JP2001285285A - Authentication method and authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an authentication method and an authentication system that can simply conduct authentication processing by using the encryption with high security and have no problem when applied to a built-in type device with a low processing capability. SOLUTION: The authentication system uses its own common key and specific information (mail address) of an opposite entity to generate a common key and authenticates the opposite entity by using the generated common key and the private key encryption. An entity (a) being an authentication party transmits an encrypted password A encrypted by the common key to an entity (b) being a party to be authenticated. The entity (b) transmits a mail main text, to which an encrypted authentication code B consisting of a decoded password PW, its own mail address AD and an encrypted part M of a message by the common key is attached, to the entity (a). The entity (a) decodes the encrypted authentication code B by using the common key to authenticate the entity (b).

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an authentication method and an authentication system for performing authentication between entities.

[0002]

2. Description of the Related Art In a modern society called an advanced information society, important documents and image information in business are transmitted, communicated, and processed in the form of electronic information based on a computer network. In an information communication system using such a computer network, since it is relatively easy to impersonate another person and enter the computer network, it is necessary to determine whether the sender or receiver of the information is the correct entity. The recipient or sender must authenticate.

[0003] Such authentication is called user authentication, and the most commonly used technique for user authentication is the use of a password. Although the use of this password is an extremely simple method, there is a high possibility that a password transferred on a network is intercepted, and there is a problem in security. Therefore, it is desirable to combine this use of the password with another authentication method.

[0004] When user authentication is performed between devices such as computers without human intervention, use of an encryption method is effective to ensure high security. In view of security, public key cryptography has been conventionally used. In this authentication method using public key cryptography, there is a secret key that is secretly held by each user and a public key for authentication corresponding to the secret key. In the process of communicating with the (entity), it proves that it has a private key corresponding to a public key without revealing its own private key.

[0005]

The encryption and decryption processes of the public key cryptosystem are more complicated than that of the secret key cryptosystem.
In addition, there is a disadvantage that the public key of the user (entity) on the side to be authenticated must be managed or obtained, and the authentication method using the public key cryptography is difficult to use for an embedded device having a low processing capability. There is a problem that the burden is large.

[0006] The present invention has been made in view of such circumstances, and performs authentication using a common key generated using specific information of a partner entity and a secret key encryption, thereby providing a highly secure encryption. It is an object of the present invention to provide an authentication method and an authentication system which can easily perform an authentication process using a password and have no problem in application to an embedded device having a low processing capability.

[0007]

According to a first aspect of the present invention, there is provided an authentication method for performing authentication between two entities by a secret key cryptosystem, wherein a secret key of one entity and specific information for specifying the other entity are used. A common key is generated based on the generated common key, and authentication is performed using the generated common key and secret key encryption.

[0008] In the authentication method of the first invention, a common key between the two entities is mutually generated based on a secret key of one entity and specific information of the other entity.
The secret key encryption encrypted by the entity to be authenticated using the generated common key is decrypted by the entity on the authentication side using the generated common key, and authentication is performed based on the decryption result. Therefore, as compared with the authentication method using public key cryptography, the encryption and decryption processes can be performed at a higher speed, and the management of the public key is unnecessary, and the processing of the entity on the authentication side can be simplified.

The authentication method according to a second aspect of the present invention is the authentication method according to the first aspect, wherein the authenticating entity sends a password encrypted with the common key to the authenticated entity, and the authenticated entity performs the authentication. Sending the information obtained by encrypting the password and a part of the message with the common key to the entity on the side, and performing authentication by decrypting the sent information with the common key on the entity on the authentication side. Features.

In the authentication method according to the second invention, a part of the password and the message transmitted in an encrypted state are used for the authentication process. Therefore, safety is further improved.

An authentication system according to a third aspect of the present invention is a system for performing authentication between two entities by a secret key cryptosystem, comprising: a secret key issuing institution for issuing a private key unique to an entity; And an entity having means for generating a common key using a private key unique to itself, and performing authentication using the common key and secret key cryptography.

In the authentication system according to the third aspect of the invention, a secret key issuing organization issues a secret key unique to each entity, and each entity uses specific information for identifying the other entity and a secret key unique to itself. A common key is generated between both entities, and authentication is performed using the generated common key and secret key encryption. Therefore, as compared with an authentication method using public key cryptography, an encryption system and a decryption process can be performed at a higher speed, and an authentication system that simplifies the processing of the entity on the authentication side can be constructed.

