JP2010252275A - Authentication processing method, authentication processing program, recording medium and authentication processing system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To more improve security of authentication processing with less data amount, and to carry out continuous communication processing. <P>SOLUTION: An authentication apparatus 120, which authenticates an apparatus 110 to be authenticated, obtains and holds this-time authentication information and verification information from the apparatus 110 to be authenticated beforehand. A receiving section 121 receives first transmission information, second transmission information and third transmission information from the apparatus 110 to be authenticated. A first calculating section 122 calculates a first authenticator from the first transmission information and the this-time authentication information, which has been held, and a second calculating section 124 calculates next-time authentication information from the calculated first authenticator, the second transmission information and the third transmission information. When a determining section 123 determines that the apparatus 110 to be authenticated is to be authenticated and a verifying section 125 authenticates that the next-time authentication information is not forged, an updating section 126 updates information held in a memory into the second transmission information and the next-time authentication information. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to an authentication processing method, an authentication processing program, a recording medium, and an authentication processing system that guarantee the next authentication processing at the time of the current authentication processing.

  2. Description of the Related Art Conventionally, when an authenticator (for example, a server) authenticates a person to be authenticated (for example, a user), a method of performing authentication based on secret information shared by the authenticator and the person to be authenticated has been used. For this reason, it is necessary for the authenticator and the person to be authenticated to manage secret information safely.

  On the other hand, with the diversification of application forms of authentication processing systems in recent years, servers installed in public places and servers installed by persons who do not have sufficient security knowledge are held by the certifier side. Confidential information may be stolen by a third party. Therefore, by using the secret information stolen by a malicious third party, it is possible to impersonate the person to be authenticated and easily receive authentication from the authenticator.

  As described above, there is a problem in that confidential information leaks if unauthorized authentication succeeds. In addition, there is a problem that the information of the authorized person is rewritten and the authorized person cannot be authenticated by the authenticator.

  As a method for solving such a problem, a method has been proposed in which authentication information used for authentication processing is generated using information stored only by the person to be authenticated (see, for example, Patent Document 1 below). FIG. 8 is a flowchart showing a conventional authentication processing method. In addition, the symbol and numerical formula used in the following description show the following meanings and calculations.

i: Number of times of authentication S: Secret information XOR held secretly by the user (authenticated person): Exclusive OR operation h (x): Value obtained by applying a one-way conversion function to x (arbitrary value) h ( x, y): Value obtained by performing a one-way conversion function using x and y (arbitrary values) N_ {i}: Random number v_ {i} for generating an authenticator used for the i-th authentication: i-th An arbitrary value (authenticator) for generating authentication information used for authentication
V_ {i}: Authentication information used for i-th authentication

  As shown in the flowchart of FIG. 8, in the conventional authentication processing method, in the i-th authentication processing, the device to be authenticated 810 used in advance by the person to be authenticated uses the first random number N_ {i} and the secret information S. The first authenticator v_ {i} that has performed the one-way conversion function and the current authentication information V_ {i} that has performed the one-way conversion function on the first authenticator v_ {i} are held. Further, the authentication device 820 arranged in the server or the like holds the current authentication information V_ {i} acquired from the device to be authenticated 810 in advance. Here, the current authentication information is authentication information used for the i-th authentication process.

  Then, as shown in the flowchart of FIG. 8, first, the device to be authenticated 810 generates a random number N_ {i + 1} (step S811). Next, the second authenticator v_ {i + 1} and the next authentication information V_ {i + 1} used for the next authentication are generated using the random number N_ {i + 1} generated in step S811 (step S812).

Then, transmission information α and β for requesting authentication from the authenticator are calculated by the following formulas (1) and (2) (step S813).
α = V_ {i + 1} XOR V_ {i} (1)
β = V_ {i + 1} XOR v_ {i} (2)

  Next, the transmission information α and β calculated in step S813 are transmitted to the authentication device 820 (step S814). Authentication apparatus 820 authenticates authenticated apparatus 810 using V_ {i} stored in advance and transmission information α and β transmitted from authenticated apparatus 810 in step S814.

  Therefore, if the next authentication information V_ {i + 1} held by only the device to be authenticated 810 or the data (random number N_ {i + 1}, secret information S) that is the source thereof is not used, the device to be authenticated 810 authenticates the authentication device 820. The transmission information α and β for requesting cannot be generated. For this reason, even if the current authentication information V_ {i} stored in advance in the authentication device 820 is stolen by a third party, the transmission information α and β cannot be calculated, and the third party can I cannot impersonate 810 and receive authentication.

JP 2007-60568 A

  However, in the technique disclosed in Patent Document 1 described above, the next authentication information V_ {i + 1} to be used for the next authentication is stored in the device to be authenticated and the authentication device after the current authentication process is completed. Here, when the next authentication information V_ {i + 1} is forged when the transmission information α, β is transmitted from the device to be authenticated to the authentication device, for example, the next authentication information V_ {i + 1 stored in the device to be authenticated. } And next-time authentication information V_ {i + 1} stored in the authentication device have different values. For this reason, there is a problem that the next authentication process cannot be performed, and communication between the device to be authenticated and the authentication device is interrupted.

  Further, transmission information to be transmitted from the device to be authenticated to the authentication device is increased. For example, information used for the current authentication, information obtained by encrypting information used for the next authentication, and information used for the next authentication are verified. The next authentication information V_ is obtained by setting the verification information, the second verification information for verifying the information used for the next authentication, and the first verification information and the information for verifying the second verification information. A method of verifying whether {i + 1} is forged is also conceivable. However, according to this method, for example, when transmission information is added for each packet and authentication is performed, the amount of data increases and the amount of calculation also increases.

  The present invention provides an authentication processing method, an authentication processing program, a recording medium, and an authentication processing system capable of guaranteeing the next authentication processing when performing the current authentication processing in order to solve the above-described problems caused by the prior art. The purpose is to provide.

  In order to solve the above-described problems and achieve the object, the authentication processing method according to the first aspect of the present invention is an operation using a one-way conversion function in which it is difficult to calculate a value before the operation for the first authenticator. Unidirectional conversion for the current authentication information used for the current authentication process generated by performing the authentication, the next authentication information used for the next authentication process generated using the second authenticator, and the first authenticator An authentication method in an authentication apparatus that obtains in advance verification information that has been calculated by a function from an authenticated apparatus that performs authentication and holds it in a predetermined memory, and authentication for determining authentication of the authenticated apparatus As the determination information, the first transmission information generated using the current authentication information, the second authentication information used for the next authentication process generated using the third authenticator, and the second authenticator are used. Living The calculated second transmission information and a mask function that makes it easy to calculate a value before the calculation are performed, and the first authenticator and the second transmission information are calculated by the one-way conversion function. And the third transmission information masked with the next authentication information with the value obtained from the receiving step, the receiving step for receiving from the device to be authenticated, the first transmission information received by the receiving step, and the memory The first authentication step for calculating the first authenticator based on the current authentication information held in advance, the first authenticator calculated by the first calculation step, and the memory in advance A determination step for determining whether or not to authenticate the device to be authenticated based on the current authentication information held, the first authenticator calculated by the first calculation step, and the reception step Therefore, a second calculation step of calculating the next authentication information by unmasking the third transmission information with a value obtained by performing a one-way conversion function on the received second transmission information. , A value generated by the first authenticator calculated by the first calculation step and the current authentication information calculated by the second calculation step, and the verification stored in the memory in advance. A verification step for verifying whether or not the next authentication information is forged based on the information, and determining that the device to be authenticated is authenticated by the determination step, and the next authentication information is forged in the verification step If it is authenticated that the information is not received, the information stored in the memory is calculated by the second transmission information received by the reception step and the second calculation step. And an updating step for updating to the next authentication information.

