JP2010034967A - Ternary authentication method and system therefor - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To prevent an unauthorized action such as spoofing by safely and surely processing data by providing a ternary authentication method uniquely determining three authenticators. <P>SOLUTION: By using at least two authenticators registered at an authenticating side and an authenticated side before authentication and a newly generated authenticator, codes are encrypted, exchanged (transmitted/received) and decrypted between the authenticating side and the authenticated side, thereby authenticating that the authenticators are identical to each other. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention encrypts between the authenticator and the authenticated party using at least two authenticators registered on each of the authenticator and the authenticated party and a newly generated authenticator before authentication. The present invention relates to an authentication method (hereinafter referred to as ternary authentication method) for authenticating that an authenticator is the same by performing exchange and decryption.

  For example, three methods as disclosed in Embodiment 9 of Japanese Patent Publication No. 2007-336506 are available as a method in which an authentication side (for example, a server) authenticates an authenticated side (a card, a USB token, a PC, etc.) securely and reliably. There is known a method (three-value authentication method) for performing authentication using the authenticator (code). In this method, for example, an authenticator is exchanged between the authenticated side and the authenticated side as follows to perform authentication (here, a case where a random number generator is provided on the authenticated side will be described).

1) Initial setting Two initial authenticators (R1, R2) obtained from the random number generator are registered on the authenticated side and the authenticating side.
2) A new authenticator R3 is generated by the random number generator on the authenticated side, the authenticators R1 and R2 are encrypted using the authenticator R3 as a key (key code), and the encrypted R1 code and encryption The R2 code is sent to the authentication side.
3) On the authenticating side, these encrypted codes are decrypted using authenticators R1 and R2 registered on the authenticating side, respectively. If it is confirmed that the result is the code (R3) having the same value, the authenticator R1 is updated to R3, and the authentication side is notified that the authentication has been established.
4) Upon receiving this notification, the authenticated side permits updating the authenticator R1 to the authenticator R3.
5) For the next authentication, the authenticators R2 and R3 are used, and the above procedure is repeated.
Japanese Patent Publication No. 2007-336506

  In the conventional three-value authentication, the combination of the three authenticators (codes) cannot be uniquely determined, that is, the authenticators R1 and R2 initially registered on the authenticated side are encrypted by the newly generated authenticator R3. Even if these are decrypted on the authenticating side, only one authenticator R1, R2 having the same authenticator R3 cannot be specified. In other words, there is only one combination of the authenticators R1, R2, R3. There is a possibility that impersonation may occur depending on conditions.

  Therefore, in order to establish a safer and more reliable authentication method, the applicant has invented a new three-value authentication method that can uniquely determine three authenticators.

  The first method is to provide an authenticator generating device on the authenticating side, register the generated at least two authenticators on the authenticating side and the authenticated side, and register the registration on the authenticating side according to the authentication request of the authenticated side. The at least two authenticators and the newly generated third authenticator are used for encryption (for example, the newly generated third authenticator is encrypted), and the obtained encrypted code is authenticated. The encrypted code sent from the authenticator using the registered at least two authenticators (ie, decrypting the encrypted third authenticator), Encryption is performed using the obtained decryption code and the at least two registered authenticators, respectively, and the obtained encrypted code is sent to the authenticating side. At the authenticating side, the at least two registered authenticators are respectively Use the authenticated side Decrypting the encrypted code sent from the client (ie, decrypting the encrypted third authenticator), the obtained decrypted code (at least two) and the third authentication generated by the authenticator The child is checked, and if it matches, it is determined that authentication is established. After the authentication is established, the authenticating side deletes one of the at least two registered authenticators, stores the remaining authenticators and the third authenticator, and establishes the authentication establishment to the authenticated side. Accordingly, the authenticator deletes the authenticator corresponding to the authenticator deleted on the authenticating side, and stores the remaining authenticator and the decrypted code decrypted on the authenticated side. The next authentication repeats the above procedure using this newly stored (ie, updated) authenticator and a newly generated third authenticator.

