JP2011004079A - Mobile terminal "remembering" pass word - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide such a practical means that an owner carrying a cellular phone does not have a trouble of remembering a pass word when there is such a pass word "remembered" only by each cellular phone.SOLUTION: In the mobile terminal, a 1:1 certifier is composed of: mobile terminals opposed at the interval of a communication channel; and a communication body including a random-number source ([X]) generating random numbers. The 1:1 certifier successively changes the mobile terminal from the state having the n random number [X] to the state having the n+1 random number [X] while nullifying the n random number [X] as interposing the n cipher text ([X]+[X]). The mobile terminal is characterized by data having a capacity reproducing the previously thrown-away first random number [X] equalized to the n+1 random number [X] of the mobile terminal.

Description

  The present application relates to a portable terminal (an IC card, a mobile phone, etc.) having a “remembering ability” for a password and an effect associated with carrying the portable terminal. A person carrying this portable terminal has no trouble remembering the password. This is because, on behalf of a person, the mobile terminal has the ability to “reproduce” a random number generated when it is registered.

  Conventionally, there are memory-based passwords and one-time passwords (IETF rfc1938, rfc1760).

(Problems of conventional technology)
The phenomenon of “remembering” and the phenomenon of remembering memory is a life phenomenon that guarantees an unchanging consciousness (ID) of “I am I” while our bodies are exposed to metabolic changes at the molecular level. . Since ancient times, there is a way to keep secrets secret; once you open a secret document, it burns immediately. This will “keep secrets only within life phenomena”; that is the secret rule. There is currently no IT that follows this rule; a password file is evidence.

  The password you wrote down on your paper, your birthday password, and the password that exists as a file on your computer are “so you can see” over and over again. Therefore, it leaks through people. Because it leaks, it asks for a password again, and asks for a double triple. This is a problem of the prior art. In general, the mobile phone ID is also referred to repeatedly, so it is in the same position as the password file.

JP 2008-124906 JP

  The challenge is to find a password that “remembers” only my mobile phone and a password that “remembers” only your mobile phone.

  If there is a secret that can only be remembered by me and you, you can only remember me and you by a third party that is neutral to me and you. I want to secure I want a third-party organization to guarantee that there is no one who is on my side or someone who is on your side.

  These are the challenges left in this century's information technology.

The invention according to claim 1
A 1: 1 authenticator composed of a mobile terminal and a communication body including a random number generation source ([X]) facing each other across a communication path is
A first ciphertext ([X _l ] obtained by encrypting a _second random number [X ₂ ] generated at the random number source [X] by a _first random number [X ₁ ] generated at the random number source [X]. ] + [X ₂ ])
Changing the portable terminal from a state having a _first random number [X ₁ ] to a state having a second random number [X ₂ ] and discarding the _first random number [X ₁ ],
Similarly,
Second ciphertext ([X ₂ ] obtained by encrypting the _third random number [X ₃ ] generated at the random number source [X] by the second random number [X ₂ ] generated at the random number source [X]. ] + [X ₃ ])
Changing the portable terminal from a state having a _second random number [X ₂ ] to a state having a third random number [X ₃ ] and discarding the _second random number [X ₂ ],
Sequentially, through the nth ciphertext ([X _n ] + [X _{n + 1} ]),
While changing the portable terminal from a state having an _nth random number [ _Xn ] to a state having an n + 1th random number [ _{Xn + 1} ] and discarding the _nth random number [ _Xn ],
Data having the ability to reproduce the _first random number [X ₁ ] that has already been thrown away (“remembering ability”) is the n + 1th random number [X _{n + 1} ] of the mobile terminal, The portable terminal.

The invention according to claim 2
There are at least two “mobile” and “secondary” mobile terminals for payment in any field,
The ID or password that accompanies the “correct” is used to indicate the intention of the settlement,
The ID or password associated with the “secondary” is used to approve or reject the intention,
The plurality of portable terminals, wherein payment is permitted only when the “secondary” confirms the intention of “positive”.

The present invention will be described in detail.
A 1: 1 authenticator was disclosed in Japanese Patent Application Laid-Open No. 2008-124906 (hereinafter referred to as a prior application). This is a means for shifting the secret sharing maintenance of two peers (peer-to-peer) facing each other across a communication path from a person to a communication system. This 1: 1 authenticator provides the framework for this application. Since it is an important basis, the 1: 1 authenticator was re-published here again in Figure 1 of the present application; here, the side having the random number generation source [X] was defined as the encryption function part.

