrypted digital data when the encryption key is exchanged. The digital data is decrypted using the identification numerical value (CA2 ′) registered in the key (recorded in the “mutual communication code” on the receiving side) (see FIG. 22).
前述したQtag(PUUの応用形態の一例で、パルス生成デバイス(APG)とメモリにより構成され、電源を持たないモデル、図7参照)の応用実例として、図23に、家庭内での家電品の接続ネットワーク管理の事例をあげる。すなわち、Qtagをホームネットワーク機器に組み込んで(内蔵又は外付け)マッピングに利用した事例を示す。 (Example 5)
As an application example of the above-mentioned Qtag (an example of an application form of PUU, a model that includes a pulse generation device (APG) and a memory and does not have a power supply, see FIG. 7), FIG. 23 shows household appliances in the home. Give examples of connection network management. That is, a case where Qtag is incorporated in a home network device (internal or external) and used for mapping is shown.
図24に、NFC(Near Field Communication、近距離無線通信)タグやICカードに本発明に係るPUU素子(APGモジュール)を組み合わせた短距離無線通信タイプのデバイス(以下QNFCタグという)を例示する。 (Example 6)
FIG. 24 illustrates a short-range wireless communication type device (hereinafter referred to as a QNFC tag) in which an NFC (Near Field Communication) tag or an IC card is combined with a PUU element (APG module) according to the present invention.
図25に、RFIDにPUU素子を組み込んだデバイスを用いて、航空機の製造、運用、整備、修理における部品管理(図示実施例ではハンディターミナルが使用されている)を行う場合の実施例を示す。図示実施例では、QNFCタグを部品に組み込む。これにより、部品管理などで偽造品や模造品と真正品の識別ができる。パルスが無線で引き出せるので、機械装置、航空機、車両などの部品管理において、装着部品を読取装置の上にしばらくおけば、部品が真正なものであることが確実に証明される。 (Example 7)
FIG. 25 shows an embodiment in the case of performing parts management (in the illustrated embodiment, a handy terminal is used) in aircraft manufacturing, operation, maintenance, and repair using a device in which a PUU element is incorporated in an RFID. In the illustrated embodiment, a QNFC tag is incorporated into the part. As a result, counterfeit products, counterfeit products, and genuine products can be identified by component management. Since the pulse can be pulled out wirelessly, in parts management for mechanical devices, aircraft, vehicles, etc., if the mounted part is placed on the reading device for a while, it is reliably proved that the part is authentic.
前述のQtagは電源を持たず、APGとメモリで構成されるPUUのモデルであるが、図26に示すユニットは、電源を装着し、APGとPIC(Peripheral Interface Controller、周辺機器接続性制御用IC)を有し、PICにより識別関数演算の可能なPUUのモデルである。 (Example 8)
The above-mentioned Qtag is a PUU model that does not have a power supply and is composed of an APG and a memory. However, the unit shown in FIG. 26 is equipped with a power supply, and the APG and PIC (Peripheral Interface Controller, peripheral device connectivity control IC). ) And a PUU model that can perform a discrimination function calculation by PIC.
図27は、実施例8に係るユニットを、インターネットバンキング用個人認証に適用した事例を示す。図示において、端末側の量子認証ユニット(QAU)(及びサーバー側の量子コミュニケーションユニット(QCU))が、実施例8に係るユニットに対応する。なお、量子認証とは、本願発明に係る、放射性同位元素の自然崩壊を利用した唯一性に基づく認証機能を称している。 Example 9
FIG. 27 shows a case where the unit according to the eighth embodiment is applied to personal authentication for Internet banking. In the figure, a terminal-side quantum authentication unit (QAU) (and a server-side quantum communication unit (QCU)) corresponds to the unit according to the eighth embodiment. Note that quantum authentication refers to an authentication function based on uniqueness using the natural decay of a radioisotope according to the present invention.
