JP2010056673A - Authentication processing method, authentication processing program, recording medium, and authentication processing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve security of authentication processing, and carry out continuous communication processing. <P>SOLUTION: An authentication apparatus 120, which authenticates an apparatus to be authenticated 110, acquires and holds this-time authentication information and verification information from the apparatus to be authenticated 110 beforehand. An authentication determination information receiving section 121 receives a first transmission information and a second transmission information from the apparatus to be authenticated 110. A first calculation section 122 calculates a first authentication code by the first transmission information and the held this-time authentication information, a determination section 123 determines whether a value calculated by one direction conversion function for the calculated first authentication code matches the held this-time authentication information; and if they match, it authenticates the apparatus to be authenticated 110. A next-time authentication information verifying section 124 certifies whether the held verification information agrees with the second transmission information received by the authentication judgement information receiving section 121; and if they match, it authenticates that the next authentication information is not forged. <P>COPYRIGHT: (C)2010,JPO&INPIT

Description

  The present invention relates to an authentication processing method, an authentication processing program, a recording medium, and an authentication processing system that guarantee the next authentication processing at the time of the current authentication processing.

  2. Description of the Related Art Conventionally, when an authenticator (for example, a server) authenticates a person to be authenticated (for example, a user), a method of performing authentication based on secret information shared by the authenticator and the person to be authenticated has been used. For this reason, it is necessary for the authenticator and the person to be authenticated to manage secret information safely.

  On the other hand, with the diversification of application forms of authentication processing systems in recent years, servers installed in public places and servers installed by persons who do not have sufficient security knowledge are held by the certifier side. Confidential information may be stolen by a third party. Therefore, by using the secret information stolen by a malicious third party, it is possible to impersonate the person to be authenticated and easily receive authentication from the authenticator.

  As described above, there is a problem in that confidential information leaks if unauthorized authentication succeeds. In addition, there is a problem that the information of the authorized person is rewritten and the authorized person cannot be authenticated by the authenticator.

  As a method for solving such a problem, a method has been proposed in which authentication information used for authentication processing is generated using information stored only by the person to be authenticated (see, for example, Patent Document 1 below). FIG. 12 is a flowchart showing a conventional authentication processing method. In addition, the symbol and numerical formula used in the following description show the following meanings and calculations.

n: Number of times of authentication S: Secret information XOR held secretly by the user (authenticated person): Exclusive OR operation h (x): Value obtained by applying a one-way conversion function to x (arbitrary value) ( x, y): Value obtained by applying a one-way conversion function using x and y (arbitrary values) N_ {n}: Random number v_ {n} for generating an authenticator used for the n-th authentication: n-th An arbitrary value (authenticator) for generating authentication information used for authentication
V_ {n}: Authentication information used for n-th authentication

  As shown in the flowchart of FIG. 12, in the conventional authentication processing method, in the n-th authentication processing, the authenticated device 1210 used in advance by the authenticated person uses the first random number N_ {n} and the secret information S. The first authenticator v_ {n} that has performed the one-way conversion function and the current authentication information V_ {n} that has performed the one-way conversion function on the first authenticator v_ {n} are held. Further, the authentication device 1220 arranged in the server or the like holds the current authentication information V_ {n} acquired from the device to be authenticated 1210 in advance. Here, the current authentication information is authentication information used for the n-th authentication process.

  Then, as shown in the flowchart of FIG. 12, the device to be authenticated 1210 first generates a random number N_ {n + 1} (step S1211). Next, the second authenticator v_ {n + 1} and the next authentication information V_ {n + 1} used for the next authentication are generated using the random number N_ {n + 1} generated in step S1211 (step S1212).

Then, transmission information α and β for requesting authentication from the authenticator are calculated by the following formulas (1) and (2) (step S1213).
α = V_ {n + 1} XOR V_ {n} (1)
β = V_ {n + 1} XOR v_ {n} (2)

  Next, the transmission information α, β calculated in step S1213 is transmitted to the authentication device 1220 (step S1214). Authentication apparatus 1220 authenticates authenticated apparatus 1210 using V_ {n} stored in advance and transmission information α and β transmitted from authenticated apparatus 1210 in step S1214.

  Therefore, if the next authentication information V_ {n + 1} held only by the device to be authenticated 1210 or the data (random number N_ {n + 1}, secret information S) that is the source thereof is not used, the authentication device 1210 authenticates to the authentication device 1220. The transmission information α and β for requesting cannot be generated. Therefore, even if the current authentication information V_ {n} stored in advance in the authentication device 1220 is stolen by a third party, the transmission information α and β cannot be calculated, and the third party I cannot impersonate 1210 and receive authentication.

JP 2007-60568 A

  However, in the technique of Patent Document 1 described above, the next authentication information V_ {n + 1} to be used for the next authentication is stored in the device to be authenticated and the authentication device after the current authentication process is completed. Here, for example, if the next authentication information V_ {n + 1} is forged when the transmission information α, β is transmitted from the device to be authenticated to the authentication device, the next authentication information V_ {n + 1 stored in the device to be authenticated. } And the next authentication information V_ {n + 1} stored in the authentication device have different values. For this reason, there is a problem that the next authentication process cannot be performed, and communication between the device to be authenticated and the authentication device is interrupted.

  The present invention provides an authentication processing method, an authentication processing program, a recording medium, and an authentication processing system capable of guaranteeing the next authentication processing when performing the current authentication processing in order to solve the above-described problems caused by the prior art. The purpose is to provide.

  In order to solve the above-described problems and achieve the object, the authentication processing method according to the first aspect of the present invention is an operation using a one-way conversion function in which it is difficult to calculate a value before the operation for the first authenticator. The current authentication information used for the current authentication process generated by performing the authentication and the next authentication information used for the next authentication process generated using the second authenticator are encrypted using the first authenticator as an encryption key. The verification method is an authentication method in an authentication device that is acquired in advance from an authentication target device that performs authentication and is stored in a predetermined memory, as authentication determination information for determining authentication of the authentication target device, First transmission information in which a first authenticator is concealed using the current authentication information, and second transmission information in which the next authentication information is encrypted using the first authenticator as an encryption key, Receive from authentication device The first authenticator is calculated based on the authentication determination information receiving step, the first transmission information received by the authentication determination information receiving step, and the current authentication information held in advance in the memory. 1 and the current authentication information in which a value obtained by performing an operation by the one-way conversion function on the first authenticator calculated in the first calculation step is held in the memory in advance. If it matches, the determination step of authenticating the device to be authenticated, and the determination step determines to authenticate the device to be authenticated, the information is stored in advance in the memory. The verification information and the second transmission information received by the authentication judgment information receiving step are verified to match each other. The next authentication information verification step for authenticating that the information is not forged, and the authentication information receiving step received when the next authentication information verification step authenticates that the next authentication information is not forged. A second calculation step of decrypting the second transmission information using the first authenticator calculated in the first calculation step as an encryption key and calculating the next authentication information; and information held in the memory And an update step for updating the first authenticator calculated by the first calculation step and the next authentication information calculated by the second calculation step.

  According to the first aspect of the present invention, even if a malicious third party tries to obtain authentication by the authentication device in an unauthorized manner, the third person who is malicious cannot know the authenticator that is the source of the current authentication information used for the current authentication. The transmission information for requesting authentication from the authentication device cannot be generated. For this reason, even if the current authentication information acquired by the authentication device from the device to be authenticated is stolen by a third party, unauthorized authentication is not performed. In the authentication device, the next authentication information used for the next authentication can be verified using the second transmission information transmitted from the device to be authenticated. Therefore, since the next authentication can be verified in this authentication process, in the next authentication process, it is prevented that the authentication is invalid and communication between the authenticated device and the authentication device is interrupted, and continuous communication processing is performed. Can be done.

  An authentication processing method according to a second aspect of the present invention is the authentication processing method according to the first aspect of the present invention, wherein the authentication is generated one after another using a third authenticator as transmission verification information for verifying each transmission information. Third transmission information obtained by encrypting authentication information used for processing one after another using the second authenticator as an encryption key, information used in the current authentication processing, and information not stored in the authentication device in advance and the second authentication Transmission for receiving, from the device to be authenticated, fourth transmission information generated using a child, and fifth transmission information generated using the third transmission information and the fourth transmission information. A value generated using a verification information receiving step, the third transmission information received by the transmission verification information receiving step, and the fourth transmission information received by the transmission verification information receiving step; Receive transmission verification information The third transmission information, the fourth transmission information, and the fifth transmission information are determined by determining whether or not the values generated using the fifth transmission information received in the process match. A transmission information verification step that verifies whether or not at least one of them is not counterfeited, and the update step uses the information stored in the memory as the first authenticator and the next time The authentication information is updated to the third transmission information and the fourth transmission information received in the transmission verification information receiving step.

  According to the second aspect of the present invention, in the current authentication process, it is possible to verify the transmission information using the successive authentication information used for the subsequent authentication. Therefore, since the next authentication can be verified in this authentication process, it is possible to prevent the authentication from becoming invalid in the subsequent authentication process and to prevent the communication between the authenticated device and the authentication device from being interrupted, and more reliably. Communication processing can be performed.

  According to a third aspect of the present invention, there is provided an authentication processing method according to the second aspect of the present invention, wherein the value calculated from the fourth transmission information updated in the previous authentication process by the update step, and the update Verify whether the next authentication information and the first authenticator updated in the previous authentication process by the process match, and if they match, authenticate that the second authenticator is not forged Including a previous transmission information verification step.

  According to the third aspect of the present invention, it is possible to verify the fourth transmission information having the authenticator used for the next authentication transmitted and stored in the previous authentication process in the authentication device. Accordingly, since it is possible to verify that the information used for the next authentication stored in the authentication device has been forged by a third party having malicious intent, the next authentication process is guaranteed in the current authentication process. Communication processing can be performed.

  The authentication processing method according to a fourth aspect of the present invention is the authentication processing method according to the third aspect, wherein the transmission verification information receiving step includes the second transmission information and the first transmission information as the fourth transmission information. A value obtained by encrypting an authenticator using the second authenticator and the current authentication information as an encryption key is received, and the previous transmission information verification step is updated in the previous authentication process by the update step. The transmission information includes the current authentication information generated by using the first authenticator updated in the previous authentication process by the update process, and the first information calculated in the current authentication process by the first calculation process. Whether or not the value obtained by decrypting one authenticator as an encryption key matches the next authentication information and the first authenticator stored in the previous authentication process by the updating step. Witness and, if they match, the second authenticator is characterized in that authentication has not been forged.

  According to the invention of claim 4, a value obtained by encrypting the second authenticator and the current authentication information using the encryption key can be received as the fourth transmission information. For this reason, information used for the next authentication can be exchanged in an encrypted state, and even if the transmission information is stolen by a malicious third party, the next authentication can be guaranteed.

  An authentication processing method according to a fifth aspect of the present invention is the authentication processing method according to the third aspect, wherein the transmission verification information receiving step includes the second transmission information and the first transmission information as the fourth transmission information. The authenticator receives a value obtained by encrypting the second authenticator and the first authenticator as an encryption key, and the previous transmission information verification step is updated in the previous authentication process by the update step. The fourth transmission information is encrypted using the first authenticator updated in the previous authentication process by the update process and the first authenticator calculated in the current authentication process by the first calculation process as an encryption key. It is verified whether or not the decrypted value matches the next authentication information and the first authenticator updated in the previous authentication process by the updating step. Authenticator, characterized in that the authentication has not been forged.

  According to the fifth aspect of the present invention, a value obtained by encrypting the second authenticator and the first authenticator using the encryption key can be received as the fourth transmission information. For this reason, information used for the next authentication can be exchanged in an encrypted state without using the current authentication information. Therefore, even if the current authentication information stored in the authentication device is stolen by a malicious third party, the next authentication can be guaranteed.

  An authentication processing method according to a sixth aspect of the invention is the authentication processing method according to any one of the second to fifth aspects, wherein the transmission verification information receiving step uses the third transmission information as the fifth transmission information. A value obtained by performing an operation with a mask function that is easy to calculate a value before calculation for transmission information and the fourth transmission information, and receiving a value obtained by encrypting the next authentication information as an encryption key; The transmission information verification step calculates the third transmission information received by the transmission verification information reception step and the fourth transmission information received by the transmission verification information reception step using the mask function. And the value obtained by decrypting the fifth transmission information received in the transmission verification information receiving step using the next authentication information calculated in the second calculation step as an encryption key matches. By determining whether said third transmission information, the fourth transmission information, at least one of the fifth transmission information is characterized to verify whether or not a forgery.

  According to the sixth aspect of the present invention, a value obtained by encrypting the next authentication information as the encryption key can be received as the fifth transmission information. Therefore, the fifth transmission information for verifying other transmission information can be exchanged in an encrypted state. Therefore, even if transmission information is stolen by a malicious third party, the fifth transmission information is not easily decoded, and other transmission information can be reliably verified.

  An authentication processing method according to a seventh aspect of the invention is the authentication processing method according to any one of the second to fifth aspects, wherein the transmission verification information receiving step uses the third transmission information as the fifth transmission information. A value obtained by performing an operation using a mask function that is easy to calculate a value before calculation for transmission information and the fourth transmission information is encrypted using the first authenticator or the current authentication information as an encryption key. The transmission information verifying step receives the third transmission information received by the transmission verification information receiving step and the fourth transmission information received by the transmission verification information receiving step. The value obtained by performing the calculation using the mask function and the fifth transmission information received by the transmission verification information receiving step are the first authenticator calculated by the first calculation step or the mem- ory. The third transmission information, the fourth transmission information, and the fifth transmission are determined by determining whether or not a value decrypted with the current authentication information held in advance as a cryptographic key matches. It is characterized by verifying whether at least one of the information is not forged.

