JP2019068392A - Certificate issuance and authentication system - Google Patents

Certificate issuance and authentication system Download PDF

Info

Publication number
JP2019068392A
JP2019068392A JP2017202974A JP2017202974A JP2019068392A JP 2019068392 A JP2019068392 A JP 2019068392A JP 2017202974 A JP2017202974 A JP 2017202974A JP 2017202974 A JP2017202974 A JP 2017202974A JP 2019068392 A JP2019068392 A JP 2019068392A
Authority
JP
Japan
Prior art keywords
sequence
cyclic
prime
certificate
random
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
JP2017202974A
Other languages
Japanese (ja)
Other versions
JP7098099B2 (en
Inventor
整一 伊藤
Seiichi Ito
整一 伊藤
隆二 石田
Ryuji Ishida
隆二 石田
利和 石崎
Toshikazu Ishizaki
利和 石崎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to JP2017202974A priority Critical patent/JP7098099B2/en
Publication of JP2019068392A publication Critical patent/JP2019068392A/en
Application granted granted Critical
Publication of JP7098099B2 publication Critical patent/JP7098099B2/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Abstract

To provide a system that performs user authentication easily and safely.SOLUTION: In response to a certificate issuance request from a PC 106, a certificate issuance system 101 extracts a part after a start point in a cyclic number sequence and issues a certificate. The certificate is securely shared by the certificate issuance system 101, an authentication device 105, and the PC 106. A user of the PC 106 can receive the authentication from the authentication device 105 by using the certificate.EFFECT: When a random number is exchanged only once at the time of setting the authentication environment, a different certificate can be safely exchanged each time between the user and a certificate authority for a long period of decades, and the logic is very easy, and therefore, the authentication can be performed safely even in an environment such as IoT where memory and CPU resources are not abundant.SELECTED DRAWING: Figure 1

Description

本発明は、コンピュータ・システムにおいて、その入り口となる重要な認証システムについてです。重要な機密データやシステムに顧客がアプリケーションなどからアクセスする前に、その顧客にとって重要な機密データやシステムに対するアクセス権の有無を検証しアクセス権が有る場合はアクセスを許可する認証システムである。  The present invention is about an important authentication system that is the entrance to a computer system. It is an authentication system that verifies the presence or absence of access to important confidential data and systems that are important to the customer before the customer accesses the important confidential data and system from the application and allows access if there is an access right.

認証方法は、ユーザIDパスワードによるものから生体認証を使用するものまで多数あり、その中でどのような認証方法を選択するかは、データの重要性と認証システムのコストにより決定することになる。しかしコスト重視によりこれまでの簡単で脆弱な認証システムを採用することは、いとも簡単にハッカー突破され踏み台にされ犯罪の温床になってしまう可能性がある為に、簡単なロジックでありながら強力な認証システムが必要となるのである。  There are a large number of authentication methods, from those based on user ID passwords to those using biometrics, and among these, the selection of an authentication method will be determined by the importance of data and the cost of the authentication system. However, cost-oriented adoption of the simple and fragile authentication system so far can be as easy as a hacker to break through, become a springboard and become a hotbed of crime, so it's simple logic but powerful An authentication system is required.

特許文献1に示したような先行技術は有るが、この技術では前回の認証番号とn回前の認証番号から関数を使い今回の認証番号を算出するといった方法が取られている。この様な方法では前回の認証番号を盗聴され、使っている関数が分かれば誰でも認証を受けられてしまうといった問題が発生する。しかし、本願の方法であれば何度盗聴されても循環数列の内容が分からない限り認証されないので、ハッカーに突破されない安心で安全な環境を構築できる。    Although there is a prior art as shown in Patent Document 1, in this technology, a method is used in which the present authentication number is calculated using a function from the previous authentication number and the n-th previous authentication number. In such a method, there is a problem that the previous authentication number is eavesdropped, and if the function being used is known, anyone can be authenticated. However, according to the method of the present invention, even if the eavesdropping is performed many times, the authentication is not performed unless the content of the circulation number sequence is known, so that a safe and secure environment which is not broken by hackers can be constructed.