  According to the first aspect of the present invention, even if a malicious third party tries to obtain authentication by the authentication device in an unauthorized manner, the third person who is malicious cannot know the authenticator that is the source of the current authentication information used for the current authentication. The transmission information for requesting authentication from the authentication device cannot be generated. For this reason, even if the current authentication information acquired by the authentication device from the device to be authenticated is stolen by a third party, unauthorized authentication is not performed. In the authentication device, the next authentication information used for the next authentication can be verified using the second transmission information and the third transmission information transmitted from the device to be authenticated. Therefore, since the next authentication can be verified in this authentication process, in the next authentication process, it is prevented that the authentication is invalid and communication between the authenticated device and the authentication device is interrupted, and continuous communication processing is performed. Can be done.

  Further, it is possible to verify the transmission information using the authentication information that is used for the next authentication. Therefore, since the next authentication can be verified in this authentication process, it is possible to prevent the authentication from becoming invalid in the subsequent authentication process and to prevent the communication between the authenticated device and the authentication device from being interrupted, and more reliably. Communication processing can be performed.

  Furthermore, the calculation with the mask function that is easy to calculate the value before the calculation is performed, and the next authentication information is obtained by performing the calculation with the one-way conversion function on the first authenticator and the second transmission information. The masked value can be received as the third transmission information. Therefore, the person to be authenticated can exchange with the first authenticator masked secretly masked. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  In addition, the amount of data added for authentication processing can be reduced. That is, only by adding a small amount of data, the current authentication process can be performed, the authentication information used for the next authentication can be verified, and the transmission information transmitted from the device to be authenticated can be verified.

  An authentication processing method according to a second aspect of the present invention is the authentication processing method according to the first aspect, wherein, in the determining step, the first authenticator calculated by the first calculating step is the first one. It is determined whether or not a value calculated by a direction conversion function matches the current authentication information stored in the memory in advance, and if the value matches, the authenticated device is authenticated. To do.

  According to the second aspect of the present invention, when the device to be authenticated is authenticated, authentication processing can be performed using the calculated first authenticator. For this reason, the authentication apparatus does not need to hold the first authenticator. Therefore, the possibility that the first authenticator is stolen is further reduced, and the authentication process can be performed more reliably.

  In the authentication processing method according to the invention of claim 3, in the invention of claim 1 or 2, in the reception step, it is easy to calculate a value before calculation as the first transmission information. Performing an operation using a mask function, receiving a value masked by the first authenticator with the current authentication information, and in the first calculation step, with the current authentication information held in advance in the memory, The first authenticator is calculated by canceling masking of the first transmission information received in the reception step.

  According to the third aspect of the present invention, the mask function that makes it easy to calculate the value before the calculation is performed, and the value masked by the first authenticator with the current authentication information is received as the first transmission information. Can do. Therefore, the person to be authenticated can exchange with the first authenticator masked secretly masked. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  An authentication processing method according to a fourth aspect of the present invention provides the authentication processing method according to any one of the first to third aspects, wherein, in the reception step, as the second transmission information, the authentication information one after another and the second A value obtained by performing the one-way conversion function on a second authenticator is received, and in the verification step, the current authentication information calculated by the second calculation step and the first calculation step When the calculated value obtained by performing the one-way conversion function on the first authenticator matches the verification information stored in the memory in advance, The authentication target device is authenticated.

  According to the fourth aspect of the present invention, a value obtained by performing a one-way conversion function for which it is difficult to calculate a value before calculation for the authentication information and the second authenticator one after another is received as the second transmission information. can do. For this reason, the person to be authenticated can exchange with the second authenticator stored secretly masked. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  The authentication processing method according to the invention of claim 5 is an authentication processing method in an authentication target device that requests authentication from the authentication device, and it is difficult to calculate a value before calculation for the first authenticator. The current authentication information used for the current authentication process is generated by performing a calculation using the direction conversion function, and the next authentication information used for the next authentication process is generated by performing the calculation using the one-way conversion function for the second authenticator. A generation step of generating verification information obtained by performing an operation by the one-way conversion function on the next authentication information and the first authenticator, the current authentication information generated by the generation step, and the verification Sending the information to the authentication device by a secure means, and holding the first authenticator, the second authenticator, the current authentication information and the next authentication information in a predetermined memory Using the current authentication information as authentication judgment information for requesting authentication to the authentication device after the authentication information and the verification information are sent to the authentication device by the holding step and the sending step. The generated first transmission information, the second transmission information generated by the second authentication information and the second authentication information used for the subsequent authentication process generated by using the third authenticator, and the calculation The next authentication information is a value obtained by performing an operation with a mask function that can easily calculate the previous value, and performing an operation with the one-way conversion function on the first authenticator and the second transmission information. And calculating the third transmission information masking the first transmission information, the second transmission information, and the second transmission information calculated by the calculation step. Sent to And a transmission step for updating the information held in the memory to the second authenticator, the next authentication information, the third authenticator, and the authentication information one after another. To do.

  According to the invention of claim 5, even if a malicious third party tries to obtain the authentication by the authentication device illegally, the third person who is malicious cannot know the authenticator that is the source of the current authentication information used for the current authentication. The transmission information for requesting authentication from the authentication device cannot be generated. For this reason, even if the current authentication information acquired by the authentication device from the device to be authenticated is stolen by a third party, unauthorized authentication is not performed. In addition, the next authentication process can be verified by transmitting the next authentication information to the authentication device. Therefore, since the next authentication can be verified in this authentication process, in the next authentication process, it is prevented that the authentication is invalid and communication between the authenticated device and the authentication device is interrupted, and continuous communication processing is performed. Can be done.

  Also, it is possible to verify the transmission information using the authentication information that is used for the next authentication. Therefore, it is possible to verify successive authentications in the current authentication process, and in subsequent authentication processes, it is possible to prevent authentication from becoming invalid and to prevent communication between the authenticated device and the authentication device from being interrupted. Communication processing can be performed.

  Furthermore, the calculation with the mask function that is easy to calculate the value before the calculation is performed, and the next authentication information is obtained by performing the calculation with the one-way conversion function on the first authenticator and the second transmission information. The masked value can be calculated as the third transmission information. Therefore, the person to be authenticated can exchange with the first authenticator masked secretly masked. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  In addition, the amount of data added for authentication processing can be reduced. That is, only by adding a small amount of data, the current authentication process can be performed, the authentication information used for the next authentication can be verified, and the transmission information transmitted from the device to be authenticated can be verified.

  An authentication processing method according to a sixth aspect of the present invention is the mask processing function according to the fifth aspect of the present invention, wherein in the calculation step, it is easy to calculate a value before calculation as the first transmission information. And a value masked by the first authentication code with the current authentication information is calculated.

  According to the sixth aspect of the present invention, the mask function that makes it easy to calculate the value before the calculation is performed, and the value masked by the first authenticator with the current authentication information is calculated as one transmission information. can do. For this reason, it is not necessary for the authentication device to hold the first authenticator. Therefore, the possibility that the first authenticator is stolen is further reduced, and the authentication process can be performed more reliably.

  According to a seventh aspect of the present invention, there is provided the authentication processing method according to the fifth or sixth aspect, wherein, in the calculation step, the second-time authentication information and the second authenticator are used as the second transmission information. And calculating a value obtained by performing the one-way conversion function on.

  According to the seventh aspect of the present invention, a value obtained by performing a one-way conversion function for which it is difficult to calculate a value before calculation for the authentication information and the second authenticator one after another is calculated as the second transmission information. can do. For this reason, the person to be authenticated can exchange with the second authenticator stored secretly masked. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  An authentication processing method according to an invention of claim 8 is the invention according to any one of claims 5 to 7, wherein in the generation step, after generating the first random number and the second random number, The current authentication information is generated by using the first authenticator that has performed the calculation by the one-way conversion function on the first random number, and the calculation by the one-way conversion function is performed on the second random number. The next authentication information is generated using the second authenticator that has performed the authentication.