図28に、MPUと十分なメモリを備えて、高度な計算能力があり認証を行えるタイプのPUUを示す。このユニットは、APG、メモリ、MPU、I/Oインターフェイス等で構成され、高度な検証機能や証明機能を必要とされる用途向けのモデルである。実施例8に係るユニット(PICタイプ)と同様にバックグラウンドで測定を続けているために、必要なパラメータが常に用意できる。このユニットは次のような特徴を有する。
・常時電源で作動。
・A/Dコンバータを内蔵し、エネルギー分布の精密な区分ができるので短時間でより多くの識別数値(乱数)を生成できる。
・継続的な測定値を保存する十分なメモリ容量がある。
・電子署名のためのハッシュ計算が行えるCPU機能がある。
・ネットワークを常時流れるデータに対して、ノードの正当性を付加できる。
・そのノードで生成された測定値や他から証明要請のあったデータに対して、唯一性や時刻認証などを証明する署名を自律的に演算して付与できる量子認証機能が実現される。 (Example 10)
FIG. 28 shows a type of PUU that has an MPU and sufficient memory, has a high computational capacity, and can perform authentication. This unit is composed of an APG, a memory, an MPU, an I / O interface, and the like, and is a model for applications that require advanced verification functions and certification functions. Since the measurement is continued in the background in the same manner as the unit (PIC type) according to the eighth embodiment, necessary parameters can always be prepared. This unit has the following characteristics.
-Operates with a constant power supply.
-Built-in A / D converter enables precise classification of energy distribution, so more identification numbers (random numbers) can be generated in a short time.
• There is sufficient memory capacity to store continuous measurements.
There is a CPU function that can perform hash calculation for electronic signatures.
-Node validity can be added to data that always flows through the network.
A quantum authentication function is realized that can autonomously calculate and assign a signature that proves uniqueness, time authentication, etc., to a measurement value generated at that node or data requested by others.
図29は、実施例10に係るユニットを、自動車の車内情報ネットワークのセキュリティに適用した事例を示す(車載LANのアーキテクチャはIPAの資料に基づく)。 (Example 11)
FIG. 29 shows an example in which the unit according to the tenth embodiment is applied to the security of an in-vehicle information network of an automobile (the architecture of the in-vehicle LAN is based on IPA data).
This application claims priority from Japanese Patent Application No. 2015-113609 filed on June 4, 2015 and Japanese Patent Application No. 2016-110314 filed on June 1, 2016. The contents of which are incorporated herein by reference.
Claims (15)
- 被識別対象の総数よりも多い数の原子を有する放射性同位元素を含む放射体とその放射体から原子核の自然崩壊で放出されるα粒子、ベータ線及び/又はγ線(以下α粒子等という)を検出し電気パルスを生成する検出器とを備えたパルス生成デバイスと、予め、そのパルス生成デバイスで生成された電気パルスを所定の期間計測することで得たパルス数(以下、初期パルス数という)とその測定日付、ならびにその電気パルスのパルス間隔を数値化した識別数値(以下、初期識別数値という)とを記憶するメモリとを備えた装置を備え、そのパルス生成デバイスから生成される電気パルスの波高値をA/D変換した複数個の識別数値と、前記電気パルスのパルス間隔を数値化した複数個の識別数値とをマトリックスに配置して、それぞれの識別数値の組み合わせを付加、加算、乗算または2進数変換後XOR演算することにより、任意の個数の識別数値を生成する装置。 An emitter containing a radioisotope having a larger number of atoms than the total number of objects to be identified, and alpha particles, beta rays and / or γ rays (hereinafter referred to as α particles, etc.) emitted from the emitters due to the natural decay of the nucleus. And a pulse generation device comprising a detector for generating an electric pulse and a pulse number obtained by measuring in advance a predetermined period of the electric pulse generated by the pulse generation device (hereinafter referred to as the initial pulse number) ) And its measurement date, and a memory for storing an identification value (hereinafter referred to as an initial identification value) in which the pulse interval of the electric pulse is digitized, and an electric pulse generated from the pulse generating device A plurality of identification values obtained by A / D converting the crest values of the signal and a plurality of identification values obtained by quantifying the pulse intervals of the electric pulses are arranged in a matrix, Adding a combination of different numbers, addition, multiplication, or by XOR operation after binary conversion apparatus for generating an identification value for an arbitrary number.