[0013]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention will be specifically described below with reference to the drawings showing the embodiments. FIG. 1 is a schematic diagram showing a communication protocol when the authentication method of the present invention is implemented between both entities via a communication line (Internet). In FIG. 1, an entity a is an entity on the authentication side and an entity b is an entity on the authentication side, and the entity a authenticates whether or not the sender of the e-mail is really the entity b.

The authentication method according to the present invention includes a first process (a process of encrypting and transmitting a password from the authenticating entity a to the authenticated entity b) and a second process (the entity b transmits the authentication code). The process includes a process of transmitting the e-mail including the e-mail to the entity a) and a third process (a process of performing authentication on the entity a side based on the received e-mail). In addition, each mail address is used as specific information for specifying each of the entities a and b.

(First Process) FIG. 2 is a flowchart showing the procedure of the first process. When a predetermined period has elapsed (step S1: YES), the entity a sets a new password PW (step S2). Further, generates a common key K by using the specific information of its own unique secret key S _a and entity b (email address) based on the ID _b symmetric key generation function f (·) (step S3). The set password PW is encrypted using the generated common key K (step S4), and the encrypted password A is transmitted to the entity b (step S5). By regularly updating the password in this way, the security of the password itself is enhanced.

(Second Process) FIG. 3 is a flowchart showing the procedure of the second process. Entity b, using the specific information of its own unique secret key S _b and entity a (email address) common key generation function f (·) on the basis of the ID _a generates a common key K (step S11), and was produced The encrypted password A is decrypted using the common key K (step S12). The decrypted password PW and its own mail address AD are converted into a hash value using a hash function h (·), and the hash value of a part M of the mail body (or attached file) is EXOR-added to the hash value to obtain an authentication code h.
(PW + AD + M) is created (step S13).

The created authentication code is encrypted with the common key K to obtain an encrypted authentication code B (step S14). By attaching this encrypted authentication code B to the mail text, an electronic mail composed of the header information, the encrypted authentication code B and the mail text (or attached file) is created (step S15). The created e-mail is transmitted to the entity a (step S16).

(Third Process) FIG. 4 is a flowchart showing the procedure of the third process. The entity a receives an e-mail from the entity b (step S21).
Own unique identifying information of the secret key S _a and entity b (email address) ID _b and the basis symmetric key generation function f
A common key K is generated using (.) (Step S2).
2). The encrypted authentication code B is extracted from the received e-mail and decrypted with the common key K (step S23). H (PW + AD + M) is obtained by EXOR-adding the hash value of the password PW, the mail address AD, and a part M of the mail text (or the attached file) (step S24).

It is determined whether or not the result of decoding in S23 matches the result obtained in S24 (step S25). If they match (S25: YES), it is authenticated that the electronic mail is the electronic mail from the entity b itself, in other words, that the transmitting entity of the electronic mail is the entity b (step S26). On the other hand, if they do not match (S
25: NO), this authentication is not established (step S2)
7).

The private key unique to each entity in such an authentication method may be issued by a trusted organization, or the authenticating entity issues a private key unique to the authenticated entity. You may do it. As for the method of obtaining the information, the information may be obtained through a personal computer, or may be provided by a portable medium such as an IC card.

FIG. 5 is a schematic diagram showing an example of the configuration of the authentication system of the present invention. A center 1 is set as a secret key issuing organization that can trust the concealment of information. The center 1 can be, for example, a public organization of society. The center 1 generates a secret key unique to each entity using its own secret information and the specific information (mail address) of each entity. The center 1 and entities a, b,..., Z as users who use the authentication system are connected by communication paths 2a, 2b,..., 2z, and these communication paths 2a, 2b,. The center 1 issues private keys S _a , S _b ,..., S _z unique to each entity. Also, these entities a, b, ..., z
Is connected to a computer network, e-mail is transmitted and received between each entity, and the above-described authentication processing can be executed between any two entities. Note that, in such a system configuration, the entity on the authentication side may also serve as the center 1.

FIG. 6 is a schematic diagram showing the configuration of the authentication entity. The authenticating entity has a common key generation unit 1 that generates a common key based on its own secret key and identification information (mail address) of the authenticated entity.
1, a password setting unit 12 for setting a password for the authenticated entity, an encrypting unit 13 for encrypting the password using a common key, and an encrypted password to the authenticated entity via the communication path 30. Transmission unit 1 to transmit
4, a receiving unit 15 that receives an e-mail from the authenticated entity via the communication path 30, and a decrypting unit 1 that decrypts an encrypted authentication code included in the e-mail using a common key.
6, a hash conversion unit 17 for obtaining an EXOR addition value of a hash value of a password, a mail address, and a part of a mail text (or an attached file); a decryption result of the decryption unit 16 and an addition result of the hash conversion unit 17 And an authentication judging unit 18 for judging the establishment / non-establishment of the authentication.