  According to the eighth aspect of the present invention, after generating a random number in the generation step, the authentication information can be generated using an authenticator that performs an operation on the random number by a one-way conversion function. For this reason, an authenticator can be generated using a random number that cannot be easily generated by a third party, and forgery of the authenticator by a third party can be prevented. Therefore, spoofing of a malicious third party can be prevented and unauthorized authentication can be prevented.

  An authentication processing method according to a ninth aspect of the present invention is the authentication processing method according to the eighth aspect, wherein, in the calculating step, after the third random number is generated, the one-way conversion is performed on the third random number. The authentication information is generated one after another by using the third authenticator that has performed an operation using a function.

  According to the ninth aspect of the present invention, in the calculation step, the third random number is generated before the transmission information is calculated, and the third random number is calculated using a one-way conversion function. Authentication information is generated one after another using an authenticator. The transmission information can be calculated using the authentication information one after another. For this reason, transmission information can be generated using random numbers that cannot be easily generated by a third party, and forgery of transmission information by the third party can be prevented. Therefore, spoofing of a malicious third party can be prevented and unauthorized authentication can be prevented.

  An authentication processing method according to a tenth aspect of the present invention is the authentication method according to any one of the fifth to ninth aspects, wherein in the generation step, after generating the first random number and the second random number, Generating the current authentication information using the first authenticator that has performed an operation using the one-way conversion function on an authentication key unique to the device to be authenticated and the first random number; and The next authentication information is generated by using the second authenticator that has performed the calculation by the one-way conversion function for the second random number.

  According to the invention of claim 10, in the generation step, after generating the random number, the authentication information is obtained by using the authenticator that performs the calculation by the one-way conversion function on the authentication key and the random number unique to the device to be authenticated. Can be generated. For this reason, it is possible to prevent a third party who does not have an authentication key unique to the device to be authenticated from forging transmission information. Therefore, spoofing of a malicious third party can be prevented, and unauthorized authentication can be more reliably prevented.

  An authentication processing method according to an invention of claim 11 is the invention according to claim 10, wherein in the calculation step, after generating a third random number, the authentication key and the third random number are generated. The authentication information is generated one after another by using the third authenticator that has performed the calculation by the one-way conversion function.

  According to the eleventh aspect of the present invention, in the calculation step, the third random number is generated before the transmission information is calculated, and the third random number and the authentication key unique to the authentication target device are unidirectional. Authentication information is generated one after another using a third authenticator that has performed an operation using a conversion function. The transmission information can be calculated using the authentication information one after another. For this reason, it is possible to prevent a third party who does not have an authentication key unique to the device to be authenticated from forging the authenticator. Therefore, spoofing of a malicious third party can be prevented, and unauthorized authentication can be more reliably prevented.

  An authentication processing method according to a twelfth aspect of the present invention is the authentication processing method according to any one of the eighth to eleventh aspects, wherein the holding step further includes the first random number and the second random number. Held in a memory, and in the calculation step, a value obtained by performing an operation with the one-way conversion function on the first random number and the authentication key held in the holding step, and held in the holding step. If the first authenticator is the same, the authentication information is generated one after another.

  An authentication processing method according to a thirteenth aspect of the present invention is the authentication method according to any one of the eighth to eleventh aspects, wherein the holding step further holds the second random number in the memory, In the calculation step, a value obtained by performing an operation with the one-way conversion function on the second random number held in the holding step and the authentication key, and the second authentication held in the holding step The authentication information is generated one after another when the child is the same.

  According to the twelfth or thirteenth aspect of the present invention, before calculating the transmission information in the calculation step, it is possible to determine whether or not the authenticated person operating the authenticated apparatus is the same as the authenticated person at the time of initial registration. it can. For this reason, unauthorized authentication can be prevented when the device to be authenticated is used by a third party different from the initial registration.

  According to a fourteenth aspect of the present invention, an authentication processing program causes a computer to execute the authentication processing method according to any one of the first to thirteenth aspects.

  According to the invention of claim 14, it is possible to cause a computer to execute the authentication processing method according to any one of claims 1 to 13.

  A recording medium according to a fifteenth aspect of the invention is characterized in that the authentication processing program according to the fourteenth aspect is recorded in a computer-readable state.

  According to the fifteenth aspect of the present invention, the computer can read the authentication processing program according to the fourteenth aspect.

  According to a sixteenth aspect of the present invention, in the authentication processing system in which the authentication device authenticates the device to be authenticated, the device to be authenticated calculates a value before the operation for the first authenticator. Next time, the current authentication information used for the current authentication process is generated by performing a calculation using the one-way conversion function, and the second authentication is performed for the next authentication process by performing the calculation using the one-way conversion function. Generating means for generating authentication information, generating verification information obtained by performing an operation by the one-way conversion function on the next authentication information and the first authenticator, and the current authentication information generated by the generating means And a sending means for sending the verification information to the authentication device by a secure means, the first authenticator, the second authenticator, the current authentication information, and the next authentication information are predetermined. The current authentication as authentication judgment information for requesting authentication to the authentication apparatus after the current authentication information and the verification information are sent to the authentication apparatus by the holding means held in a memory and the sending means. The first transmission information generated using the information, the second authentication information generated using the third authenticator, and the second transmission generated using the second authentication information used for the next authentication process and the second authenticator. Information and a mask function that makes it easy to calculate a value before calculation, and a value obtained by performing a calculation using the one-way conversion function on the first authenticator and the second transmission information, The calculation means for calculating the third transmission information masked with the next authentication information, the first transmission information, the second transmission information and the second transmission information calculated by the calculation means. , Transmitting means for transmitting to the authentication device; and updating means for updating the information held in the memory to the second authenticator, the next authentication information, the third authenticator and the authentication information one after another, And the authentication device obtains the current authentication information and the verification information from the device to be authenticated and holds them in a predetermined memory as authentication determination information for determining authentication of the device to be authenticated. Receiving means for receiving the first transmission information, the second transmission information, and the third transmission information from the device to be authenticated; and the first transmission information received by the receiving means. And first calculation means for calculating the first authenticator based on the current authentication information held in advance in the memory, and the first authenticator calculated by the first calculation means, The memory Determination means for determining whether to authenticate the device to be authenticated based on the current authentication information held in advance, the first authenticator calculated by the first calculation means, and the Second calculation for calculating the next authentication information by unmasking the third transmission information with a value obtained by performing a one-way conversion function on the second transmission information received by the receiving means. Stored in the memory in advance, and a value generated by the first authenticator calculated by the first calculating unit and the current authentication information calculated by the second calculating unit. A verification unit that verifies whether the next authentication information is not forged based on the verification information; and the determination unit determines to authenticate the device to be authenticated; and the verification unit When it is authenticated that the next authentication information is not forged, the information held in the memory is calculated by the second transmission information received by the receiving means and the second calculating means. Updating means for updating to the next authentication information.

  According to the invention of claim 16, even if a malicious third party tries to obtain authentication by the authentication device in an unauthorized manner, the third person who is malicious cannot know the authenticator that is the source of the current authentication information used for the current authentication. The transmission information for requesting authentication from the authentication device cannot be generated. For this reason, even if the current authentication information acquired by the authentication device from the device to be authenticated is stolen by a third party, unauthorized authentication is not performed. In the authentication device, the next authentication information used for the next authentication can be verified using the second transmission information and the third transmission information transmitted from the device to be authenticated. Therefore, since the next authentication can be verified in this authentication process, in the next authentication process, it is prevented that the authentication is invalid and communication between the authenticated device and the authentication device is interrupted, and continuous communication processing is performed. Can be done.

  Further, it is possible to verify the transmission information using the authentication information that is used for the next authentication. Therefore, since the next authentication can be verified in this authentication process, it is possible to prevent the authentication from becoming invalid in the subsequent authentication process and to prevent the communication between the authenticated device and the authentication device from being interrupted, and more reliably. Communication processing can be performed.