  According to the seventh aspect of the present invention, a value obtained by encrypting the first authenticator or the current authentication information using the encryption key can be received as the fifth transmission information. Therefore, the fifth transmission information for verifying other transmission information can be exchanged in an encrypted state. Therefore, even if the fifth transmission information is stolen by a malicious third party, the fifth transmission information is not easily decrypted, and other transmission information can be reliably verified.

  An authentication processing method according to an invention of claim 8 is the authentication processing method according to any one of claims 2 to 5, wherein the transmission verification information receiving step uses the third transmission information as the fifth transmission information. The transmission information, the fourth transmission information, and the next authentication information are received by performing a calculation using the one-way conversion function, and the transmission information verification step is performed by the transmission verification information reception step. The one-way conversion function for the received third transmission information, the fourth transmission information received by the transmission verification information receiving step, and the next authentication information calculated by the second calculation step. The third transmission information, the fourth transmission information, and the fourth transmission information are determined by determining whether or not the value generated by performing the calculation according to the above and the fifth transmission information received by the transmission verification information reception step match. of Shin information, at least one of the fifth transmission information is characterized to verify whether or not a forgery.

  According to the eighth aspect of the present invention, a value generated by performing an operation using a one-way conversion function on the third transmission information, the fourth transmission information, and the next authentication information is received as the fifth transmission information. can do. For this reason, the fifth transmission information for verifying other transmission information can be exchanged in a state where a one-way conversion function for which the value before calculation is difficult to calculate is applied. Therefore, even if the fifth transmission information is stolen by a malicious third party, the fifth transmission information is not deciphered more reliably, so that other transmission information can be verified more reliably.

  An authentication processing method according to a ninth aspect of the present invention is the authentication processing method according to any one of the first to eighth aspects, wherein the authentication determination information receiving step uses the first authentication as first transmission information. A value obtained by encrypting a child using the current authentication information as an encryption key is acquired, and the first calculation step includes the first transmission information received by the authentication determination information receiving step being held in the memory in advance. The current authentication information is decrypted as an encryption key, and the first authenticator is calculated.

  According to the ninth aspect of the present invention, a value obtained by encrypting the first authenticator using the current authentication information as an encryption key can be received as the first transmission information. For this reason, the person to be authenticated can exchange the first authenticator secretly stored in an encrypted state. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  An authentication processing method according to a tenth aspect of the present invention is the authentication processing method according to any one of the first to eighth aspects, wherein the authentication determination information receiving step uses the first transmission information as the first transmission information. For the authenticator and the current authentication information, a value obtained by performing an operation using a mask function that is easy to calculate a value before the operation is obtained, and the first calculation step includes the first transmission information and the first transmission information. The first authentication code is calculated by performing an operation using the mask function on the current authentication information previously stored in the memory.

  According to the tenth aspect of the present invention, the first transmission information is a value obtained by performing an operation with a mask function that makes it easy to calculate a value before the operation for the first authenticator and the current authentication information. Can be received. Therefore, the person to be authenticated can exchange with the first authenticator masked secretly masked. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  In addition, the authentication processing method according to the invention of claim 11 is applied to the current authentication process generated by performing an operation with a one-way conversion function on the first authenticator, which is difficult to calculate a value before the operation. Authentication target for authenticating the current authentication information to be used and the verification information obtained by encrypting the next authentication information generated by using the second authenticator for the next authentication process using the first authenticator as an encryption key. An authentication method in an authentication device acquired in advance from a device and stored in a predetermined memory, wherein the first authenticator is used as the authentication information for determining authentication of the device to be authenticated. An authentication judgment information receiving step for receiving first transmission information concealed by use, and second transmission information obtained by encrypting the next authentication information using the first authenticator as an encryption key; and the authentication judgment information In the reception process A first calculation step for calculating the first authenticator based on the first transmission information received in this way and the current authentication information held in advance in the memory; and the first calculation step. It is determined whether or not the value calculated by the one-way conversion function for the first authenticator calculated by the method matches the current authentication information held in the memory in advance. A determination step for authenticating the device to be authenticated, and if the determination step determines that the device to be authenticated is authenticated, the verification information stored in advance in the memory and the authentication determination information reception step Next authentication information verification that verifies whether or not the second transmission information received by the second authentication information matches, and if the second transmission information matches, authenticates that the next authentication information is not forged When the next authentication information verification step authenticates that the next authentication information is not forged, the second transmission information received by the authentication judgment information reception step is calculated by the first calculation step. The second authenticating step for decrypting the first authenticator as an encryption key and calculating the next authentication information, and the third authenticator as the transmission verification information for verifying each transmission information. The generated next authentication information used for the generated next authentication process is concealed with the third transmission information encrypted using the second authenticator as an encryption key and the second authenticator using the subsequent authentication information. It is easy to calculate a value before calculation for the fourth transmission information obtained by encrypting the value using the second authenticator as an encryption key, the third transmission information, and the fourth transmission information. Use the mask function A transmission verification information receiving step of receiving, from the device to be authenticated, fifth transmission information obtained by encrypting a value obtained by concealing the first authenticator with the next authentication information as an encryption key; A value concealed using the fourth transmission information received by the transmission verification information receiving step and the third transmission information received by the transmission verification information receiving step, and received by the transmission verification information receiving step. The third transmission information, the fourth transmission information, and the fourth transmission information are determined by determining whether or not the values calculated by the fifth transmission information and the next authentication information calculated by the second calculation step match. Transmission information verifying step for verifying whether at least one of the transmission information and the fifth transmission information is not forged, and the information held in the memory are the next authentication information, the third authentication information, And Shin information and updating step of updating said fourth transmission information, characterized in that it comprises a.

  According to the eleventh aspect of the present invention, it is possible to receive the fourth transmission information generated without using the first authenticator secretly held by the person to be authenticated. For this reason, the possibility that the first authenticator is stolen decreases, and the next authentication process can be more reliably guaranteed.

  An authentication processing method according to a twelfth aspect of the present invention is the authentication processing method according to the eleventh aspect of the present invention, wherein the fourth transmission information updated in the previous authentication processing by the updating step is updated by the first calculating step. The current authentication by the first calculation step using the value obtained by decrypting the first authenticator calculated in the authentication processing as an encryption key and the next authentication information updated in the previous authentication processing by the update step. Last transmission information for determining whether or not the value obtained by concealing the first authenticator calculated in the process matches, and authenticating that the second authenticator is not forged if they match A verification process is included.

  According to the invention of claim 12, when the fourth transmission information is verified, the verification can be performed without using the first authenticator. For this reason, the authentication apparatus does not need to hold the first authenticator. Therefore, the possibility that the first authenticator is stolen is further reduced, and the next authentication process can be more reliably guaranteed.

  In the authentication processing method according to the thirteenth aspect of the present invention, in the authentication processing method in the device to be authenticated that requires authentication from the authentication device, it is difficult to calculate the value before the operation for the first authenticator. The current authentication information used for the current authentication process is generated by performing a calculation using the direction conversion function, and the next authentication information used for the next authentication process is generated by performing the calculation using the one-way conversion function for the second authenticator. And generating the verification information obtained by encrypting the next authentication information using the first authenticator as an encryption key, the current authentication information generated by the generation step, and the verification information. A sending step for sending to the apparatus by a secure means; a holding step for holding the first authenticator, the second authenticator, the current authentication information and the next authentication information in a predetermined memory; and the sending After sending the current authentication information and the verification information to the authentication device, the first authenticator is used as the authentication determination information for requesting authentication from the authentication device. And calculating the first transmission information concealed and second transmission information obtained by encrypting the next authentication information using the first authenticator as an encryption key, and the calculation step calculated by the calculation step A transmission step of transmitting the first transmission information and the second transmission information to the authentication device; and an update step of updating the information held in the memory to the second authenticator and the next authentication information; , Including.

  According to the invention of claim 13, even if a malicious third party tries to obtain the authentication by the authentication device illegally, the third person who is malicious cannot know the authenticator that is the source of the current authentication information used for the current authentication. The transmission information for requesting authentication from the authentication device cannot be generated. For this reason, even if the current authentication information acquired by the authentication device from the device to be authenticated is stolen by a third party, unauthorized authentication is not performed. In addition, the next authentication process can be verified by transmitting the next authentication information to the authentication device. Therefore, since the next authentication can be verified in this authentication process, in the next authentication process, it is prevented that the authentication is invalid and communication between the authenticated device and the authentication device is interrupted, and continuous communication processing is performed. Can be done.

  An authentication processing method according to a fourteenth aspect of the present invention is the authentication processing method according to the thirteenth aspect, wherein the calculation step is to verify each transmission information together with the first transmission information and the second transmission information. After generating the second authentication information used for the next authentication process using the third authenticator as the transmission verification information, the third transmission in which the second authentication information is encrypted using the second authenticator as an encryption key. Information, the fourth transmission information generated by using the second authenticator, the information that is not held in advance by the authentication device, and the third transmission information, which are used for the current authentication process. Fifth transmission information generated using transmission information, and the transmission step includes the third transmission information and the fourth transmission information together with the first transmission information and the second transmission information. Send information and the 5 is transmitted to the authentication device, and the updating step includes the second authentication code, the next authentication information, the third authentication code, and the successive authentication information stored in the memory. It is characterized by updating information.

  According to the fourteenth aspect of the present invention, in the current authentication process, it is possible to verify the transmission information using the second-time authentication information used for the second-time authentication. Therefore, it is possible to verify successive authentications in the current authentication process, and in subsequent authentication processes, it is possible to prevent authentication from becoming invalid and to prevent communication between the authenticated device and the authentication device from being interrupted. Communication processing can be performed.

  The authentication processing method according to a fifteenth aspect of the present invention is the authentication processing method according to the fourteenth aspect, wherein the calculation step uses the second authenticator and the first authenticator as the second transmission information and the first authenticator. The fourth transmission information is calculated by encrypting the authentication information as an encryption key this time.

  According to the fifteenth aspect of the present invention, in the calculation step, a value obtained by encrypting the second authenticator and the current authentication information using the encryption key can be calculated as the fourth transmission information. For this reason, information used for the next authentication can be exchanged in an encrypted state. Therefore, even if transmission information is stolen by a malicious third party, the next authentication is guaranteed.

  An authentication processing method according to a sixteenth aspect of the invention is the authentication processing method according to the fourteenth or fifteenth aspect, wherein the calculating step uses the second transmission information and the first authenticator as the second authenticator. And the fourth transmission information is calculated by encrypting the first authenticator as an encryption key.

  According to the sixteenth aspect of the present invention, in the calculation step, a value obtained by encrypting the second authenticator and the first authenticator using the encryption key can be calculated as the fourth transmission information. For this reason, information used for the next authentication can be exchanged in an encrypted state without using the current authentication information. Therefore, even if the current authentication information stored in the authentication device is stolen by a malicious third party, the next authentication is guaranteed.

  An authentication processing method according to a seventeenth aspect of the present invention is the authentication processing method according to any one of the fourteenth to sixteenth aspects, wherein the calculating step is performed on the third transmission information and the fourth transmission information. On the other hand, the fifth transmission information is calculated by encrypting, with the next authentication information as an encryption key, a value obtained by performing an operation using a mask function that is easy to calculate a value before the operation. .

  According to the seventeenth aspect of the present invention, in the calculation step, a value encrypted with the next authentication information as the encryption key can be calculated as the fifth transmission information. Therefore, the fifth transmission information for verifying other transmission information can be exchanged in an encrypted state. Therefore, even if transmission information is stolen by a malicious third party, the fifth transmission information is not easily decoded, and other transmission information is reliably verified.

  An authentication processing method according to an invention of claim 18 is the authentication processing method according to any one of claims 14 to 16, wherein the calculation step is performed on the third transmission information and the fourth transmission information. On the other hand, the fifth transmission information is obtained by encrypting a value obtained by performing an operation with a mask function, which is easy to calculate a value before the operation, using the first authenticator or the current authentication information as an encryption key. It is characterized by calculating.

  According to this aspect of the invention, in the calculation step, a value obtained by encrypting the first authenticator or the current authentication information using the encryption key can be calculated as the fifth transmission information. Therefore, the fifth transmission information for verifying other transmission information can be exchanged in an encrypted state. Therefore, even if the fifth transmission information is stolen by a malicious third party, the fifth transmission information is not easily decoded, and other transmission information is reliably verified.

  An authentication processing method according to a nineteenth aspect of the present invention is the authentication processing method according to any one of the fourteenth to sixteenth aspects, wherein the calculating step includes the third transmission information, the fourth transmission information, For the next authentication information, the fifth transmission information is calculated by performing a calculation using a one-way conversion function that is difficult to calculate a value before the calculation.

  According to the nineteenth aspect of the present invention, in the calculation step, the third transmission information, the fourth transmission information, and the next authentication information are subjected to a calculation using a one-way conversion function, and values generated by the fifth transmission information It can be calculated as transmission information. For this reason, the fifth transmission information for verifying other transmission information can be exchanged in a state where a one-way conversion function for which the value before calculation is difficult to calculate is applied. Therefore, even if the fifth transmission information is stolen by a malicious third party, the fifth transmission information is not deciphered more reliably, so that the other transmission information is more reliably verified.

  An authentication processing method according to a twentieth aspect of the present invention is the authentication method according to any one of the thirteenth to nineteenth aspects, wherein the calculating step uses the first authenticator as the encryption information as the encryption key. The first transmission information is calculated by encryption.

  According to the twentieth aspect of the present invention, in the calculation step, a value obtained by encrypting the first authenticator using the current authentication information as an encryption key can be calculated as the first transmission information. For this reason, the person to be authenticated can exchange the first authenticator secretly stored in an encrypted state. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  An authentication processing method according to a twenty-first aspect of the invention is the invention according to any one of the thirteenth to nineteenth aspects, wherein the calculation step is performed on the first authenticator and the current authentication information. The first transmission information is calculated by performing an operation using a mask function that is easy to calculate a value before the operation.

