JP2001331448A - Electronic authentication method, storage medium storing electronic authentication program, electronic authentication device and authentication registration method - Google Patents

Abstract

PROBLEM TO BE SOLVED: To easily realize the electronic authentication of high security. SOLUTION: An authentication code and cipher data transmitted from a customer 2 and an authentication code and cipher data possessed by an authentication station 3 are collated (S85). In the case that authentication is completed, both of the authentication station 3 and the customer 2 decipher (S86) the cipher data by using TKEY and MKEY generated by using a master key system and a face photo image which is the identification image of the customer 2 is displayed on the screen of the terminal of the customer 2. Also, after the authentication is completed, the TKEY, the cipher data and the authentication code are newly generated and authentication information is updated (S90a, S91a and S92a).

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic authentication method for confirming the identity of a user using a network, a storage medium storing an electronic authentication program, an electronic authentication device, and an authentication registration method. Regarding those that use a key system.

[0002]

2. Description of the Related Art With the development of networks, needs for electronic commerce, electronic settlement, and the like are increasing. Along with this, it is necessary to confirm that the user of the network is himself.

[0003]

In recent years, electronic authentication has become possible using various mathematical algorithms.

However, conventional electronic authentication does not always have high security. An authentication method in which a mathematical algorithm is complicated has been devised in order to increase security, but it is far from feasible in consideration of the current data transmission speed of a network.

SUMMARY OF THE INVENTION The present invention has been made to solve the above problems, and an object of the present invention is to provide an electronic authentication method capable of performing authentication easily and with high security, a storage medium storing an electronic authentication program, and an electronic authentication method. An apparatus and an authentication registration method are provided.

[0006]

According to a first aspect of the present invention, there is provided an electronic communication system comprising:
The encrypted image data obtained by encrypting the identification image data obtained by converting the identification image specifying the user of the device to be authenticated using the common key, and the encryption data obtained by encoding the identification image data and the encryption using the common key. An authentication device that stores an authentication code for determining whether or not to perform authentication in a database transmits and receives an authentication code for a subject to be authenticated that is associated with the authentication code to and from the device to be authenticated. An electronic authentication method for deciding whether or not to permit the authentication, comprising: prompting transmission of the authentication code for the authenticated person; reading the authentication code corresponding to the device to be authenticated from the database; And generating the identification image data by decrypting the encrypted data based on the common key. To provide a proof method.

According to another aspect of the present invention, the present invention provides a method for transmitting, via an electronic communication path, a common key and identification image data obtained by converting an identification image for identifying a user of a device to be authenticated into the common key. And a device to be authenticated having an identification image output unit for outputting the identification image, obtained by encoding the identification image data and encrypting with the common key. An electronic authentication method for determining whether or not to perform authentication by transmitting and receiving an authentication code for a person to be authenticated that is associated with the authentication code with an authentication device having an authentication code for determining the authentication. Transmitting an authentication code for the user to the authentication device to prompt the authentication device to check the authentication code against the code for the authentication target; and decrypting the encrypted data using the common key to perform the identification. To provide an electronic authentication method comprising: the step of generating image data, and outputting the identification image of the user by reading the identification image data.

[0008] According to another aspect, the present invention provides a method for registering an authentication necessary for performing electronic authentication by transmitting and receiving data between a subject and an authenticator via an electronic communication path. Generating a common key associated with a person to be authenticated, and identifying an identification image given by providing from the person to be authenticated and identifying the person to be authenticated. Generating encrypted data by encrypting the image data using the common key; generating an authentication code through encoding of the identification image data and encryption using the common key; Storing the code and the common key in a storage means.

Here, the authentication code can be obtained by coding the identification image data and then encrypting it using a common key, or by coding the encryption data obtained by encrypting the identification image data. Alternatively, encrypted data may be generated by performing encryption of identification image data two or more times.

In addition, the fact that the authentication code and the code for the person to be authenticated correspond not only when the two codes match but also when the two codes are matched so that they can be collated even if they are different. Good. The user of the device to be authenticated indicates a person who has been registered for authentication by the authentication device and is to be authorized for authentication.

As described above, according to the present invention, when the authentication is performed, the identification image data is read out by the person to be authenticated and the identification image is output. As the identification image data, for example, image data obtained by digitizing a face photograph or a signature identifying the person to be authenticated is used. In this way, by reading the identification image data and displaying the image data, a third party can monitor the work when the person to be authenticated performs various works after being authenticated. .

[0012] Preferably, encrypted data or the like obtained by encrypting the identification image data on the side of the person to be authenticated is stored in a storage medium, and the storage medium is connected to a terminal on the side of the person to be authenticated and read out. Thus, since personal authentication is performed using a general-purpose storage medium such as a floppy disk as an authentication medium, an electronic authentication system can be easily performed by a terminal such as a personal computer usually used in a home or office without using special hardware. Is possible.

The authentication code is obtained by encoding the identification image data. Therefore, the authentication code itself requires only a very small amount of data, so that an authentication system having a high data transmission speed and a high encryption / decryption speed can be realized, and high-speed electronic authentication can be realized with a very simple configuration.

[0014] Preferably, after the electronic authentication is once performed, an authentication code, encryption data, and a common key are newly generated on both the authenticator and the person to be authenticated. Thus, for example, in the case where authentication is performed using a storage medium such as a floppy (registered trademark) disk on the side of the person to be authenticated, the storage medium is temporarily lost, or a malicious third party will copy the storage medium and abuse it. However, since the information has already been updated, the storage medium having the same content is not authenticated. Therefore, the reliability of authentication is dramatically improved.

[0015] More preferably, another second key other than the common key is used for the electronic authentication, and encryption and decryption can be performed only when the common key and the second key are combined. The second key is held only by the authentication device, and is transmitted to the device to be authenticated only after authentication. As a result, encryption and decryption cannot be performed using only the common key possessed by the device to be authenticated, and there is no risk that the device to be authenticated will decrypt the code, thereby further increasing the reliability of the authentication.

The present invention according to the method is also realized as a computer-readable storage medium storing an electronic authentication program for causing a computer to realize a function corresponding to the present invention.

Further, the present invention, which is described in claim 16 in particular,
An electronic authentication method for determining whether or not authentication is to be performed between an authentication device and a device to be authenticated connected thereto via an electronic communication path, wherein the authentication device responds to a registration request received from the device to be authenticated. A key generation step (S73) of generating a second common key (MKEY, TKEY) from a first common key (GKEY) using a master key system based on a multiple affine key system; and the key generation step of the authentication device. Encrypting the identification image data for identifying the user of the device to be authenticated based on the second common key generated by the device, and outputting encrypted data (S75); and the encryption output in the encryption process. Coding step (S) for generating an authentication code for determining whether or not authentication is possible based on the data
76) and at least the second common key generated in the key generation step, the encrypted data output in the encryption step, and the authentication code generated in the encoding step. A storage step (181) for storing the encrypted data in the database, and if the authentication apparatus receives an authentication request (S81) from the apparatus to be authenticated, the encrypted data encrypted in the encryption step is used as the second common key. A reproduction step (S) for decoding based on the
88) and in the authentication device, if there is an authentication request (S81) from the device to be authenticated, the device requests the device to be authenticated to transmit an authentication code for the person to be authenticated. If the authentication code for the subject is sent,
An authentication determining step (S85) of reading out the authentication code corresponding to the device to be authenticated from the database, collating with the authentication code for the person to be authenticated, and determining whether or not authentication is possible. This is an electronic authentication method.

In this electronic authentication method, a master key system using a multiple affine key system is used.
It is shown that a second common key that is also MKEY or TKEY is generated from the first common key that is GKEY described in the detailed description. As described above, in the electronic authentication method of the present invention, the MKEY is generated from one key GKEY by using the multi-affine key system which is a one-way function, so that, for example, a public user code, a unique name, etc. Even if the MKEY is generated using the public information of the MKEY as a parameter, the multi-affine key system is a one-way function that is practically impossible to decipher. Therefore, a third party specifies the GKEY from the user code or the like and the MKEY. Can not do it.

Further, by using the master key system based on the multiple affine key system, even if the MKEY is destroyed, the authentication device can store the user code and the GKEY without referring to the database.
If it is possible to issue MKEY easily,
Enables a key issuing function independent of the database.

Further, by using the master key system based on the multi-affine key system, since the multi-affine key system is a one-way function, even if the TKEY is uniquely generated from the MKEY, the MKEY transmitted to a third party can be obtained.
The third party does not estimate TKEY from Y. Therefore, the TKEY can be uniquely generated from the MKEY, and it becomes possible to take a very convenient form for key management.