  Furthermore, the calculation with the mask function that is easy to calculate the value before the calculation is performed, and the next authentication information is obtained by performing the calculation with the one-way conversion function on the first authenticator and the second transmission information. The masked value can be received as the third transmission information. Therefore, the person to be authenticated can exchange with the first authenticator masked secretly masked. Therefore, even if transmission information is stolen by a malicious third party, unauthorized authentication can be prevented.

  In addition, the amount of data added for authentication processing can be reduced. That is, only by adding a small amount of data, the current authentication process can be performed, the authentication information used for the next authentication can be verified, and the transmission information transmitted from the device to be authenticated can be verified.

  According to the authentication processing method, the authentication processing program, the recording medium, and the authentication processing system according to the present invention, it is possible to further improve the security of the authentication processing and perform continuous communication processing with a small amount of data. Play.

It is explanatory drawing shown about the structure of an authentication processing system. It is a block diagram which shows an example of the hardware constitutions of a to-be-authenticated apparatus and an authentication apparatus. It is a block diagram which shows the functional structure of the to-be-authenticated apparatus and authentication apparatus which comprise an authentication processing system. 6 is a flowchart illustrating a procedure of an initial registration process performed by a person to be authenticated in the authentication process according to the first embodiment; 6 is a flowchart illustrating an i-th authentication process in the authentication process according to the first embodiment; 10 is a flowchart illustrating a procedure of an initial registration process performed by a person to be authenticated in the authentication process according to the second embodiment. 10 is a flowchart illustrating an i-th authentication process in the authentication process according to the second embodiment; It is a flowchart shown about the conventional authentication processing method.

  Exemplary embodiments of an authentication processing method, an authentication processing program, a recording medium, and an authentication processing system according to the present invention will be explained below in detail with reference to the accompanying drawings. Note that, in the following description of the embodiments and all the attached drawings, the same reference numerals are given to the same components, and duplicate descriptions are omitted.

(Embodiment 1)
First, the configuration of the authentication processing system according to the present embodiment will be described. FIG. 1 is a schematic diagram showing the configuration of the authentication processing system. In the first to third embodiments described below, the system configuration, hardware configuration, and functional configuration (corresponding to FIGS. 1 to 3) of the authentication processing system are common.

  FIG. 1 is an explanatory diagram showing the configuration of the authentication processing system. As illustrated in FIG. 1, the authentication processing system 100 includes an authenticated device 110 (110a to 110f) used by a user and an authentication device 120 arranged in a server. Here, the user is an authenticated person who requests authentication from the authenticator, and the server is an authenticated person who authenticates the authenticated person. In addition, the devices to be authenticated 110 a to 110 f and the authentication device 120 are connected by a network 130.

  In the authentication processing system 100, a user requests authentication from the authentication target device 110 to the authentication device 120, and is authenticated by the authentication device 120, whereby a predetermined service (provided by a server in which the authentication device 120 is provided) ( For example, a data communication connection service, gate passage permission, content provision, etc.) can be received. Hereinafter, when the authentication device 120 authenticates the device to be authenticated 110 (when authentication is established), it is assumed that the mutual connection is started between the user and the server. Although detailed description of the processing is omitted, the device to be authenticated 110 used by the user may fulfill the function of authenticating the authentication device 120 in order to further improve safety. That is, mutual authentication may be performed in which the server authenticates the user and also authenticates from the user side whether the authentication request destination server is a valid person.

(Hardware configuration of the device to be authenticated and the authentication device)
Next, the hardware configuration of the device to be authenticated 110 and the authentication device 120 constituting the authentication processing system 100 will be described. FIG. 2 is a block diagram illustrating an example of a hardware configuration of the device to be authenticated and the authentication device. In the following, for convenience of explanation, it is assumed that the device to be authenticated 110 and the authentication device 120 have the same hardware configuration.

  In FIG. 2, the CPU 211 controls the entire device to be authenticated 110 or the authentication device 120. A basic input / output program is stored in the ROM 212, and the RAM 213 is used as a work area for the CPU 211.

  The HDD (Hard Disk Drive) 214 controls reading / writing of data with respect to the HD (Hard Disk) 215 according to the control of the CPU 211. The HD 215 stores data written according to the control of the HDD 214. An FDD (flexible disk drive) 216 controls reading / writing of data with respect to the FD (flexible disk) 217 according to the control of the CPU 211. The FD 217 is detachable from the device to be authenticated 110 or the authentication device 120, and stores data written according to the control of the FDD 216.

  The display 218 displays a cursor, menu, window, or various data such as characters and images. A communication I / F (interface) 219 is connected to the network 130, functions as an interface of the own device, and enables transmission / reception of data to / from another device (either the device to be authenticated 110 or the authentication device 120). To do. The keyboard 220 also includes a plurality of keys for inputting characters, numerical values, various instructions, and the like. The mouse 221 enables selection and execution of various instructions, selection of a processing target, movement of a cursor, and the like.

  The scanner 222 optically reads characters and images, and the printer 223 prints characters and images on paper. The CD-ROM 224 is a recording medium that is detachable from the authentication target device 110 or the authentication device 120, and the CD-ROM drive 225 controls reading of data from the CD-ROM 224. The above-described components 211 to 225 are connected by a common bus (or cable) 226, respectively.

  Next, a functional configuration of the authentication processing system 100 according to the present embodiment will be described. FIG. 3 is a block diagram illustrating a functional configuration of the authentication target device and the authentication device that constitute the authentication processing system.

  The device to be authenticated 110 includes a generation unit 111, a transmission unit 112, a holding unit 113, a calculation unit 114, a transmission unit 115, and an update unit 116. The generation unit 111 generates current authentication information (V_ {i}, which will be described later) used for the current authentication process, using the first authenticator (v_ {i}, which will be described later). Further, the generation unit 111 generates next authentication information (V_ {i + 1} described later) used for the next authentication process by using the second authenticator (v_ {i + 1} described later). Specifically, the generation unit 111 performs the current authentication information or the second authenticator by performing an operation using a one-way conversion function that is difficult to calculate a value before the operation on the first authenticator or the second authenticator. Next time authentication information is generated. Furthermore, the generation unit 111 generates verification information (γ_ {i}, which will be described later) obtained by performing computation using a one-way conversion function on the next authentication information and the first authenticator.

  In addition, the generation unit 111 generates a first random number and a second random number, and then performs one-way conversion on the generated first random number (or the first random number and an authentication key unique to the own device). A first authenticator is generated by performing an operation using a function. And this time authentication information is produced | generated by calculating by a one-way conversion function with respect to this 1st authenticator. Further, the generation unit 111 performs an operation using a one-way conversion function on the generated second random number (or the second random number and an authentication key unique to the own device), thereby obtaining the second authenticator. Generate. And next time authentication information is produced | generated by calculating by a one-way conversion function with respect to this 2nd authenticator.

  Here, the one-way conversion function is a function in which it is difficult to calculate a value before calculation. Specifically, for example, when a certain two values (x, y) are calculated by the function, the value (z) is a result of the calculation and one of the two values (for example, x) However, it is a difficult function to calculate another value (y) from them. That is, when the one-way conversion function is h and z is a value obtained by calculating x and y by h, z can be expressed as z = h (x, y). At this time, it is a difficult function to calculate y from x and z.

  The sending unit 112 sends the current authentication information and the verification information generated by the generating unit 111 to the authentication device 120 by a safe means. Here, the safe means means that the information is a third party other than the user of the authentication device 120 and the device to be authenticated 110, such as transmission of the information through a dedicated line or mailing of a storage medium storing the information. It is a means of sending that is not known to the person.

  The holding unit 113 has a predetermined memory, and holds the first authenticator, the second authenticator, the current authentication information, and the next authentication information in this memory. The holding unit 113 may further hold the first random number and the second random number in the memory.

  Using the current authentication information generated by the generation unit 111, the calculation unit 114 calculates first transmission information as authentication determination information for requesting authentication from the authentication device 120. Specifically, the calculation unit 114 performs a calculation using a mask function that can easily calculate a value before the calculation, and calculates first transmission information masked by the first authenticator with the current authentication information.