  According to the twenty-first aspect of the present invention, in the calculation step, a value obtained by performing an operation with a mask function that is easy to calculate a value before the operation is calculated for the first authenticator and the current authentication information. Can be calculated as transmission information. Therefore, the person to be authenticated can exchange with the first authenticator masked secretly masked. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  The authentication processing method according to the invention of claim 22 is the authentication processing method according to claim 14, wherein the calculation step uses the third authenticator to generate the authentication information one after another used for the authentication process one after another. Third transmission information obtained by encrypting the second authentication information using the second authenticator as an encryption key, and a value obtained by concealing the second authenticator using the second authentication information are used as the second authentication code. A value obtained by performing an operation with a mask function that is easy to calculate a pre-computation value for the fourth transmission information encrypted as an encryption key, the third transmission information, and the fourth transmission information. And calculating fifth transmission information obtained by encrypting a value obtained by concealing the first authenticator using the next authentication information as an encryption key.

  According to the twenty-second aspect of the present invention, the fourth transmission information generated without using the first authenticator can be calculated in the calculating step. For this reason, the possibility that the first authenticator is stolen decreases, and the next authentication process can be more reliably guaranteed.

  An authentication processing method according to a twenty-third aspect of the present invention is the authentication processing method according to any one of the thirteenth to twenty-second aspects, wherein the generation step generates the first random number and the second random number, The current authentication information is generated using the first authenticator that has performed an operation on the first random number by the one-way conversion function, and an operation by the one-way conversion function is performed on the second random number. The next authentication information is generated using the performed second authenticator.

  According to the twenty-third aspect of the present invention, in the generation step, after generating a random number, authentication information can be generated by using an authenticator that performs an operation on the random number by a one-way conversion function. For this reason, an authenticator can be generated using a random number that cannot be easily generated by a third party, and forgery of the authenticator by a third party can be prevented. Therefore, spoofing of a malicious third party can be prevented and unauthorized authentication can be prevented.

  An authentication processing method according to a twenty-fourth aspect of the present invention is the authentication processing method according to any one of the thirteenth to twenty-third aspects, wherein the calculating step generates a third random number and then adds the third random number to the third random number. On the other hand, the authentication information is generated one after another by using the third authenticator that has performed the calculation by the one-way conversion function.

  According to the twenty-fourth aspect of the present invention, in the calculation step, the third random number is generated before the transmission information is calculated, and the third random number is calculated using a one-way conversion function. Authentication information is generated one after another using an authenticator. The transmission information can be calculated using the authentication information one after another. For this reason, transmission information can be generated using random numbers that cannot be easily generated by a third party, and forgery of transmission information by the third party can be prevented. Therefore, spoofing of a malicious third party can be prevented and unauthorized authentication can be prevented.

  The authentication processing method according to claim 25 is the authentication processing method according to any one of claims 13 to 24, wherein the generation step generates the first random number and the second random number, For the authentication key unique to the device to be authenticated and the first random number, the current authentication information is generated using the first authenticator that has been operated by the one-way conversion function, and the authentication key and the For the second random number, the next authentication information is generated using the second authenticator that has performed an operation using the one-way conversion function.

  According to the invention of claim 25, after generating a random number in the generation step, the authentication information is obtained by using an authenticator that performs an operation by a one-way conversion function on an authentication key and a random number unique to the device to be authenticated. Can be generated. For this reason, it is possible to prevent a third party who does not have an authentication key unique to the device to be authenticated from forging transmission information. Therefore, spoofing of a malicious third party can be prevented, and unauthorized authentication can be more reliably prevented.

  An authentication processing method according to a twenty-sixth aspect of the present invention is the authentication processing method according to any one of the thirteenth to twenty-fifth aspects, wherein the calculating step generates the third random number, The authentication information is generated one after another by using the third authenticator that has performed the calculation by the one-way conversion function for the random number of 3.

  According to the twenty-sixth aspect of the present invention, in the calculation step, the third random number is generated before the transmission information is calculated, and the third random number and the authentication key unique to the device to be authenticated are unidirectional. Authentication information is generated one after another using a third authenticator that has performed an operation using a conversion function. The transmission information can be calculated using the authentication information one after another. For this reason, it is possible to prevent a third party who does not have an authentication key unique to the device to be authenticated from forging the authenticator. Therefore, spoofing of a malicious third party can be prevented, and unauthorized authentication can be more reliably prevented.

  An authentication processing method according to a twenty-seventh aspect of the present invention is the authentication processing method according to any one of the thirteenth to twenty-sixth aspects, wherein the holding step further stores the first random number and the second random number in the memory. And the calculation step includes a value obtained by performing an operation using the one-way conversion function on the first random number and the authentication key held in the holding step, and the holding step. When the first authenticator is the same, the authentication information is generated one after another.

  An authentication processing method according to an invention of claim 28 is the authentication processing method according to any one of claims 13 to 26, wherein the holding step further holds the second random number in the memory and performs the calculation. The step includes: a value obtained by performing an operation using the one-way conversion function on the second random number held in the holding step and the authentication key; and the second authenticator held in the holding step; Are the same, the authentication information is generated one after another.

  According to the invention of claim 27 or 28, before calculating the transmission information in the calculation step, it is possible to determine whether or not the authenticated person who operates the authenticated apparatus is the same as the authenticated person at the time of initial registration. it can. For this reason, unauthorized authentication can be prevented when the device to be authenticated is used by a third party different from the initial registration.

  An authentication processing program according to the invention of claim 29 causes a computer to execute the authentication processing method according to any one of claims 1 to 28.

  According to the invention of claim 29, it is possible to cause a computer to execute the authentication processing method according to any one of claims 1 to 28.

  A recording medium according to the invention of claim 30 is characterized in that the authentication processing program according to claim 29 is recorded in a computer-readable state.

  According to the invention of claim 30, the computer can read the authentication processing program according to claim 29.

  In an authentication processing system according to a thirty-first aspect of the present invention, in the authentication processing system in which the authentication device authenticates the device to be authenticated, the device to be authenticated calculates a value before calculation for the first authenticator. Next time, the current authentication information used for the current authentication process is generated by performing a calculation using the one-way conversion function, and the second authentication is performed for the next authentication process by performing the calculation using the one-way conversion function. Generating authentication information, generating means for generating verification information obtained by encrypting the next authentication information using the first authenticator as an encryption key, the current authentication information generated by the generating means, the verification information, And the first authenticator, the second authenticator, the current authentication information and the next authentication information are stored in a predetermined memory. First transmission information in which the first authentication information is concealed using the current authentication information after the current authentication information and the verification information are sent to the authentication device by the holding step and the sending step. Calculating means for calculating the second transmission information obtained by encrypting the next authentication information using the first authenticator as an encryption key, the first transmission information calculated by the calculating means, and the second transmission information. 2, transmission means for transmitting the transmission information to the authentication device, and update means for updating the information held in the memory to the second authenticator and the next authentication information. The first transmission information is used as authentication determination information for determining authentication of the device to be authenticated after the current authentication information and the verification information are acquired from the device to be authenticated and stored in a predetermined memory. And the above Authentication information receiving means for receiving the transmission information from the device to be authenticated, the first transmission information received by the authentication judgment information receiving means, and the current authentication information held in advance in the memory The first calculation means for calculating the first authenticator and the value obtained by performing the calculation by the one-way conversion function on the first authenticator calculated by the first calculation means Determining whether or not the current authentication information stored in advance in the memory matches, and determining that the device to be authenticated is authenticated by the determining unit, and authenticating the device to be authenticated by the determining unit If it is determined, whether or not the verification information stored in advance in the memory matches the second transmission information received by the authentication determination information receiving unit If the authentication information matches, the next authentication information verifying unit authenticates that the next authentication information is not forged, and the next authentication information verifying unit authenticates that the next authentication information is not forged. In this case, the second transmission information received by the authentication judgment information receiving means is decrypted using the first authenticator calculated by the first calculation means as an encryption key, and the next authentication information is calculated. Update means for updating the information stored in the memory with the first authentication code calculated by the first calculation means and the next authentication information calculated by the second calculation means. And.

  According to the invention of claim 31, even if a malicious third party tries to obtain the authentication by the authentication device illegally, the third person who is malicious cannot know the authenticator that is the source of the current authentication information used for the current authentication. The transmission information for requesting authentication from the authentication device cannot be generated. For this reason, even if the current authentication information acquired by the authentication device from the device to be authenticated is stolen by a third party, unauthorized authentication is not performed. In the authentication device, the next authentication information used for the next authentication can be verified using the second transmission information transmitted from the device to be authenticated. Therefore, since the next authentication can be verified in this authentication process, in the next authentication process, it is prevented that the authentication is invalid and communication between the authenticated device and the authentication device is interrupted, and continuous communication processing is performed. Can be done.

  An authentication processing system according to a thirty-second aspect of the present invention is the authentication processing system according to the thirty-first aspect, wherein the calculating means includes the first transmission information and the second transmission information. After generating the second authentication information used for the next authentication process using the third authenticator, the third transmission information obtained by encrypting the second authentication information using the second authenticator as an encryption key and the current authentication Use the information that the authentication device does not hold in advance, the fourth transmission information generated using the second authenticator, and the third transmission information generated using the fourth transmission information. The transmission means calculates the third transmission information, the fourth transmission information, and the fifth transmission information together with the first transmission information and the second transmission information. The transmission information The update means updates the information stored in the memory to the second authenticator, the next authentication information, the third authenticator and the authentication information one after another, and the authentication apparatus Verification information for receiving the third transmission information, the fourth transmission information, and the fifth transmission information from the device to be authenticated as transmission verification information for verifying each transmission information. A value generated using a receiving means, the third transmission information received by the transmission verification information receiving means and the fourth transmission information received by the transmission verification information receiving means, and the transmission verification By determining whether or not the values generated using the fifth transmission information received by the information receiving means match, the third transmission information, the fourth transmission information, the fifth transmission information, Small amount of information sent Transmission information verification means for verifying whether at least any one of them is not counterfeited, wherein the update means uses the first authenticator and the next authentication as the information held in the memory. The information is updated to the third transmission information and the fourth transmission information received by the transmission verification information receiving means.

  According to the thirty-second aspect of the present invention, in the current authentication process, it is possible to verify the transmission information using the successive authentication information used for the subsequent authentication. Therefore, since the next authentication can be verified in this authentication process, it is possible to prevent the authentication from becoming invalid in the subsequent authentication process and to prevent the communication between the authenticated device and the authentication device from being interrupted, and more reliably. Communication processing can be performed.

  According to the authentication processing method, the authentication processing program, the recording medium, and the authentication processing system according to the present invention, it is possible to further improve the safety of the authentication processing and perform continuous communication processing.

  Exemplary embodiments of an authentication processing method, an authentication processing program, a recording medium, and an authentication processing system according to the present invention will be explained below in detail with reference to the accompanying drawings. Note that, in the following description of the embodiments and all the attached drawings, the same reference numerals are given to the same components, and duplicate descriptions are omitted.

(Embodiment 1)
First, the configuration of the authentication processing system according to the present embodiment will be described. FIG. 1 is a schematic diagram showing the configuration of the authentication processing system. In the first to third embodiments described below, the system configuration, hardware configuration, and functional configuration (corresponding to FIGS. 1 to 3) of the authentication processing system are common.

  FIG. 1 is an explanatory diagram showing the configuration of the authentication processing system. As illustrated in FIG. 1, the authentication processing system 100 includes an authenticated device 110 (110a to 110f) used by a user and an authentication device 120 arranged in a server. Here, the user is an authenticated person who requests authentication from the authenticator, and the server is an authenticated person who authenticates the authenticated person. In addition, the devices to be authenticated 110 a to 110 f and the authentication device 120 are connected by a network 130.

  In the authentication system 100, a user requests authentication from the authentication target device 110 to the authentication device 120, and is authenticated by the authentication device 120, whereby a predetermined service (for example, provided by a server in which the authentication device 120 is disposed (for example, Data communication connection service, gate pass permission, content provision, etc.). Hereinafter, when the authentication device 120 authenticates the device to be authenticated 110 (when authentication is established), it is assumed that the mutual connection is started between the user and the server. Although detailed description of the processing is omitted, the device to be authenticated 110 used by the user may fulfill the function of authenticating the authentication device 120 in order to further improve safety. That is, mutual authentication may be performed in which the server authenticates the user and also authenticates from the user side whether the authentication request destination server is a valid person.

(Hardware configuration of the device to be authenticated and the authentication device)
Next, the hardware configuration of the device to be authenticated 110 and the authentication device 120 constituting the authentication processing system 100 will be described. FIG. 2 is a block diagram illustrating an example of a hardware configuration of the device to be authenticated and the authentication device. In the following, for convenience of explanation, it is assumed that the device to be authenticated 110 and the authentication device 120 have the same hardware configuration.

  In FIG. 2, the CPU 211 controls the entire device to be authenticated 110 or the authentication device 120. A basic input / output program is stored in the ROM 212, and the RAM 213 is used as a work area for the CPU 211.

  The HDD (Hard Disk Drive) 214 controls reading / writing of data with respect to the HD (Hard Disk) 215 according to the control of the CPU 211. The HD 215 stores data written according to the control of the HDD 214. An FDD (flexible disk drive) 216 controls reading / writing of data with respect to the FD (flexible disk) 217 according to the control of the CPU 211. The FD 217 is detachable from the device to be authenticated 110 or the authentication device 120, and stores data written according to the control of the FDD 216.

  The display 218 displays a cursor, menu, window, or various data such as characters and images. A communication I / F (interface) 219 is connected to the network 130, functions as an interface of the own device, and enables transmission / reception of data to / from another device (either the device to be authenticated 110 or the authentication device 120). To do. The keyboard 220 also includes a plurality of keys for inputting characters, numerical values, various instructions, and the like. The mouse 221 enables selection and execution of various instructions, selection of a processing target, movement of a cursor, and the like.

  The scanner 222 optically reads characters and images, and the printer 223 prints characters and images on paper. The CD-ROM 224 is a recording medium that is detachable from the authentication target device 110 or the authentication device 120, and the CD-ROM drive 225 controls reading of data from the CD-ROM 224. The above-described components 211 to 225 are connected by a common bus (or cable) 226, respectively.