特許文献2に示したような先行技術は有るが、この技術は本願と同じように大量のパスワードを発行する事は出来るが、発行するパスワードを使用した端末のグルーピング化が目的であって、毎回違ったパスワードを発行し盗聴などの対策に使用する事が出来ない。    Although there is a prior art as shown in Patent Document 2, this technology can issue a large amount of passwords as in the present application, but the purpose is to group terminals using issued passwords, and every time I can not issue a different password and use it for measures such as eavesdropping.

特開第2001−177519号公報JP, 2001-177519, A 特開第2007−134990号公報JP 2007-134990 A

本発明は、アクセスを試みた者が正規の利用者か、悪意が有る攻撃者かを判断する為の安価で簡単な認証方法についてのものである。インターネットの普及により年々、不正アクセス行為が増大し、その方法の多くがIDなどの識別符号を盗用するものである。また、フィッシングサイトを使った、フィッシング詐欺などによるIDの不正入手発生件数が増えている為、安価で簡単に且つ、強力な認証技術が必要になるのである。The present invention relates to an inexpensive and simple authentication method for determining whether an access attempt is a legitimate user or a malicious attacker. With the spread of the Internet, unlawful access acts increase year by year, and many of the methods steal identity codes such as IDs. In addition, since the number of fraudulently obtained ID frauds through phishing sites is increasing, cheap, easy and strong authentication technology is required.

本発明は、何処からでも簡単にPC、スマホ、タブレットコンピュータなどの端末が有れば、実際にはサーバ、端末間にて3重のチェックを行うが、利用者には1回の認証しか意識させずに、安全に認証出来る事を主要な特徴とする技術の提供である。According to the present invention, if there is a terminal such as a PC, a smartphone, or a tablet computer easily from anywhere, the server and the terminal actually perform triple checks, but the user is only aware of one authentication It is the provision of technology whose main feature is that it can be authenticated safely without having to do it.

本発明の認証システムは、利用者が生体認証などの特別な装置を用意する事無く、1度の認証しか意識せずに3重の強力で安全な認証システムを使用する事ができるため、フィッシングサイトなどでアカウントを乗っ取られ、個人情報を盗まれるような詐欺被害に遭わずに済むという利点がある。Since the authentication system of the present invention can use a triple strong and secure authentication system with only one authentication being aware, without requiring the user to prepare a special device such as biometrics, phishing is possible. It has the advantage of being able to take over accounts on sites etc. and not be victimized by fraudulent attacks such as stealing personal information.

本発明の一例を示す全体構成図An overall configuration diagram showing an example of the present invention 本発明の認証に関しての流れ図Flowchart for Authentication of the Invention 循環数列処理Cyclic sequence processing 初期認証処理Initial authentication process 認証処理Authentication process 循環数列の安全度証明図Safety degree proof diagram of circulation number sequence 循環数列による乱数抜取種類数Random number sampling types by cyclic sequence 循環数列の桁増加Digit increase of cyclic number sequence 循環数列と分割数が自然数の場合When the number sequence and the number of divisions are natural numbers 循環数列が自然数、分割数が素数の場合When the cyclic number sequence is a natural number and the division number is a prime number

図1は、本発明の実施形態の例であるネットワークシステムの全体概要図である。
本発明は、安全で尚且つ簡単なロジックにて認証システムを構築する事によって、外部に絶対漏らしてはならない重要な機密情報などをガードする認証システムである。近年“なりすまし”や“不正利用”などの高度化するハッカーの攻撃に対し、今までのパスワード認証では、企業の機密情報を守る事が難しくなって来ている。そのため情報セキュリティ対策をより強化する必要性が高まっているが、生体認証などでは高価な機材が必要になるとともに、ロジックが複雑で重く成る為に認証に時間がかかるといった課題がある。この課題に対して、本発明は簡単なロジックにて3重の認証を行い、且つ認証局の認証も得られると言った利点を持つものである。この認証システムは図1のように、106PCから101証明書発行システムに利用者認証を行い循環数列を発行させ、この循環数列を101証明書発行システム、105認証装置、106PCの3つの箇所にて共有し、安全な認証を行うものである。FIG. 1 is an overall schematic view of a network system which is an example of an embodiment of the present invention.
The present invention is an authentication system that guards important confidential information and the like that should not be leaked to the outside by constructing an authentication system with a safe yet simple logic. In recent password authentication, it has become difficult to protect company confidential information against sophisticated hacker attacks such as “spoofing” and “illegal use”. Therefore, there is a growing need to strengthen information security measures, but biometric authentication requires expensive equipment and has the problem that it takes time for authentication because the logic is complicated and heavy. To this problem, the present invention has the advantage of performing triple authentication with simple logic and obtaining authentication of a certificate authority. As shown in FIG. 1, this authentication system authenticates the user from the 106 PC to the 101 certificate issuing system and issues a cyclic number sequence, and this cyclic number sequence is generated at three points of the 101 certificate issuing system, 105 authentication device, and 106 PC. Share and secure authentication.