  Compare Figure 1 of this application with the definition of the prior application (paragraph number (0020) of the prior application); 1: 1 authenticator: encrypts and decrypts the random number of the random number source [X] (reference numeral 20) System elements (reference numerals 21, 21-1, 21-1 and 22, 22-1, 22-2) or input / output information thereof (reference numerals 20-1, 21-3, 21-4, reference numerals 22-3, 22- 4) and; a system element for inputting a ciphertext of a random number into a hash function (FIG. 3 with reference 21 in detail and FIG. 4 with reference 22 in detail) or its input / output information (FIG. 3 with reference 21 in detail) The system element (symbol 23) or its input / output information (symbol 24) as a communication unit that transmits and receives the ciphertext and hash value of FIG. It is composed.

Further, an eavesdropper (reference numeral 25) is drawn on the communication path (reference numeral 23) in FIG. An eavesdropper is a third party to a 1: 1 authenticator. Even if the eavesdropper (reference numeral 25) cannot decrypt the ciphertext, the eavesdropper itself can calculate the system change and the accumulated change from the eavesdropper itself. This eavesdropper function is made to appear as a cumulative calculation unit of change; reference numeral 25a in FIG. 2 of the present application; where ciphertext C _{n + 1} is copied from the communication path (symbol 23), and its cumulative ΣC _{n +} Calculate ₁

  As shown in FIG. 2, the 1: 1 authenticator including the cumulative calculation unit (reference numeral 25a in FIG. 2) is the basis of the present application; the random number source [X] (reference numeral 20), and encryption of the random number. Input / output information to the system elements (reference numerals 21, 21-1, 21-2), communication channels (reference numeral 23), change accumulation calculation section (reference numeral 25a), and change accumulation calculation section (reference numeral 25a) (Symbol 24) and a mobile terminal (a mobile body) (symbol 22) composed of a communication element (symbol 24) and a system element (symbol 22, 22-1, 22-2) for decoding 27).

The communication body and the mobile terminal are the main basic elements of the present application. Make the symbols used in this application common with the prior application;

It is a block diagram which shows the 1: 1 authenticator containing natural random number [X] concerning a prior art. It is a block diagram which shows the 1: 1 authenticator containing the accumulation calculation part of a change which concerns on this embodiment. It is a block diagram which shows the detail of the encryption function part (code | symbol 21) which concerns on this embodiment. It is a block diagram which shows the comparison with the hash value which the encryption function part which concerns on this embodiment reproduced, and the hash value which the encryption function part made. It is a block diagram which shows the usage which adds this application portable terminal to the existing ATM account system which concerns on this embodiment. It is a block diagram showing a plurality of settlement means of portable terminal “primary” and “secondary” according to the present embodiment. It is explanatory drawing which shows the warning example of the secret leak which concerns on this embodiment. It is explanatory drawing which shows the screen display in the warning example of the secret leak which concerns on this embodiment.

(Embodiment related to claim 1)
Describes an embodiment of a portable terminal that has the ability to replay passwords or secrets that have been registered with a computer but are discarded immediately when used.

1． Embodiment for Changing the State of a Mobile Terminal FIG. 1 is intended as a means for shifting maintenance of secret sharing of router questions in a prior application from a person to a communication system.

  This application (FIG. 2) depicts that a portable terminal is introduced into one of two opposing routers, and the maintenance of secret sharing between the communication body (server side) and the portable terminal is transferred from a person to a communication system.

  Therefore, the present application (FIG. 2) inherits the algorithm of the prior application shown in FIG. 1, while the random number generation source [X] includes not only natural random numbers but also pseudo random numbers generated by a hash function. The first random number [X1] generated from the random number generation source [X] is used as the first encryption key, and the same random number [X1] is used as the first decryption key.

If this first random number [X ₁ ] is referenced many times and used as a key, it is a password file. This must be destroyed.