  Next, a functional configuration of the authentication processing system 100 according to the present embodiment will be described. FIG. 3 is a block diagram illustrating a functional configuration of the authentication target device and the authentication device that constitute the authentication processing system.

  The device to be authenticated 110 includes a generation unit 111, a transmission unit 112, a holding unit 113, a calculation unit 114, a transmission unit 115, and an update unit 116. The generation unit 111 generates current authentication information (V_ {n} to be described later) used for the current authentication process by using the first authenticator (v_ {n} to be described later). Further, the generation unit 111 generates next authentication information (V_ {n + 1} described later) used for the next authentication process by using the second authenticator (v_ {n + 1} described later). Specifically, the generation unit 111 performs the current authentication information or the second authenticator by performing an operation using a one-way conversion function that is difficult to calculate a value before the operation on the first authenticator or the second authenticator. Next time authentication information is generated. Furthermore, the generation unit 111 generates verification information (β ′ _ {n} described later) obtained by encrypting the next authentication information using the first authenticator as an encryption key.

  In addition, the generation unit 111 generates a first random number and a second random number, and then performs one-way conversion on the generated first random number (or the first random number and an authentication key unique to the own device). A first authenticator is generated by performing an operation using a function. And this time authentication information is produced | generated by calculating by a one-way conversion function with respect to this 1st authenticator. Further, the generation unit 111 performs an operation using a one-way conversion function on the generated second random number (or the second random number and an authentication key unique to the own device), thereby obtaining the second authenticator. Generate. And next time authentication information is produced | generated by calculating by a one-way conversion function with respect to this 2nd authenticator.

  Here, the one-way conversion function is a function in which it is difficult to calculate a value before calculation. Specifically, for example, when a certain two values (x, y) are calculated by the function, the value (z) is a result of the calculation and one of the two values (for example, x) However, it is a difficult function to calculate another value (y) from them. That is, when the one-way conversion function is h and z is a value obtained by calculating x and y by h, z can be expressed as z = h (x, y). At this time, it is a difficult function to calculate y from x and z.

  The sending unit 112 sends the current authentication information and the verification information generated by the generating unit 111 to the authentication device 120 by a safe means. Here, the safe means means that the information is a third party other than the user of the authentication device 120 and the device to be authenticated 110, such as transmission of the information through a dedicated line or mailing of a storage medium storing the information. It is a means of sending that is not known to the person.

  The holding unit 113 has a predetermined memory, and holds the first authenticator, the second authenticator, the current authentication information, and the next authentication information in this memory. The holding unit 113 may further hold the first random number and the second random number in the memory.

  The calculation unit 114 uses the first authenticator, the current authentication information, and the next authentication information generated by the generation unit 111 as authentication determination information for requesting authentication from the authentication device 120, and includes the first transmission information and Second transmission information is calculated. Specifically, the calculation unit 114 includes first transmission information in which the first authenticator is concealed using the current authentication information, and second authentication information that is encrypted using the first authenticator as an encryption key. The transmission information is calculated.

  Note that the first transmission information is calculated by, for example, calculating the first authenticator by encrypting the current authentication information using the current authentication information as an encryption key, or calculating the first transmission information before the calculation. The value is calculated by performing an operation using a mask function that is easy to calculate. Here, the mask function is a function in which the original value becomes the operation result when the same operation is performed twice, and for example, an exclusive OR operation (XOR) corresponds thereto. Hereinafter, the mask function will be described as an exclusive OR operation.

  In addition, the calculation unit 114 generates the second authentication information used for the next authentication process using the third authenticator, and then uses the second authentication information as the second authentication information as the transmission verification information for verifying each transmission information. The third transmission information encrypted using the child as the encryption key, the fourth transmission information used for the current authentication, the information not stored in the authentication device 102 in advance and the second transmission information generated using the second authenticator, The third transmission information generated using the third transmission information and the fourth transmission information is calculated. Here, the information that is used for the current authentication and is not held in advance by the authentication device 102 is, for example, a first authenticator.

  Note that the fourth transmission information is calculated by, for example, calculating the second transmission information and the first authenticator by encrypting the second authenticator and the current authentication information with the encryption key, The transmission information and the first authenticator are calculated by encrypting the second authenticator and the first authenticator as an encryption key.

  The fifth transmission information is calculated by encrypting a value obtained by performing an operation using a mask function on the third transmission information and the fourth transmission information using the next authentication information as an encryption key. . In addition, a value obtained by performing an operation using a mask function on the third transmission information and the fourth transmission information may be calculated by encrypting the first authentication code or the current authentication information as an encryption key. . Furthermore, the third transmission information, the fourth transmission information, and the next authentication information may be calculated by performing a calculation using a one-way conversion function.

  Further, when a random number is held in the memory by the holding unit 113, the calculation unit 114 performs a calculation using a one-way conversion function on the first random number and the authentication key held in the memory by the holding unit 113. And the first authenticator held in the memory by the holding unit 113 may be the same, the generation of authentication information may be started one after another.

  The transmission unit 115 transmits the first transmission information and the second transmission information calculated by the calculation unit 114 to the authentication device 120. The transmission unit 115 transmits the third transmission information, the fourth transmission information, and the fifth transmission information to the authentication device 120 together with the first transmission information and the second transmission information. The transmission unit 115 transmits each piece of transmission information described above to the authentication device 120 via the network 130, for example.

  The update unit 116 updates the information held in the memory to the second authenticator and the next authentication information. Further, the update unit 116 may update the information held in the memory to the second authenticator, the next authentication information, the third authenticator, and the authentication information one after another. Furthermore, the update unit 116 may update the first random number and the second random number held in the memory to the second random number and the third random number.

  The authentication device 120 includes an authentication determination information reception unit 121, a first calculation unit 122, a determination unit 123, a next authentication information verification unit 124, a second calculation unit 125, a transmission verification information reception unit 126, The transmission information verification unit 127, the update unit 128, and the previous transmission information verification unit 129 are configured. Here, it is assumed that the authentication device 120 previously acquires authentication information and verification information from the device to be authenticated 110 and holds them in a predetermined memory.

  The authentication determination information receiving unit 121 receives first transmission information and second transmission information from the authenticated device 110 as authentication determination information for determining authentication of the authenticated device 110.

  The first calculation unit 122 calculates a first authenticator based on the first transmission information received by the authentication determination information receiving unit 121 and the current authentication information held in advance in the memory.

  The determination unit 123 determines whether or not the value obtained by performing the calculation using the one-way conversion function on the first authenticator calculated by the first calculation unit 122 matches the current authentication information stored in the memory in advance. If it matches, the device to be authenticated 110 is authenticated.

  When the next authentication information verification unit 124 determines that the authentication target device 110 is authenticated by the determination unit 123, the verification information stored in the memory in advance and the second transmission information received by the authentication determination information reception unit 121. Whether the authentication information is not counterfeited is verified.

  When the next authentication information verification unit 124 authenticates that the next authentication information is not forged, the second calculation unit 125 uses the second calculation information received by the authentication determination information reception unit 121 as the first calculation unit. The first authenticator calculated by 122 is decrypted as an encryption key, and the next authentication information is calculated.

  The transmission verification information receiving unit 126 receives third transmission information, fourth transmission information, and fifth transmission information from the device to be authenticated 110 as transmission verification information for verifying each transmission information. .

  The transmission information verification unit 127 uses the third transmission information received by the transmission verification information reception unit 126 and the fourth transmission information received by the transmission verification information reception unit 126 as a transmission verification value. By determining whether or not the value generated using the fifth transmission information received by the information receiving unit 126 matches, the third transmission information, the fourth transmission information, and the fifth transmission information Verify whether at least one of them is not counterfeited.

  The update unit 128 updates the information held in the memory to the first authentication code calculated by the first calculation unit 122 and the next authentication information calculated by the second calculation unit 125. The updating unit 128 updates the information held in the memory to the first authenticator, the next authentication information, the third transmission information received by the transmission verification information receiving unit 126, and the fourth transmission information.

  The previous transmission information verification unit 129 includes a value calculated from the fourth transmission information updated by the update unit 128 in the previous authentication process, the next authentication information updated by the update unit 128 in the previous authentication process, and the first authentication information. It is verified whether or not the two authenticators match, and if they match, it is authenticated that the second authenticator is not forged.

  Note that the above-described units realize their respective functions by the CPU 211 and the like executing instruction processing in accordance with program instructions read into the RAM 213 from various recording media such as the HD 215, FD 217, and CD-ROM 224 of each device. To do.

<Initial registration process>
First, the procedure of the initial registration process by the person to be authenticated in the authentication process according to the first embodiment will be described. In addition, the symbol and numerical formula used in the following description show the following meanings and calculations.

n: number of times of authentication S: secret information (for example, password information) held secretly by the user (authenticated person)
XOR: exclusive OR operation h (x): a value obtained by applying a one-way conversion function to x (arbitrary value) h (x, y): a one-way conversion function using x and y (arbitrary value) Applied value e_ {y} (x): Value obtained by encrypting x using y as an encryption key d_ {y} (x): Value obtained by decrypting x using y as an encryption key

  Here, in e_ {y} (x), x and y may each use a plurality of values. For example, e_ {q, r} (o, p) is a value obtained by encrypting o and p with q and r. q and r are encryption key arguments and may be used in any manner. For example, a value calculated by q XOR r, h (q, r) or e_ {r} (q) may be used as the encryption key. Similarly, in d_ {y} (x), y may use a plurality of values. For example, d_ {q, r} (o) means a result of decoding o with q and r. The key generation method using q and r is the same as the key generation method used for encryption.

  FIG. 4 is a flowchart of the initial registration process performed by the person to be authenticated in the authentication process according to the first embodiment. In FIG. 4, first, the to-be-authenticated apparatus 110 generates random numbers N_ {1} and N_ {2} (step S411). Here, the random number N_ {n} is a random number for generating an authenticator used for the n-th authentication.

Next, authenticators v_ {1} and v_ {2} are generated by the following equation (3) using the random numbers N_ {1} and N_ {2} generated in step S411 and the secret information S ( Step S412). Here, the authenticator v_ {n} is an arbitrary value for generating authentication information used for the n-th authentication.
v_ {n} = h (N_ {n}, S) (3)

In step S412, the authenticators v_ {1} and v_ {2} may be generated by the following equation (4) without using the secret information S.
v_ {n} = h (N_ {n}) (4)

Next, authentication information V_ {1} and V_ {2} are generated by the following equation (5) using the authenticators v_ {1} and v_ {2} generated in step S412 (step S413). Here, the authentication information V_ {n} is authentication information used for the n-th authentication. Specifically, the authentication information V_ {1} is the initial (current) authentication information used for the initial (n = 1) authentication. The authentication information V_ {2} is the next authentication information used for the next (n + 1) authentication.
V_ {n} = h (v_ {n}) (5)

Furthermore, verification information β ′ _ {1} is generated by the following equation (6) using v_ {1} generated in step S412 and V_ {2} generated in step S413 (step S414). Here, the verification information β ′ _ {n} is information for verifying forgery of the next authentication information V_ {n + 1} by the third party.
β ′ _ {n} = e_ {v_ {n}} (V_ {n + 1}) (6)

  Next, the initial authentication information V_ {1} and the verification information β ′ _ {1} are transmitted to the authentication device 120 by a secure means (step S415). Here, the safe means is means such as transmission of the information by a dedicated line or mailing of a storage medium storing the information. Then, the authenticators v_ {1}, v_ {2}, the initial authentication information V_ {1}, and the next authentication information V_ {2} are stored in a predetermined memory (step S416), and a series of processes in the device to be authenticated 110 Exit.

  The authentication device 120 stores the initial authentication information V_ {1} and the verification information β ′ _ {1} sent from the device to be authenticated 110 in step S415 in a predetermined memory (step S421), and a series of processes Exit. Through the processing as described above, the device to be authenticated 110 is initially registered in the authentication device 120.

<About the first authentication process>
Next, an initial authentication process (n = 1) in the authentication process according to the first embodiment will be described. FIG. 5 is a flowchart illustrating an initial authentication process in the authentication process according to the first embodiment. At this time, information stored in the device to be authenticated 110 includes authenticators v_ {1}, v_ {2}, initial authentication information V_ {1}, and next authentication information V_ {2}, and is stored in the authentication device 120. The information is the initial authentication information V_ {1} and the verification information β ′ _ {1}. In the flowchart of FIG. 5, first, the device to be authenticated 110 generates a random number N_ {3} (step S511).

  Next, using the random number N_ {3} generated in step S511 and the secret information S, the authenticator v_ {3} and the authentication information V_ {3} are generated by the above formulas (3) and (5). (Step S512). In step S512, authentication information V_ {3} is authentication information used one after another used for authentication (n + 2).

  Further, in step S512, the authenticator v_ {3} is generated by the above-described equation (4) without using the secret information S, and the authentication information V_ {3} is successively used by using the authenticator v_ {3}. May be generated.

Next, the device to be authenticated 110 transmits the first transmission information α_ {1}, the second transmission information β_ {1}, the third transmission data to the authentication device 120 by the following formulas (7) to (10). Transmission information β_ {2}, fourth transmission information γ_ {2}, and fifth transmission information δ_ {1} are calculated (step S513).
α_ {n} = e_ {V_ {n}} (v_ {n}) (7)
β_ {n} = e_ {v_ {n}} (V_ {n + 1}) (8)
γ_ {n + 1} = e_ {v_ {n + 1}, V_ {n}} (β_ {n}, v_ {n}) (9)
δ_ {n} = e_ {V_ {n + 1}} (β_ {n + 1} XOR γ_ {n + 1}) (10)

  Here, the first transmission information α_ {n} is information including the current authentication information V_ {n} used for the current (n) authentication, as shown in the above-described equation (7). The second transmission information β_ {n} is information obtained by encrypting the next authentication information V_ {n + 1} used for the next (n + 1) authentication, as shown in the above-described equation (8). The transmission information β_ {n + 1} is information for verifying the second transmission information β_ {n}. And 4th transmission information (gamma) _ {n + 1} is information for verifying the forgery of the information used for (n + 2) time after time, as shown in Formula (9) mentioned above. Further, the fifth transmission information δ_ {n} is used for verifying the forgery of the third transmission information β_ {n + 1} and the fourth transmission information γ_ {n + 1} as shown in the above-described equation (10). Information.