本発明のシステムは、発明者及び出願人が独自に名称を付している、各々のソフトウェアおよび装置によって構築されるので、名称の説明を下記に記載する。Since the system of the present invention is constructed by each software and device uniquely named by the inventor and the applicant, the description of the name is described below.

・101証明書発行システム
106PCなどがサーバなどに対して認証を得る為の証明書を発行したり、証明書を発行する為の環境を作成したり、ワンタイムパスワードを作成する為のシステム。
・102循環数列
証明書やワンタイムパスワードを作成する為の基礎数列。
数列の長さや個数を本願では“桁“と表現しているが”項“と言う表現も同じと捉えられる。
・103LAN
一般的なローカルエリアネットワーク。
・104インターネット
インターネットプロトコルを利用したコンピュータネットワーク。
・105認証装置
106PCなどがサーバやネットワーク上の機器にログインする際に106PCの証明を行うシステム。
・106PC
PC、スマートフォン、タブレットコンピュータ、IoTなどの電子機器。101 certificate issuing system A system for issuing a certificate for obtaining authentication to a server or the like, creating an environment for issuing a certificate, or creating a one-time password.
-102 cycle number sequence A basic number sequence for creating a certificate or one-time password.
In the present application, the length and the number of the number sequence are expressed as "digit", but the expression "term" is considered to be the same.
・ 103 LAN
Common local area network.
104 Internet Computer network using Internet protocol.
105 authentication apparatus A system that performs 106 PC certification when logging in to a server or a device on a network.
・ 106 PC
Electronic devices such as PCs, smartphones, tablet computers, and IoT.

図2は、本発明の初期利用者認証について記載した図である。初期利用者認証の目的は、正しい利用者が次回から簡単に105認証装置に認証されWebサーバなどのサービスを受けられるように準備する事を目的とする。  FIG. 2 is a diagram describing initial user authentication of the present invention. The purpose of the initial user authentication is to prepare a correct user to be easily authenticated by the 105 authentication apparatus from the next time and receive a service such as a web server.

図2の201管理者が利用者に提供した106PC、または201管理者によって身元を証明された106PC、または201管理者自信が直接106PCを使用し、202証明書発行依頼を101証明書発行システムに対して行い、202証明書発行依頼を受けた101証明書発行システムは204循環数列処理にて循環数列などの認証に関わる情報を作成し、205循環数列送信により105認証装置と106PCに対して循環数列などの認証に関わる情報を送信する。次に、207証明書ポイント作成にて証明書作成の為のポイントを作成し、208証明書ポイント送信により105認証装置と106PCに対して証明書ポイントを送信し、105認証装置と106PCは209証明書ポイント受信により証明書ポイントを受信する。105認証装置と106PCは受け取った証明書ポイントを使用し210認証作成処理にて証明書を作成し、作成した証明書を106PCは105認証装置に送信し、105認証装置は211証明書受信にて106PC作成の証明書を受信する。105認証装置は受信した証明書と105認証装置が作成した証明書と互いに証明書内容が同じか確認し、同じであれば212正しい証明書として、106PCを213新たな利用者を認識にて正しい利用者と認識し105認証装置の記憶装置に106PCを新たな利用者として登録する。The 106 PCs provided to the user by the 201 administrator in FIG. 2 or the 106 PCs whose identity was certified by the 201 administrator, or the 201 administrator himself directly uses the 106 PC and 202 certificate issuance request to the 101 certificate issuing system The 101 certificate issuing system that received the 202 certificate issuance request creates information related to the authentication of the circulation number sequence etc. in the 204 circulation number sequence processing, and sends 205 circulation number sequence transmission to the 105 authentication device and 106 PC for circulation. Send information related to authentication, such as a sequence of numbers. Next, create points for creating certificates by creating 207 certificate points, and send certificate points to the 105 authentication device and 106 PC by transmitting 208 certificate points, and the 105 authentication devices and 106 PC have 209 certificates. Receive certificate points by receiving written points. The 105 authentication device and 106 PC use the received certificate points to create a certificate in 210 authentication creation processing, and the 106 PC sends the created certificate to the 105 authentication device, and the 105 authentication device receives 211 certificates. Receive a 106 PC certificate. The 105 authentication device confirms whether the received certificate and the certificate created by the 105 authentication device mutually agree that the certificate content is the same, and if it is the same, it is correct by recognizing the 106 PC as 213 new users as the 212 correct certificate. Recognize the user and register the 106 PC as a new user in the storage device of the 105 authentication apparatus.