- 請求項1に記載の装置であって、
前記放射体と前記検出器とを備えた前記パルス生成デバイスと、前記メモリとを備えた装置を複数個設け、これらの複数個の装置からそれぞれ生成された電気パルスのパルス間隔を数値化した複数個の識別数値を付加、加算、乗算または2進数変換後XOR演算することにより任意の個数の識別数値を高速に生成し、あるいは、これらの装置の各々で生成した複数個の数値を複数次元マトリックスに配置して、それぞれの数値の組み合わせを付加、加算、乗算またはXOR演算することにより任意の個数の識別数値を高速に生成する装置。 The apparatus of claim 1, comprising:
A plurality of devices each including the pulse generation device including the radiator and the detector and the memory, and a plurality of pulse intervals of electric pulses generated from the plurality of devices are quantified. An arbitrary number of identification values can be generated at high speed by adding, adding, multiplying, or binary conversion and adding a number of identification values, or a plurality of numerical values generated by each of these devices can be generated in a multi-dimensional matrix. An apparatus for generating an arbitrary number of identification numerical values at high speed by adding, adding, multiplying, or XORing a combination of numerical values. - デジタルデータを含む情報を無線又は有線で送受する少なくとも2つの端末、機器等を含むシステムであって、その端末の一方又は双方に、請求項1または2に記載の装置を備え、その装置の識別数値を、当該端末、機器等の認証及び/又は前記情報の検証のために用いたシステム。 A system including at least two terminals, devices, and the like that transmit and receive information including digital data wirelessly or by wire, the apparatus according to claim 1 or 2 being provided in one or both of the terminals, and identification of the apparatus A system in which numerical values are used for authentication of the terminal or device and / or verification of the information.
- 情報を無線又は有線で送受する少なくとも2つの端末を含み、一方の端末は、請求項1または2に記載の装置を備え、他方の端末は、一方の端末の初期識別数値を予め登録し、一方の端末は、初回のアクセスの際に、前記初期識別数値とその一方の端末で生成した新たな識別数値(N1)とを他方の端末に送り、その他方の端末は、送られてきた初期識別数値を登録してあった初期識別数値と照合し、一致していることを確認すると前記一方の端末を真正であると認証し、併せて、送られてきた前記新たな識別数値(N1)を現在の識別数値として登録し、次回以降のアクセスは、その一方の端末で前回のアクセスの際に生成された識別数値(N1)(現在の識別数値)と、これとは別に新たに生成された識別数値(N2)(新規の識別数値)とを他方の端末に送り、他方の端末は、送られてきた前記識別数値(N1)(現在の識別数値)と登録してあった現在の識別数値と照合し、一致していることを確認すると前記一方の端末を真正であると認証し、併せて、送られてきた前記識別数値(N2)(新規の識別数値)で登録してあった現在の識別数値を更新する、システム。 Including at least two terminals that transmit and receive information wirelessly or by wire, one terminal comprising the device according to claim 1 or 2, wherein the other terminal pre-registers an initial identification value of one terminal, When the first terminal accesses for the first time, the initial identification value and the new identification value (N1) generated by one of the terminals are sent to the other terminal, and the other terminal sends the initial identification value that has been sent. When the numerical value is compared with the registered initial identification value and confirmed to match, the one terminal is authenticated as authentic, and the sent new identification value (N1) is also sent. Registered as the current identification number, and the next and subsequent accesses are newly generated separately from the identification number (N1) (current identification number) generated at the previous access at one terminal Identification number (N2) (New identification number ) To the other terminal, and the other terminal compares the sent identification number (N1) (current identification number) with the registered current identification number and confirms that they match. Upon confirmation, the one terminal is authenticated as authentic, and the current identification value registered with the received identification value (N2) (new identification value) is also updated.