  Here, the mask function is a function in which the original value becomes the operation result when the same operation is performed twice, and for example, an exclusive OR operation (XOR) corresponds thereto. Hereinafter, the mask function will be described as an exclusive OR operation.

  In addition, the calculation unit 114 generates the second authentication information used for the next authentication process using the third authenticator and then uses the second authentication information and the second authentication as transmission verification information for verifying each transmission information. Second transmission information generated by the child is generated. Specifically, the calculation unit 114 calculates second transmission information obtained by performing a one-way conversion function on the authentication information and the second authenticator one after another.

  Further, the calculation unit 114 performs an operation using a mask function, and performs a third transmission in which the next authentication information is masked with a value obtained by performing an operation using a one-way conversion function on the first authenticator and the second transmission information. Generate information.

  Further, when a random number is held in the memory by the holding unit 113, the calculation unit 114 is unidirectional with respect to the first random number (or the second random number) held in the memory by the holding unit 113 and the authentication key. When the value calculated by the conversion function is the same as the first authenticator (or second authenticator) held in the memory by the holding unit 113, generation of authentication information is started one after another. May be.

  The transmission unit 115 transmits the first transmission information, the second transmission information, and the third transmission information calculated by the calculation unit 114 to the authentication device 120. The transmission unit 115 transmits each piece of transmission information described above to the authentication device 120 via the network 130, for example.

  The update unit 116 updates the information held in the memory to the second authenticator, the next authenticator, the third authenticator, and the authentication information one after another. Furthermore, the update unit 116 may update the first random number and the second random number held in the memory to the second random number and the third random number.

  The authentication device 120 includes a reception unit 121, a first calculation unit 122, a determination unit 123, a second calculation unit 124, a verification unit 125, and an update unit 126. Here, it is assumed that the authentication device 120 previously acquires authentication information and verification information from the device to be authenticated 110 and holds them in a predetermined memory.

  The receiving unit 121 receives first transmission information, second transmission information, and third transmission information from the device to be authenticated 110 as authentication determination information for determining authentication of the device to be authenticated 110. .

  The first calculation unit 122 calculates a first authenticator based on the first transmission information received by the reception unit 121 and the current authentication information held in advance in the memory. Specifically, the first calculation unit 122 uses the reception unit 121 to perform a calculation using a mask function that makes it easy to calculate a value before calculation as the first transmission information, and uses the first authentication information as the first transmission information. When the value masked by the authenticator is received, the first authenticator is calculated by unmasking the first transmission information received by the receiving unit 121 with the current authentication information held in advance in the memory. To do.

  The determination unit 123 determines whether or not the value obtained by performing the calculation using the one-way conversion function on the first authenticator calculated by the first calculation unit 122 matches the current authentication information stored in the memory in advance. If it matches, the device to be authenticated 110 is authenticated. Specifically, the determination unit 123 stores the current authentication information in which a value obtained by performing the calculation using the one-way conversion function on the first authenticator calculated by the first calculation unit 122 is stored in advance in the memory. Whether the device to be authenticated 110 is authenticated or not.

  If the verification unit 125 determines that the authenticated device 110 is authenticated by the determination unit 123, whether the verification information stored in advance in the memory matches the second transmission information received by the reception unit 121. If they match, the next authentication information is authenticated if it is not forged.

  Specifically, when the receiving unit 121 receives a value obtained by performing a one-way conversion function on the authentication information and the second authenticator one after another as the second transmission information in the receiving unit 121, A value obtained by performing a one-way conversion function on the current authentication information calculated by the calculation unit 124 and the first authenticator calculated by the first calculation unit 122, It is determined whether or not they match, and if they match, the device to be authenticated 110 is authenticated.

  The second calculation unit 124 is a value obtained by performing a one-way conversion function on the first authenticator calculated by the first calculation unit 122 and the second transmission information received by the reception unit 121. Next, the next authentication information is calculated by canceling the masking of the transmission information 3.

The verification unit 125 includes a value generated by the first authenticator calculated by the first calculation unit 122 and the current authentication information calculated by the second calculation unit 124, and the verification stored in the memory in advance. Based on the information, it is verified whether or not the next authentication information is forged.

  When the receiving unit 121 receives a value obtained by performing a one-way conversion function on the authentication information and the second authenticator one after another as the second transmission information by the receiving unit 121, the second calculating unit 124. Whether the value obtained by performing the one-way conversion function on the current authentication information calculated by the above and the first authenticator calculated by the first calculation unit 122 matches the verification information stored in the memory in advance. If it matches, the device to be authenticated 110 is authenticated.

  When the determination unit 123 determines that the authentication target device 110 is authenticated and the verification unit 125 authenticates that the next authentication information is not forged, the update unit 126 receives information stored in the memory by the reception unit 121. The received second transmission information and the next authentication information calculated by the second calculation unit 124 are updated.

  Note that the above-described units realize their respective functions by the CPU 211 and the like executing instruction processing in accordance with program instructions read into the RAM 213 from various recording media such as the HD 215, FD 217, and CD-ROM 224 of each device. To do.

<Initial registration process>
First, the procedure of the initial registration process by the person to be authenticated in the authentication process according to the first embodiment will be described. In addition, the symbol and numerical formula used in the following description show the following meanings and calculations.

i: Number of times of authentication S: Secret information (for example, password information) secretly held by the user (authenticated person)
h (x): Value obtained by applying a one-way conversion function to x (arbitrary value) h (x, y): Value obtained by applying a one-way conversion function using x and y (arbitrary value) m_ {y} (X): Value obtained by masking x with y (for example, a value calculated using e.g. {e} {x} or x XOR y using an encryption method or exclusive OR operation)
n_ {y} (x): a value obtained by canceling the mask of y with x (however, the calculation method is the same as the method when the mask is applied)
N_ {i}: random number for generating an authenticator used for i-th authentication v_ {i}: an arbitrary value (authenticator) for generating authentication information used for i-th authentication
V_ {i}: Authentication information used for i-th authentication

  Here, in m_ {y} (x), x and y may each use a plurality of values. For example, m_ {q, r} (o, p) is a value obtained by masking o and p with q and r. q and r are encryption key arguments and may be used in any manner. For example, a value calculated by q XOR r, h (q, r) or m_ {r} (q) may be used as the encryption key. Similarly, in n_ {y} (x), y may use a plurality of values. For example, n_ {q, r} (o) means the result of unmasking q and r with o. The key generation method using q and r is the same as the key generation method used for encryption.

  FIG. 4 is a flowchart of the initial registration process performed by the person to be authenticated in the authentication process according to the first embodiment. In FIG. 4, first, the to-be-authenticated apparatus 110 generates random numbers N_ {1} and N_ {2} (step S411). Here, the random number N_ {i} is a random number for generating an authenticator used for the i-th authentication.

Next, authenticators v_ {1} and v_ {2} are generated by the following equation (3) using the random numbers N_ {1} and N_ {2} generated in step S411 and the secret information S ( Step S412). Here, the authenticator v_ {i} is an arbitrary value for generating authentication information used for the i-th authentication.
v_ {i} = h (N_ {i}, S) (3)

In step S412, the authenticators v_ {1} and v_ {2} may be generated by the following equation (4) without using the secret information S.
v_ {i} = h (N_ {i}) (4)

Next, authentication information V_ {1} and V_ {2} are generated by the following equation (5) using the authenticators v_ {1} and v_ {2} generated in step S412 (step S413). Here, the authentication information V_ {i} is authentication information used for the i-th authentication. Specifically, the authentication information V_ {1} is the first (current) authentication information used for the first time (i = 1) authentication. The authentication information V_ {2} is next-time authentication information used for the next (i + 1) authentication.
V_ {i} = h (v_ {i}) (5)

Furthermore, verification information γ_ {1} is generated by the following equation (6) using v_ {1} generated in step S412 and V_ {2} generated in step S413 (step S414). Here, the verification information γ_ {i} is information for verifying forgery of the next authentication information V_ {i + 1} by the third party.
γ_ {i} = h (V_ {i + 1}, v_ {i}) (6)

  Next, the initial authentication information V_ {1} and the verification information γ_ {1} are transmitted to the authentication device 120 by a secure means (step S415). Here, the safe means is means such as transmission of the information by a dedicated line or mailing of a storage medium storing the information. Then, the authenticators v_ {1}, v_ {2}, the initial authentication information V_ {1}, and the next authentication information V_ {2} are stored in a predetermined memory (step S416), and a series of processes in the device to be authenticated 110 Exit.