Discarding the first random number [X ₁ ] means discarding it once used; this means that the state of the mobile device changes. Therefore, the first half of the means to solve the problem defines the “change” requirement. What is the first half: A 1: 1 authenticator is generated at the random number generation source [X], which is opposed to a mobile terminal (reference numeral 27) and a communication body including a random number generation source [X] that generates a random number across a communication path. The first ciphertext ([X ₁ ] + [X ₂ ]) obtained by encrypting the _second random number [X ₂ ] generated at the random number generation source [X] by the first random number [X ₁ ] And changing the portable terminal from a state having the first random number [X ₁ ] to a state having the second random number [X ₂ ] and discarding the _first random number [X ₁ ], A second ciphertext ([X ₂ ]) obtained by encrypting the _third random number [X ₃ ] generated at the random number source [X] by the second random number [X ₂ ] generated at the random number source [X]. + [X ₃ ]) to change the portable terminal from the state having the _second random number [X ₂ ] to the state having the third random number [X ₃ ] and the second random number [X ₂ ] discard sequentially ciphertext of the _{n ([X n] + [} X n + 1]) interposed, said mobile terminal of the n random number [X _n] (n + 1) -th from the state with Changing the state having a random number [X _{n + 1].}

To summarize the above; the 1: 1 authenticator puts the mobile terminal (symbol 27) into a state with the _second random number [X ₂ ] using the _first random number [X ₁ ] as the first encryption key and decryption key. It will not have a random number [X ₁ ] again. Subsequently, the second ciphertext ([X ₂ ] + [X ₃ ]), the third ciphertext ([X ₃ ] + [X ₄ ]), ..., the n th ciphertext ([X _n ]) Through + [X _{n + 1} ]), the mobile terminal changes to a state having an _{n + 1-th} random number [X _{n + 1} ].

In this case, the second random number [X ₂ ], the third random number [X ₃ ]... The nth random number [X _n ] are never used again.

  The usage of such a key is clearly described in equations (1-3) and (1-6) 'of the prior application, as will be described later.

(Differences in structure from prior application 1)
The system elements (reference numerals 22, 22-1, 22-2 in FIG. 1) that perform the decoding are replaced with portable terminals (reference numeral 27 in FIG. 2).

(Difference in structure with prior application 2)
The communication body (FIG. 2) includes a first ciphertext ([X ₁ ] + [X ₂ ]), a second ciphertext ([X ₂ ] + [X ₃ ]), and a third ciphertext ([ X ₃ ] + [X ₄ ])... Sends the nth ciphertext ([X _n ] + [X _{n + 1} ]) to the communication path;
At this time, the key part (reference numeral 21-2) on the communication body side has at least the nth random number [X _n ]. On the other hand, since the random number possessed by the portable terminal (reference numeral 27) is a mobile body and a forgery may be mixed in, it does not necessarily have the _nth random number [X _n ].

That is, the key part (reference numeral 21-2) K of the encryption function part (reference numeral 21) and the key part (reference numeral 22-2) X of the decryption function part (reference numeral 22) are
K = [X _n ] = X ------ (II)
In some cases,
K = [X _{n + 1} ] ≠ X ------ (III)
This is also possible (the key part (reference numeral 22-2) in FIG. 2 is drawn with a double line frame).

Only in the case of the above formula (II), the mobile terminal receives the ( _{n + 1} ) _th random number [X _{n + 1} ]. (This is a condition for automatic maintenance of the secret sharing of the prior application)
(Difference in structure with prior application 3)
The mobile terminal (symbol 27) performs the determination of (II) and (III) in its decryption function part (symbol 22) itself (described later); when making this determination, it communicates the key K and the key X. Do not put on the road.

(Difference from one-time password)
Even if only this embodiment is seen, it is decisively different from a mechanism generally called a one-time password (rfc1938 in IETF). With a one-time password, a random number entered manually is sent from the portable object to the server. Also, the one-time password never throws away the passphrase corresponding to the first random number [X ₁ ] and there is no mechanism to automatically update the passphrase; therefore, the forgery of portable items is the same as the real one To be treated.

2． “Ability to remember” ≡ Ability to play At the time of registration, the communication body and the mobile terminal share a _first random number [X ₁ ]; the specific form of the mobile terminal is a mobile phone. Thereafter, the first random number [X ₁ ] is immediately discarded after being used as the first encryption key and the first decryption key, as described in the “change” requirement. Nevertheless, the “ _{n + 1} ” _th random number [X _{n + 1} ] that the mobile phone currently has can now reproduce this first random number [X ₁ ]. Is as follows;
The communication body and the mobile terminal face each other in a communication path (reference numeral 23) including a wireless cell, and the first ciphertext ([X ₁ ] + [X ₂ ]) , Second ciphertext ([X ₂ ] + [X ₃ ]), third ciphertext ([X ₃ ] + [X ₄ ]), ..., n th ciphertext ([X _n ] + [X _{n + 1} ]) flows, each time the random number [X ₂ ] is thrown away, the random number [X ₃ ] is thrown away ... In the same way, the random number [X _n ] is thrown away, and now, the random number [X _{n +1} ] is the key.