図3は、本発明の循環数列処理について記載した図である。循環数列処理の目的は、循環数列を作成し、循環数列により証明書を作成する為の様々な情報を作成する事にある。FIG. 3 is a diagram describing cyclic sequence processing of the present invention. The purpose of cyclic sequence processing is to create a cyclic sequence and to create various information for creating a certificate by the cyclic sequence.

図3の301循環数列作成では循環数列を作成するが、作成の為のロジックは別途記載する。次に、302乱数発生にて16進数00から16進数FFまでの使用できる全ての記号を使用し乱数を循環数列の桁数分発生させ、303循環数列暗号化にて循環数列を暗号化し、304循環数列保存にて、暗号化した乱数を保存する。In the 301 cycle number sequence creation of FIG. 3, the cycle number sequence is created, but the logic for creation is described separately. Next, 302 random numbers are generated by using all available symbols from hexadecimal 00 to hexadecimal FF to generate random numbers for the number of digits of the cyclic number sequence, and the cyclic number sequence is encrypted with 303 cyclic number sequence encryption, 304 Encrypted random numbers are stored by cyclic sequence storage.

図4は、本発明の210初期認証処理について記載した図である。101証明書発行システムからの指示により循環数列の一部を取り出し証明書を作成する事にある。FIG. 4 is a diagram describing 210 initial authentication processing of the present invention. 101 A certificate is to extract a part of a cyclic sequence according to an instruction from a certificate issuing system.

401証明書ポイントにて、指示された開始ポイントを使い、循環数列の開始ポイントから分割数値分の乱数を分割数値分抜き取り、402ハッシュ化にて抜き取った乱数をSHA1などにてハッシュ化し、403暗号化にてタイムスタンプ等を独自暗号化にて暗号化し、404結合にて2つの値を結合する。At the 401 certificate point, using the indicated start point, divide the divided numbers by dividing the random number for the division numerical value from the start point of the cyclic sequence, hash the random number extracted by the 402 hashing with SHA1 etc., 403 cipher The time stamp, etc. is encrypted by unique encryption in the case of 化, and the two values are combined in the 404 combination.

図5は、本発明の利用者認証について記載した図である。利用者認証の目的は、正しい利用者が簡単かつ安全に認証されWebサーバなどのサービスを受けられる事を目的とする。FIG. 5 is a diagram describing user authentication of the present invention. The purpose of user authentication is to ensure that the correct user is easily and securely authenticated and can receive services such as a web server.