  In authentication device 120, initial authentication information V_ {1} and verification information γ_ {1} sent from device to be authenticated 110 in step S415 are stored in a predetermined memory (step S421), and a series of processing ends. To do. Through the processing as described above, the device to be authenticated 110 is initially registered in the authentication device 120.

<About authentication processing>
Next, the i-th authentication process in the authentication process according to the first embodiment will be described. FIG. 5 is a flowchart illustrating the i-th authentication process in the authentication process according to the first embodiment. At this time, the information stored in authenticated device 110 is authenticators v_ {i}, v_ {i + 1}, current authentication information V_ {i}, and next authentication information V_ {i + 1}. The stored information is authentication information V_ {i} and verification information γ_ {i} this time.

  In the flowchart of FIG. 5, first, the device to be authenticated 110 generates a random number N_ {i + 2} (step S511). Next, using the random number N_ {i + 2} generated in step S511 and the secret information S, the authenticator v_ {i + 2} and the authentication information V_ {i + 2} are generated by the above formulas (3) and (5). (Step S512). In step S512, authentication information V_ {i + 2} is authentication information used one after another used for authentication (i + 2).

  In step S512, the authenticator v_ {i + 2} is generated by the above-described equation (4) without using the secret information S, and the authentication information V_ {i + 2} is successively used by using the authenticator v_ {i + 2}. May be generated.

Subsequently, the device to be authenticated 110 transmits the first transmission information α_ {i}, the second transmission information γ_ {i + 1}, the third transmission data to the authentication device 120 by the following formulas (7) to (9). Transmission information β_ {i} is calculated (step S513).
α_ {i} = m_ {V_ {i}} (v_ {i}) (7)
γ_ {i + 1} = h (V_ {i + 2}, v_ {i + 1}) (8)
β_ {i} = m_ {h (v_ {i}, γ_ {i + 1}), (V_ {i + 1})} (9)

  Here, the first transmission information α_ {i} is information including the current authentication information V_ {i} used for the current (i) authentication, as shown in the above-described equation (7). In addition, the second transmission information γ_ {i + 1} generates the authentication information V_ {i + 2} that is used for the next authentication (i + 2) and the authentication information that is used for the next authentication, as shown in the above equation (8). The third transmission information β_ {i} is the information generated by the authentication code v_ {i} for generating the authentication information used for the next authentication and the second transmission. This is information obtained by masking the next authentication information V_ {i + 1} with a value obtained by performing a calculation using a one-way conversion function on the information γ_ {i + 1}.

  Next, the first transmission information α_ {i}, the second transmission information γ_ {i + 1}, and the third transmission information β_ {i} calculated in step S513 are transmitted to the authentication device 120 (step S514). Then, the stored information is updated to the authenticators v_ {i + 1}, v_ {i + 2}, the next authentication information V_ {i + 1}, and the authentication information V_ {i + 2} one after another (step S515). Further, (i + 1) is substituted for i (step S516), the process returns to step S511, and the (i + 1) -th authentication process is performed.

On the other hand, authentication apparatus 120 receives first transmission information α_ {i}, second transmission information γ_ {i + 1}, and third transmission information β_ {i} transmitted from authenticated apparatus 110 in step S514. To do. Then, according to the following equation (10), the mask of the stored current authentication information V_ {i} is canceled with the received first transmission information α_ {i}, and an authentication determination authenticator v ′ _ { i} is calculated (step S521).
v ′ _ {i} ← n_ {V_ {i}} (α_ {i}) (10)

  Next, whether or not the value obtained by performing the one-way conversion function on the authentication determination authenticator v ′ _ {i} calculated in step S521 is equal to the stored current authentication information V_ {i}. Is determined (step S522). When it is determined in step S522 that they are equal (step S522: Yes), the authentication device 120 determines that the device to be authenticated 110 is a valid authenticator (step S523). In addition, this makes it possible to authenticate that the first transmission information has not been forged.

Next, the authentication information v ′ _ {i} for authentication judgment calculated in step S521 and the received γ_ {i + 1} are used with the received third transmission information β_ {i} by the following equation (11). Then, the mask of the value subjected to the one-way conversion function is canceled, and next authentication information V ′ _ {i + 1} for authentication determination is calculated (step S524).
V ′ _ {i + 1} ← n_ {h (v ′ _ {i}, γ_ {i + 1})} (β_ {i}) (11)

  Next, verification information γ_ {i} stored in advance, next authentication information V ′ _ {i + 1} for authentication determination calculated in step S524, and an authenticator v ′ for authentication determination calculated in step S521. It is determined whether or not the value obtained by performing the one-way conversion function using _ {i} is equal (step S525). If it is determined in step S525 that they are equal (step S525: Yes), authentication is performed if the next authentication information V ′ _ {i + 1} for authentication determination is not forged (step S526). Further, it is possible to authenticate that the second transmission information γ_ {i + 1} and the third transmission information β_ {i} are not forged.

  Next, the information to be stored is changed to the next authentication information V_ {i + 1} and the second transmission information γ_ {i + 1} (step S527). Further, (i + 1) is substituted for i (step S528), the process returns to step S521, and the (i + 1) -th authentication process is performed.

  Here, in step S522: Yes, since it is determined that the first authenticator v_ {i} and the first authenticator v ′ _ {i} for authentication determination are the same, v ′ _ { i} = v_ {i}. Accordingly, in step S525: Yes, it is determined that the current authentication information V_ {i + 1} and the authentication determination V ′ _ {i + 1} are the same, and V ′ _ {i + 1} = V_ {i + 1}. Therefore, in step S527, the saved information is actually changed to the next authentication information V ′ _ {i + 1} for authentication determination calculated in step S524, but is changed to next authentication information V_ {i + 1}. It is the same.

  On the other hand, in step S522, the value obtained by performing the one-way conversion function on the authenticator v ′ _ {i} calculated in step S521 is not determined to be equal to the stored current authentication information V_ {i}. In the case (step S522: No), the authentication is rejected (step S529), and the series of processing ends. The reason is, for example, that the person to be authenticated has erroneously input a password to the apparatus to be authenticated 110 or that the first transmission information α_ {i} (or part thereof) has been forged.

  In step S525, the verification information γ_ {i} stored in advance, the next authentication information V ′ _ {i + 1} calculated in step S524 and the authenticator v ′ _ {i} calculated in step S521 are used. If it is not determined that the value obtained by using the one-way conversion function is equal (step S525: No), the process proceeds to step S529, the authentication is rejected, and the series of processes is terminated. The reason is, for example, that the second transmission information γ_ {i} (or a part thereof) or the third transmission information β_ {i} is forged, or the authentication device 120 uses the authentication information V_ {i} this time. For example, the authentication information is out of synchronization between the authentication target device 110 and the authentication device 120, such as failure to store the authentication information.

  According to Embodiment 1 described above, the first transmission information α_ {i}, the second transmission information γ_ {i + 1}, and β_ {i} as information used for authentication are data stored only by the device to be authenticated. It cannot be generated without using (v_ {i}, v_ {i + 1}, V_ {i + 2}). For this reason, even if the information (V_ {i}) related to the person to be authenticated stored in the authentication device is stolen by the third party, the third party cannot generate transmission information used for the authentication process. The authentication device cannot be authenticated. That is, spoofing can be prevented.