  As in the first method, the second method is provided with an authenticator generating device on the authenticating side, registers the generated at least two authenticators on the authenticating side and the authenticated side, and authenticates according to the authentication request of the authenticated side. And performing encryption using each of the registered at least two authenticators and the newly generated third authenticator (eg, encrypting the newly generated third authenticator), and The obtained encrypted code is sent to the authenticated side, and the authenticated side decrypts the encrypted code sent from the authenticated side using each of the registered at least two authenticators (that is, the encrypted first code). 3), and confirm that the obtained decryption codes (at least two exist) match (define the matched decryption code as the third authenticator on the authenticated side) The decryption code and the registered Encryption is performed using at least two authenticators, and the obtained encryption code is sent to the authenticating side, and the authenticating side uses the at least two registered authenticators to send from the authenticated side. Decrypting the encrypted code (ie, decrypting the encrypted third authenticator defined on the authenticated side), and the obtained decrypted code and the third authenticator generated on the authenticating side; If they match, it is determined that authentication is established. After the authentication is established, the authenticating side deletes one of the at least two registered authenticators, stores the remaining authenticators and the third authenticator, and establishes the authentication establishment to the authenticated side. Accordingly, the authenticator deletes the authenticator corresponding to the authenticator deleted on the authenticating side, and stores the remaining authenticator and the decrypted code decrypted on the authenticated side. The next authentication repeats the above procedure using this newly stored (ie, updated) authenticator and a newly generated third authenticator.

According to the above method, since three authenticators can be uniquely determined, the device to be authenticated is uniquely specified. Therefore, impersonation becomes impossible, and safer and more reliable authentication can be performed.
Since a genuine random number can be used as an authenticator, it is impossible to predict newly generated authentication. In addition, data transmitted to the transmission path (whether wired or wireless) is encrypted, and even if the data is illegally stolen, the authenticator cannot be decrypted.
Further, since the authenticator is updated every time authentication is performed, even if a recording medium (such as a card) storing the authenticator is stolen, the information is already invalid when actually used. .

  Hereinafter, an embodiment of the present invention will be described with reference to the accompanying drawings.

  FIG. 1 shows a basic configuration example of a system to which the present invention is applied. The system shown in the figure includes an authenticated device (local side) and an authentication device (server side), and the former includes, for example, a PC and a memory device that stores an authenticator.

  Although it is possible for the memory device to use the memory built in the PC, in general, in order to prevent leakage, eliminate impersonation, etc., the user stores unique data and further provides necessary functions. For this purpose, an external storage device is used. For example, a USB memory, a USB token, a contactless / contact type card (including an IC card), a PDA, a mobile phone, or the like is used. If a card is used, a card reader is required. The connection mode between each device and the PC is the same as the conventional one.

  As the USB token, a token having another form different from the form of the USB memory, for example, a card-type token having a USB interface can be used. Such a token may be in the form of a bank card, a credit card or the like in which a connection terminal of a USB interface is embedded in the peripheral portion of the card. In this case, when authenticating with a PC, the PC and this card are connected with an interface cable (custom-specific extension cable or connector). When using a conventional card-type memory device, a card reader is always required, regardless of whether it is a non-contact type or a contact type. This is a large shape, is inconvenient to carry, and is expensive. In the case of a card-type token equipped with a card reader, a card reader is unnecessary, and it is only necessary to connect to a PC via an extension cable or a connector. This card can also be used when purchasing merchandise by e-commerce (electronic commerce) and the like, and since the card number is not input from the PC, there is no risk of information leakage and convenience is good.

  The fingerprint reader shown in FIG. 1 is necessary when biometric authentication (in this case, fingerprint authentication) is also performed on the authentication target side.

  The device to be authenticated (local terminal) can be connected to a network (whether wired or wireless), and the firmware can be installed or the application can be updated, and generally a PC is used. In addition, for example, some mobile phones (including smartphones), PDAs, and the like can be directly connected to a network terminal without using a PC. Such a terminal can be used as an authenticated terminal of the system according to the present invention. It can be used. When the present invention is applied to a CATV system or the like, an STB (set top box) or the like will be an authenticated terminal.