Further, according to the present invention, there is provided an electronic apparatus for determining whether or not to perform authentication between an authentication apparatus constituted by a computer and a device to be authenticated connected thereto via an electronic communication path. A computer-readable storage medium that stores a program for implementing an authentication method, the computer being the authentication device, wherein the authentication device responds to a registration request received from the device to be authenticated with a first common key (GKE).
Y), a second common key (MKEY, TKEY) using a master key system based on a multiple affine key system.
And a key generating step (S73) of generating the authentication information, and encrypting the identification image data for identifying the user of the device to be authenticated based on the second common key generated by the key generating step in the authentication device, and outputting the encrypted data. Encryption process (S75)
And an encoding step (S76) of generating an authentication code for determining whether or not authentication is possible based on the encrypted data output in the encryption step; and at least the second step of generating the authentication code in the key generation step. A storage step (181) of storing a common key, the encrypted data output in the encryption step, and the authentication code generated in the encoding step in a database of the authentication apparatus; If there is an authentication request (S81) from the device to be authenticated,
A reproducing step (S88) of decrypting the encrypted data encrypted in the encrypting step based on the second common key and reproducing the identification image data;
If there is an authentication request (S81) from the device to be authenticated, it requests the device to be authenticated to transmit an authentication code for the person to be authenticated. In response, the authentication code for the object to be authenticated is transmitted from the device to be authenticated. If so, an authentication determining step (S85) of reading out the authentication code corresponding to the device to be authenticated from the database, collating with the authentication code for the person to be authenticated, and determining whether or not to perform authentication. A computer-readable storage medium storing a program characterized by the following.

As described above, in the authentication system of the present invention specified as a computer program stored in a storage medium, a common key is similarly generated by using a multiple affine key system which is a one-way function. Thereby, high security and system convenience can be exhibited.

[0023]

Embodiments of the present invention will be described below with reference to the drawings.

<< First Embodiment >> FIG. 1 shows a first embodiment of the present invention.
1 is a diagram illustrating an entire configuration of an electronic commerce system to which an authentication system according to an embodiment is applied. The e-commerce system includes a member store 1 that performs e-commerce, a customer 2 who wants to purchase products from the member store 1 using e-commerce, a certification authority 3 that authenticates the customer 2, a member store 1, It comprises a transaction system 4 provided with a system for realizing electronic commerce between the customer 2 and the certificate authority 3. In the system shown in FIG. 1, settlement in electronic commerce is performed by a credit company, a bank, or the like.
The member store 1 itself may perform it. In this authentication system, the components 1, 2, 3, and 4 are connected via a network, and data is exchanged via a so-called electronic communication path unless otherwise specified below.

As shown in FIG. 1, a customer 2 sets up a shopping site of a homepage of a member store 1 using a personal computer installed at home or the like. Then, when the customer 2 desires to purchase at the shopping site on the homepage, he makes a purchase request to the member store (S1). In response to the purchase request, the member store 1 displays a page corresponding to the purchase request on the homepage (S2).

The customer 2 looks at the displayed screen, and if he / she wants to purchase, for example, a predetermined tag 271
Is connected to an external input terminal 27 of the terminal 20 of the customer 2 described later. Then, the authentication program stored in the tag 271 is started on the personal computer, and an authentication request is made to the transaction system 4 based on the authentication program (S3). Upon receiving the authentication request, the transaction system 4 requests the certificate authority 3 for authentication (S4). Based on the authentication request, the certificate authority 3 confirms whether or not the customer 2 is himself. The obtained authentication result and approval code are sent to the customer 2 via the transaction system 4 (S5, S6). As a result, since the customer 2 has been authenticated as a registered person, the customer 2 is qualified to purchase a product on the home page of the member store 1.

The customer 2 selects and inputs a product item to be purchased (S7). By selecting this product item, member store 1
Transmits an approval code and a confirmation request to the transaction system 4 (S8). The transaction system 4 receives the approval code and the confirmation request and performs settlement. Then, the settlement notice is transmitted to the member store 1 together with the approval code (S
9).

The member store 1 sends out the merchandise to the customer 2 based on the notice of the settlement and the approval code (S10).

The customer 2 conducts electronic commerce using the terminal 20 via the network. FIG. 2 shows a specific configuration example of the terminal 20. FIG. 2 shows a terminal 20 connected to a network.
A bus 22 has a built-in CPU 22 having an OS (Operating System) or the like that controls the terminal 20 as a whole, a memory 23 for storing a program to be executed or required data such as data, and a CPU 22. , A monitor for monitoring input data, a display 25 for outputting various network information, and the like, and transmitting and receiving data to and from other terminals such as the member store 1, the customer 2, and the transaction system 4. Device 26 and an external input terminal 27 to which an external memory such as a tag described later can be connected. In addition, this bus 2
1, a data storage unit 81 is connected via a data control unit 28, and a program storage unit 91 is connected via a program control unit 29.

Data storage unit 81 and program storage unit 9
Reference numeral 1 denotes a storage means such as a hard disk, a flexible disk, or an optical disk, which stores various data or programs created for performing the electronic authentication of the present invention.

Specifically, the program storage section 91 has
A decryption program 93 for decrypting encrypted data,
An encryption program 94 for encrypting photo data,
An authentication code generation program 95 for generating an authentication code from encrypted data, a display program 96 for displaying photograph data, and a TKE for generating a new TKEY based on the authentication code (using a master key system).
A Y generation program 97 is stored. In the TKEY generation program 97, the master key system is not used in the first embodiment, but is used in the second embodiment. Each of the programs 93 to 97 is routineized, and an application for executing each of the programs 93 to 97 is a main program 92. Note that these programs 93 to 97 may be stored in the tag 271 instead of in the program storage unit 91. Further, if data required for authentication can be stored in the tag 271, the data control unit 28 and the data storage unit 81 do not necessarily need to be provided. The decryption program 93 is used when decrypting encrypted data into photo data, and the encryption program 94 includes MKEY, TKE
Used when encrypting photo data based on Y.

The encryption program 94 is, for example, MKEY
Is X1, TKEY is X2, and photo data is p, a random number α is first generated, and a new key Xα is generated based on these MKEY and TKEY. This key Xα is, for example, Xα
= (X1 * X2) × α, and the encrypted data pc = [p, Xα] is generated based on the key Xα. Note that (a * b) indicates a symbol for performing a predetermined operation with a and b. For example, a logical operation such as a logical sum, a logical product, or a negation of a and b may be performed. Not limited to the calculation, but may be generated using a predetermined function. This encrypted data pc = [p, Xα] is obtained when the photograph data p is the key Xα
Indicates that the data has been encrypted. Hereinafter, the symbol represented by [a, b] indicates that the data a is encrypted with the key b. The encryption program 94 is configured by such an algorithm. Further, the decryption program 93 performs the reverse process of the encryption program 94, and a detailed description is omitted.

The authentication code generation program 95 is used to generate an authentication code based on encrypted data, MKEY and TKEY. Authentication code is MKEY, TK
It is a hash value calculated based on the EY and the encrypted data, and a data amount of about 200 bytes is sufficient. The MKEY and TKEY in the authentication code generation are not used for encryption and need not be used. That is, MKE
The authentication code may be generated by simply encoding the encrypted data without using Y and TKEY. This authentication code is stored in a data storage unit 181 of the certificate authority 3 and a tag 271 held by the customer 2 described later. The authentication code is a code used for verification at the time of authentication. Each time authentication is performed, the authentication code is rewritten to a new value by the certificate authority 3 and the customer 2 by an update process described later. After that, the same authentication code is not used.

The authentication code S (n) is calculated based on the encrypted data based on the key Xα. Specifically, the authentication code generation program 95 is configured by the same encryption and coding algorithm as the encryption program 95 for the photo data p. As a coding algorithm, a normal data coding algorithm is applied. Note that the photo data may be encrypted twice or more to obtain the encrypted data.

The TKEY generation program 97 is an MKEY
Is used to generate a TKEY based on an authentication code, and the algorithm is the same as a normal common key generation algorithm. Here, in the second embodiment, as described later, a master key system using a multiple affine key is used.

The external input terminal 27 is connected to, for example, a tag 271 as a removable external memory. The tag 271 is a removable and rewritable storage means such as a floppy disk, a CD-R,
CD-RW, DVD-RAM, MO, memory card, etc.
Any rewritable storage medium may be used. It is desirable that the external memory be highly versatile. The tag 271 stores various data required for authentication. By connecting the tag 271 to the external input terminal 27, the CPU 22 reads the tag 271 so that the tag 271 can transmit the read data to another terminal via a network. Has become.