This “now” current path is given by (1-6) 'and (1-3) of the prior application developed at index n;
C _{n + 1} = E _K (X _{n + 1} ) = X _n + X _{n + 1} (1-6) '
Key K = [X _n ] (1-3)
In the prior application (1-6) 'and (1-3), the encryption key K (reference numeral 21-2a) and the decryption key X (reference numeral 22-2a) are both
K = [X _n ] = X ------- (II)
It should be noted that it is a simultaneous equation when satisfying.

(1-6) 'is expanded with index n to obtain ciphertexts C ₁ to C _{n + 1} ;
C ₁ = X ₁ + X ₂
C ₂ = X ₂ + X ₃
...
...
C _n = X _n-1 + X _n
+) C _{n + 1} = X _n + X _{n + 1}
--------------------------
ΣC _{n + 1} = X ₁ + X _{n + 1} -------- (IV)
However, X _n + X _n = 0
The actual total sum ΣC _{n + 1} of the ciphertext is calculated by a cumulative change calculation unit (reference numeral 25a).

The above (IV) claims the right; the current accumulation of change ΣC _{n + 1} “now” is now the _{n +} 1th random number [X _{n + 1} ] and the first random number [X ₁ ] Is the exclusive OR. Note that the random numbers [X _{n + 1} ] and [X ₁ ] do not exist after being decomposed if added so as not to be misunderstood.

(Mobile device that plays the _first random number [X ₁ ])
Now, there are any mobile terminals here. The portable terminal is a portable terminal having an ( _{n + 1} ) _th random number [X _{n + 1} ] in the key part (22-2) X. While the index n (= 1, 2,..., N) is applied to the formula (H), “now” has reached the state of formula (II) ′ below;
K = [X _{n + 1} ] = X ------- (II) '
When this X value (II) 'is input to the formula (IV),
ΣC _{n + 1} + X _{n + 1} = X ₁ + X _{n + 1} + X _{n + 1} = X ₁ ------- (IV) '
The first random number [X ₁ ] appears in the output of the cumulative calculation unit.

The mobile terminal uses the n + 1-th random number [X _{n + 1} ] that the mobile terminal has as the current value of the cumulative change ΣC _{n + 1} “now” as the first random number [X ₁ ] and the random number [X _It was possible to reproduce the _first random number [X ₁ ] when it was decomposed into _{n + 1} ] and registered (claim 1).

3． Mobile terminal with third party certification The above (IV) is a calculation performed by a third party independently of the communication body and the mobile terminal.

When you bring the _{n +} 1th random number [X _{n + 1} ] of the mobile device to this third party, it is decomposed and registered into the random number [X ₁ ] and the random number [X _{n + 1} ] according to the formula (IV) ' Play the _first random number [X ₁ ] of the hour.

This shows that it is the job of the cumulative calculation unit (reference numeral 25a) to give proof that there is only one portable terminal that can reproduce the _first random number [X ₁ ] ( Claim 1).

  A portable terminal that satisfies the expression (II) ′ under the index n (= 1, 2,..., N) becomes an authentication means with a certificate given by a third party in that sense.

  In particular, equation (IV) 'is the world's first achievement that suggests that information theory can handle the ability to remember, which is a life phenomenon.

(Secret leak alarm)
Similarly, the communication side follows the formula (IV), and its key part (reference numeral 21-2) K is “now”
K = [X _{n + 1} ] ------- (IV) '
It is. This means that the mobile terminal that has received the ciphertext C _{n + 1} (= X _n + X _{n + 1} ) already exists. There are other mobile phones here as well. The mobile phone is assumed to be a mobile phone in which the key part (22-2) X has an nth random number [X _n ]. The communication side tries to deliver a new random number [X _{n + 2} ] to the mobile terminal side. However, the key part (reference numeral 22-2) X of the mobile terminal is
K = [X _{n + 1} ] ≠ [X _n ] = X ----- (III)
It becomes. Since the key part (symbol 22-2) X of the mobile terminal does not have the random number [X _{n + 1} ], the mobile terminal cannot receive [X _{n + 2} ] and the output (IV) of the cumulative calculation part Can't derive the first random number [X _l ] from: In other words, the mobile phone “cannot remember” the _first random number [X ₁ ]. This event becomes a “secret leak warning”.