  Subsequently, the first transmission information α_ {1}, the second transmission information β_ {1}, the third transmission information β_ {2}, the fourth transmission information γ_ {2}, the fifth calculated in step S513. The transmission information δ_ {1} is transmitted to the authentication device 120 (step S514). Then, the stored information in the device to be authenticated 110 is updated to the authenticators v_ {2}, v_ {3}, the next authentication information V_ {2}, and the authentication information V_ {3} one after another (step S515). Then, a series of processing in the device to be authenticated 110 is terminated.

On the other hand, in the authentication apparatus 120, the first transmission information α_ {1}, the second transmission information β_ {1}, the third transmission information β_ {2}, the first transmission information transmitted from the authenticated apparatus 110 in step S514. 4 transmission information γ_ {2} and 5th transmission information δ_ {1} are received. Then, the received first transmission information α_ {1} is decrypted by using the stored current authentication information V_ {1} as an encryption key and the authenticator v_ {1} is calculated by the following equation (11). (Step S521).
v_ {n} ← d_ {V_ {n}} (α_ {n}) (11)

  Next, it is determined whether the value obtained by performing the one-way conversion function on the authenticator v_ {1} calculated in step S521 is equal to the stored current authentication information V_ {1}. S522). When it is determined in step S522 that they are equal (step S522: Yes), the authentication device 120 determines that the device to be authenticated 110 is a valid authenticator (step S523).

  Next, it is determined whether or not the received second transmission information β_ {1} is equal to the stored β ′ _ {1} (step S524). If it is determined that they are equal (step S524). : Yes), it authenticates that the next authentication information V_ {2} included in the second transmission information β_ {1} and the verification information β ′ _ {1} is not forged (step S525).

  Next, the second transmission information β_ {1} authenticated in step S525 is decrypted using v_ {1} calculated in step S521 as an encryption key to calculate next authentication information V_ {2} (step) S526).

  Then, the received fifth transmission information δ_ {1} is decrypted using the next authentication information V_ {2} calculated in step S526 as the encryption key, the received third transmission information β_ {2}, and the reception It is determined whether or not the value obtained by performing the exclusive OR operation on the fourth transmission information γ_ {2} is equal (step S527), and if it is determined to be equal (step S527: Yes), storage is performed. Information to be updated to the authenticator v_ {1}, the next authentication information V_ {2}, the third transmission information β_ {2}, and the fourth transmission information γ_ {2} (step S528). A series of processing ends.

  On the other hand, if it is not determined in step S522 that the value obtained by performing the one-way conversion function on the authenticator v_ {1} calculated in step S521 is equal to the stored current authentication information V_ {1} ( Step S522: No), authentication is rejected (step S529), and a series of processing is terminated. The reason is, for example, that the person to be authenticated has erroneously input the password to the apparatus to be authenticated 110 or that the first transmission information α_ {1} (or part thereof) has been forged.

  In step S524, if it is not determined that the received second transmission information β_ {1} is equal to the stored β ′ _ {1} (step S524: No), the process proceeds to step S529 and authentication is performed. Reject and end the series of processing. The reason is that, for example, the second transmission information β_ {1} (or a part thereof) has been forged, or the authentication device 120 has failed to store the authentication information V_ {1} this time. 110 and the authentication device 120 may be out of synchronization of authentication information.

  In step S527, the received fifth transmission information δ_ {1} is decrypted using the next authentication information V_ {2} calculated in step S526 as an encryption key, and the received third transmission information β_ { 2} and the value obtained by performing the exclusive OR operation on the received fourth transmission information γ_ {2} are not determined to be equal (step S527: No), the process proceeds to step S529, the authentication is rejected, A series of processing ends. The reason is that at least one of the third transmission information β_ {2}, the fourth transmission information γ_ {2}, and the fifth transmission information δ_ {1} (or a part thereof) is forged. It can be mentioned.

<About the second and subsequent authentication processing>
Next, a second (n = 2) and subsequent authentication process in the authentication process according to the first embodiment will be described. FIG. 6 is a flowchart illustrating the second and subsequent authentication processes in the authentication process according to the first embodiment. At this time, the information stored in the device to be authenticated 110 includes authenticators v_ {n}, v_ {n + 1}, current authentication information V_ {n}, and next authentication information V_ {n + 1}. The stored information includes the authenticator v_ {n−1} used in the previous (n−1) authentication process, the current authentication information V_ {n}, and the third transmission information β_ received in the previous authentication process. {N} and fourth transmission information γ_ {n}.

  In the authentication process after the second (n = 2), the first (n = 1) authentication process shown in the flowchart of FIG. 5 and the authentication apparatus 120 received in the previous authentication process that has already been stored. 4 transmission information γ_ {n} is verified.

  In the flowchart of FIG. 6, first, the device to be authenticated 110 generates a random number N_ {n + 2} (step S611). Next, using the random number N_ {n + 2} generated in step S611 and the secret information S, the authenticator v_ {n + 2} and the authentication information V_ {n + 2} are generated by the above formulas (3) and (5). (Step S612). In step S612, authentication information V_ {n + 2} is authentication information used one after another used for authentication (n + 2).

  Further, in step S612, the authentication information v_ {n + 2} is generated by the above-described equation (4) without using the secret information S, and the authentication information V_ {n + 2} is successively generated using the authentication code v_ {n + 2}. May be generated.

  Next, the device to be authenticated 110 transmits the first transmission information α_ {n}, the second transmission information β_ {n}, the first transmission information as the transmission data to the authentication device 120 according to the above formulas (7) to (10). 3 transmission information β_ {n + 1}, fourth transmission information γ_ {n + 1}, and fifth transmission information δ_ {n} are calculated (step S613).

  Subsequently, the first transmission information α_ {n}, the second transmission information β_ {n}, the third transmission information β_ {n + 1}, the fourth transmission information γ_ {n + 1}, the fifth calculated in step S613. The transmission information δ_ {n} is transmitted to the authentication device 120 (step S614). Then, the stored information is updated to the authenticators v_ {n + 1}, v_ {n + 2}, the next authentication information V_ {n + 1}, and the authentication information V_ {n + 2} one after another (step S615), and a series of processes in the device to be authenticated 110 Exit.

  On the other hand, in the authentication device 120, the first transmission information α_ {n}, the second transmission information β_ {n}, the third transmission information β_ {n + 1}, the first transmission information transmitted from the authenticated device 110 in step S614. 4 transmission information γ_ {n + 1} and 5th transmission information δ_ {n} are received. Then, the received first transmission information α_ {n} is decrypted by using the stored current authentication information V_ {n} as an encryption key and the authenticator v_ {n} is calculated by the above equation (11). (Step S621).

  Next, it is determined whether the value obtained by performing the one-way conversion function on the authenticator v_ {n} calculated in step S621 is equal to the stored current authentication information V_ {n} (step). S622). When it is determined in step S622 that they are equal (step S622: Yes), the authentication device 120 determines that the device to be authenticated 110 is a valid authenticator (step S623).

  Next, it is determined whether or not the received second transmission information β_ {n} is equal to the stored third transmission information β_ {n} received in the previous (n−1) authentication process. (Step S624), if it is determined that they are equal (step S624: Yes), the second transmission information β_ {n} received in the current authentication process and the third transmission information received in the previous authentication process It authenticates that the transmission information β_ {n} is not forged. That is, the second authentication information V_ {n + 1} included in the second transmission information β_ {n} received in the current authentication process and the third transmission information β_ {n} received in the previous authentication process is forged. If not, authentication is performed (step S625).

  Then, the second transmission information β_ {n} authenticated in step S625 is decrypted using v_ {n} calculated in step S621 as an encryption key to calculate next authentication information V_ {n + 1} (step S626). ).

  Next, the fourth transmission information γ_ {n} received in the previous stored authentication process is used as the v_ {n} calculated in step S621 and the stored authenticator v_ {n−1}. A value obtained by decrypting the value obtained by performing the one-way conversion function on the encryption key is calculated. Then, using this value, the stored authenticator v_ {n−1} and the current authentication information V_ {n}, β_ {n−1} calculated by the above equation (8) and stored. Is compared with the authenticator v_ {n−1} that is present (step S627). If it is verified in step S627 that they are equal (step S627: Yes), the next authentication information V_ {n + 1} included in the fourth transmission information γ_ {n} received in the previous authentication process is not forged. Certify. This makes it possible to authenticate that the next authentication information V_ {n + 1} is not forged, and to authenticate that the authenticator v_ {n + 1} used for the next authentication is not forged.

  Next, a value obtained by decrypting the received fifth transmission information δ_ {n} using the next authentication information V_ {n + 1} calculated in step S626 as an encryption key is calculated. Then, it is determined whether this value is equal to the value obtained by performing an exclusive OR operation on the received third transmission information β_ {n + 1} and the received fourth transmission information γ_ {n + 1} ( Step S628). If it is determined in step S628 that they are equal (step S628: Yes), the information to be stored is the authenticator v_ {n}, the next authentication information V_ {n + 1}, the third transmission information β_ {n + 1}, and the fourth transmission. Information γ_ {n + 1} is updated (step S629), and the series of processes is terminated.

  On the other hand, if it is not determined in step S622 that the value obtained by performing the one-way conversion function on the authenticator v_ {n} calculated in step S621 is equal to the current authentication information V_ {n} stored ( Step S622: No), the authentication is rejected (Step S630), and the series of processes is terminated.

  In Step S624, when it is not determined that the received second transmission information β_ {n} is equal to the stored third transmission information β_ {n} received in the previous authentication process (Step S624). : No), the process proceeds to step S630, the authentication is rejected, and the series of processing ends.

  Further, in step S627, a value obtained by decrypting the fourth transmission information γ_ {n} received in the previous stored authentication process, β_ {n−1} calculated from the stored information, and storage. When it is not determined that the authenticated authenticator v_ {n−1} is equal (step S627: No), the process proceeds to step S630, the authentication is rejected, and the series of processes is terminated. The reason is that the authenticator v_ {n + 1} used for the next authentication has been forged, or the authentication device 120 has failed to store the authenticator v_ {n−1}, for example. One example is that the authentication information is out of synchronization with the device 120.

  In step S628, the received fifth transmission information δ_ {n} is decrypted with the next authentication information V_ {n + 1} calculated in step S626 as an encryption key, and the received third transmission information β_ { If it is not determined that n + 1} and the value obtained by performing an exclusive OR operation on the received fourth transmission information γ_ {1} are not equal (step S628: No), the process proceeds to step S630, and authentication is rejected. A series of processing ends.

In the flowchart of FIG. 5 or FIG. 6, in step S513 or step S613, the first transmission information α_ {1}, α_ {n} may be calculated by the following equation (12). In this case, in step S521 or step S621, the authenticator v_ {1} or v_ {n} is calculated by the following equation (13).
α_ {n} = v_ {n} XOR V_ {n} (12)
v_ {n} = α_ {n} XOR V_ {n} (13)

In the flowchart of FIG. 5 or FIG. 6, the fourth transmission information γ_ {2}, γ_ {n + 1} may be calculated by the following equation (14) in step S513 or step S613.
γ_ {n + 1} = e_ {v_ {n + 1}, v_ {n}} (β_ {n}, v_ {n}) (14)

  In this case, in step S627, the fourth transmission information γ_ {n} received in the previous stored authentication process is used as the v_ {n} calculated in step S621 and the stored authentication. A value obtained by decrypting the child v_ {n−1} as an encryption key is calculated. Then, using this value, the stored authenticator v_ {n−1} and the current authentication information V_ {n}, β_ {n−1} calculated by the above equation (8) and stored. Is compared with the authenticator v_ {n−1}.

In the flowchart of FIG. 5 or FIG. 6, the fifth transmission information δ_ {1}, δ_ {n} may be calculated by the following equation (15) in step S513 or step S613.
δ_ {n} = e_ {v_ {n}} (β_ {n + 1} XOR γ_ {n + 1}) (15)

  In this case, in step S527 or step S628, the fifth transmission information δ_ {1} and δ_ {n} are decrypted with the authenticator v_ {n} calculated in step S521 or step S621 as an encryption key. Then, it is determined whether or not the received third transmission information β_ {n + 1} and the received fourth transmission information γ_ {n + 1} are equal to a value obtained by performing an exclusive OR operation.

In the flowchart of FIG. 5 or FIG. 6, the fifth transmission information δ_ {1}, δ_ {n} may be calculated by the following equation (16) in step S513 or step S613.
δ_ {n} = h (β_ {n + 1}, γ_ {n + 1}, V_ {n + 1}) (16)

  In this case, in step S527 or step S628, the fifth transmission information δ_ {1}, δ_ {n} and the third transmission information β_ {2}, β_ {n + 1 received in step S521 or step S621. } And the fourth transmission information γ_ {2}, γ_ {n + 1} and the next authentication information V_ {2}, V_ {n + 1} calculated in step S526 or step S626, a one-way conversion function is performed. To determine whether the values are equal.

  According to the first embodiment described above, the first transmission information α_ {n} and the second transmission information β_ {n} as information used for authentication are data (v_ {n}) stored only by the device to be authenticated. , V_ {n + 1}) cannot be used. For this reason, even if the information (V_ {n}) related to the person to be authenticated stored in the authentication device is stolen by a third party, the third party cannot generate transmission information used for the authentication process. The authentication device cannot be authenticated.