  Further, since the verification information (γ_ {i}) generated using the next authentication information is stored in advance in the authentication device, it is determined whether or not the next authentication processing is valid in the current authentication processing. Judgment can be made. Therefore, the next authentication process is guaranteed by performing the current authentication process. For this reason, since the current authentication is always performed while guaranteeing the next authentication process, it is possible to realize continuous communication processing between the authentication target apparatus and the authentication apparatus without interruption by repeatedly performing the authentication process. Thus, when communication between devices stops, it can be used for communication in units of packets, such as dangerous information, for example, information on emergency and information on fire fighting.

  Further, according to the first embodiment, the authentication device can perform authentication processing for the device to be authenticated only by transmitting three pieces of transmission information from the device to be authenticated to the authentication device, preventing spoofing and using it next time. It is possible to authenticate that authentication information and transmission information are not forged. Therefore, for example, even when transmission information is added for each packet and authentication is performed, the amount of data does not increase and the amount of calculation does not increase, so the processing time can be shortened.

(Embodiment 2)
Next, an authentication process according to the second embodiment will be described. The second embodiment is different from the first embodiment in that the device to be authenticated verifies the person to be authenticated before generating a random number in the authentication process. In addition, the same code | symbol is attached | subjected to the process similar to Embodiment 1, and description is abbreviate | omitted.

<Initial registration process>
First, the procedure of the initial registration process by the person to be authenticated in the authentication process according to the second embodiment will be described. FIG. 6 is a flowchart of the initial registration process performed by the person to be authenticated in the authentication process according to the second embodiment. As shown in FIG. 6, in the initial registration process of the second embodiment, the information stored in the device to be authenticated 110 is different from the initial registration process of the first embodiment.

  In the second embodiment, as shown in the flowchart of FIG. 6, in step S415 in the first embodiment, the initial authentication information V_ {1} and the verification information γ_ {1} are obtained from the authentication device 120 by a secure means. In addition to the authenticators v_ {1}, v_ {2}, the initial authentication information V_ {1} and the next authentication information V_ {2}, the random numbers N_ {1} and N_ {2 generated in step S411 } Is stored in a predetermined memory (step S616), and a series of processes in the device to be authenticated 110 is terminated.

<About authentication processing>
Next, an i-th authentication process in the authentication process according to the second embodiment will be described. FIG. 7 is a flowchart illustrating the i-th authentication process in the authentication process according to the second embodiment. In the i-th authentication process of the second embodiment, the user to be authenticated is valid in the authenticated apparatus 110 before generating the random number N_ {i + 2} in step S511 in the i-th authentication process of the first embodiment. Determine whether or not.

As shown in the flowchart of FIG. 7, in addition to the authenticators v_ {i}, v_ {i + 1}, the initial authentication information V_ {i}, and the next authentication information V_ {i + 1}, the device to be authenticated 110 includes a random number N_ { i} and N_ {i + 1} are stored. First, it waits until the secret information S ′ is received from the person to be authenticated (step S711: No loop). When the secret information S ′ is received from the person to be authenticated in step S711 (step S711: Yes), the following formula is used using the stored random number N_ {i} and the secret information S ′ received in step S711. The authenticator v ′ _ {i} for authentication determination is generated by (12) (step S712).
v ′ _ {i} = h (N_ {i}, S ′) (12)

  Next, it is determined whether or not the authentication determination authenticator v ′ _ {i} generated in step S712 is equal to the stored authenticator v_ {i} (step S713). In step S713, when it is determined that the authenticator v ′ _ {i} for authentication determination and the authenticator v_ {i} are equal (step S713: Yes), the password received from the authentication target is the initial registration ( Or, it is determined that the password is the same as the previous password, that is, the person to be authenticated is the same as the person to be authenticated at the time of initial registration, and the person to be authenticated is authenticated (step S714). Then, the process proceeds to step S511, and the subsequent processing is performed.

  Then, after performing the processing from step S511 to step S514 as in the first embodiment, the stored information in the device to be authenticated 110 includes the authenticators v_ {i + 1}, v_ {i + 2}, and the next authentication information V_ {i + 1. }, Authentication information V_ {i + 2}, and random numbers N_ {i + 1} and N_ {i + 2} are updated (step S715). Further, (i + 1) is substituted for i (step S516), the process returns to step S711, and the (i + 1) -th authentication process is performed.

  On the other hand, in step S713, if it is not determined that the authentication code v ′ _ {i} for authentication determination and the authentication code v_ {i} are equal (step S713: No), the user to be authenticated and the user to be authenticated at the time of initial registration It is determined that they are not the same, and the series of processing ends.

  In the second embodiment, for example, two random numbers N_ {1} and N_ {2} (FIG. 6: Step S616), N_ {i + 1} and N_ {i + 2} (FIG. 7: Step S715) are held. Although the method has been described, it is not limited to this. Specifically, for example, one random number of N_ {2} (FIG. 6: step S616) and N_ {i + 2} (FIG. 7: step S715) may be held. In this case, in step S712 of FIG. 7, v ′ _ {i + 1} is generated instead of v ′ _ {i} as an authentication judgment authenticator. In step S713, an authentication judgment authenticator v ′ _ { It is determined whether i + 1} is equal to the stored authenticator v_ {i + 1}.

  According to the second embodiment described above, the same effect as in the first embodiment can be obtained. Further, according to the second embodiment, transmission information can be generated after determining whether or not the authenticated person is valid in the authenticated apparatus during the authentication process after the initial registration process. Therefore, for example, even if a third party uses the device to be authenticated and impersonates a legitimate user, authentication with the authentication device can be prevented. Thereby, for example, when the device to be authenticated is installed in a public place or when used by a plurality of users, unauthorized authentication can be prevented.

  As described above, according to the authentication processing method, the authentication processing program, the recording medium, and the authentication processing system according to the present invention, the security of the authentication processing can be further improved and continuous communication processing can be performed.

  Note that the authentication processing method described in the present embodiment can be realized by executing a program prepared in advance on a computer such as a personal computer or a workstation. This program is recorded on a computer-readable recording medium such as a hard disk, a flexible disk, a CD-ROM, an MO, and a DVD, and is executed by being read from the recording medium by the computer. The program may be a transmission medium that can be distributed via a network such as the Internet.

  As described above, the authentication processing method, the authentication processing program, the recording medium, and the authentication processing system according to the present invention are useful for authentication between devices that require continuous communication processing, and particularly exchange urgent information. Suitable for authentication between devices.

DESCRIPTION OF SYMBOLS 110 Device to be authenticated 111 Generation unit 112 Sending unit 113 Holding unit 114 Calculation unit 115 Transmission unit 116 Update unit 120 Authentication device 121 Reception unit 122 First calculation unit 123 Judgment unit 124 Second calculation unit 125 Verification unit 126 Update unit

Claims (16)