Four. Determination of (II) or (III) The determination of (II) or (III) is performed without putting the key K and key X on the communication channel. Details are described below.

(Figure 3, Encryption function part)
FIG. 3 shows the details of the encryption function part (reference numeral 21); here, the ciphertext C _{n + 1} and the hash value given by the expression (1-6) ′ are created; the encryption key K is 256 bits. K / 2 = 128bit is used as the key of the hash function h (). This key K / 2 and ciphertext C _{n + 1} are concatenated and input to the hash function h () (reference numeral 21-5).
As a result, the hash value is given by h (K / 2 || C _{n + 1} ): The symbol || represents concatenation.

A pair of ciphertext C _{n + 1} and hash value h (K / 2 || C _{n + 1} ) is an identifier of the 1: 1 authenticator of the prior application. This identifier is put on the packet and exits the communication path.

(Figure 4, Compound function part)
On the other hand, FIG. 4 shows details of the decryption function part (22); here, the ciphertext is decrypted from the identifier received in the previous period, and the hash value is reproduced from the plaintext. This reproduced hash value is compared with the received hash value, and the determination of (II) or (III) is performed. As follows;
The decryption function part (reference numeral 22) includes a decryption function D _x () and an encryption function E _x (); the E _x () and E _K () have the same function form, but the key (reference numeral 22 -2b) is an ExO with an arbitrary value X (as shown in Table 1).

First, the received ciphertext E _K (X _{n + 1} ) is decrypted with D _x () of the key X. Since the plaintext decrypted with the key X is not always _{Xn + 1} , it is represented as _{Xn + 1} ′ (reference numeral 22-3). This is again input to E _x () (reference 22-4) of the key X, and E _x (X _{n + 1} ) ′ (reference 22-5) is obtained as the output. The hash value h (X / 2 || E _x (X _{n + 1} ) ′) is calculated in the same manner as the encryption function part (reference numeral 21) (reference numeral 22-6). This hash value h (X / 2 || E _x (X _{n + 1} ) ') is compared with the received hash value h (K / 2 || C _{n + 1} ) (reference numeral 24-2) (reference numeral 22 -7);
If h (k2 || Ek ( _{Xn + 1} ) = h (X / 2 || _X ( _{Xn + 1} ) '), it is determined as (II).
If h (k / 2 || Ek (X _{n + 1} ) ≠ h (X / 2 || E _X (X _{n + 1} ) ′), it is determined as (III).

  This procedure is sound as long as the hash function's collision resistance is sound. MD5 was used for the hash function h ().

Five. Example of Secret Leakage Alarm What kind of alarm the secret (X _n ) leak incident (III) appears as an output display unit (reference numeral 27-1 in FIG. 2) of the portable terminal Examples of are shown in FIGS. 7 (a) and 7 (b). The number of accesses from the portable terminal (reference numeral 27) to the communication body (a communication body) is indicated by a clock hand. The hand ticks every 7 seconds.

  When the unauthorized copy has not entered, since the formula (II) is established, the needle advances at a predetermined time interval (7 seconds) (FIG. 7A); the needle is a shown in FIG. Specifically, the mobile terminal has a decryption key X (reference numeral 22-2a) that satisfies (II). The direction indicated by the needle a in FIG. 8 is the value of the decryption key X. The advance of the hand means that the expression (II) is satisfied, and that means that the secret (random number) 7 seconds ago was canceled. Or if it shows cooperation with claim 1, it becomes as follows; the mobile terminal stores the (n + 1) th random number [Xn + 1] satisfying the formula (IV) 'every 7 seconds and registers it Has the ability to reproduce the first random number [X1].

  When an illegal copy enters, (II) is not satisfied and the formula (III) is satisfied, and the needle is stopped within a predetermined time interval; the needle a in FIG. 8 stops and the long hand b appears instead ( FIG. 7 (b)), only the long needle advances every 7 seconds. This indicates that the access is continued every 7 seconds; even if the access is continued, (II) is not satisfied. In the state of (III), a long needle appears in addition to the needle a in FIG. 8, the short needle stops, and only the long needle advances.