FIG. 7 is a schematic diagram showing the configuration of the entity to be authenticated. The authenticated entity has a common key generation unit 21 that generates a common key based on its own secret key and identification information (mail address) of the authenticating entity. A receiving unit 22 for receiving the encrypted password, a decrypting unit 23 for decrypting the encrypted password using the common key, and an EXOR addition value of a hash value of the password, the mail address, and a part of the mail text (or attached file) An authentication code creating unit 24 for creating an authentication code by using a common key; an encryption unit 25 for encrypting the authentication code using a common key; And a transmission unit 26 for transmitting the data to the side entity.

FIG. 8 is a schematic diagram showing another example of the configuration of the authentication system of the present invention. In this example, a plurality (K) of centers 1 that issue private keys unique to each entity are provided. An ID vector (binary vector) representing specific information (mail address) of each entity is divided into K blocks for each M-bit block size. The divided one is called a divided ID vector. j (j = 1, 2,
, K) -th center 1 has a secret symmetric matrix H _j (2 ^M × 2 ^M ) having random numbers as elements. Then, for each entity, it issues a row vector corresponding to the divided ID vector of the entity of the symmetric matrix H _j as a secret key. For example, H _j [vector I _aj ] is issued to entity a. This H _j [vector I _aj ] represents a vector obtained by extracting one row corresponding to the vector I _aj from the symmetric matrix H _j .

Each of the entities a, b,..., Z generates a common key based on its own secret key issued by each of the K centers 1 and the identification information (mail address) of the partner entity. The processing of the authentication method between the two entities is the same as in the case of the system configuration in FIG.

When a secret key is issued by a plurality of centers as described above, one center does not hold the secrets of all the entities, and security is enhanced. Also,
The size of the secret key issued from each center is smaller than that of the system configuration in FIG. The method of issuing a secret key at a plurality of centers in this manner simplifies the key issuing process, and is very effective when an entity that is an embedded device having a small capacity also serves as the center.

Next, a specific example to which the authentication system of the present invention is applied will be described. FIG. 9 is a schematic diagram showing the configuration. This example is applied to an Internet facsimile service, in which a provider 31 has contracted with a plurality of users 32, and the content of an e-mail sent from the user 32 via the Internet 33 is facsimile transmitted to a predetermined place. It is supposed to. In such an Internet service, the provider 31 corresponds to an entity on the authentication side, and each user 32 corresponds to an entity on the authentication side. That is, the authentication method of the present invention is applied when the provider 31 authenticates whether or not the user who has requested the service is really the user 32 who has contracted.

The provider 31 includes a plurality of key issuing servers 34 for issuing a private key unique to each user 32,
2 is provided with an authentication server 35 for performing the authentication of 2 and a facsimile server 36 for performing the facsimile transmission. The provider 31 also serves as a center that issues a secret key,
In addition, as described in the configuration of FIG. 8, a plurality of centers (key issuing servers 34) issue private keys.

The provider 31 issues a secret key to each contracted user 32 and transmits an encrypted password (the first process described above). Each user 32
When requesting the facsimile service from the provider 31, the E-mail is transmitted including the encrypted authentication code (the second process described above). When a facsimile service request is received from a user by e-mail, the provider 31 performs an authentication process to confirm whether or not the user 32 is really a contracted user (the third process described above). And execute the requested facsimile communication service.

FIG. 10 is a diagram showing the configuration of an embodiment of the recording medium of the present invention. The program exemplified here is
It includes the above-described first processing, second processing, and / or third processing, and is recorded on a recording medium described below.
Note that the computer 40 is provided for each entity.

In FIG. 10, a recording medium 41 connected online to a computer 40 is, for example, a WWW (World Wid
e Web) server computer, and the recording medium 4
1 stores the program 41a as described above.
When the program 41a read from the recording medium 41 controls the computer 40, the computer 40
Executes a part or all of the procedure of the above-described authentication method.

The recording medium 42 provided inside the computer 40 uses, for example, a hard disk drive or a ROM installed therein, and the program 42a as described above is recorded on the recording medium 42. By controlling the computer 40 by the program 42a read from the recording medium 42, the computer 40 executes a part or all of the procedure of the above-described authentication method.