  The authentication side device usually includes a server and a random number generation device (true random number or pseudo random number generation device). The random number generator is preferably one that generates a true random number. The generation device includes a generation element, a generation mechanism, and the like. The random number generation device may be built in the server or externally connected to the server.

  Instead of the true random number generator provided on the authentication side, a storage device (for example, a hard disk, a CF memory card, etc.) storing the true random number can be used. In this case, the random numbers are replaced by a true random number generator as necessary. In this storage device, an authentic random number that is sufficiently longer than a seed (common key) used for an authenticator or a ZRG (random number extension function) described later is stored.

  The system of the present invention is not limited to the illustrated form, and can be variously modified depending on the application. For example, when applied to a mail server system, a video streaming system (data distribution system for messages, voices, images, moving images, etc.) and an entry / exit management system (when biometric authentication is performed), it conforms to the conventional configuration example. It can be deformed.

  In addition, when a USB token that can incorporate an IC chip having a calculation function or a device having a similar function is used in the device to be authenticated, encryption, decryption, determination, etc. described later are performed between the token side and the PC side. In the following, the authentication method according to the present invention will be described by dividing the system into an authenticated side and an authenticating side for convenience.

を例にして説明する。一般的には暗号化関数を使用する。これは他の図面で表示された排他的論理和の演算でも同じである。 First, the premise of this embodiment will be described.
a) In the initial setting, the two authenticators generated from the random number generator and registered on the authenticated side and the authenticating side are a (L), b (L) and a (S), b (S). . Here, L represents the Local side, S represents the Server side, and a (L) ≡a (S) and b (L) ≡b (S).
b) Exclusive OR as encryption algorithm

Will be described as an example. Generally, an encryption function is used. This also applies to the exclusive OR operation displayed in other drawings.

  Hereinafter, the authentication procedure in this embodiment will be described.

First, the first method will be described based on the explanatory diagram of FIG.
(1) Two authenticators generated by the authenticator generating apparatus on the authenticating side are registered on the authenticating side and the authenticated side (a (S), b (S); a (L), b (L)).
(2) Request authentication from the authenticated side to the authenticating side. At this time, an authentication request is made using a conventional ID and password.
(3) Upon request for authentication, the authentication side encrypts the newly generated third authenticator c (S) using the two registered authenticators a (S) and b (S). (a (S) XOR b (S) XOR c (S)), and sends this encrypted third authenticator to the authenticated side.
(4) The authenticated side uses the two registered authenticators to decrypt the encrypted third authenticator (a (S) XOR b (S) XOR c (S) XOR a (S) XOR b (S) is calculated and set as c (L)).
(5) The decrypted third authenticator is encrypted using the two registered authenticators (a (L) XOR c (L) and b (L) XOR c (L)). Then, these encrypted third authenticators are sent to the authenticating side (can be sent in a merged manner).
(6) On the authenticating side, using the two registered authenticators a (S) and b (S), respectively, the encrypted third authenticator is decrypted (a (L) XOR c (L ) XOR a (S) and b (L) XOR c (L) XOR b (S) are calculated as [1] c (L) and [2] c (L), respectively). These decrypted third authenticators ([1] c (L), [2] c (L)) are matched with the third authenticator c (S) generated on the authenticating side. Authentication will be established.

  At this time, if a (L) and a (S) do not match, [1] c (L) and c (S) do not match, and if b (L) and b (S) do not match [ 2] Since c (L) and c (S) do not match, if [1] c (L), [2] c (L) and c (S) match, authenticators a, b, c Is uniquely determined.

(7) After the authentication is established, the authentication side deletes one of the registered two authenticators a (S), and the remaining authenticator b (S) and the third authenticator c (S) Are registered as updated authenticators of the two registered authenticators. Then, the authentication permission is transmitted to the authentication target side.
(8) The authenticated side deletes one of the registered authenticators (corresponding to the one deleted on the authenticating side) a (L) with the authorization of authentication, and the remaining authenticator b (L) The third authenticator c (L) decrypted on the authenticated side is stored as an updated authenticator of the two registered authenticators. In the next authentication, the above procedure is repeated using the two updated authenticators and the newly generated third authenticator.