  Describe in detail; when (II) is satisfied, the mobile terminal is changed from a state having the nth random number [Xn] to a state having the n + 1th random number [Xn + 1] It's time. When the incident corresponding to (III) occurs, the mobile terminal does not change from the state having the nth random number [Xn] to the state having the n + 1th random number [Xn + 1]. Corresponding to (III) is an alarm that there are two functions of the mobile terminal satisfying the above formula (IV) ′;

  The portable terminal is a secret leakage alarm device after all. In this way, the owner of the mobile terminal can understand the situation at a glance.

6． Initialization password "Salt" is applied in the generation of the first random number [X ₁ ]; only at the time of registration, the person's password is mixed with the random number to create the first random number [X ₁ ]. This is intended to promote user awareness. In the secret leakage alarm device, the number of random numbers is 256 bits. Prepare 32 bits of this in salt.
Hereinafter, the _first random number [X ₁ ] that has been subjected to “salt” is referred to as an initialization password.

7． How to add the mobile terminal of the present application to an existing ATM account system A mobile phone is used as the mobile terminal. Only in the case of (II) above, the ATM accounting system (existing card ID and PIN number) is enabled and opens the path to the accounting system (reference 40); Examples of operations that do not require modification are shown.

  The large frame in FIG. 5 is an existing ATM account system (reference numeral 41); it is a functional diagram for making a settlement with a conventional cash card and PIN. Here, the constant lock (reference numeral 39) surrounded by a double line frame is a function of the ATM screen; it corresponds to the fact that the ATM screen is not switched only by inserting a conventional card.

  When the settlement entity comes near the ATM and operates the unlock button (reference numeral 277) of the mobile phone (reference numeral “27”), when the ATM accounting system (reference numeral 41) detects the event (II) As long as the screen of ATM (reference numeral 35) is replaced with the screen of the manner of inputting the password (reference numeral 40). Alternatively, the PIN code input method (symbol 40) is omitted and immediate settlement is permitted. The above is the main point, but the manner of settlement is explained in order.

  First, the settlement entity inserts the card into the ATM (reference numeral 35). The card ID information (reference numeral 36-1) is transferred to the conversion table (reference numeral 33) and converted into a portable ID; the incident table (reference numeral 29) is inquired through the portable ID (reference numeral 29-1).

 Next, when the settlement entity sends a cue to the encryption function part (reference numeral 21) with the unlock button (reference numeral 277) of the mobile phone (reference numeral “27”), the ciphertext (reference numeral 23a) is sent to the ciphertext (reference numeral 23a). Reference numeral 24a) flows toward the portable terminal.

Thirdly, the case (II) or (III) occurs depending on whether or not the mobile terminal receives the ( _{n + 1} ) _th random number [X _{n + 1} ]. The encryption function part (reference numeral 21) outputs the incident (II) or (III) to the incident table (reference numeral 29).

  Fourth, the information (reference numeral 29-2) enters the constantly locked (reference numeral 39) screen via the conversion table (reference numeral 33) (reference numeral 36-2).

If it is (II), the constantly locked (reference 39) screen is switched to the existing password input screen (reference 40). Alternatively, immediate settlement is permitted.
If (III), the constantly locked (reference 39) screen is maintained.

  Note that a protocol for notifying this case (III) to the encryption function part (reference numeral 21) is provided separately from the ciphertext 24a (reference numeral 28 in FIG. 5).

  In this way, as long as the person who created the initialization password carries this mobile phone, there will be no illegal withdrawal of deposits.

(Embodiment related to claim 2)
8. Example of Confirmation or Denial of Indication of Intent As described in section 6 above, the first random number [X ₁ ] is initialized with the password of the settlement entity. The initialized mobile terminal will be named “correct”. Prepare another portable terminal that has been initialized. This is termed “deputy”.

“Positive” and “Sub” have respective random number sequences [X ₁ ], [X ₂ ], [X ₃ ],..., [X _n ]. In the case of random numbers, the probability that the “primary” and “secondary” random number sequences are the same is 1/2 ²⁵⁶ or less.