- 情報を無線又は有線で送受する少なくとも2つの端末を含み、その2つの端末各々に請求項1または2に記載の装置を組み込み、予め双方の端末に共通鍵(K1)を保有させ、
初回のセッション時に、送信側の端末はその端末の識別符号(P1)とその端末に保有の共通鍵(K1)とをその端末で生成した識別数値(CA1)で暗号化して受信側の端末に送り、
受信側の端末は受け取った暗号化された共通鍵を受信側端末が保有する共通鍵(K1)で復号化して識別数値(CA1’)を取得し、暗号化された識別符号を復号化した識別数値(CA1’)で復号化して復号化された識別符号(P1’)を取得し、復号化された識別数値(CA1’)と識別符号(P1’)とをその端末で生成した識別数値(CB1)とともに登録し、また、受信側の端末はその端末の識別符号(P2)とその端末に保有の共通鍵(K1)とをそれぞれその端末で生成した識別数値(CB1)で暗号化して送信側の端末に送り、
送信側の端末は受け取った暗号化された共通鍵を送信側端末が保有する共通鍵(K1)で復号化して識別数値(CB1’)を取得し、暗号化された識別符号(P2)を復号化した識別数値(CB1’)で復号化して復号化された識別符号(P2’)を取得し、復号化された識別数値(CB1’)と識別符号(P2’)とをその端末で生成した前記識別数値(CA1)とともに登録し、
送信側の端末は、前記登録した識別符号(P2’)と識別数値(CB1’)とをその端末で新たに生成した識別数値(CA2)を暗号鍵として暗号化し受信側の端末に送り、
受信側の端末は受け取った暗号化された識別数値をその受信側の端末で生成した識別数値(CB1)で復号化して識別数値(CA2’)を取得し、暗号化された識別符号を復号化した識別数値(CA2’)で復号化して復号化された識別符号(P2”)を取得し、その取得した識別符号(P2”)を、その受信側の端末の識別符号(P2)と照合し一致していることを確認すると前記送信側の端末が真正であることを認証し、前記登録した識別符号(P1’)について、前記登録した復号化された暗号鍵としての識別数値(CA1’)を復号化された識別数値(CA2’)に更新し、
同様に、受信側の端末は、前記登録した識別符号(P1’)と識別数値(CA1’)とをその端末で新たに生成した識別数値(CB2)を暗号鍵として暗号化し送信側の端末に送り、
送信側の端末は受け取った暗号化された識別数値をその送信側の端末で生成した前記識別数値(CA1)で復号化して識別数値(CB2’)を取得し、暗号化された識別符号を復号化した識別数値(CB2’)で復号化して復号化された識別符号(P1”)を取得し、その取得した識別符号(P1”)を、その送信側の端末の識別符号(P1)と照合し一致していることを確認すると前記受信側の端末が真正であることを認証し、前記登録した識別符号(P2’)について、前記登録した復号化された暗号鍵としての識別数値(CB1’)を復号化された識別数値(CB2’)に更新することによって、暗号鍵の交換を行い、
次回以降のセッションでは、共通鍵(K1)に替えて、更新された送信側の暗号鍵としての識別数値(CB2’,…)及び更新された受信側の暗号鍵としての識別数値(CA2’,…)と送信側及び受信側のそれぞれの端末で登録した相手側の識別符号(P1、P2)とを送信側及び受信側のそれぞれの端末で新たに生成した識別数値を用いて暗号化して他方の端末に送り、その後は、初回のセッションと同様にして、暗号鍵の交換を行う、システム。 Including at least two terminals that transmit and receive information wirelessly or by wire, each of the two terminals including the device according to claim 1 or 2 and having both terminals hold a common key (K1) in advance,
At the first session, the transmitting terminal encrypts the terminal identification code (P1) and the common key (K1) held by the terminal with the identification value (CA1) generated by the terminal, and sends it to the receiving terminal. Send,
The receiving terminal decrypts the received encrypted common key with the common key (K1) held by the receiving terminal to obtain an identification value (CA1 ′), and decrypts the encrypted identification code The identification code (P1 ′) decoded by the numerical value (CA1 ′) is obtained, and the decoded identification value (CA1 ′) and the identification code (P1 ′) generated by the terminal are obtained ( CB1) is registered, and the receiving terminal encrypts the terminal identification code (P2) and the common key (K1) held by the terminal with the identification numerical value (CB1) generated by the terminal and transmits it. To the other terminal,
The transmitting terminal decrypts the received encrypted common key with the common key (K1) held by the transmitting terminal to obtain the identification value (CB1 ′), and decrypts the encrypted identification code (P2) The identification code (P2 ') obtained by decoding with the converted identification value (CB1') is obtained, and the decoded identification value (CB1 ') and the identification code (P2') are generated at the terminal Register with the identification number (CA1),
The transmitting terminal encrypts the registered identification code (P2 ′) and the identification numerical value (CB1 ′) with the identification numerical value (CA2) newly generated by the terminal as an encryption key, and sends it to the receiving terminal.