Next, the second method will be described based on the explanatory diagram of FIG.
(1) Two authenticators generated on the authenticating side are registered on the authenticating side and the authenticated side (a (S), b (S); a (L), b (L)).
(2) Request authentication from the authenticated side to the authenticating side. At this time, an authentication request is made using a conventional ID and password.
(3) Upon request for authentication, the authentication side encrypts the newly generated third authenticator c (S) using the two registered authenticators a (S) and b (S) respectively. (A (S) XOR c (S) and b (S) XOR c (S)), and sends these encrypted third authenticators to the authenticated side.
(4) The authenticated side decrypts the encrypted third authenticator using the two registered authenticators a (L) and b (L), respectively (a (S) XOR c ( S) XOR a (L) and b (S) XOR c (S) XOR b (L) are calculated, and these are set as [1] c (S) and [2] c (S)). If the decrypted third authenticators ([1] c (S), [2] c (S)) match, this is defined as the third authenticator c (L) on the authentication target side.

  At this time, if a (S) and a (L) do not match, [1] c (S) and [2] c (S) do not match, and b (L) and b (S) do not match. Otherwise, [1] c (S) and [2] c (S) do not match.

(5) Next, the third authenticator c (L) is encrypted using the two registered authenticators a (L) and b (L) (a (L) XOR b (L) XOR c (L)), and sends this encrypted third authenticator to the authenticator.
(6) On the authenticating side, the encrypted third authenticator is decrypted using the registered two authenticators a (S) and b (S) (a (L) XOR b (L ) XOR c (L) XOR a (S) XOR b (S) is calculated to obtain c (L)). Authentication is established if the decrypted third authenticator c (L) and the third authenticator c (S) generated on the authenticating side are matched and matched.

  At this time, if a (L) and a (S) do not match, c (L) and c (S) do not match, and if b (L) and b (S) do not match, c (L) And c (S) do not match. Therefore, if c (L) and c (S) match, the authenticators a, b, and c are uniquely determined.

(7) After the authentication is established, the authentication side deletes one of the two registered authenticators a (S), and the remaining authenticator b (S) and the separately generated third authenticator c (S) is stored as an updated authenticator of the two registered authenticators. Then, the authentication permission is transmitted to the authentication target side.
(8) The authenticated side deletes one of the registered authenticators (corresponding to the one deleted on the authenticating side) a (L) with the authorization of authentication, and the remaining authenticator b (L) The third authenticator c (L) decrypted on the authenticated side is stored as an updated authenticator of the two registered authenticators. In the next authentication, the above procedure is repeated using the two updated authenticators and the newly generated third authenticator.

  FIG. 4 is an explanatory diagram showing the initial setting of the authenticator. Here, a method for setting an authenticator using a network will be described.

The procedure for initial setting of the authenticator is as follows.
(1) Request the initial setting of the authenticator from the authenticated side to the authenticating side.
(2) On the authentication side, the random numbers a and b are taken from the random number generator as authenticators.
(3) The authenticators a and b are sent from the authenticating side to the authenticated side.
(4) Thereafter, the above-described ternary authentication is repeated continuously at least twice. If the link is interrupted, the operation is repeated from the initial request. By repeating the authentication at least twice, two of the initial authenticators a and b are updated to form a new authenticator combination.
(5) Thereafter, an authentication procedure of the authenticated side (user) is performed, and after the authentication is established, data such as a moving image is distributed in accordance with the usage mode of the present invention.

  By the way, “authentication” is generally classified into personal authentication and device authentication, and the above-described new three-value authentication method is used for device authentication because the authenticator used therein is for device authentication. enter. In general, the authentication is performed by inputting information such as an ID / password that is known only to the user or by reading biometric information (for example, fingerprint / vein). In the above-described new three-value authentication method, identity authentication is performed by inputting an ID / password or the like when requesting authentication.

  As described above, for example, a USB memory, a USB token, a card, a PDA, a mobile phone, or a PC itself is used as a memory device that stores an authenticator used for device authentication. In the past, however, the authenticator was registered and stored in the memory device as is (unencrypted).