  Further, since the verification information (β_ {n} or β ′ _ {1}) generated using the next authentication information is stored in advance in the authentication device, the next authentication processing is performed in the current authentication processing. It can be judged whether it is legitimate. Therefore, the next authentication process is guaranteed by performing the current authentication process. For this reason, since the current authentication is always performed while guaranteeing the next authentication process, it is possible to realize continuous communication processing between the authentication target apparatus and the authentication apparatus without interruption by repeatedly performing the authentication process. As a result, even in communication in units of packets such as information relating to emergency and information relating to firefighting, it can be used to exchange dangerous information when communication between devices stops.

  Further, according to Embodiment 1, before the stored information is updated, the third transmission information β_ {n + 1} and the fourth transmission information γ_ {n + 1} are converted into the fifth transmission information δ_ {n. } Can be verified. Therefore, it is possible to verify whether or not the information stored in the authentication device is forged for use in the next authentication. Therefore, the next authentication can be guaranteed more reliably, and continuous communication processing between the device to be authenticated and the authentication device can be realized.

(Embodiment 2)
Next, an authentication process according to the second embodiment will be described. In the authentication process according to the second embodiment, description of symbols, mathematical expressions, and processes similar to those in the first embodiment will be omitted. In the authentication process according to the second embodiment, first, the initial registration process is the same as that of the first embodiment, and a description thereof will be omitted. In addition, the symbol and numerical formula newly used in the following description show the following calculations.

m_ {y} (x): a value obtained by masking x with y (for example, a value obtained by performing an operation such as e_ {y} (x) or x XOR y using an encryption method or an exclusive OR operation)
n_ {y} (x): a value obtained by canceling the mask of y with x (however, the calculation method is the same as the method when the mask is applied)

<About the first authentication process>
Next, an initial (n = 1) authentication process in the authentication process according to the second embodiment will be described. FIG. 7 is a flowchart illustrating an initial authentication process in the authentication process according to the second embodiment. In the flowchart of FIG. 7, the information stored in advance in the device to be authenticated 110 is authenticators v_ {1}, v_ {2}, initial authentication information V_ {1}, and next authentication information V_ {2}. Information stored in the device 120 is initial authentication information V_ {1} and verification information β ′ _ {1}. In the flowchart of FIG. 7, first, the device to be authenticated 110 generates a random number N_ {3} (step S711). Next, using the random number N_ {3} generated in step S711 and the secret information S, the authenticator v_ {3} and the above-described equation (3) or (4) and equation (5) are used. Authentication information V_ {3} is generated (step S712).

Next, the device to be authenticated 110 transmits the first transmission information α_ {1} and the second transmission information as transmission data to the authentication device 120 according to the above equation (8) and the following equations (17) to (19). β_ {1}, third transmission information β_ {2}, fourth transmission information γ_ {2}, and fifth transmission information δ_ {1} are calculated (step S713).
α_ {n} = m_ {V_ {n}} (v_ {n}) (17)
γ_ {n + 1} = e_ {v_ {n + 1}} (m_ {V_ {n + 2}} (v_ {n + 1})) (18)
δ_ {n} = e_ {m_ {V_ {n + 1}} (v_ {n})} (β_ {n + 1} XOR γ_ {n + 1}) (19)

  Next, the first transmission information α_ {1}, the second transmission information β_ {1}, the third transmission information β_ {2}, the fourth transmission information γ_ {2}, the fifth calculated in step S713. The transmission information δ_ {1} is transmitted to the authentication device 120 (step S714). Then, the stored information in the device to be authenticated 110 is updated to the authenticators v_ {2}, v_ {3}, the next authentication information V_ {2}, and the authentication information V_ {3} one after another (step S715). Then, a series of processing in the device to be authenticated 110 is terminated.

On the other hand, in the authentication device 120, the first transmission information α_ {1}, the second transmission information β_ {1}, the third transmission information β_ {2}, the first transmission information transmitted from the authenticated device 110 in step S714. 4 transmission information γ_ {2} and 5th transmission information δ_ {1} are received. Then, the mask of the current authentication information V_ {1} stored in the received first transmission information α_ {1} is canceled by the following equation (20), and the authenticator v_ {1} is calculated ( Step S721).
v_ {n} ← n_ {V_ {n}} (α_ {n}) (20)

  Next, it is determined whether or not the value obtained by performing the one-way conversion function on the authenticator v_ {1} calculated in step S721 is equal to the current authentication information V_ {1} stored (step). S722). If it is determined in step S722 that they are equal (step S722: Yes), the authentication device 120 determines that the device to be authenticated 110 is a valid authenticator (step S723).

  Next, it is determined whether or not the received second transmission information β_ {1} is equal to the stored β ′ _ {1} (step S724), and when it is determined that they are equal (step S724). : Yes), it authenticates that the next authentication information V_ {2} included in the second transmission information β_ {1} and the verification information β ′ _ {1} is not forged (step S725).

  Next, the second transmission information β_ {1} authenticated in step S725 is decrypted using v_ {1} calculated in step S721 as an encryption key to calculate next authentication information V_ {2} (step) S726).

  Then, using the value obtained by masking the authenticator v_ {1} with the next authentication information V_ {2} as the encryption key, the received fifth transmission information δ_ {1} is decrypted and the received third When it is determined whether the transmission information β_ {2} and the received fourth transmission information γ_ {2} are equal to each other by performing an exclusive OR operation (step S727). (Step S727: Yes), the information to be stored is updated to the next authentication information V_ {2}, the fourth transmission information γ_ {2}, and the fifth transmission information δ_ {1} (Step S728), and the authentication device The series of processing at 120 is finished. In step S728, unlike authenticator 1, authenticator v_ {1} is not saved.

  On the other hand, when it is not determined in step S722 that the value obtained by performing the one-way conversion function on the authenticator v_ {1} calculated in step S721 is equal to the stored current authentication information V_ {1} ( Step S722: No), the authentication is rejected (Step S729), and the series of processing ends.

  In step S724, if it is not determined that the received second transmission information β_ {1} is equal to the stored β ′ _ {1} (step S724: No), the process proceeds to step S729 and authentication is performed. Reject and end the series of processing.

  In step S727, the received fifth transmission information δ_ {1} is decrypted using the value obtained by masking the authenticator v_ {1} with the next authentication information V_ {2} calculated in step S726 as an encryption key. If the value obtained by performing an exclusive OR operation on the received third transmission information β_ {2} and the received fourth transmission information γ_ {2} is not determined to be equal (step S727: No) ), The process proceeds to step S729, the authentication is rejected, and the series of processing ends.

<About the second and subsequent authentication processing>
Next, the authentication processing after the second time (n = 2) in the authentication processing according to the second embodiment will be described. FIG. 8 is a flowchart illustrating the second and subsequent authentication processes in the authentication process according to the second embodiment. At this time, the information stored in the device to be authenticated 110 includes authenticators v_ {n}, v_ {n + 1}, current authentication information V_ {n}, and next authentication information V_ {n + 1}. Unlike the first embodiment, the stored information is the current authentication information V_ {n}, the third transmission information β_ {n} and the fourth transmission information γ_ {n} received in the previous authentication process. is there.

  In the flowchart of FIG. 8, first, the device to be authenticated 110 generates a random number N_ {n + 2} (step S811). Next, using the random number N_ {n + 2} generated in step S811 and the secret information S, the authenticator v_ {n + 2} and the authentication information are obtained by the above-described equation (3) or (4) and equation (5). V_ {n + 2} is generated (step S812).

  Next, the device to be authenticated 110 transmits the first transmission information α_ {n} and the second transmission information β_ as transmission data to the authentication device 120 according to the above formulas (8) and (17) to (19). {N}, third transmission information β_ {n + 1}, fourth transmission information γ_ {n + 1}, and fifth transmission information δ_ {n} are calculated (step S813).

  Next, the first transmission information α_ {n}, second transmission information β_ {n}, third transmission information β_ {n + 1}, fourth transmission information γ_ {n + 1}, fifth calculated in step S813. The transmission information δ_ {n} is transmitted to the authentication device 120 (step S814). Then, the stored information is updated to the authenticator v_ {n + 1}, the next authentication information V_ {n + 1}, the authenticator v_ {n + 2}, and the authentication information V_ {n + 2} one after another (step S815). In order to perform the next authentication process, the process returns to step S811, and the subsequent processes are repeated.

  On the other hand, in the authentication device 120, the first transmission information α_ {n}, the second transmission information β_ {n}, the third transmission information β_ {n + 1}, the first transmission information transmitted from the authenticated device 110 in step S814. 4 transmission information γ_ {n + 1} and 5th transmission information δ_ {n} are received. Then, by using the above-described equation (20), the mask of the stored current authentication information V_ {n} is canceled with the received first transmission information α_ {n}, and the authenticator v_ {n} is calculated. (Step S821).

  Next, it is determined whether the value obtained by performing the one-way conversion function on the authenticator v_ {n} calculated in step S821 is equal to the current authentication information V_ {n} stored (step). S822). If it is determined in step S822 that they are equal (step S822: Yes), the authentication device 120 determines that the device to be authenticated 110 is a valid authenticator (step S823).

  Next, it is determined whether or not the received second transmission information β_ {n} is equal to the stored third transmission information β_ {n} received in the previous (n−1) authentication process. (Step S824), if it is determined that they are equal (step S824: Yes), the second transmission information β_ {n} received in the current authentication process and the third transmission information received in the previous authentication process It authenticates that the transmission information β_ {n} is not forged. That is, the second authentication information V_ {n + 1} included in the second transmission information β_ {n} received in the current authentication process and the third transmission information β_ {n} received in the previous authentication process is forged. If not, authentication is performed (step S825).

  Then, the second transmission information β_ {n} authenticated in step S825 is decrypted using v_ {n} calculated in step S821 as an encryption key to calculate next authentication information V_ {n + 1} (step S826). ).

  Next, a value obtained by decrypting the stored fourth transmission information γ_ {n} received in the previous authentication process using v_ {n} calculated in step S821 as an encryption key is calculated. Then, this value is compared with the value obtained by masking the authenticator v_ {n} calculated in step S821 with the next authentication information V_ {n + 1} calculated in step S826 (step S827). If it is verified in step S827 that they are equal (step S827: Yes), the next authentication information V_ {n + 1} included in the fourth transmission information γ_ {n} received in the previous authentication process is not forged. Certify. This makes it possible to authenticate that the next authentication information V_ {n + 1} is not forged, and to authenticate that the authenticator v_ {n + 1} used for the next authentication is not forged.

  Next, a value obtained by decrypting the received fifth transmission information δ_ {n} with a value obtained by masking the authenticator v_ {n} with the next authentication information V_ {n + 1} calculated in step S826 as an encryption key is used. calculate. Then, it is determined whether this value is equal to the value obtained by performing an exclusive OR operation on the received third transmission information β_ {n + 1} and the received fourth transmission information γ_ {n + 1} ( Step S828).

  Using the authenticator v_ {n} calculated in step S821 and the next authentication information V_ {n + 1} calculated in step S826 unmasked, the received fifth transmission information δ_ {n} is used as the encryption key. Determining whether the decoded value is equal to the value obtained by performing an exclusive OR operation on the received third transmission information β_ {n + 1} and the received fourth transmission information γ_ {n + 1}, If it is determined that they are equal (step S828: Yes), the information to be stored is updated to the next authentication information V_ {n + 1}, the third transmission information β_ {n + 1}, and the fourth transmission information γ_ {n + 1} (step S829). ). In order to perform the next authentication process, the process returns to step S821, and the subsequent processes are repeated.

  On the other hand, if it is not determined that the value obtained by performing the one-way conversion function on the authenticator v_ {n} calculated in step S821 is equal to the stored current authentication information V_ {n} (step S822: No) ), The authentication is rejected (step S830), and the series of processing ends.

  Further, when it is not determined in step S824 that the received second transmission information β_ {n} is equal to the stored third transmission information β_ {n} received in the previous authentication process (step S824). : No), the process proceeds to step S830, the authentication is rejected, and the series of processes is terminated.

  In step S827, a value obtained by decoding the stored fourth transmission information γ_ {n} received in the previous authentication process and an authenticator v_ {n} calculated in step S821 are calculated in step S826. If it is not determined that the value masked by the next authentication information V_ {n + 1} is equal (step S827: No), the process proceeds to step S830, the authentication is rejected, and the series of processes is terminated.

  Also, in step S828, the received fifth transmission information δ_ {n} is decrypted using the value obtained by masking the authenticator v_ {n} with the next authentication information V_ {n + 1} calculated in step S826. If the value obtained by performing an exclusive OR operation on the received third transmission information β_ {n + 1} and the received fourth transmission information γ_ {n + 1} is not determined to be equal (step S828: No) ), The process proceeds to step S830, the authentication is rejected, and the series of processing ends.

  According to the second embodiment described above, the same effect as in the first embodiment can be obtained. Further, according to the second embodiment, since the fourth transmission information γ_ {n + 1} is calculated without using the first authenticator v_ {1}, when verifying the fourth transmission information, Verification can be performed without using the first authenticator. For this reason, the first authenticator is not held in the authentication device, and the possibility of stealing stored information from a third party is reduced, and continuous communication processing between the authenticated device and the authentication device is more reliably realized. can do.

(Embodiment 3)
Next, an authentication process according to the third embodiment will be described. The third embodiment is different from the first or second embodiment in that the authentication target apparatus verifies the authenticated person before generating a random number in the authentication process. In the following description, the case where the third embodiment is applied to the first embodiment is shown as an example. Also, the same processes as those in the first embodiment are denoted by the same reference numerals, and the description thereof is omitted.

<Initial registration process>
First, the procedure of the initial registration process by the person to be authenticated in the authentication process according to the third embodiment will be described. FIG. 9 is a flowchart of the initial registration process performed by the person to be authenticated in the authentication process according to the third embodiment. As shown in FIG. 9, in the initial registration process of the third embodiment, the information stored in the device to be authenticated 110 is different from the initial registration process of the first or second embodiment.