The certificate authority 3 authenticates electronic commerce using the terminal 30 via the network. FIG. 3 shows a specific configuration example of the terminal 30. As shown in FIG. 3, the certificate authority 3 has a terminal 30 having substantially the same configuration as that shown in FIG.
Having. In the case of the terminal 30, the data storage unit 181 stores customer data 182 required for authentication of a plurality of customers for each customer by the number of customers. The customer data 182 includes MKEY, TKEY, encrypted data, and an authentication code, and stores a corresponding user code of the customer 2 in association with the key data. This user code may be, for example, a serial number assigned in the order of use of the e-commerce system, or a number obtained by randomly converting the serial number,
No two or more customers 2 have the same user code.

The program storage unit 191 stores the customer 2
A request program 193 for requesting the transmission of the user code, the authentication code and the encrypted data, a verification program 194 for verifying the authentication code, and transmitting the encrypted data to T
A decryption program 195 for performing decryption based on KEY and MKEY.
Encryption program 196 for performing encryption based on EY
An authentication code generation program 197 for generating an authentication code based on encrypted data, and a KEY generation program 198 for generating TKEY and MKEY are stored. Each of the programs 193 to 198 is routineized,
An application for executing these programs 193 to 198 is a main program 192. Other configurations are the same as those shown in FIG. Further, the keyboard 24, the display 25, and the external input terminal 27 do not always need to be provided.

The algorithms of the decryption program 195, the encryption program 196, the authentication code generation program 197, and the KEY generation program 198 are common to the programs 93, 94, 95, and 97 shown in FIG. Note that a general random number generation algorithm is used as an MKEY generation algorithm in the KEY generation program 198. In the second embodiment, a master key system using a multiple affine key system is used.

FIG. 4 shows a data flow of customer registration necessary for realizing such an electronic commerce system, and FIG. 7 shows a process flow. Hereinafter, data transmission and reception between the certificate authority 3 and the customer 2 in FIGS. 4 to 6 are performed on the network via the transaction system 4 unless otherwise specified.

As shown in FIGS. 4 and 7, first, a customer 2 who wants to conduct electronic commerce using the electronic commerce system described above.
Sends a registration request to the certificate authority 3 (S71). This registration request is transmitted to the certificate authority 3 including personal information.

The certificate authority 3 issues a unique user code to the customer 2 based on the obtained personal information (S72),
(In particular, in a second embodiment to be described later, a master key system using a multiple affine key system is used.)
Y is generated (S73). The MKEY is one of so-called "keys" for encrypting / decrypting photograph data as identification image data and generating an authentication code described later. Encryption is performed using MKEY and TKEY described later, and both keys are required for decryption. The MKEY is generated only once by the certificate authority 3 as a user at the time of registration, and is stored in the data storage unit 181 of the certificate authority 3 and the tag 271 held by the customer 2. The MKEY is a common key, and can be realized by a key of any method generally used. For example, an exclusive OR FSAngo (using a multiple affine key system) with a random number, a character substitution, a substitution, and the like are used. One that uses the existing DES algorithm is conceivable.

The user code is a code for identifying the customer 2 assigned to each customer 2 by the certificate authority 3 at the time of registration. The assigned user code is stored in the tag 271. Note that the user code may be stored in the data storage unit 81. The user code is input by the customer 2 from the terminal of the customer 2 at the time of authentication, and the certificate authority 3 searches the data storage unit 181 based on the user code, and obtains the customer data 18 associated with the user code.
Read 2

The user code issued in this manner is transmitted to the customer 2 (S72) and stored in, for example, the data storage unit 81 of the terminal of the customer 2. In addition, at the time of this registration request,
The certificate authority 3 requests a face photograph as an identification image for specifying the customer 2. The face photo may be included in personal information in the form of photo data as identification image data and transmitted via a network that constructs a system, or the photo itself may be sent to the certificate authority 3 by mail. When the photograph itself is received by mail, the certificate authority 3 digitizes the photograph to obtain photograph data. The photographic data refers to data obtained by converting an image into digital information, and is not related to a file format such as a JPEG format or a bitmap format. The photograph data is trimmed to make the customer 2 easily identifiable.

On the other hand, based on the obtained MKEY, the certificate authority 3 uses a master key system using a multiple affine key system in a second embodiment which will be described later.
A TKEY is generated from the MKEY (S74). TKEY
Is one of so-called "keys" for encrypting / decrypting photo data and generating an authentication code. After registration, each time authentication is performed, the key is rewritten with a new key using an authentication code.
The latest TKEY is stored in the database of the certificate authority 3, but is not stored in the tag 271 of the customer 2.
Therefore, the customer 2 cannot decrypt the encrypted data on the tag 271 before the completion of the authentication. The TKEY is transmitted from the certificate authority 3 to the customer 2 after the completion of the authentication. Encryption is MK
Since EY and TKEY are used, both keys are required at the time of compounding. TKEY is a common key and can be applied to any type of key that is commonly used. For example, TKEY is used for exclusive-OR FSAngo with a random number (using a multiple affine key system), substitution, substitution, and the like. For example, one using the DES algorithm can be considered.

Next, the photographic data sent from the customer 2 is encrypted based on the MKEY and TKEY. This encryption replaces the photo data with the encrypted data (S7).
5). This encrypted data is stored in the data storage unit 181 of the certificate authority 3.
And stored in the table 271 of the customer 2. This encrypted data is authenticated, and when the authentication is completed, the certificate authority 3
And customer 2. Also, at the time of this decryption, MKE
New encrypted data is generated using Y and the new TKEY.

Next, based on the encrypted data, TKEY
And an authentication code is generated using MKEY and MKEY (S7).
6). In the present embodiment, the authentication code is generated by encoding the encrypted data. Note that TKEY and MKEY in the generation of the authentication code are used to prevent the authentication code from becoming codes that can be easily decoded, and are not used for encryption.

Through the above steps, the user code, TKEY, MKEY, encryption code and authentication code are stored in the data storage section 181 of the certificate authority 3 as customer data 182. On the other hand, the tag 271 stores the MKEY, the encryption code, and the authentication code (S77), and is sent to the customer 2 by mail or the like, for example. As described above, TKEY is not written in the tag 271.

Next, the flow of the authentication process will be described with reference to FIGS.
A description will be given based on FIGS. FIG. 5 shows a data flow when authentication is possible, and FIG. 6 shows a data flow when authentication is denied. FIG. 8 is a diagram showing a process flow on the certificate authority 3 side, and FIG. 9 is a diagram showing a process flow on the customer 2 side.

As shown in FIGS. 5 and 8, an authentication request is first made from the customer 2 to the certificate authority 3 via the transaction system 4. In this authentication request, specifically, for example, a user code is transmitted to the certificate authority 3 (S81). In response to the authentication request, the certificate authority 3 requests transmission of the authentication code and the encrypted data based on the transmitted user code (S8).
2).

The customer 2 connects the tag to the terminal owned by the customer 2 in response to the transmission request. Then, predetermined software is started, and the encrypted data and the authentication code are transmitted to the authentication 3 (S83). The certificate authority 3 reads out the encryption data and the authentication code at the time of registration corresponding to the transmitted user code from the customer data 182 stored in the data storage unit 181 (S84), and reads the encrypted data and the authentication transmitted from the customer 2. Check with the code (S85). If the authentication is possible, the certificate authority 3 decrypts the encrypted data in the data storage unit 181 based on the MKEY and the TKEY (S
86), and transmits TKEY to the customer 2 (S8).
7). Note that the result of the authentication is transmitted to the customer 2 together with the transmission of the TKEY (S87 '). Upon receiving this authentication result (S87 "), the customer 2 can determine whether or not it is possible to start a transaction for the first time.

When the authentication is possible, when the encrypted data is decrypted, the photograph data at the time of registration is obtained, and the image of the customer 2 is displayed on the screen. At the time of displaying the photograph data, as shown in S86 'of FIG. 5, an image of the person himself / herself can be obtained from the customer 2 in real time, and can be compared with this image on the certificate authority 3 side. At the time of acquiring the personal image, an image recognition algorithm for recognizing the personal image is required in the program storage unit 191. By collating the personal image in this way, it is possible to perform double collation with the collation using the authentication code and the encrypted data, thereby improving the reliability of the authentication. In addition, the authentication may not be performed on the authentication station 3 side, but may be performed only on the basis of the authentication code and the encrypted data.