  However, if the authenticator is stored in plain text, the authenticator may be read if the above USB memory or the like is stolen. Even if the child is read, it is updated at every authentication, so that the authenticator itself is disabled and safe enough).

  Therefore, a method for encrypting the authenticator using information for personal authentication (ID / password or biometric information) and storing it in each memory device will be described.

  Generally, since ID / password or biometric information has a different data length from the authenticator (short), ID / password, biometric information, or a combination thereof is a random number expansion function (random number generation function) (ZRG) seed (SEED) Then, a random number is generated, a random number having the same data length as that of the authenticator is extracted from the random number, and XOR is performed between the random number and the authenticator, thereby encrypting the authenticator and storing it in the memory device. The random number expansion function is detailed in Japanese Patent Application No. 2007-190585 by the same applicant as the present application.

  Examples of information that can be used as a seed (SEED) of a random number extension function (ZRG) and an authenticator encrypted using a random number obtained based on the random number extension function are shown below.

なお、‖はマージを意味する。 Seed examples: (1) ID (ID), (2) Password (P), (3) Combination of ID and password, (4) Name (nickname) (N), (5) Bitmap (bitmap), etc. Image information (pic) (selected from several pieces of image information), (6) A combination of the above or any of the above and a random number (R) with uniformity generated by a (genuine or pseudo) random number generator Combination (Note that this random number may also be updated at every authentication)
Examples of encrypted authenticators (the authenticators before being encrypted are (a) and (b)):

Note that ‖ means merging.

  A method for performing, for example, ternary authentication using the above encrypted authenticator will be described in the case of using a USB token as a memory device.

Only with a USB token, the authenticator is encrypted and device authentication is not possible. However, if the ZRG function and the XOR function are installed on the PC side, the ID / password or biometric information is input and XOR is performed again. Thus, the encrypted authenticator is decrypted into plaintext, and for example, ternary authentication can be performed.
It is also possible to decrypt the encrypted authenticator into the plaintext by placing an OS such as Linux in the USB token in advance and installing the ZRG function and the XOR function in the USB token. Is possible.
In addition, when using biometric information, of course, a biometric information reader is required. In the case of a card, authentication can be performed in the same manner as described above.
In the case of a mobile phone or a PC, authentication can be performed in the same manner.

  Next, a case where the ternary authentication of the present invention is applied to, for example, a “system for transferring video (still images, moving images) in a video conference” will be described. FIG. 5 is a diagram showing the flow of processing in such a system. In FIG. 5, processes (1) to (5) correspond to the authentication of the present invention.

First, according to the authentication procedure of the present invention, two authenticators are registered on the transmission side (authentication side, server side) and the reception side (authenticated side, local side), respectively.
In response to an authentication request from the receiving side, the authentication (new three-value authentication) of the present invention is activated using the two registered authenticators and the newly generated authenticator (process (2)).
When authentication is established on the transmission side (processing (3)), the authenticator is updated (processing (4)), and permission of authentication is transmitted to the transmission side (processing (6)). On the transmission side, the authenticator is updated with the authorization of the authentication (process (6)).
Next, “secure common key exchange” (process (7)) is performed. This is a process that is performed to prevent a common key used for encrypting data such as a moving image from being intercepted and used illegally by a third party when sent to the communication line as it is. Applicant's Japanese Patent Application No. 2008-135863 “Method of securely sending a common key after establishment of ternary authentication” is applied.
When authentication is established and the common key is exchanged, the transmitting side connects to the network, captures video (video, still image) from the camera, compresses the obtained image, and uses the common key. And encrypting the data, and transmitting the encrypted data to the network.
On the receiving side, data received via the network is received, decrypted using the common key, developed as a video (expanding process), and displayed on the screen.
As shown in the figure, the processing is divided between the transmission side and the reception side. However, generally, since the transmission and reception are performed simultaneously, the application software is a single program. However, there is no difference in the internal structure between the transmitting side and the receiving side.