  In the third embodiment, as shown in the flowchart of FIG. 9, in step S415 in the first embodiment, the initial authentication information V_ {1} and the verification information β ′ _ {1} are authenticated by a secure means. After transmitting to the device 120, in addition to the authenticators v_ {1}, v_ {2}, the initial authentication information V_ {1}, and the next authentication information V_ {2}, the random numbers N_ {1} and N_ generated in step S411 {2} is stored in a predetermined memory (step S916), and a series of processes in the device to be authenticated 110 is terminated.

<About the first authentication process>
Next, an initial authentication process (n = 1) in the authentication process according to the third embodiment will be described. FIG. 10 is a flowchart illustrating an initial authentication process in the authentication process according to the third embodiment. In the first authentication process of the third embodiment, whether or not the person to be authenticated is valid in the apparatus to be authenticated 110 before generating the random number N_ {3} in step S511 in the first authentication process of the first embodiment. Determine whether.

As shown in the flowchart of FIG. 10, in addition to the authenticators v_ {1}, v_ {2}, the initial authentication information V_ {1}, and the next authentication information V_ {2}, the device to be authenticated 110 includes a random number N_ { 1} and N_ {2} are stored. First, an authenticator v ′ _ {1} for authentication determination is generated by the following equation (21) using the stored random number N_ {1} and secret information S (step S1011).
v ′ _ {n} = h (N_ {n}, S) (21)

  Next, it is determined whether or not the authentication determination authenticator v ′ _ {1} generated in step S1011 is equal to the stored authenticator v_ {1} (step S1012). In step S1012, when it is determined that the authentication code v ′ _ {1} for authentication determination is equal to the authentication code v_ {1} (step S1012: Yes), the authenticated person is the same as the authenticated person at the time of initial registration. That is, it is authenticated that the person to be authenticated is valid (step S1013), and the process proceeds to step S511.

  Then, after performing the processing from step S511 to step S514 as in the first embodiment, the stored information in the device to be authenticated 110 includes the authenticators v_ {2}, v_ {3}, and the next authentication information V_ {2. }, Authentication information V_ {3} and random numbers N_ {2}, N_ {3} one after another (step S1014), and a series of processes in the device to be authenticated 110 is terminated.

  On the other hand, if it is not determined in step S1012 that the authentication identifier v ′ _ {1} for authentication determination and the authenticator v_ {1} are equal (step S1012: No), the authenticated person is the same as the authenticated person at the time of initial registration. It is determined that they are not the same, and the series of processing ends.

<About the second and subsequent authentication processing>
Next, the second (n = 2) and subsequent authentication processes in the authentication process according to the third embodiment will be described. FIG. 11 is a flowchart illustrating the second and subsequent authentication processes in the authentication process according to the third embodiment. In the second and subsequent authentication processes of the third embodiment, the user to be authenticated is authorized by the authenticated apparatus 110 before generating the random number N_ {n + 2} in step S611 in the second and subsequent authentication processes of the first embodiment. It is determined whether or not.

  As shown in the flowchart of FIG. 11, in addition to the authenticators v_ {n}, v_ {n + 1}, current authentication information V_ {n}, and next authentication information V_ {n + 1}, the device to be authenticated 110 includes a random number. N_ {n} and N_ {n + 1} are stored. First, an authenticator v ′ _ {n} for authentication determination is generated by the above-described equation (21) using the stored random number N_ {n} and secret information S (step S1111). .

  Next, it is determined whether or not the authentication determination authenticator v ′ _ {n} generated in step S1111 is equal to the stored authenticator v_ {n} (step S1112). In step S1112, when it is determined that the authentication code v ′ _ {n} for authentication determination and the authentication code v_ {n} are equal (step S1112: Yes), the authenticated person is the same as the authenticated person at the time of initial registration. That is, it is authenticated that the person to be authenticated is valid (step S1113), and the process proceeds to step S611.

  Then, after performing the processing from step S611 to step S614 as in the first embodiment, the stored information in the device to be authenticated 110 includes the authenticators v_ {n + 1}, v_ {n + 2}, and the next authentication information V_ {n + 1. }, Authentication information V_ {n + 2}, and random numbers N_ {n + 1} and N_ {n + 2} are updated one after another (step S1114). In order to perform the next authentication process, the process returns to step S1111 and the subsequent processes are repeated.

  On the other hand, if it is not determined in step S1112 that the authentication identifier v ′ _ {n} for authentication determination and the authenticator v_ {n} are equal (step S1112: No), the authenticated person is the same as the authenticated person at the time of initial registration. It is determined that they are not the same, and the series of processing ends.

  In the third embodiment, for example, N_ {1} and N_ {2} (FIG. 9: Step S916), N_ {2} and N_ {3} (FIG. 10: Step S1014), N_ {n + 1} and N_ Although the method of holding two random numbers in {n + 2} (FIG. 11: step S1114) has been described, the present invention is not limited to this. Specifically, for example, one random number of N_ {2} (FIG. 9: Step S916), N_ {3} (FIG. 10: Step S1014), and N_ {n + 2} (FIG. 11: Step S1114) is held. Good. In this case, in step S1011 in FIG. 10, v ′ _ {2} is generated instead of v ′ _ {1} as an authentication judgment authenticator, and in step S1012, the authentication judgment authenticator v ′ _ { It is determined whether 2} is equal to the stored authenticator v_ {2}. Further, in step S1111 in FIG. 11, v ′ _ {n + 1} is generated instead of v ′ _ {n} as an authentication determination authenticator, and in step S1112, the authentication determination authenticator v ′ _ {n + 1] is generated. } Is equal to the stored authenticator v_ {n + 1}.

  According to the third embodiment described above, the same effects as those of the first and second embodiments can be obtained. Further, according to the third embodiment, it is possible to generate transmission information after determining whether or not the authenticated person is valid in the authenticated apparatus during the authentication process after the initial registration process. Therefore, for example, even if a third party uses the device to be authenticated and tries to impersonate a valid user, authentication with the authentication device can be prevented. Thereby, for example, when the device to be authenticated is installed in a public place or when used by a plurality of users, unauthorized authentication can be prevented.

  As described above, according to the authentication processing method, the authentication processing program, the recording medium, and the authentication processing system according to the present invention, the security of the authentication processing can be further improved and continuous communication processing can be performed.

  Note that the authentication processing method described in the present embodiment can be realized by executing a program prepared in advance on a computer such as a personal computer or a workstation. This program is recorded on a computer-readable recording medium such as a hard disk, a flexible disk, a CD-ROM, an MO, and a DVD, and is executed by being read from the recording medium by the computer. The program may be a transmission medium that can be distributed via a network such as the Internet.

  As described above, the authentication processing method, the authentication processing program, the recording medium, and the authentication processing system according to the present invention are useful for authentication between devices that require continuous communication processing, and particularly exchange urgent information. Suitable for authentication between devices.

It is explanatory drawing shown about the structure of an authentication processing system. It is a block diagram which shows an example of the hardware constitutions of a to-be-authenticated apparatus and an authentication apparatus. It is a block diagram which shows the functional structure of the to-be-authenticated apparatus and authentication apparatus which comprise an authentication processing system. 6 is a flowchart illustrating a procedure of an initial registration process performed by a person to be authenticated in the authentication process according to the first embodiment; 6 is a flowchart illustrating an initial authentication process in the authentication process according to the first exemplary embodiment; 6 is a flowchart illustrating second and subsequent authentication processing in the authentication processing according to the first exemplary embodiment; 10 is a flowchart illustrating an initial authentication process in the authentication process according to the second embodiment; FIG. 10 is a flowchart illustrating second and subsequent authentication processing in the authentication processing according to the second exemplary embodiment; 10 is a flowchart illustrating a procedure of an initial registration process performed by a person to be authenticated in an authentication process according to a third embodiment. 14 is a flowchart illustrating an initial authentication process in the authentication process according to the third embodiment; 14 is a flowchart illustrating second and subsequent authentication processing in the authentication processing according to the third exemplary embodiment; It is a flowchart shown about the conventional authentication processing method.

Explanation of symbols

110 Authentication Target Device 111 Generation Unit 112 Sending Unit 113 Holding Unit 114 Calculation Unit 115 Transmission Unit 116 Update Unit 120 Authentication Device 121 Authentication Judgment Information Receiving Unit 122 First Calculation Unit 123 Judgment Unit 124 Next Authentication Information Verification Unit 125 Second Calculation unit 126 Transmission verification information reception unit 127 Transmission information verification unit 128 Update unit 129 Previous transmission information verification unit

Claims (32)