On the other hand, the customer 2 decrypts the encrypted data in the tag based on the transmitted TKEY and the MKEY in the tag (S88). By decrypting the encrypted data, photo data at the time of registration is obtained in the same manner as in the case of the certificate authority 3, and an image of the customer 2 is displayed on the screen (S89). In this image display method, for example, it is preferable that the display area on the screen of a window used for electronic commerce is limited to a certain area and the remaining area is displayed large. By displaying the image of the person on the screen in this way, it is possible for a third party to monitor the work when the customer 2 is performing electronic commerce. That is, for example, when the access applicant is conducting a transaction in the company, if the tag from the customer 2 is picked up and the certificate authority 3 is accessed and the authentication is obtained, the customer registered by the customer 2 is registered. Since the work is performed on the screen on which the photograph of the face of the two persons is displayed, the work can be monitored by a third party. Therefore, when a malicious third party makes access, it is possible to give psychological pressure to deny the third party psychological access.

When the photograph data at the time of registration is obtained,
It is also possible for the customer 2 and the authentication device 3 to perform identity recognition by performing pattern recognition processing between the personal image data obtained from a digital camera or the like (not shown) and the reproduced photo data. . It is possible to reflect the result of this personal identification in the determination of the authentication, or it is possible to simply display or record it. Various usage patterns can be considered depending on the reliability of pattern recognition and the state of photographic data from a digital camera or the like.

When the above authentication processing is completed, the authentication result is sent from the certificate authority 3 to the customer 2 via the transaction system 4 as shown in FIG. The authentication result may be sent to the customer 2 via the transaction system 4 at the stage of (S87 ').
From this point, the customer 2 can start electronic commerce directly with the member store 1 via the transaction system 4 without passing through the certificate authority 3.

When the electronic authentication between the customer 2 and the certificate authority 3 succeeds, an information updating process is performed next. The information updating process is performed by both the certificate authority 3 and the customer 2. In the information updating process in the certificate authority 3, first, the certificate authority 3 generates a new TKEY based on the authentication code (in particular, in a second embodiment described later, using a master key system using a multiple affine key system). (S90a), this TK
Using the EY and the MKEY generated at the time of registration, the photo data decrypted at the time of authentication is re-encrypted to generate new encrypted data (S91a). Since TKEY at the time of generating new encrypted data is different from that at the time of registration, the generated encrypted data is naturally different from that at the time of registration. Based on this new encrypted data, a new authentication code is generated using MKEY and TKEY (S92a). When the information is updated, the newly updated authentication code, encrypted data, and TKEY are stored in the database in the certificate authority 3.

On the other hand, in the information updating process of the customer 2, based on the authentication code generated at the time of registration (particularly a second
In the embodiment, a new TKEY is generated (using a master key system using a multiple affine key system) (S90b). And this TKEY and M at the time of registration
The photo data is encrypted based on the KEY to generate new encrypted data (S91b). Further, an authentication code is generated using TKEY and MKEY based on the new encrypted data (S92b). Then, the updated encrypted data and the authentication code are rewritten to the tag 271 (S93).
b).

On the other hand, if the authentication is denied, the certificate authority 3 does not decrypt the encrypted data, as shown in FIG.
The KEY is not sent to the customer 2. Further, since the customer 2 cannot receive the TKEY, the customer 2 cannot decrypt the encrypted data. The customer 2 receives an authentication result indicating that the authentication has been rejected from the certificate authority 3 (S87 ').

Therefore, the certificate authority 3 and the customer 2 do not decrypt the encrypted data, and perform the same information updating process as in the case where the authentication is possible shown in FIG. 5 without displaying the photograph data on the screen. That is, S86, S87, S88, S8
9, a new TKEY is generated without going through S91a and S91b (S100a), and the original encrypted data and the new TKEY are generated.
An authentication code is generated based on the password (S102a). On the other hand, on the customer 2 side, a new TKEY based on the authentication code is used.
Is generated (S100b), a new authentication code based on the new TKEY is generated (S102b), and the tag 271 is generated.
Is rewritten (S103b).

As described above, by updating the information necessary for authentication, even if the tag 271 is lost by the person to be authenticated, or even if a malicious third party attempts to copy and exploit the tag 271, the information is updated. Has been updated, the authentication is rejected for the tag 271 having the same content. Therefore, the reliability of authentication is dramatically improved.

<< Second Embodiment >> In the second embodiment, the MKEY generation and TK in the authentication system according to the present invention are described.
The case where a master key system using a multiple affine key system is applied at the time of EY generation is described.
That is, in the authentication system according to the present invention, the key necessary for establishing this system is encrypted, and photo data and the like are encrypted to generate encrypted data and an authentication code, and the MKEY stored in the tag and passed to the customer is generated. In the same manner, when generating TKEY which encrypts photo data and the like to generate encrypted data and an authentication code but is not given to a customer,
A master key system for generating a child key from a parent key using a one-way function is applied. As a result, an authentication system exhibiting higher security can be provided.

Further, in the second embodiment, the multiple affine key system used in this master key system is used for encrypting the photograph data and the like in step S75 at the time of registration in FIG. Decryption processing at station 3 (S8
6) and decryption processing in the device to be authenticated (customer) 2. In this case, based on a random number generated by a random number generation device using a multiple affine key system described in detail below, image data to be encrypted and the like,
Exclusive OR operation is performed to obtain encrypted data. When the encrypted data is further decrypted, a random number generated by a random number generation device using a multiple affine key system and a decrypted data And an exclusive OR operation is performed between them to decode them into the first photo data or the like. By using the encryption / decryption function using the random number generation function using the multiple affine key system in this way, compared with the case of performing normal encryption / decryption processing,
Significant improvement in security is desired.

In the case where a master key system using a multiple affine key system is applied to MKEY generation and TKEY generation in the authentication system according to the present invention, the above-described multiple affine key system is used for subsequent encryption processing. MK if encrypted
EY and TKEY can be used. However, when another encryption algorithm is used for the encryption process, the MKEY or TKEY cannot be used as it is. In this case, a random number is generated based on the MKEY or TKEY using, for example, a multi-affine key system. For example, it is necessary to convert the key data into the key data having the conditions required by the encryption algorithm before use.

The principle of the master key system will be described below.
The generation of the EY and the generation of the TKEY will be described.

FIG. 11 is a flowchart for explaining a master key system used when the master key system according to the second embodiment is used, FIG. 12 is a principle diagram for explaining the principle of the master key system, and FIG. 6 is a flowchart illustrating random number generation of the key system.

An embodiment in which a child key is generated using a master key system, that is, a multiple affine key system will be described with reference to the flowchart of FIG. In the case shown below, the key rewriting method of the multiple affine key system is merely an example of generating child key data from parent key data according to a parameter called a key topology. A method is conceivable. Also in those methods, the child key data owner cannot specify the parent key data as in the following cases.

In FIG. 11, generation of MKEY and TK
Regarding generation of EY, master key data L ₁To child key data L
_NExplanation of general case of key generation when generating key
I do. First, the master key data L₁Are described in detail below.
Affine key data K and initial value x of the fine key system
₀(S31). Next, the key topology ω
Specific bit ω_iIs performed as follows (S3
2). Next, the random number generation function of the multi-affine key system
About 2nM random numbers R_kIs generated (S33). here
Where n is the lifetime of the key and M is the number of keys. Next
The value of the i-th bit of the topology, ω_iIs "1"
(S34), the multi-affine key system
Generate 2M random numbers and use this as the new affine key
It is reset as K (S35). Key operation like this
In order to perform processing for each bit value of the topology ω,
ω_iIs determined (S36), and the next ω_iNo
A cut value is selected (S37). The processing order at this time is 1
It processes in order from the bit to the last bit.
May be present or in another predetermined order.
For a single key topology ω value,
New child key data L by rewriting the value of the key key K_N
Is generated and output (S38).

As described above, the child key data is generated from the master key data by using the random number generation operation of the multiple affine key system. , The random number is generated in a very peculiar manner based on the key key data, so that even if the owner of the child key data attempts to predict the parent key data from the key topology and its own child key data, multiple Since key data cannot be specified, parent key data cannot be specified. Therefore, the identification information of the master key (primary key and key topology sequence for reproducing the master key) and the key topology which is a parameter related to the generation of the child key, which are features unique to the master key management system of the present invention, are disclosed. Using this public information, the master key owner can reproduce a huge amount of descendant key data by itself, and easily decrypt all ciphertext data using all lower-order descendant key data. Therefore, a tree structure of a common key can be constructed.