The receiving terminal decrypts the received encrypted identification value with the identification value (CB1) generated by the receiving terminal to obtain the identification value (CA2 ′), and decrypts the encrypted identification code The decoded identification code (P2 ″) is obtained by decoding with the identification number (CA2 ′), and the obtained identification code (P2 ″) is collated with the identification code (P2) of the receiving terminal. If it matches, it authenticates that the said terminal of the transmission side is authentic, and about the said registered identification code (P1 '), the identification numerical value (CA1') as said registered decrypted encryption key To the decrypted identification number (CA2 ′),
Similarly, the receiving terminal encrypts the registered identification code (P1 ′) and identification numerical value (CA1 ′) with the identification numerical value (CB2) newly generated by the terminal as an encryption key, and sends it to the transmitting terminal. Send,
The transmitting terminal decrypts the received encrypted identification value with the identification value (CA1) generated by the transmitting terminal to obtain the identification value (CB2 ′), and decrypts the encrypted identification code The decoded identification code (P1 ″) is obtained by decoding with the converted identification value (CB2 ′), and the obtained identification code (P1 ″) is collated with the identification code (P1) of the terminal on the transmission side If it is confirmed that they match, the terminal on the receiving side is authenticated to be authentic, and the registered identification code (P2 ′) is identified as an identification numerical value (CB1 ′) as the registered decrypted encryption key. ) Is updated to the decrypted identification value (CB2 ′) to exchange the encryption key,
In the next and subsequent sessions, instead of the common key (K1), the identification value (CB2 ′,...) As the updated transmission side encryption key and the identification value (CA2 ′,. ...) and the other party's identification codes (P1, P2) registered in the respective terminals on the transmitting side and the receiving side are encrypted using the identification numbers newly generated in the respective terminals on the transmitting side and the receiving side, and the other After that, the system exchanges encryption keys in the same way as the first session. - 請求項5に記載のシステムにおいて、送信側及び受信側それぞれの端末を認証し暗号鍵の交換を行った後に、送信側の端末は情報としてのデジタルデータを前記の暗号鍵の交換の際にその端末で生成された識別数値(CA2)を用いて暗号化し受信側の端末に送り、受信側の端末は受け取った暗号化されたデジタルデータを暗号鍵の交換の際に暗号鍵として登録した識別数値(CA2’)を用いてデジタルデータを復号化する、システム。 6. The system according to claim 5, wherein after the terminals on the transmission side and the reception side are authenticated and the encryption key is exchanged, the terminal on the transmission side receives the digital data as information when the encryption key is exchanged. The identification value (CA2) generated at the terminal is encrypted and sent to the receiving terminal, and the receiving terminal registers the received encrypted digital data as an encryption key when exchanging the encryption key. A system for decoding digital data using (CA2 ′).
- 請求項1または2に記載の装置を備え、その装置で生成するパルス数を所定の時間計測して得たカウント値と前記装置のメモリに記録された初期パルス数とその測定日付に基き、前記カウント値の計測時の時刻を推定し、その推定した時刻を時刻認証のタイムスタンプとして利用するようにした装置。 The apparatus according to claim 1 or 2, and based on a count value obtained by measuring a number of pulses generated by the apparatus for a predetermined time, an initial pulse number recorded in a memory of the apparatus, and a measurement date thereof, A device that estimates the time when the count value is measured, and uses the estimated time as a time stamp for time authentication.