Using the second authentication code and the current authentication information used for the current authentication process generated by performing a calculation using a one-way conversion function that is difficult to calculate the value before the calculation for the first authentication code. The next authentication information used for the next authentication process generated and the verification information obtained by performing the calculation using the one-way conversion function on the first authenticator are acquired in advance from the authentication target device that performs authentication and stored in a predetermined memory. An authentication method in an authentication device that is held,
As authentication determination information for determining authentication of the device to be authenticated, it is used for the first transmission information generated using the current authentication information and the subsequent authentication processing generated using the third authenticator. The second transmission information generated by the authentication information and the second authenticator one after another and a mask function that makes it easy to calculate a value before the calculation is performed, and the first authenticator and the second authenticator Receiving from the device to be authenticated the third transmission information masked with the next authentication information with a value obtained by performing the calculation by the one-way conversion function on the transmission information of
A first calculation step of calculating the first authenticator based on the first transmission information received in the reception step and the current authentication information held in advance in the memory;
A determination step of determining whether or not to authenticate the device to be authenticated based on the first authenticator calculated in the first calculation step and the current authentication information held in advance in the memory. When,
A value obtained by performing a one-way conversion function on the first authenticator calculated by the first calculation step and the second transmission information received by the reception step, and the third transmission information A second calculation step of calculating the next authentication information by releasing the mask;
The value generated by the first authenticator calculated by the first calculation step and the current authentication information calculated by the second calculation step, and the verification information previously stored in the memory And verifying whether the next authentication information has not been counterfeited based on:
When it is determined that the device to be authenticated is authenticated by the determining step, and when it is authenticated that the next authentication information is not forged in the verification step, the information held in the memory is received by the receiving step. Updating the second transmission information and the next authentication information calculated by the second calculation step;
An authentication processing method comprising: In the determination step,
Whether or not a value obtained by performing the calculation by the one-way conversion function on the first authenticator calculated in the first calculation step matches the current authentication information stored in the memory in advance. The authentication processing method according to claim 1, wherein the authentication target device is authenticated when they match. In the receiving step,
As the first transmission information, an operation with a mask function that is easy to calculate a value before the operation is performed, and a value masked by the first authenticator with the current authentication information is received,
In the first calculation step,
The first authenticator is calculated by unmasking the first transmission information received in the reception step with the current authentication information previously stored in the memory. Item 3. An authentication processing method according to item 1 or 2. In the receiving step,
As the second transmission information, a value obtained by performing the one-way conversion function on the authentication information and the second authenticator one after another is received,
In the verification step,
A value obtained by performing the one-way conversion function on the current authentication information calculated by the second calculation step and the first authenticator calculated by the first calculation step is stored in the memory in advance. 4. The authentication processing method according to claim 1, wherein it is determined whether or not the verification information matches the verification information, and the authentication target device is authenticated if the verification information matches. . In the authentication processing method in the device to be authenticated that requests authentication from the authentication device,
The current authentication information used for the current authentication process is generated by performing an operation with a one-way conversion function that is difficult to calculate the value before the operation for the first authenticator, and the second authenticator Generates next authentication information to be used for the next authentication process by performing an operation by a one-way conversion function, and generates verification information by performing an operation by the one-way conversion function on the next authentication information and the first authenticator. Generating process to
A sending step of sending the current authentication information generated by the generating step and the verification information to the authentication device by a secure means;
A holding step of holding the first authenticator, the second authenticator, the current authentication information and the next authentication information in a predetermined memory;
After sending the current authentication information and the verification information to the authentication device by the sending step, the authentication information is generated using the current authentication information as authentication judgment information for requesting the authentication device to perform authentication. 1 transmission information, the second transmission information generated by the second authentication information used for the next authentication process generated by using the third authentication code, the second authentication information, and the value before the calculation. A calculation is performed with a mask function that is easy to calculate, and the next authentication information is masked with a value obtained by performing a calculation with the one-way conversion function on the first authenticator and the second transmission information. A calculation step of calculating the transmission information of 3;
A transmission step of transmitting the first transmission information, the second transmission information, and the second transmission information calculated by the calculation step to the authentication device;
Updating the information stored in the memory to the second authenticator, the next authentication information, the third authenticator, and the authentication information one after another;
An authentication processing method comprising: In the calculation step,
The first transmission information is calculated using a mask function that is easy to calculate a value before calculation, and a value masked by the first authenticator with the current authentication information is calculated. Item 6. The authentication processing method according to Item 5. In the calculation step,
The authentication process according to claim 5 or 6, wherein a value obtained by performing the one-way conversion function on the authentication information and the second authenticator one after another is calculated as the second transmission information. Method. In the generating step,
After generating the first random number and the second random number, the current authentication information is generated by using the first authenticator that has performed an operation by the one-way conversion function on the first random number, 8. The next authentication information is generated using the second authenticator that has performed an operation on the second random number by the one-way conversion function. 9. Authentication processing method. In the calculation step,
The authentication information is generated one after another by using the third authenticator obtained by generating the third random number and performing the calculation by the one-way conversion function on the third random number. 8. The authentication processing method according to 8. In the generating step,
After generating the first random number and the second random number, the first authenticator obtained by performing the calculation by the one-way conversion function on the authentication key unique to the device to be authenticated and the first random number Generating the current authentication information, and generating the next authentication information using the second authenticator obtained by performing an operation using the one-way conversion function on the authentication key and the second random number. 10. The authentication processing method according to any one of claims 5 to 9. In the calculation step,
After generating the third random number, generating the authentication information one after another by using the third authenticator that has performed the calculation by the one-way conversion function for the authentication key and the third random number. The authentication processing method according to claim 10, wherein: In the holding step,
And storing the first random number and the second random number in the memory;
In the calculation step,
The value obtained by performing the calculation by the one-way conversion function on the first random number and the authentication key held in the holding step is the same as the first authenticator held in the holding step. The authentication processing method according to claim 8, wherein the authentication information is generated one after another. In the holding step,
And holding the second random number in the memory;
In the calculation step,
The value obtained by performing the calculation by the one-way conversion function on the second random number and the authentication key held in the holding step is the same as the second authenticator held in the holding step. The authentication processing method according to claim 8, wherein the authentication information is generated one after another.   An authentication processing program for causing a computer to execute the authentication processing method according to claim 1.   A computer-readable recording medium on which the authentication processing program according to claim 14 is recorded. In the authentication processing system in which the authentication device authenticates the device to be authenticated,
The device to be authenticated is
The current authentication information used for the current authentication process is generated by performing an operation with a one-way conversion function that is difficult to calculate the value before the operation for the first authenticator, and the second authenticator Generates next authentication information to be used for the next authentication process by performing an operation by a one-way conversion function, and generates verification information by performing an operation by the one-way conversion function on the next authentication information and the first authenticator. Generating means to
Sending means for sending the current authentication information generated by the generating means and the verification information to the authentication device by a safe means;
Holding means for holding the first authenticator, the second authenticator, the current authentication information and the next authentication information in a predetermined memory;
After the current authentication information and the verification information are sent to the authentication device by the sending means, the first authentication information generated using the current authentication information as authentication judgment information for requesting the authentication device to authenticate 1 transmission information, the second transmission information generated by the second authentication information used for the next authentication process generated by using the third authentication code, the second authentication information, and the value before the calculation. A calculation is performed with a mask function that is easy to calculate, and the next authentication information is masked with a value obtained by performing a calculation with the one-way conversion function on the first authenticator and the second transmission information. Calculating means for calculating the transmission information of 3;
Transmitting means for transmitting the first transmission information, the second transmission information and the second transmission information calculated by the calculating means to the authentication device;
Updating means for updating the information held in the memory to the second authenticator, the next authentication information, the third authenticator and the authentication information one after another;
With
The authentication device
After obtaining the current authentication information and the verification information from the device to be authenticated and holding them in a predetermined memory, the first transmission information and the authentication information for determining authentication of the device to be authenticated Receiving means for receiving the second transmission information and the third transmission information from the device to be authenticated;
First calculating means for calculating the first authenticator based on the first transmission information received by the receiving means and the current authentication information held in advance in the memory;
Determination means for determining whether or not to authenticate the device to be authenticated based on the first authenticator calculated by the first calculation means and the current authentication information previously stored in the memory. When,
A value obtained by performing a one-way conversion function on the first authenticator calculated by the first calculating unit and the second transmission information received by the receiving unit, and the third transmission information A second calculating means for calculating the next authentication information by releasing the mask;
A value generated by the first authenticator calculated by the first calculating means and the current authentication information calculated by the second calculating means, and the verification information held in advance in the memory And verification means for verifying whether or not the next authentication information is forged,
When it is determined by the determining means to authenticate the device to be authenticated and the verification means authenticates that the next authentication information is not forged, the information held in the memory is received by the receiving means. Updating means for updating to the next authentication information calculated by the second transmission information and the second calculating means;
An authentication processing system comprising:

Images