Here, it can be said that the multi-affine key system is an infinitely one-way function. The one-way function referred to here is a function such that when f (x) = y in a certain function f (x), the original value of x cannot be specified from the value of y of the operation result. is there. That is, the function f
Although it can be predicted that x → y in (x), it is a problem whether it is possible to specify the value of x that was the source of the operation from the value of y. According to general functions and conversion processing, It is possible to specify the first value of x from the value of the operation result y after various trials and errors, and it is impossible to realize the master key management system of the present invention using such a general function. Can not.

For example, a one-way function in a practical sense, such as a multiple affine key system according to the present invention, in which it is extremely difficult as a practical matter to specify the original value of x from the operation result y. Is a function that functions with a certain speed or more even when incorporated in a key management system, and furthermore, a function that generates an operation result that is appropriate as encryption key data is used. This claim indicates that a master key management system can be implemented. At present, it is difficult to specifically increase such a function.

In the master key system, as shown in FIG. 7, the common key 131, which is the parent key data, uses the key topology 134, which is a parameter, to generate a one-way function (a pseudorandom number as close as possible to a true random number). Since it is generated, it is extremely difficult to identify the value before the operation from the operation result. In this sense, the value is called an actual one-way function.) Is supplied.

<Multiple Affine Key System> Further, here, from the principle (basic form), a specific usage method (application system) and operational effects of the multiple affine key system used in the master key system for generating key data described above. In the following, a detailed description will be given with reference to the drawings.

[Features of Random Number Generator Using Multiple Affine Keys] The master key system used in the second embodiment uses a random number generator using multiple affine keys (multiple affine key system). In order to eliminate the weakness of a stream cipher that can operate at high speed due to a known plaintext attack, a high-quality pseudo-random number with extremely high periodicity as close as possible to a true random number is generated, and a stream cipher is created using this. It is. This allows
It attempts to completely eliminate the decryption of third-party stream ciphers.

That is, in a stream cipher that realizes high speed required by encryption technology, if a pseudorandom number used for encryption has periodicity, a third party can easily generate a random number. Constants and algorithms that have been discovered. Therefore, it cannot be used in situations where high security is required.

The random number generation device (multiple affine key system) incorporated in the master key system used in the second embodiment is intended to generate a very high-quality random number that makes it impossible to decrypt a stream cipher. .

It has been proved by Shannon that there is no decryption method in the Vernam cipher which is a stream cipher which uses a complete random number only once. Therefore, if we can provide a random number generator that can generate pseudorandom numbers as close as possible to perfect random numbers, the stream cipher will not be analyzed by a third party for pseudorandom number generation even with the known plaintext attack method. , Can be used as a high-speed and highly confidential encryption device.

The random number generation device (multiple affine key system) incorporated in the master key system used in the second embodiment is for rewriting a plurality of affine keys every predetermined number of times of use. A method of selecting one and generating a random number sequence is employed. In this way, a third party who intends to break the cipher collects random number sequence data and applies a plurality of key data, Even trying to clarify the algorithm, the random number itself has only short-term information while the key is being rewritten, and there are more than one key to be specified, and it can be determined which key was selected when the random number was generated. No, it is impossible in principle.

More specifically, the random number generating apparatus generates a high-quality random number using a multiple affine key. At this time, the coefficient of the multiple affine key is rewritten every certain number of times of use. . In other words, a multiple affine key that is rewritten every certain number of uses is used as an encryption / decryption key that is difficult for a third party to decrypt, and multiple multiple affine keys are prepared. The keys are mutually referred to and the coefficients are automatically updated, thereby eliminating the decryption by the third party undecided coefficient method.

That is, the random number generation device has a function of defining a key lifetime for each of a plurality of affine keys and automatically rewriting old keys (coefficients of multiple affine keys). Thus, instead of a conventional pseudorandom number having regularity, a pseudorandom number sequence having a property that is close to a true random number and has a period long enough to make measurement difficult is generated. As a result, a stream cipher that could not be used because of the risk of decryption even if it was known to be high-speed can be used without being seen by a third party.

[Description of Affine Key] The affine key used in this embodiment will be described below.

The affine key used in the present invention corresponds to a coefficient of a multiple affine key for generating a random number sequence used for encryption.

The affine key K is composed of four integers K = ｛a,
b, c, n}.

The affine key is used for generating a random number and updating the affine key itself. Therefore, when these two are defined, the function of the multi-affine key system is specified.

The generation of random numbers by the integer affine key K is defined by the following equation. K (x) = ax + b where c is a counter that counts how many times the affine key has been used, and n is the upper limit (lifetime) of the number of times this key can be used. Then, one affine key generates a pseudorandom number according to the Lemer method.

In practice, instead of using one affine key, a plurality of affine keys are given, and a key used for random number generation and a key for rewriting the key are appropriately selected from the affine keys. Since it is a key system using a plurality of affine keys, it is called a multiple affine key system.

In the multiple affine key system, when the number of keys is M, a plurality of affine keys {K [i]} (0 ≦ i
.Ltoreq.M-1) and one procedure indicating a key rewriting process: a procedure (procedure) w (i, j: integer).

[0087] Here, the multiplication method and the addition method use the operation of the finite field considered.

This procedure: In the procedure, the coefficient a of the i-th affine key K [i] to be rewritten
Is rewritten based on the coefficients a and b of the j-th affine key K [j], which is a reference for rewriting.

This rewriting process should be called the basic form. When the capacity of the generated random numbers is to be made very large, the key is set to “0” by repeating the basic form rewriting method described below. Convergence is conceivable. However, regarding the application of the master key system in the second embodiment described in the present application, since the capacity of the generated random numbers is very small, even if the rewriting processing of the basic form described below is performed, the key becomes “0”. It is unlikely to converge. Further, according to the applied rewriting method described below using the random number generation flowchart of FIG.
It is possible to avoid the case where the key converges to “0” more completely.

Further, the coefficient b of the i-th affine key K [i] to be rewritten can be rewritten based on the coefficient a and the coefficient b of the j-th affine key K [j] which is a reference for rewriting. Understand.

The random number generation device using such multiple affine keys (multiple affine key system), when given each initial value, continues to generate random numbers according to one key selected from a plurality of keys. If you exceed the number of times the key is used,
A key for rewriting the key is selected, and the coefficients a and b of the affine key are rewritten.

A random number generator using such a multiple affine key system is realized by an electronic circuit board having a digital circuit configured according to the above-described procedure. Furthermore, by creating a program for the computer to process the affine key data in accordance with the above-described procedure and causing the computer device to execute the program, the same operation and effect can be easily obtained. The pseudo-random number generated by such a procedure is infinitely close to a true random number and has a long period that cannot be measured. It is impossible in principle to try to decipher by the undetermined coefficient method.

[Variables Used in Multiple Affine Key System] Here, variables, operators, and functions repeatedly used in a random number generator using a multiple affine key of the present invention are defined below. The variables are defined as follows, where M is the number of affine keys, K [i]. a is the coefficient a K [i]. i of the i-th (0 ≦ i ≦ M−1) affine key. b is the coefficient b K [i]. i of the i-th (0 ≦ i ≦ M−1) affine key. c is the number of uses c K [i]. i of the i-th (0 ≦ i ≦ M−1) affine key. n is the lifetime of the i-th (0 ≦ i ≦ M−1) affine key n K is the entire affine key, and K = ｛K [i] | 0 ≦ i
K [i] = {K [i] .a, K [i] .b, K [i] .c, K [i] .n} where k is the encryption / The number of words for decoding (k = 1, 2,...) X0 is an initial value of internal random numbers x _k , a variable for internal random numbers R _k , a random number output _mk , a plaintext _ck , and a ciphertext i are The affine key pointer j for random number generation, the affine key coefficient a rewriting pointer j _b is the affine key coefficient b rewriting pointer offset, and is set in the range of 1 ≦ j _b <M, but may be 1. vkey is a key rotation variable v ₀ is a key rotation variable initial value v is a key rotation variable increment z is a processing unit ｚ z _r is a set of bit positions used for random number output z _p is the set operators of bit positions to be used in the affine key specified, are defined as follows, *, × is the multiplication + is added (mod) is, The remainder (+) is addition (and) modulo M, logical product (or), logical sum (xor), exclusive logical sum (shl) z is left shift, and the total bit length Is 2
By traversing 2 to the power of z when z, for example, (1111)
0110) (shl) 4 = (000011111).

The function is defined as follows, and f
(x _k , z ₁ ) is defined as a bit string indicated by z ₁ extracted from x _k .