Using the second authentication code and the current authentication information used for the current authentication process generated by performing a calculation using a one-way conversion function that is difficult to calculate the value before the calculation for the first authentication code. Authentication that is obtained in advance from a device to be authenticated and that is stored in a predetermined memory with verification information obtained by encrypting the generated next authentication information used for the next authentication process using the first authenticator as an encryption key An authentication method in a device,
As authentication determination information for determining authentication of the device to be authenticated, first transmission information in which the first authenticator is concealed using the current authentication information, and the next authentication information is the first authenticator. Authentication determination information receiving step for receiving from the device to be authenticated, second transmission information encrypted using the encryption key as an encryption key;
A first calculation step of calculating the first authenticator based on the first transmission information received in the authentication determination information reception step and the current authentication information held in advance in the memory;
Whether or not a value obtained by performing the calculation by the one-way conversion function on the first authenticator calculated in the first calculation step matches the current authentication information stored in the memory in advance. A determination step of authenticating the device to be authenticated if they match, and
If it is determined in the determination step that the device to be authenticated is authenticated, does the verification information stored in the memory in advance match the second transmission information received in the authentication determination information reception step? Next authentication information verification step for authenticating that the next authentication information is not forged,
When it is authenticated that the next authentication information is not forged in the next authentication information verification step, the second transmission information received by the authentication judgment information reception step is calculated by the first calculation step. A second calculation step of decrypting the first authenticator as an encryption key and calculating the next authentication information;
An update step of updating the information held in the memory with the first authenticator calculated by the first calculation step and the next authentication information calculated by the second calculation step;
An authentication processing method comprising: As transmission verification information for verifying each transmission information, a third authentication information encrypted using the second authenticator as an encryption key is used for the subsequent authentication process generated by using the third authenticator. Transmission information, information used in the current authentication process, information not held in advance by the authentication device, and fourth transmission information generated using the second authenticator, the third transmission information, and the third transmission information Transmission verification information receiving step for receiving, from the device to be authenticated, fifth transmission information generated using the transmission information of 4;
A value generated using the third transmission information received by the transmission verification information reception step and the fourth transmission information received by the transmission verification information reception step; and the transmission verification information reception step. Of the third transmission information, the fourth transmission information, and the fifth transmission information, it is determined whether or not the values generated using the received fifth transmission information match. A transmission information verification step for verifying whether at least one of the information is not counterfeited, and
In the updating step, the information held in the memory is changed to the first authenticator and the next authentication information, and the third transmission information and the fourth transmission information received in the transmission verification information receiving step. The authentication processing method according to claim 1, wherein the authentication processing method is updated.   The value calculated from the fourth transmission information updated in the previous authentication process by the update process, the next authentication information and the first authenticator updated in the previous authentication process by the update process, 3. The authentication processing method according to claim 2, further comprising a previous transmission information verification step of verifying whether or not they match and authenticating that the second authenticator is not forged if they match. The transmission verification information receiving step includes
As the fourth transmission information, a value obtained by encrypting the second transmission information and the first authenticator using the second authenticator and the current authentication information as an encryption key is received.
The previous transmission information verification step includes:
The fourth transmission information updated in the previous authentication process by the update process, the current authentication information generated using the first authenticator updated in the previous authentication process by the update process, and A value obtained by decrypting the first authenticator calculated in the current authentication process by the first calculation step as an encryption key, the next authentication information stored in the previous authentication process by the update step, and the first 4. The authentication processing method according to claim 3, wherein it is verified whether or not the authenticator matches, and if it matches, authentication is performed if the second authenticator is not forged. The transmission verification information receiving step includes
As the fourth transmission information, a value obtained by encrypting the second transmission information and the first authenticator using the second authenticator and the first authenticator as an encryption key is received.
The previous transmission information verification step includes:
The fourth transmission information updated in the previous authentication process by the update process is changed to the current authentication process by the first authenticator and the first calculation process updated in the previous authentication process by the update process. Whether the value obtained by decrypting the first authenticator calculated in step 1 as an encryption key matches the next authentication information updated in the previous authentication process by the updating step and the first authenticator. 4. The authentication processing method according to claim 3, wherein if the two authenticators are verified and matched, authentication is performed if the second authenticator is not forged. 5. The transmission verification information receiving step includes
As the fifth transmission information, the next authentication information is a value obtained by performing a calculation using a mask function that can easily calculate a value before the calculation for the third transmission information and the fourth transmission information. Receive the encrypted value as the encryption key,
The transmission information verification step includes:
A value obtained by performing an operation with the mask function on the third transmission information received by the transmission verification information receiving step and the fourth transmission information received by the transmission verification information receiving step; Determining whether or not the fifth transmission information received in the transmission verification information receiving step matches a value obtained by decrypting the next authentication information calculated in the second calculation step using the next authentication information as an encryption key; 6. The method according to claim 2, wherein at least any one of the third transmission information, the fourth transmission information, and the fifth transmission information is verified. The authentication processing method as described in one. The transmission verification information receiving step includes
As the fifth transmission information, a value obtained by performing an operation with a mask function that can easily calculate a value before the operation for the third transmission information and the fourth transmission information is the first authentication. A child or a value encrypted with the authentication information as an encryption key,
The transmission information verification step includes:
A value obtained by performing an operation with the mask function on the third transmission information received by the transmission verification information receiving step and the fourth transmission information received by the transmission verification information receiving step; Decrypting the fifth transmission information received in the transmission verification information receiving step using the first authentication information calculated in the first calculation step or the current authentication information held in advance in the memory as an encryption key It is verified whether at least one of the third transmission information, the fourth transmission information, and the fifth transmission information is not forged by determining whether or not the received value matches. The authentication processing method according to any one of claims 2 to 5, wherein the authentication processing method is performed. The transmission verification information receiving step includes
As the fifth transmission information, the third transmission information, the fourth transmission information, the next authentication information, a value generated by performing an operation using the one-way conversion function is received,
The transmission information verification step includes:
For the third transmission information received by the transmission verification information receiving step, the fourth transmission information received by the transmission verification information receiving step, and the next authentication information calculated by the second calculation step Determining whether or not the value generated by performing the calculation using the one-way conversion function matches the fifth transmission information received by the transmission verification information receiving step. 6. The method according to claim 2, wherein at least one of the transmission information, the fourth transmission information, and the fifth transmission information is not counterfeited. Authentication processing method. The authentication judgment information receiving step includes
As the first transmission information, a value obtained by encrypting the first authenticator using the current authentication information as an encryption key is acquired,
The first calculation step includes:
Decrypting the first transmission information received in the authentication judgment information receiving step with the current authentication information held in advance in the memory as an encryption key, and calculating the first authenticator, The authentication processing method according to any one of claims 1 to 8. The authentication judgment information receiving step includes
As the first transmission information, for the first authenticator and the current authentication information, obtain a value obtained by performing an operation with a mask function that is easy to calculate a value before the operation,
The first calculation step includes:
9. The first authenticator is calculated by performing an operation using the mask function on the first transmission information and the current authentication information held in advance in the memory. The authentication processing method as described in any one of these. Using the second authentication code and the current authentication information used for the current authentication process generated by performing a calculation using a one-way conversion function that is difficult to calculate the value before the calculation for the first authentication code. Authentication that is obtained in advance from a device to be authenticated and that is stored in a predetermined memory with verification information obtained by encrypting the next authentication information to be used for the next authentication process generated using the first authenticator as an encryption key An authentication method in a device,
As authentication determination information for determining authentication of the device to be authenticated, first transmission information in which the first authenticator is concealed using the current authentication information, and the next authentication information is the first authenticator. Authentication determination information receiving step for receiving second transmission information encrypted with the encryption key as an encryption key;
A first calculation step of calculating the first authenticator based on the first transmission information received in the authentication determination information reception step and the current authentication information held in advance in the memory;
Whether or not the value calculated by the one-way conversion function for the first authenticator calculated in the first calculating step matches the current authentication information held in advance in the memory A determination step of authenticating the device to be authenticated if they match, and
If it is determined in the determination step that the device to be authenticated is authenticated, does the verification information stored in the memory in advance match the second transmission information received in the authentication determination information reception step? Next authentication information verification step for authenticating that the next authentication information is not forged,
When it is authenticated that the next authentication information is not forged in the next authentication information verification step, the second transmission information received by the authentication judgment information reception step is calculated by the first calculation step. A second calculation step of decrypting the first authenticator as an encryption key and calculating the next authentication information;
As transmission verification information for verifying each transmission information, a third authentication information encrypted using the second authenticator as an encryption key is used for the subsequent authentication process generated by using the third authenticator. Transmission information, fourth transmission information obtained by encrypting a value obtained by concealing the second authenticator using the authentication information one after another using the second authenticator as an encryption key, the third transmission information, and the A value obtained by performing a calculation using a mask function that is easy to calculate a value before calculation with respect to the fourth transmission information is a value obtained by concealing the first authenticator using the next authentication information. A transmission verification information receiving step for receiving encrypted fifth transmission information from the device to be authenticated;
A value concealed using the fourth transmission information received by the transmission verification information receiving step and the third transmission information received by the transmission verification information receiving step, and received by the transmission verification information receiving step. The third transmission information, the fourth transmission information, and the fourth transmission information are determined by determining whether or not the values calculated by the fifth transmission information and the next authentication information calculated by the second calculation step match. A transmission information verification step for verifying whether at least one of the transmission information and the fifth transmission information is not forged,
An update step of updating the information held in the memory to the next authentication information, the third transmission information, and the fourth transmission information;
An authentication processing method comprising:   A value obtained by decrypting the fourth transmission information updated in the previous authentication process by the update process using the first authenticator calculated in the current authentication process by the first calculation process as an encryption key; Whether or not the value obtained by concealing the first authenticator calculated in the current authentication process by the first calculation process using the next authentication information updated in the previous authentication process by the process matches The authentication processing method according to claim 11, further comprising: a previous transmission information verification step of authenticating that the second authenticator is not forged when the two are authenticated. In the authentication processing method in the device to be authenticated that requests authentication from the authentication device,
The current authentication information used for the current authentication process is generated by performing an operation with a one-way conversion function that is difficult to calculate the value before the operation for the first authenticator, and the second authenticator Generating a next authentication information to be used for a next authentication process by performing an operation by a one-way conversion function, and generating verification information obtained by encrypting the next authentication information using the first authenticator as an encryption key;
A sending step of sending the current authentication information generated by the generating step and the verification information to the authentication device by a secure means;
A holding step of holding the first authenticator, the second authenticator, the current authentication information and the next authentication information in a predetermined memory;
After sending the current authentication information and the verification information to the authentication device by the sending step, the first authenticator is used as authentication judgment information for requesting authentication from the authentication device. A calculation step of calculating first transmission information concealed using a second transmission information obtained by encrypting the next authentication information using the first authenticator as an encryption key;
A transmission step of transmitting the first transmission information and the second transmission information calculated by the calculation step to the authentication device;
An update step of updating the information held in the memory to the second authenticator and the next authentication information;
An authentication processing method comprising: The calculation step includes
Along with the first transmission information and the second transmission information, as transmission verification information for verifying each transmission information, using the third authenticator to generate the authentication information one after another used for the next authentication processing, The third transmission information obtained by encrypting the authentication information one after another using the second authenticator as an encryption key, the information that is not held in advance by the authentication device, and the second authenticator used for the current authentication process. Calculating the fourth transmission information generated using the fourth transmission information and the fifth transmission information generated using the fourth transmission information using the third transmission information,
The transmission step includes
Along with the first transmission information and the second transmission information, the third transmission information, the fourth transmission information, and the fifth transmission information are transmitted to the authentication device,
The update process includes:
14. The authentication processing method according to claim 13, wherein the information held in the memory is updated to the second authenticator, the next authentication information, the third authenticator, and the authentication information one after another. . The calculation step includes
The fourth transmission information is calculated by encrypting the second transmission information and the first authenticator using the second authenticator and the current authentication information as an encryption key. 14. The authentication processing method according to 14. The calculation step includes
The fourth transmission information is calculated by encrypting the second transmission information and the first authenticator using the second authenticator and the first authenticator as an encryption key. The authentication processing method according to claim 14 or 15. The calculation step includes
Encrypting a value obtained by performing an operation with a mask function that is easy to calculate a value before calculation for the third transmission information and the fourth transmission information using the next authentication information as an encryption key. The authentication processing method according to any one of claims 14 to 16, wherein the fifth transmission information is calculated by: The calculation step includes
For the third transmission information and the fourth transmission information, a value obtained by performing a calculation using a mask function that is easy to calculate a value before the calculation is used as the first authenticator or the current authentication information. The authentication processing method according to any one of claims 14 to 16, wherein the fifth transmission information is calculated by encryption as an encryption key. The calculation step includes
For the third transmission information, the fourth transmission information, and the next authentication information, the fifth transmission information is obtained by performing a calculation using a one-way conversion function that is difficult to calculate a value before the calculation. The authentication processing method according to claim 14, wherein the authentication processing method is calculated. The calculation step includes
20. The authentication processing method according to claim 13, wherein the first transmission information is calculated by encrypting the first authenticator using the current authentication information as an encryption key. . The calculation step includes
The first transmission information is calculated by performing an operation with a mask function that is easy to calculate a value before the operation for the first authenticator and the current authentication information. The authentication processing method according to any one of 13 to 19. The calculation step includes
After generating the second authentication information used for the next authentication process using the third authenticator, the second transmission information obtained by encrypting the second authentication information using the second authenticator as an encryption key, and the second The fourth transmission information obtained by concealing a value obtained by concealing the authenticator using the authentication information one after another using the second authenticator as an encryption key, the third transmission information, and the fourth transmission information On the other hand, a fifth transmission obtained by encrypting a value obtained by performing an operation using a mask function, which is easy to calculate a value before the operation, using the value obtained by concealing the first authenticator using the next authentication information as an encryption key. The authentication processing method according to claim 14, wherein information is calculated. The generating step includes
After generating the first random number and the second random number, the current authentication information is generated by using the first authenticator that has performed an operation by the one-way conversion function on the first random number, 23. The next authentication information is generated by using the second authenticator that has performed an operation on the second random number by the one-way conversion function. Authentication processing method. The calculation step includes
The authentication information is generated one after another by using the third authenticator obtained by generating the third random number and performing the calculation by the one-way conversion function on the third random number. The authentication processing method according to any one of 13 to 23. The generating step includes
After generating the first random number and the second random number, the first authenticator obtained by performing the calculation by the one-way conversion function on the authentication key unique to the device to be authenticated and the first random number Generating the current authentication information, and generating the next authentication information using the second authenticator obtained by performing an operation using the one-way conversion function on the authentication key and the second random number. 25. The authentication processing method according to any one of claims 13 to 24. The calculation step includes
After generating the third random number, generating the authentication information one after another by using the third authenticator that has performed the calculation by the one-way conversion function for the authentication key and the third random number. 26. The authentication processing method according to any one of claims 13 to 25, characterized in that: The holding step includes
And storing the first random number and the second random number in the memory;
The calculation step includes
The value obtained by performing the calculation by the one-way conversion function on the first random number and the authentication key held in the holding step is the same as the first authenticator held in the holding step. 27. The authentication processing method according to claim 13, wherein the authentication information is generated one after another. The holding step includes
And holding the second random number in the memory;
The calculation step includes
The value obtained by performing the calculation by the one-way conversion function on the second random number and the authentication key held in the holding step is the same as the second authenticator held in the holding step. 27. The authentication processing method according to claim 13, wherein the authentication information is generated one after another.   An authentication processing program that causes a computer to execute the authentication processing method according to any one of claims 1 to 28.   A computer-readable recording medium on which the authentication processing program according to claim 29 is recorded. In the authentication processing system in which the authentication device authenticates the device to be authenticated,
The device to be authenticated is
The current authentication information used for the current authentication process is generated by performing an operation with a one-way conversion function that is difficult to calculate the value before the operation for the first authenticator, and the second authenticator Generating means for generating next authentication information to be used for next authentication processing by performing a calculation by a one-way conversion function, and generating verification information obtained by encrypting the next authentication information using the first authenticator as an encryption key;
Sending means for sending the current authentication information generated by the generating means and the verification information to the authentication device by a safe means in advance;
A holding step of holding the first authenticator, the second authenticator, the current authentication information and the next authentication information in a predetermined memory;
After sending the current authentication information and the verification information to the authentication device by the sending step, first transmission information in which the first authenticator is concealed using the current authentication information, and the next authentication Calculation means for calculating second transmission information obtained by encrypting information using the first authenticator as an encryption key;
Transmitting means for transmitting the first transmission information and the second transmission information calculated by the calculating means to the authentication device;
Updating means for updating the information held in the memory to the second authenticator and the next authentication information;
With
The authentication device
After obtaining the current authentication information and the verification information from the device to be authenticated and holding them in a predetermined memory, the first transmission information and the authentication information for determining authentication of the device to be authenticated Authentication determination information receiving means for receiving the second transmission information from the device to be authenticated;
First calculation means for calculating the first authenticator based on the first transmission information received by the authentication judgment information receiving means and the current authentication information held in advance in the memory;
Whether or not a value obtained by performing the calculation using the one-way conversion function on the first authenticator calculated by the first calculating unit matches the current authentication information stored in the memory in advance. Determining means for authenticating the device to be authenticated if they match,
If the determination unit determines to authenticate the device to be authenticated, does the verification information previously stored in the memory match the second transmission information received by the authentication determination information reception unit? Next authentication information verification means for authenticating that the next authentication information is not forged,
When the next authentication information verification means authenticates that the next authentication information is not forged, the second transmission information received by the authentication judgment information receiving means is calculated by the first calculation means. Second calculating means for decrypting the first authenticator as an encryption key and calculating the next authentication information;
Updating means for updating the information held in the memory with the first authenticator calculated by the first calculating means and the next authentication information calculated by the second calculating means;
An authentication processing system comprising: In the device to be authenticated,
The calculating means includes
Along with the first transmission information and the second transmission information, a second authentication information is generated by using a third authenticator, and then the second authentication information is encrypted with the second authentication information. Third transmission information encrypted as a key, fourth transmission information generated by using the second authentication code and information not previously held in the authentication device and used for the current authentication, and the third And the fifth transmission information generated by using the fourth transmission information,
The transmission means includes
Along with the first transmission information and the second transmission information, the third transmission information, the fourth transmission information, and the fifth transmission information are transmitted to the authentication device,
The updating means includes
Update the information held in the memory to the second authenticator, the next authentication information, the third authenticator and the authentication information one after another,
In the authentication device,
Transmission verification information receiving means for receiving the third transmission information, the fourth transmission information, and the fifth transmission information as transmission verification information for verifying each transmission information from the device to be authenticated. When,
A value generated by using the third transmission information received by the transmission verification information receiving means and the fourth transmission information received by the transmission verification information receiving means; and the transmission verification information receiving means. Of the third transmission information, the fourth transmission information, and the fifth transmission information, it is determined whether or not the values generated using the received fifth transmission information match. Transmission information verification means for verifying whether at least one of the forgery is not forged,
The update means changes the information held in the memory to the first authenticator, the next authentication information, the third transmission information and the fourth transmission information received by the transmission verification information receiving means. The authentication processing system according to claim 31, wherein the authentication processing system is updated.

Images