The recording medium 43 loaded and used in the disk drive 40a provided in the computer 40 is a transportable medium such as a magneto-optical disk, a CD-ROM or a flexible disk. Is recorded. The program 43a read from the recording medium 43 controls the computer 40, so that the computer 40 executes a part or all of the procedure of the above-described authentication method.

[0034]

As described above, in the present invention, a common key is generated by using the secret key of the entity itself and the identification information of the counterpart entity, and authentication is performed using the generated common key and the secret key encryption. As a result, encryption and decryption can be performed at a higher speed than in an authentication method using public key cryptography, and the processing of the entity on the authentication side can be simplified. Therefore, the present invention can be easily applied to an embedded device having a small processing capacity. Further, since a part of the password and the message are used for the authentication processing, the security can be further improved.

(Supplementary Note) The following items are further disclosed with respect to the above description. (1) The authentication method according to claim 1 or 2, wherein the secret key is issued by one secret key issuing organization. (2) The authentication method according to claim 1 or 2, wherein the secret key is issued by an authenticating entity. (3) The authentication method according to claim 1 or 2, wherein the secret key is issued by a plurality of secret key issuing authorities. (4) The authentication method according to claim 2, wherein the password and a part of the message are encrypted after being converted by a hash function. (5) The authentication method according to claim 2, wherein the password is updated every predetermined period. (6) means for generating a common key using specific information for specifying an entity to be authenticated and a secret key unique to itself;
An authentication device including means for performing authentication using the generated common key and secret key encryption. (7) The authentication system according to claim 3, wherein the secret key issuing institution is plural. (8) The authentication system according to claim 3, wherein the secret key issuing institution is also an entity on the authentication side. (9) On a computer-readable recording medium storing a program for causing a computer to perform authentication between entities, specific information for specifying an entity to be authenticated and a secret unique to the entity on the authenticating side. Program code means for causing a computer to generate a common key using a key, and a program for causing the computer to perform authentication of the entity to be authenticated using the generated common key and secret key cryptography. A recording medium on which a program including code means is recorded. (10) On a computer-readable recording medium storing a program for causing a computer to perform authentication between entities, identification information for specifying an authenticating entity and a secret unique to the authenticated entity. Program code means for causing a computer to generate a common key using a key, and program code means for causing the computer to generate a secret key encryption required for authentication using the generated common key Recording medium on which is recorded.

[Brief description of the drawings]

FIG. 1 is a schematic diagram showing a communication protocol when an authentication method of the present invention is implemented between two entities via a communication line (Internet).

FIG. 2 is a flowchart showing a procedure of a first process in the authentication method of the present invention.

FIG. 3 is a flowchart showing a procedure of a second process in the authentication method of the present invention.

FIG. 4 is a flowchart showing a procedure of a third process in the authentication method of the present invention.

FIG. 5 is a schematic diagram illustrating an example of a configuration of an authentication system according to the present invention.

FIG. 6 is a schematic diagram illustrating a configuration of an authentication-side entity.

FIG. 7 is a schematic diagram showing a configuration of an entity to be authenticated.

FIG. 8 is a schematic diagram showing another example of the configuration of the authentication system of the present invention.

FIG. 9 is a schematic diagram showing a specific example of the authentication system of the present invention.

FIG. 10 is a diagram illustrating a configuration of an embodiment of a recording medium.

[Explanation of symbols]

 1 center 11, 21 common key generation unit 13, 25 encryption unit 16, 23 decryption unit 18 authentication determination unit 41, 42, 43 recording medium a, b entity

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/00 673A

Claims (3)

[Claims] 1. A method for performing authentication between two entities by using a secret key cryptosystem, wherein a common key is generated based on a secret key of one entity and specific information for specifying the other entity. An authentication method characterized by performing authentication using secret key cryptography. 2. A password encrypted with the common key is sent from an authenticating entity to an authenticated entity, and the password and a part of the message are transmitted from the authenticated entity to the authenticating entity. 2. The authentication method according to claim 1, wherein the information encrypted with the common key is transmitted, and the authentication-side entity performs authentication by decrypting the transmitted information with the common key. 3. A system for performing authentication between two entities using a secret key cryptosystem, a secret key issuing institution that issues a private key unique to an entity, specific information for specifying an entity to be authenticated, and a private key unique to itself. And an entity having means for generating a common key using
An authentication system wherein authentication is performed using the common key and secret key encryption.