  FIG. 6 shows a system in which the “primary” and “secondary” are used as a settlement means. In the figure, “positive” (symbol “27a”) has a lock release button (symbol 277) that conveys the intention of settlement to the system, while the “secondary” does not have the lock release button.

  The encryption function part (reference numeral 21) is mounted on the server. Inherits the same symbols as in Fig. 5 such as ATM accounting system, incident table, mobile phone, always lock screen.

The incident table (reference numeral 29) in FIG. 6 is input with information different from the previous section; described below;
The settlement entity carries the “positive” (symbol “27a”) beside the ATM; when the card is inserted into the ATM and the lock release button (symbol 277) is operated,
1) The card ID is input to the ATM account system (reference numeral 41), and the incident table (reference numeral 29) of FIG. 6 is inquired with the portable ID via the conversion table (reference numeral 33) (reference numeral 29-1),
2) “Primary” calls “secondary” with the calling function (reference 23-1) of the mobile phone, and forces “secondary” access to the encryption function server (reference 21a).

3) The encryption function part server (reference 21a) converts the events (II) or (III) of the “primary” and “secondary” respectively into the event [1] or [ 0] and output to the incident table (symbol 29).

4) The incident table (symbol 29) returns a response (symbol 29-2) to the inquiry (symbol 29-1) to the ATM account system (symbol 41), and the transition of the constantly locked (symbol 39) screen is as shown in Table 2. Here, the constant lock screen switching event is denoted as [1], and the constant lock screen maintenance event is denoted as [0].

Event [1] is a case where the “secondary” confirms the intention of “positive”. When the depositor goes out,
If the “secondary” is lost to the family, for example, the risk of losing the “primary” to the “secondary” is hedged; for example, if the “secondary” is turned off and then left to the family, the “secondary” Does not respond to a “positive” call function (reference 23-1) (even if the mobile does not respond is included in case (III)); this is equivalent to event [0]. Event [1] is a state in which it is possible to prove as a third party (see section 3) that each of “primary” and “secondary” is the only mobile phone.

In the case of a company, the accounting staff operates “primary” and the administrator operates “secondary”. The meaning of event [1] at this time is as follows:
The “primary” mobile phone that made the intention is the only one, and the confirmed “secondary” mobile phone is the only one; the (IV) and (IV) The third party who calculated 'can be proved (with third party's proof). The person who operates “correct” is the person who created the initialization password, and the person who operates “secondary” is the person who created the initialization password.

9. Settlement circle Event [1] is that multiple people in remote locations participate in the settlement circle online and in real time, and the stability and reliability of the settlement is proved by a third party. It is an event to do.

Hereinafter, this is called a settlement circle. What is the settlement circle?
1) Multiple people can participate in online and real-time payments even if they are in remote locations.
2) There must be a third party who proves that each of the multiple payment methods is unique.
If you have the above payment ring, you can remove the limit on payment amount even at ATM or online. If this ring of payments is extended to the recipient of remittance, no transfer fraud will occur.

(Embodiment common to claims 1 and 2)
(Omitted change accumulation calculation section)
Both the mobile phone that “remembers” the first random number [X ₁ ] and the mobile phone that cannot “remember” can be detected by the hash function determination (above (II) and (III)). Therefore, if the mobile terminal (reference numeral “27”) has a hash value determination section (reference numeral 22-7 in FIG. 4), that is, if the determination section (II) or (III) is provided, It is not necessary for the system to have a cumulative change calculator.

However, this cumulative calculation unit has other important meanings. The first random number [X ₁ ] can be generalized to make it a private secret, which can be a deposit or a will. The secret can be concealed in (II) ′.

K = [X _{n + 1} ] = X ------ (II) '
The first random number [X ₁ ] is never referenced once used. When it is desired to reproduce the secret, if [X _{n + 1} ] is brought to the cumulative calculation section (reference numeral 25a) of the present application, the secret [X ₁ ] is reproduced as in the formula (IV) ′. The information held by the cumulative calculation unit (reference numeral 25a) and the information held by the mobile terminal are independent of each other; they are independent by the entropy of the random number [X _l ]. It is a third party organization that is safe in terms of information theory. In that respect, it differs from traditional third-party organizations.