<Steps of Generating Random Numbers in Multiple Affine Key System> Each step of the random number generation method incorporated in the master key system used in the second embodiment will be described in detail with reference to flowcharts.

FIG. 13 is a flowchart showing a procedure for generating a random number, in which a so-called key rotation type multiple affine key is used. In a general computer device, a program in which an algorithm is created is stored in a storage area such as a hard disk, and is executed according to a user operation according to an operation screen.

This procedure of random number generation is different from the above-described basic key rewriting method, and more reliably avoids the case where the key converges to “0”. However, regarding the application of the master key system in the second embodiment described in the present application, since the capacity of the generated random numbers is very small, the key converges to “0” even if the rewriting process of the basic form is performed. I can't imagine.

[0098] As a procedure to be random number generation, the first various settings of the multiple affine key is made, it is, for example but the number of words k, pointer i of affine key, the setting of such variables x ₀ is made, it the user's operation Through the RAM 41
5 is stored in each storage area (S171). Then determine the pointer i of affine key for random number generation, which is determined from data stored in the set z _p bit position for specifying one affine key from inside random number x ₀ (S172 ). Next, the designated key K
According to [i], the pseudorandom number of the Lemer method is expressed as K (x) = a
It is generated according to the expression x + b (S173). When the random number is generated, the value of the counter is counted up by 1 (S174). After that, the key rewriting pointer j is added from the internal random number x _k to the value of the set of bit positions z _p used for specifying the affine key, and a key opening variable vkey + v is added to specify the pointer position (S175).

By this key rotation processing, as already described in detail in the first embodiment and the like, by further increasing the period of the pseudo random number, it becomes possible to approach the true random number without limit. That is, a pointer j for specifying one from a plurality of affine keys for rewriting the affine key is represented by j =
By adding a new key rotation variable vkey as f (x _k , z _p ) (+) vkey, the algorithm for specifying the key to be used can be further complicated.

That is, when repeatedly rewriting an affine key, if the pointer value j at the time of rewriting the affine key becomes repetitive, the key cycle is shortened accordingly, but the new key rotation variable vkey improves this. The more complicated the algorithm for specifying the key to be used, the longer the cycle of the pointer value j can be,
As a result, the random number generation device of the present invention can generate a pseudo random number having a very long period that is practically the same as a true random number.

Here, it is defined as a value that increases by a constant value v each time rewriting is performed, but is not limited to this.

If the affine key is used, the affine key is rewritten until the counter value c of the affine key becomes equal to the value indicating the life of the affine key (S
176). First, the value of the key counter is set to zero (S17).
7), the selected affine key data K [j]. a, K
[I]. a, K [j]. b, a new coefficient a and a new coefficient b are determined. At this time, the value of the upper half of the coefficient is shifted to the lower half, and the key data is repeatedly updated. This completely eliminates the situation of zero (S178). At this time, the so-called weak key is completely eliminated by forcibly setting the first bit to "1" by adding a logical sum with "1".

[0103] In yet coefficient b, by adding a further j _b the value of the pointer j, and the transition of the affine key for rewriting the coefficients a, be different and the transition of the affine key for rewriting coefficients b Thus, the generated pseudo-random numbers can be made as close as possible to the true random numbers, and the periodicity of the generated random numbers can be further increased (S179). At this time, the so-called weak key is completely eliminated by forcibly setting the second bit to "1" by adding a logical sum with "2".

Then, after setting i = j (S180),
Outputting as a random number sequence _{{R k}} to be output a predetermined bit _{(z r)} of the variable _{x k} (S181). Further, k = k +
The process returns to step 53 as 1 (S182).

According to the procedure described above, in the random number generation device incorporated in the master key system used in the second embodiment, a random number sequence is generated. Based on the generated random number sequence, extremely high security is exhibited. A child key is generated from a master key. Therefore, in the case of the registration process of FIG. 4, the MKEY is generated by the master key system using the multiple affine key system based on the GKEY (S73), and the multiple affine key system is similarly generated based on the generated MKEY. (S74). Further, in the authentication processing of FIGS. 5 and 6, the TK used once is also used.
The EY is generated by a master key system using a multiple affine key system based on, for example, an authentication code (S90a). In parallel with this, TK used once
The EY is generated in the device to be authenticated 2 based on, for example, an authentication code by a master key system using a multiple affine key system (S90b).

As described in detail above, in the second embodiment, it is very difficult for a third party to decipher the key data used when encrypting the photo data of the subject. By using a master key system that uses a multiple affine key system, the system can be simplified and very high security can be provided to a third party who intends to illegally use the authentication system. Becomes possible.

Further, as an application example of the second embodiment, GKEY which is a common key in the certificate authority 3 is also used.
It is conceivable to use a multiple affine key system, such as the above-mentioned master key system, in a higher-level system of the certificate authority 3 instead of preparing it independently. That is, GKEY, which is a common key, is supplied to a plurality of certificate authorities 3 by using a multiple affine key system such as a master key system by an upper system that manages them. By doing so, even if the common key GKEY is lost or erroneously deleted by the certificate authority 3, the GKEY is provided again by a higher-level system using a multiple affine key system such as a master key system. It is possible to further improve the reliability and stability of the system.

Further, in the second embodiment, the encryption and decryption techniques for encrypting the photograph data of the subject are also based on the random number generation function of the multiple affine key system described above. By applying the encryption / decryption function, it is possible to expect a much higher security improvement than when other encryption / decryption methods are used.

As described above, the present invention has been described in detail with respect to the first embodiment and the second embodiment. In the present embodiment, an example in which the encryption data and the authentication code are updated each time authentication is performed has been described. The present invention is not limited to this, and may use the encrypted data and the authentication code at the time of registration repeatedly.

Further, the case where the encrypted data is decrypted or the photographic data is encrypted based on the MKEY and the TKEY has been described, but the present invention is not limited to this. For example, the encryption data may be decrypted once with MKEY and then decrypted with TKEY, or the image data may be encrypted once with MKEY and then encrypted with TKEY. Also,
Encryption and decryption may be performed using only one of the MKEY and the TKEY.

For example, when encryption and decryption are performed using only the MKEY, one MKEY decrypts the encrypted data (S8).
6) is used. After the authentication (S85), the step of generating a new TKEY based on the authentication code is replaced with the step of generating a new MKEY based on the authentication code. The processing flow on the customer 2 side is similarly replaced. FIG. 10 shows a flow in the case of performing encryption and decryption only with the MKEY. Parts common to those in FIG. 5 are denoted by the same reference numerals, and description thereof is omitted.

Although the registration step and the authentication step shown in FIGS. 4 to 6 are performed between the customer 2 and the certificate authority 3, respectively, the present invention is not limited to this.
For example, when the member store 1 has the transaction system 4 and the function of the certificate authority 3, registration and authentication may be performed directly between the member store 1 and the customer 2.

The system shown in FIG. 1 is only an example. For example, a credit company that performs e-commerce settlement in the above-mentioned system exists in the network of the above-mentioned system.
May be provided. Further, even when a credit company exists, it may be provided separately from the transaction system 4. Further, the above-described system has shown the case of performing electronic commerce, but the present invention is not limited to this. For example, a notification system for notifying employees of promotion and demotion items at a board meeting within a company, a pay statement for notifying each employee of a pay statement Any system that notifies a document or the like that can be viewed only by the person or a specific person, such as a notification system and a system for browsing electronic documents in a company, can be applied. For example, in the case of a salary statement reporting system that reports a salary statement to each employee, in a case where a company has the transaction system 4 of FIG. 1, each employee corresponds to the customer 2, and each employee views his or her own electronic pay statement. Issues an authentication request to the certificate authority 3. As described above, since the person who has accessed the certification authority 3 can be authenticated as the employee who requests the electronic pay statement, each employee can see his or her own electronic pay statement. Similarly, for example, in the case of an electronic document browsing system in a company, the certificate authority 3 is accessed, and only a person who is authenticated by the certificate authority 3 can browse the electronic document. Further, in addition to the certification by the certification authority 3, a new post code is assigned to each employee according to the post, for example, in the customer data 1.
Corresponding to the position code 82, only the person in the specific position can view only the specific document based on the position code. Thus, for example, there is no danger that important matters will be leaked to general employees who have no position.

When the information updating process is not performed,
It is not necessary to use a rewritable storage medium as the tag 271. When a CD-R is used, the information can be updated by adding additional information. Also, even if it is impossible to perform additional recording beyond the storage capacity of the CD-R, the CD-R
Transferring the above data to another CD-R makes it usable again.