- 請求項1または2に記載の装置を備え、その装置で生成するパルス数を所定の時間計測して得たカウント値と前記装置のメモリに記録された初期パルス数とに基づき、前記初期パルス数の計測時から前記カウント値の計測時までの経過時間を推定し、その経過時間に基づき検出器の有効利用期限を判断するようにした装置。 The apparatus according to claim 1 or 2, wherein the initial pulse number is based on a count value obtained by measuring the number of pulses generated by the apparatus for a predetermined time and an initial pulse number recorded in the memory of the apparatus. An apparatus that estimates the elapsed time from the time of measurement to the time of measurement of the count value and determines the effective use time limit of the detector based on the elapsed time.
- 請求項1または2に記載の装置であって、前記検出器は、前記放射体を内側に囲むように設け、放射線の検出効率を改良し、あるいは前記放射体を複数の検出器で内側に囲むように設けて、複数の検出器から並行して電気パルスを生成できるように改良した装置。 3. The apparatus according to claim 1 or 2, wherein the detector is provided so as to surround the radiator so as to improve radiation detection efficiency, or the radiator is surrounded by a plurality of detectors. The apparatus improved so that an electric pulse could be generated in parallel from a plurality of detectors.
- デジタルデータを無線又は有線で送受する少なくとも2つの端末を含むシステムであって、少なくとも送信側の端末に、請求項1または2に記載の装置を備え、その装置の初期パルス数、初期計測時の日付、初期識別数値を送信側に予め登録し、
送信側の端末は、デジタルデータに対しハッシュ関数による計算を行ってそのデジタルデータのハッシュ値を求め、そのハッシュ値を前記初期識別数値で暗号化し、その暗号化されたハッシュ値と、平文のデジタルデータ又は前記初期識別数値で暗号化したデジタルデータとともに受信側の端末に送信し、
受信側の端末は、送られてきた暗号化されたハッシュ値を、その端末に登録してある前記初期識別数値を用いて復号化し、また、送られてきたデジタルデータを、又は暗号化されたデジタルデータを前記初期識別信号で復号化して得たデジタルデータに対し、送信側と同じハッシュ関数によるハッシュ計算を行ってそのデジタルデータのハッシュ値を求め、これを前記復号化されたハッシュ値と比較照合することによって、当該デジタルデータの改ざんの有無を判定することのできる、システム。 A system including at least two terminals for transmitting and receiving digital data wirelessly or by wire, wherein the apparatus according to claim 1 or 2 is provided at least on a transmission side terminal, and the number of initial pulses of the apparatus at the time of initial measurement Register the date and initial identification number in advance on the sender side,
The transmitting terminal calculates the hash value of the digital data by calculating the hash value of the digital data with respect to the digital data, encrypts the hash value with the initial identification value, the encrypted hash value, and the plaintext digital Data or digital data encrypted with the initial identification value and sent to the receiving terminal,
The terminal on the receiving side decrypts the transmitted encrypted hash value using the initial identification value registered in the terminal, and the transmitted digital data or encrypted The digital data obtained by decrypting the digital data with the initial identification signal is subjected to a hash calculation using the same hash function as the transmission side to obtain a hash value of the digital data, and this is compared with the decrypted hash value A system that can determine whether the digital data has been tampered with by collating. - 請求項10に記載のシステムにおいて、送信側の端末は、更に、前記装置の、現在のパルス数を計測し、そのパルス数を前記ハッシュ値とともにその端末の前記初期識別数値で暗号化して受信側の端末に送り、受信側の端末は、その送られてきた暗号化されたデータの受信日時を登録するとともに、その暗号化されたデータから、その端末に登録された前記初期識別数値を使用して、現在のパルス数を復号化し、復号化された現在のパルス数を、その端末に登録された前記初期パルス数と比較することに依って、前記装置の初期計測時からの経過時間を推定し、その推定された経過時間と前記登録された初期計測時の日付とから現在のパルスの計測時刻を算出し、その算出された計測時刻と前記登録した受信日時を照合することによって時刻認証を行う、システム。 11. The system according to claim 10, wherein the transmitting terminal further measures the current pulse number of the device, encrypts the pulse number together with the hash value with the initial identification value of the terminal, and receives on the receiving side. The receiving terminal registers the reception date and time of the encrypted data sent and uses the initial identification value registered in the terminal from the encrypted data. The elapsed time from the initial measurement time of the device is estimated by decoding the current pulse number and comparing the decoded current pulse number with the initial pulse number registered in the terminal. Then, the current pulse measurement time is calculated from the estimated elapsed time and the registered date of the initial measurement, and the calculated measurement time is compared with the registered reception date and time. Perform authentication, system.