It is a block diagram which shows one Embodiment of the authentication system which concerns on this invention. It is explanatory drawing which shows one Embodiment of the authentication method which concerns on this invention. It is explanatory drawing which shows another embodiment of the authentication method which concerns on this invention. It is explanatory drawing which shows the initial setting of the authenticator in this invention. It is explanatory drawing which shows the flow of a process at the time of applying the authentication method which concerns on this invention to the delivery (transfer) system of an image | video (a still image, a moving image).

Claims (11)

  Encrypt and exchange codes between the authenticator and the authenticator using at least two authenticators registered on the authenticator and the authenticator before authentication and the newly generated authenticator An authentication method for authenticating that the authenticator is the same by performing (transmission / reception) and decryption.   The authentication method according to claim 1, wherein authentication is started after a request for authentication by personal authentication is made. The authentication method according to claim 1 or 2,
On the authenticating side, encryption is performed using the registered at least two authenticators and the newly generated third authenticator, and the obtained encrypted code is sent to the authenticated side,
On the authenticated side, the encrypted code sent from the authenticating side is decrypted using the registered at least two authenticators, and the decrypted code obtained and the at least two registered authenticators are respectively used for encryption. And send the obtained encryption code to the authenticator,
On the authenticating side, each of the registered at least two authenticators is used to decrypt the encrypted code sent from the authenticated side, and the obtained decrypted code and the third authenticator generated on the authenticating side An authentication method characterized in that authentication is determined to be successful if the two are matched. The authentication method according to claim 3, further comprising:
After the authentication is established, the authenticating side deletes one of the at least two registered authenticators, stores the remaining authenticators and the third authenticator, and establishes the authentication establishment to the authenticated side. Tell,
The authenticating side deletes the authenticator corresponding to the authenticator deleted on the authenticating side, and stores the remaining authenticator and the decrypted code decrypted on the authenticated side. The authentication method according to claim 1 or 2,
On the authenticating side, encryption is performed using each of the registered at least two authenticators and the newly generated third authenticator, and the obtained encrypted code is sent to the authenticated side,
On the authenticated side, the encrypted code sent from the authenticated side is decrypted using each of the at least two registered authenticators, and it is confirmed that the obtained decoded codes match.
Encryption is performed using the obtained decryption code and the at least two registered authenticators, and the obtained encryption code is sent to the authentication side,
On the authentication side, the at least two registered authenticators are used to decrypt the encrypted code sent from the authenticated side, and the obtained decrypted code and the third authenticator generated on the authenticating side, The method is characterized in that it is determined that the authentication is successful if the two are matched. The authentication method according to claim 5, further comprising:
After the authentication is established, the authenticating side deletes one of the at least two registered authenticators, stores the remaining authenticators and the third authenticator, and establishes the authentication establishment to the authenticated side. Tell,
The authenticating side deletes the authenticator corresponding to the authenticator deleted on the authenticating side, and stores the remaining authenticator and the decrypted code decrypted on the authenticated side. An authentication system having an authentication-side apparatus provided with or connectable with a random number generation means and an authenticated-side apparatus provided with or connectable with an authentication memory device,
Each of the authentication side device and the authenticated side device has a means for encrypting the code, a means for exchanging the code, and a means for decrypting the code.
Encrypt and exchange codes between the authenticator and the authenticator using at least two authenticators registered on the authenticator and the authenticator before authentication and the newly generated authenticator An authentication system that authenticates that the authenticator is the same by performing (transmission / reception) and decryption. A random number is generated using a password, ID, a name including a nickname, identification data for personal authentication such as biometric information and predetermined data such as image information, or a combination thereof as a seed,
Encrypt using the generated random number and the authenticator used for device authentication,
An authenticator encryption method for registering the obtained encryption code in an authentication memory device.   9. The encryption method according to claim 8, wherein a random number is generated by using as a seed any one or a combination of predetermined data such as an identification code for personal authentication and image information and a combination of the generated random numbers. A method for encrypting an authenticator.   10. The encryption method according to claim 9, wherein the further generated random number is updated for each authentication.   11. The authenticator encryption method according to claim 8, wherein the authentication memory device is a PC, a USB memory, a USB token, a contactless or contact card, a PDA, a mobile phone, or the like. A method characterized by that.

Images