(Action / Effect)
The fact that the present application is a “remember” mobile phone directly “reproduces” the initialization password, but in terms of reliability, it “remembers” the manner of face-to-face examination at the time of registration. The reliability of the initialization password lies in the criteria and manner of face-to-face examination at the time of registration. The reason for making the initialization password “salt” taste is because we want to tighten the rules for face-to-face examination of registration and rules regarding the manner of operation.

The present application is effective in changing (not improving) a conventional business process. There are various ways of implementation. List the effects of various implementations;
1) Prevention of recurrence of incidents of customer information leaks and prevention of recurrence of credit information leaks As a portable terminal, neither an IC card type nor a mobile phone type will operate a password file.
2) Reduction of ISO operation costs For the conventional password, enormous costs are required to implement the management measures required by ISO270001. This part is reduced.
3) completeness of deposit management;
Provides confirmation similar to face-to-face transactions along with the convenience of ATMs. Since it is a mobile phone that “remembers” the criteria and manner of face-to-face examination at the time of registration, there is no possibility of an unauthorized withdrawal of deposits.
4) Completeness of remittance management;
Provides reliability and confirmation for ATMs and online transactions when all the procedures of remittance and payment are done in face-to-face transactions. Because it is a mobile phone that “remembers” the criteria and manner of face-to-face screening at the time of registration, you can carry out “unlimited remittance” even for ATMs and online transactions.
5) Electronic currency integrity;
Electronic data can be sent directly from mobile phone A to mobile phone B (between mobile terminals). It manages the total amount of electronic data issued, but is indifferent to the contents of each person's wallet (mobile phone).
6) Alarm device against secret leak Password (secret) leak alarm device. It can be realized as a mobile phone or a wall hanging device.
7) Next generation password;
Next-generation passwords that follow traditional memory-based passwords and one-time passwords (rfc1938, rfc1760). When operating the next-generation password, it is natural that you do not have to enter the password in the next-generation password.
8) No third party certificate authority is required.

20… Random number generator [X]
21… Encryption function part
21a ... Encryption function part server
21-2 ... Key part
21-2a ... Encryption key K
21-4… Conversion work department
22 Decryption function part
22-2 ... Key part
22-2a ... Decryption key X
22-2b ... Key
22-7 ... Judgment part
23 ... Communication channel
23a ... Wireless communication path
23-1 ... Call function
24 ... Input / output information
24a ... ciphertext
25. Eavesdropper
25a ... Cumulative calculation part
25 ... Cumulative calculation section
27… Mobile devices
27a… Initialized mobile device “correct”
27b… Other initialized mobile devices “secondary”
27-1… Output display
29 ... Incident table
33 ... Conversion table
35… ATM
36-1… Card ID information
39… Always locked
40 ... Enter your PIN
41… ATM account system
42 ... Route to account
277 ... Unlock button

Claims (2)

A 1: 1 authenticator composed of a mobile terminal and a communication body including a random number generation source ([X]) facing each other across a communication path is
A first ciphertext ([X _l ] obtained by encrypting a _second random number [X ₂ ] generated at the random number source [X] by a _first random number [X ₁ ] generated at the random number source [X]. ] + [X ₂ ])
Changing the portable terminal from a state having a _first random number [X ₁ ] to a state having a second random number [X ₂ ] and discarding the _first random number [X ₁ ],
Similarly,
Second ciphertext ([X ₂ ] obtained by encrypting the _third random number [X ₃ ] generated at the random number source [X] by the second random number [X ₂ ] generated at the random number source [X]. ] + [X ₃ ])
Changing the portable terminal from a state having a _second random number [X ₂ ] to a state having a third random number [X ₃ ] and discarding the _second random number [X ₂ ],
Sequentially, through the nth ciphertext ([X _n ] + [X _{n + 1} ]),
While changing the portable terminal from a state having an _nth random number [ _Xn ] to a state having an n + 1th random number [ _{Xn + 1} ] and discarding the _nth random number [ _Xn ],
Data having the ability to reproduce the _first random number [X ₁ ] that has already been thrown away (“remembering ability”) is the n + 1th random number [X _{n + 1} ] of the mobile terminal, Mobile device. There are at least two “mobile” and “secondary” mobile terminals for payment in any field,
The ID or password that accompanies the “correct” is used to indicate the intention of the settlement,
The ID or password associated with the “secondary” is used to approve or reject the intention,
A plurality of portable terminals characterized in that settlement is permitted only when the “secondary” confirms the “right” intention indication.