- 請求項1または2に記載の装置を装着し、内蔵し又は一体に構成した、短距離無線通信機能を有する、ICカード、NFC素子等の装置。 A device such as an IC card or an NFC element having a short-range wireless communication function, which is equipped with the device according to claim 1 or 2 and is built in or integrally formed.
- 請求項1または2に記載の装置であって、PIC又はMPUを内蔵しまたは一体に構成し、装置内部で関数演算ができる装置。 3. The apparatus according to claim 1 or 2, wherein a PIC or MPU is built in or integrally configured, and a function operation can be performed inside the apparatus.
- 請求項1または2に記載の装置であって、その装置が組み込まれる市場の規模、例えばその市場で使用される機器及び装置の総数に合わせて、原子数を決定した装置。 The apparatus according to claim 1 or 2, wherein the number of atoms is determined in accordance with a scale of a market in which the apparatus is incorporated, for example, a total number of devices and apparatuses used in the market.
- 請求項14の装置であって、組み込む原子を210Pb-210POおよび241Amとする装置。
The apparatus according to claim 14, wherein the atoms to be incorporated are 210 Pb- 210 PO and 241 Am.
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020177037543A KR102558073B1 (en) | 2015-06-04 | 2016-06-02 | Uniqueness-attaining apparatus that utilizes spontaneous decay of radioisotope |
US15/578,475 US10708044B2 (en) | 2015-06-04 | 2016-06-02 | Pulse generation device using a radioisotope and authentication system |
CN201680032676.6A CN107852329B (en) | 2015-06-04 | 2016-06-02 | Device for achieving uniqueness by utilizing spontaneous decay of radioisotopes |
EP16802822.3A EP3306854B1 (en) | 2015-06-04 | 2016-06-02 | Uniqueness-attaining apparatus that utilizes spontaneous decay of radioisotope |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2015-113609 | 2015-06-04 | ||
JP2015113609 | 2015-06-04 | ||
JP2016110314A JP6321723B2 (en) | 2015-06-04 | 2016-06-01 | A device that realizes uniqueness using the natural decay of radioisotopes |
JP2016-110314 | 2016-06-01 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016194382A1 true WO2016194382A1 (en) | 2016-12-08 |
Family
ID=57441194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2016/002682 WO2016194382A1 (en) | 2015-06-04 | 2016-06-02 | Uniqueness-attaining apparatus that utilizes spontaneous decay of radioisotope |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2016194382A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017209275A1 (en) * | 2016-06-02 | 2017-12-07 | 日本ユニシス株式会社 | System, method, and program for authentication, and storage medium with program stored therein |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5987483A (en) * | 1997-01-13 | 1999-11-16 | Leybold Systems Gmbh | Random number generator based on directional randomness associated with naturally occurring random events, and method therefor |
JP2000339270A (en) * | 1999-05-26 | 2000-12-08 | Nec Software Kyushu Ltd | User mutual authentication system, method therefor and recording medium |
JP2003198541A (en) * | 2001-12-28 | 2003-07-11 | Matsushita Electric Ind Co Ltd | Data verification system and device therefor |
WO2004032098A1 (en) * | 2002-10-07 | 2004-04-15 | Kobayashi, Akira | Pseudo-random number generation method and pseudo-random number generator |
JP2005282346A (en) * | 2004-03-02 | 2005-10-13 | Tsuyusaki Norihei | Certification system and method using random pulse generator |
WO2010010519A1 (en) * | 2008-07-23 | 2010-01-28 | Nxp B.V. | Time-measurement device for applications without power source |
WO2011117929A1 (en) * | 2010-03-26 | 2011-09-29 | 富士通株式会社 | Random number generator, encryption device and recognition device |
JP2012509488A (en) * | 2008-11-18 | 2012-04-19 | クロメック リミテッド | Tracking device, system and method |
WO2014041836A1 (en) * | 2012-09-12 | 2014-03-20 | 三菱電機株式会社 | Radioactivity analysis device |
-
2016
- 2016-06-02 WO PCT/JP2016/002682 patent/WO2016194382A1/en active Application Filing
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5987483A (en) * | 1997-01-13 | 1999-11-16 | Leybold Systems Gmbh | Random number generator based on directional randomness associated with naturally occurring random events, and method therefor |