Further, in the above-described embodiment, the case of a network includes, for example, not only a case where a server or the like is connected by wire through a network provider, but also a case where it is connected wirelessly. . In addition, the customer 2 includes not only an individual but also, for example, a trader who conducts electronic commerce based on a predetermined contract with the certificate authority 3.

Also, the case where the encryption / decryption means and the authentication code / encryption data collation means are realized by a program in the terminal for both the customer 2 and the certification authority 3 has been described, but the present invention is not limited to this. Alternatively, such a device as hardware may be separately provided in the terminal.

Further, the certificate authority 3 sends the TKEY to the customer 2 side.
Although an example in which no encryption is performed when transmitting is transmitted is shown, the present invention is not limited to this, and TKEY may be encrypted and transmitted. In this case, it is preferable to record a key for decrypting the TKEY in the tag 271 in advance at the time of authentication registration.

Further, in the above embodiment, the case where the customer 2 transmits the authentication code and the encrypted data and the authentication authority 3 authenticates based on these is shown, but the present invention is not limited to this. For example, the authentication may be performed using only the authentication code without using the encrypted data, and the customer 2 may not transmit the encrypted data. Conversely, authentication may be performed by transmitting only the encrypted data and using only the encrypted data. For example, in S82, the certificate authority 3
Has requested the customer 2 to transmit the authentication code and the encrypted data, but not only these but also a request for a password set at the time of the authentication registration in advance, or the request may be transmitted together with the time specifying the request time. . When the time for specifying the request time is transmitted, and when there is a time lag of a predetermined time or more compared to when the authentication code or the like is transmitted from the customer 2, the authentication can be denied. Thus, if the communication at the time of the transmission request of the authentication code or the like is intercepted in S82, or the tag 271 is illegally copied, the data is falsified for a predetermined time, or the malicious code is obtained by decrypting the data. It is possible to prevent a third party from illegally receiving authentication permission.

Further, the case where the same authentication code is generated by the customer 2 and the certificate authority 3 has been described. However, even when different codes are generated, it is only required that both are associated so that they can be collated.

Further, in this embodiment, the image for identifying the user is displayed on the customer 2 side, but the present invention is not limited to this. Any identification information that can be used in the terminal, such as a voice for identifying the person, may be used.

[0121]

As described above in detail, according to the present invention, the image associated with the user is displayed on the screen of the user who has been authenticated by the electronic authentication. This enables a third party to monitor the work, and reduces the access of unauthorized users, thereby significantly improving security.

[Brief description of the drawings]

FIG. 1 is a diagram showing an overall configuration of an electronic authentication system according to a first embodiment of the present invention.

FIG. 2 is an exemplary view showing an example of a hardware configuration of a terminal owned by the customer according to the embodiment.

FIG. 3 is an exemplary view showing an example of a hardware configuration of a terminal of the certificate authority according to the embodiment.

FIG. 4 is an exemplary view for explaining the flow of authentication registration according to the embodiment;

FIG. 5 is an exemplary view for explaining the flow of electronic authentication according to the embodiment.

FIG. 6 is an exemplary view for explaining a flow in the case of electronic authentication rejection in the embodiment;

FIG. 7 is an exemplary view showing a flowchart of authentication registration according to the embodiment;

FIG. 8 is a view showing a flowchart of electronic authentication on the certificate authority side according to the embodiment.

FIG. 9 is an exemplary view showing a flowchart of electronic authentication on the customer side according to the embodiment;

FIG. 10 is an exemplary view for explaining the flow of electronic authentication according to a modification of the embodiment.

FIG. 11 is a flowchart illustrating a master key system used when the master key system according to the second embodiment is used.

FIG. 12 is a principle diagram for explaining the principle of the master key system according to the embodiment;

FIG. 13 is a flowchart for explaining random number generation by the master key system according to the embodiment;

[Explanation of symbols]

 1. Member store 2. Customer 3. Certificate authority 4. Trading system 21. Bus 22. CPU 23. Memory 24. Keyboard 25. Display 26. Communication device 27 External input terminal 28 Data control unit 29 Program control unit 81 Data storage unit 91 Program storage unit 92, 192 Main program 93, 195 ... Decryption program 94,196 ... Encryption program 95,197 ... Authentication code generation program 96 ... Display program 97 ... TKEY generation program 182 ... Customer data 193 ... Request program 194 ... Verification program 198 ... KEY generation program 271 ... Tag

──────────────────────────────────────────────────続 き Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/00 675A

Claims (24)