JP2000339270A (en) * | 1999-05-26 | 2000-12-08 | Nec Software Kyushu Ltd | User mutual authentication system, method therefor and recording medium |
JP2003198541A (en) * | 2001-12-28 | 2003-07-11 | Matsushita Electric Ind Co Ltd | Data verification system and device therefor |
WO2004032098A1 (en) * | 2002-10-07 | 2004-04-15 | Kobayashi, Akira | Pseudo-random number generation method and pseudo-random number generator |
JP2005282346A (en) * | 2004-03-02 | 2005-10-13 | Tsuyusaki Norihei | Certification system and method using random pulse generator |
WO2010010519A1 (en) * | 2008-07-23 | 2010-01-28 | Nxp B.V. | Time-measurement device for applications without power source |
JP2012509488A (en) * | 2008-11-18 | 2012-04-19 | クロメック リミテッド | Tracking device, system and method |
WO2011117929A1 (en) * | 2010-03-26 | 2011-09-29 | 富士通株式会社 | Random number generator, encryption device and recognition device |
WO2014041836A1 (en) * | 2012-09-12 | 2014-03-20 | 三菱電機株式会社 | Radioactivity analysis device |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017209275A1 (en) * | 2016-06-02 | 2017-12-07 | 日本ユニシス株式会社 | System, method, and program for authentication, and storage medium with program stored therein |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6321723B2 (en) | A device that realizes uniqueness using the natural decay of radioisotopes | |
US11153098B2 (en) | Systems, devices, and methods for recording a digitally signed assertion using an authorization token | |
US11444769B2 (en) | Systems, devices, and methods for signal localization and verification of sensor data | |
US11240040B2 (en) | Systems, devices, and methods for recording a digitally signed assertion using an authorization token | |
Guajardo et al. | Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions | |
WO2020185582A1 (en) | Methods and systems for implementing an anonymized attestation chain | |
JP2017507518A5 (en) | ||
RU2016129192A (en) | WAYS AND SYSTEMS OF CLOUD TRANSACTIONS | |
CN102422296A (en) | Method for authenticating access to a secured chip by a test device | |
CN107438230A (en) | Safe wireless ranging | |
KR20180119201A (en) | Electronic device for authentication system | |
CN106452768A (en) | Quantum blind signature message authenticity protection method | |
CN112019326A (en) | Vehicle charging safety management method and system | |
KR101326732B1 (en) | Automatic meter reading method using encryption key | |
CN110351261B (en) | Method and system for connecting security server based on two-factor authentication management equipment | |
WO2016194382A1 (en) | Uniqueness-attaining apparatus that utilizes spontaneous decay of radioisotope | |
CN101374085A (en) | Method and apparatus for checking round trip time based on challenge response | |
KR101691540B1 (en) | System for reading electric power amount | |
US20160035047A1 (en) | Managing Energy Meter Usage Feedback | |
CN104424453A (en) | System and method for verifying non-contact inductive label | |
CN108848089B (en) | Data encryption method and data transmission system | |
Gondesen et al. | Feasibility of PUF-based authentication on ATtiny devices with off-the-shelf SRAM | |
CN107968685B (en) | Quantum communication coin throwing method and relay system | |
TW201926116A (en) | Method, system and server for protection mechanism of digital signature certificate | |
CN104135470A (en) | A method and system for verifying storage integrity of target data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16802822 Country of ref document: EP Kind code of ref document: A1 |
|
WWE | Wipo information: entry into national phase |
Ref document number: 15578475 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
ENP | Entry into the national phase |
Ref document number: 20177037543 Country of ref document: KR Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2016802822 Country of ref document: EP |