[Claims] An encrypted image data obtained by encrypting, using an electronic communication path, a common key, identification image data obtained by converting an identification image for identifying a user of the device to be authenticated using the common key, and An authentication device, which is obtained through encoding of the identification image data and encryption by the common key, and stores an authentication code for determining whether or not authentication is possible in a database, between the authentication device and the authentication target device. An electronic authentication method for determining whether or not to perform authentication by transmitting and receiving an associated authentication code for the authenticated person, comprising: a step of prompting transmission of the authentication code for the authenticated person; and Reading the corresponding authentication code and comparing it with the authentication code for the person to be authenticated; and decrypting the encrypted data based on the common key to identify the identification image data. Generating an electronic authentication method. 2. Encrypted data obtained by encrypting, using an electronic communication path, a common key and identification image data obtained by converting an identification image for identifying a user of a device to be authenticated using the common key, and the identification data An authentication device, which is obtained through encoding of image data and encryption using the common key and stores an authentication code for determining whether authentication is possible in a database, transmits and receives the authentication code to and from the device to be authenticated. A computer-readable storage medium storing an electronic authentication program for determining whether or not authentication is to be performed, and prompting transmission of the authentication code for the authenticated person; and the authentication code corresponding to the authenticated device from the database. And decrypting the encrypted data with the identification code for the subject based on the common key. And a computer-readable storage medium storing a program for implementing the steps of generating data. 3. An encrypted data obtained by encrypting, via an electronic communication path, a common key and identification image data obtained by converting an identification image for identifying a user of the device to be authenticated using the common key, An authentication device having an identification image output unit that outputs an identification image, obtained by encoding the identification image data and encrypting with the common key, and having an authentication device having an authentication code for determining whether authentication is possible; An electronic authentication method for determining whether or not to perform authentication by transmitting and receiving an authentication code for the authenticated person associated with the authentication code, wherein the authentication code for the authenticated person is transmitted to the authentication device. Prompting the authentication device to collate the authentication code with the code for the subject, and decrypting the encrypted data using the common key to generate the identification image data; Reading the identification image data and outputting an identification image of the user. 4. The method according to claim 1, wherein the authentication code for the authenticated person is connected to and removable from an external input terminal provided on the authenticated device, and the common key, the authentication code for the authenticated person, 4. The electronic authentication method according to claim 3, wherein a computer-readable storage medium storing the encrypted data is connected to the external input terminal and read out from the storage medium. 5. An electronic device comprising: a common key; and encrypted data obtained by encrypting identification image data obtained by converting an identification image for identifying a user of the device to be authenticated into data using the common key via an electronic communication path; An authentication device having an identification image output unit that outputs an identification image, obtained by encoding the identification image data and encrypting with the common key, and having an authentication device having an authentication code for determining whether authentication is possible; A computer-readable storage medium storing an electronic authentication program for determining whether or not to perform authentication by transmitting and receiving an authentication code for the authenticated person associated with the authentication code, Transmitting an authentication code to the authentication device to prompt the authentication device to check the authentication code against the code for the subject; and decrypting the encrypted data based on the common key. Steps and, the identification image computer-readable storage medium storing a program for implementing a step of data reads and outputs the identification image of said user to generate the identification image data turned into. 6. An identification image data obtained by converting an identification image specifying a user of a device to be authenticated into data, a common key, encrypted data obtained by encrypting the identification image data using the common key, and the identification image Storage means for storing an authentication code obtained through encoding of data and encryption by the common key, and for determining whether or not authentication is to be performed; and authenticating the authentication code for the authenticated person associated with the authentication code. A communication device that receives from the apparatus via an electronic communication path, and verifies the authentication code for the subject and the authentication code, and decrypts the encrypted data using the common key to obtain the identification image data. An electronic authentication device comprising: an arithmetic processing unit for generating; 7. An identification image data obtained by converting an identification image for specifying a user of a device to be authenticated into data and encoding the identification image data and encryption using the common key to determine whether or not authentication is possible. Authentication code for a user to be authenticated, a common key, and storage means for storing encrypted data obtained by encrypting the identification data using the common key; and the authentication code for a user to be authenticated. A communication device that transmits the identification data to an authentication device via an electronic communication path; a processing unit that decrypts the encrypted data based on a common key stored in the storage unit to generate the identification image data; Output means for reading out the identification image data and outputting the identification image of the user. 8. A storage medium connectable to and removable from a network terminal, comprising: identification image data in which an identification image for identifying a user of a device to be authenticated is converted into data; a common key; And storing an encrypted code obtained by encrypting the identification image data and an authentication code for determining whether or not to authenticate, obtained through encoding of the identification image data and encryption by the common key. Computer readable storage medium. 9. After decrypting the encrypted data, further generating a new common key from the authentication code; and encrypting the identification image data based on the new common key to generate new encrypted data. The electronic authentication method according to claim 1, further comprising: generating a new authentication code through encoding of the identification image data and encryption using the new common key. 10. A step of generating a new common key based on the authentication code after decrypting the encrypted data, and a step of encrypting the identification image data based on the new common key. 4. The electronic authentication method according to claim 3, further comprising: generating a new authentication code through encoding of the identification image data and encryption using the new common key. 11. After decrypting the encrypted data, further generating a new common key based on the authentication code; and encrypting the identification image data based on the new common key to generate a new common key. Generating encrypted data; generating a new authentication code through encoding the identification image data and encrypting with the new common key; storing the new authentication code and the new encrypted data The electronic authentication method according to claim 4, wherein the electronic authentication method is stored in a medium. 12. An authentication registration method for transmitting and receiving data between a person to be authenticated and an authenticator via an electronic communication path and registering authentication necessary for performing electronic authentication, the method comprising: Generating a common key associated with the person, and encrypting the identification image data provided by the provision of the person to be authenticated and obtained by converting the identification image for identifying the person to be authenticated into data using the common key. Generating an authentication code through encoding of the identification image data and encryption using the common key; and storing the encryption data, the authentication code, and the common key in a storage unit. And an electronic authentication registration method. 13. The storage means is a computer-readable storage medium which is electrically connected to the terminal of the person to be authenticated and is detachable from the terminal. The terminal is provided with an external input terminal. The electronic authentication apparatus according to claim 6, wherein the storage medium is electrically connected to the external input terminal to read out the storage medium and transmit data to an authenticator. 14. The database of the authentication device includes a second
Is stored, the encryption and decryption cannot be performed only with the common key, and the encryption and decryption can be performed when both the common key and the second key are combined. The electronic authentication method according to claim 1, wherein 15. The authentication device further comprises a step of receiving a second key from the authentication device after the verification by the authentication device, wherein the encryption and decryption cannot be performed only with the common key, and 4. The electronic authentication method according to claim 3, wherein the encryption and the decryption are possible when both the common key and the second key are combined. 16. An electronic authentication method for deciding whether or not to perform authentication between an authentication device and a device to be authenticated connected thereto via an electronic communication path, comprising: a registration request received from the device to be authenticated. In the authentication device, the second common key (GKEY) is transmitted from the first common key (GKEY) using the master key system based on the multiple affine key system.
A key generation step (S73) for generating a common key (MKEY, TKEY); and identification image data for identifying a user of the device to be authenticated based on the second common key generated by the key generation step in the authentication device. An encryption step of encrypting and outputting encrypted data (S75), and based on the encrypted data output in the encryption step,
An encoding step (S76) of generating an authentication code for determining whether or not authentication is possible; and at least the second common key generated in the key generation step and the encrypted data output in the encryption step. ,
A storing step (181) of storing the authentication code generated in the encoding step and a database of the authentication device;
In the authentication device, if there is an authentication request (S81) from the device to be authenticated, the encrypted data encrypted in the encryption step is decrypted based on the second common key, and the identification image data is decrypted. A reproducing step (S88) of reproducing, and in the authentication device, if there is an authentication request (S81) from the device to be authenticated, the authentication device requests the device to be authenticated to transmit an authentication code for the person to be authenticated. If the authenticated device authentication code is transmitted from the device to be authenticated, the authentication code corresponding to the device to be authenticated is read from the database, collation is performed with the authentication code for the object to be authenticated, and authentication is performed. Authentication determination step for determining whether or not to permit (S85)
An electronic authentication method, comprising: 17. A program for realizing an electronic authentication method for deciding whether to authenticate between an authentication device constituted by a computer and a device to be authenticated connected thereto via an electronic communication path is stored. A storage medium readable by a computer as the authentication device, wherein the authentication device responds to a registration request received from the device to be authenticated by using a master key system based on a multi-affine key system from a first common key (GKEY). Use second
A key generation step (S73) for generating a common key (MKEY, TKEY); and identification image data for identifying a user of the device to be authenticated based on the second common key generated by the key generation step in the authentication device. An encryption step of encrypting and outputting encrypted data (S75), and based on the encrypted data output in the encryption step,
An encoding step (S76) of generating an authentication code for determining whether or not authentication is possible; and at least the second common key generated in the key generation step and the encrypted data output in the encryption step. ,
A storing step (181) of storing the authentication code generated in the encoding step and a database of the authentication device;
In the authentication device, if there is an authentication request (S81) from the device to be authenticated, the encrypted data encrypted in the encryption step is decrypted based on the second common key, and the identification image data is decrypted. A reproducing step (S88) for reproducing, and in the authentication device, if there is an authentication request (S81) from the device to be authenticated, the authentication device requests the device to be authenticated to transmit an authentication code for the person to be authenticated. If the authenticated device authentication code is transmitted from the device to be authenticated, the authentication code corresponding to the device to be authenticated is read from the database, collation is performed with the authentication code for the object to be authenticated, and authentication is performed. Authentication determination step for determining whether or not to permit (S85)
A computer-readable storage medium storing a program, comprising: 18. An authentication apparatus for deciding whether or not to perform authentication with an apparatus to be authenticated connected via an electronic communication path, the apparatus comprising: A second common key (MKEY, TKEY) is generated from a key (GKEY) using a master key system based on a multi-affine key system.
Key generating means (S73) for generating a KEY), and an encryption for encrypting identification image data for identifying a user of the device to be authenticated based on the second common key generated by the key generating means and outputting encrypted data. Encrypting means (S75), based on the encrypted data output by the encrypting means,
Coding means (S76) for generating an authentication code for determining whether or not authentication is possible; at least the second common key generated by the key generation means, and the encrypted data output by the encryption means ,
Storage means for storing the authentication code generated by the coding means in a database of the authentication device (181)
If there is an authentication request (S81) from the device to be authenticated, the reproducing means for decrypting the encrypted data encrypted by the encrypting means based on the second common key and reproducing the identification image data ( S88), if there is an authentication request (S81) from the authenticated device, the authenticated device requests the authenticated device to transmit an authentication code for the authenticated person. In response, the authenticated device authenticates the authenticated person. If a code is transmitted, the authentication code corresponding to the device to be authenticated is read from the database, collation is performed with the authentication code for the person to be authenticated, and authentication determining means (S85) determines whether or not authentication is possible. An authentication device, comprising: 19. When it is determined in the authentication determining step that authentication is possible, a request is made to the device to be authenticated for personal image data of the person to be authenticated, and when this is received, the personal image data received 17. The electronic authentication method according to claim 16, further comprising a pattern recognition step of performing a pattern recognition process with the identification image data reproduced in the reproduction step. 20. In the authentication determining step, when it is determined that authentication is possible, the authentication apparatus requests personal image data of the person to be authenticated from the apparatus to be authenticated, and receives the personal image data. 18. The computer-readable storage medium according to claim 17, further comprising a pattern recognition step of performing a pattern recognition process with the identification image data reproduced in the reproduction step. 21. When the authentication determining means determines that authentication is possible, requests the authenticated device for the authenticated person's personal image data and receives the same. 19. The authentication apparatus according to claim 18, further comprising a pattern recognition unit that performs a pattern recognition process with the identification image data reproduced by the reproduction unit. 22. The first common key used for the authentication device is generated using a multiple affine key system based on key data higher than the first common key in a system higher than the authentication device. The electronic authentication method according to claim 16, wherein the electronic authentication method is performed. 23. The first common key used for the authentication device is generated using a multiple affine key system based on key data higher than the first common key in a system higher than the authentication device. 18. A computer-readable storage medium storing the program according to claim 17, wherein the program is stored in a storage medium. 24. The first common key used in the authentication device is generated using a multiple affine key system in a system higher than the authentication device, based on key data higher than the first common key. 19. The authentication device according to claim 18, wherein the authentication device has been authenticated.