106PCが101証明書発行システムに対してアクションを起こした場合、501ID、PASSWORD要求にて106PCに対しID、PASSWORDの入力画面を提示し、106PCは502ID・PASSWORD入力にてIDとPASSWORDを取り込み、101証明書発行システムに送信し、503正しいにてIDとPASSWORDが正しいか確認し、正しければ504前回証明書要求にて106PCに対し前回使用した証明書の送信要求を行い、505前回証明書を101証明書発行システムに送信し、101証明書発行システムは506前回証明書受信にて505前回証明書を受信し、507正しい証明書の判定にて505前回証明書が正しかった時には、508ログイン通知にて105認証装置と106PCに対してログインの通知を行う。105認証装置は106PCから新しい証明書にて承認要求がくることを確認すると509ログイン準備によって106PCに対しポートを開放するなどの通信可能な状況を作成し、510開始ポイントにて前回使用した開始ポイントから分割数値分加え新たな開始ポイントを作成し、210認証作成処理を実行する。一方、508ログイン通知を受けた106PCは、511開始ポイントにて前回使用した証明書発行のポイントから分割数値分加え新たな開始ポイントを作成し210認証作成処理を実行し、512証明書保管にて作成された証明書を保管し、513証明書送信にて105認証装置に証明書を送信し、105認証装置は514証明書受信にて証明書を受信する。105認証装置は515正しい証明書にて105認証装置と106PCにて別々に作成した証明書を付き合わせ同じか確認し、更に証明書の中に含まれているタイムスタンプを複合化し、n分以内に作成された証明書か確認し問題なければ、ログイン成功としサービスを開始する。If the 106PC raises an action for the 101 certificate issuing system, the 501ID and PASSWORD request present the input screen of the ID and PASSWORD to the 106PC in the PASSWORD request, and the 106PC fetches the ID and PASSWORD in the 502ID · PASSWORD input, 101 It sends it to the certificate issuing system, confirms that the ID and PASSWORD are correct at 503 correct, and if correct, requests the transmission of the previously used certificate to the 106 PC at the 504 previous certificate request and makes the 505 last certificate 101 Send to the certificate issuing system, the 101 certificate issuing system received the previous certificate 505 by the previous 506 certificate reception, and when the 507 certificate was correct by the judgment of the 507 correct certificate, the 508 login notification 105 authentication device and 106 PC A notification of the login Te. When the 105 authentication device confirms that the approval request comes from the 106 PC with a new certificate, it creates a communicable situation such as opening the port for the 106 PC by the 509 login preparation, and the start point used last time at the 510 start point Create a new start point by adding the division value from to execute 210 authentication creation processing. On the other hand, the 106 PC that received the 508 login notification creates a new start point by adding a division value from the point of issuing the certificate used previously at the 511 start point, and executes 210 authentication creation processing, and stores 512 certificates. The created certificate is stored, and the certificate is transmitted to the 105 authentication apparatus by the 513 certificate transmission, and the 105 authentication apparatus receives the certificate by the reception of the 514 certificate. The 105 authentication unit puts together the certificates separately created by the 105 authentication unit and the 106 PC with the 515 correct certificate and confirms whether it is the same, and further, composites the time stamp contained in the certificate, and within n minutes If there is no problem, verify that the certificate was created, and log in as successful and start the service.

循環数列を作成する目的は1回作成した乱数を乱数の長さを変える事無く、乱数を再発行する事無く、循環数列の桁数によっては何万回、何十万回、何百万回も違った乱数に作り変える事が可能と成る。The purpose of creating a cyclic sequence is to change the random number generated once, without changing the length of the random number, and without reissuing the random number, depending on the number of digits of the cyclic sequence, tens of thousands, hundreds of thousands, hundreds of millions of times It also becomes possible to make different random numbers.

循環数列と分割数の定義は、名称の説明でも述べたが、再度記載する。
循環数列とは:
・素数桁分作成した乱数の集合体とする。
・分割数より大きな素数を使用する。
・16進数00から16進数FFまでを使用し発生させた乱数の集合体とする。
・概念的には1列の数値ではなく輪に成った数列とする。
(実際には一定の長さで繰り返される)
・セキュリティ上、利用者毎、利用デバイス毎に作成する事が望ましい。
分割数とは:
・10以上の素数をいう。
1桁でも良いが、セキュリティ上2桁以上の素数を用いる事が望ましい。
・循環数列を分割する時に使用する素数とする。
・循環数列の桁数(繰り返される一定の長さ)より小さな素数とする。
・分割数を今使用している素数以外の素数に変化させることにより、証明書の作成ロジックを変化させる事無く、証明書を変化させる事が可能となる。
循環数列と分割数の関係:
・分割数を使用し、分割数分の乱数を循環数列から抜き出しても、循環数列の桁数回循環しないと同じ数列を切り取る事と成らない関係。
・循環数列の桁数回循環した時、分割数は次の素数に変化させ新たな乱数を循環数列から抜き取る関係。The definitions of the cyclic sequence and the number of divisions are described in the description of the names, but will be described again.
What is a cyclic number sequence:
-A set of random numbers created for prime digits.
Use a prime number larger than the number of divisions.
A set of random numbers generated using hexadecimal 00 to hexadecimal FF.
・ Conceptually, it is not a single column of numbers but a series of numbers consisting of rings.
(In practice, it repeats at a fixed length)
-For security, it is desirable to create for each user and each use device.
The division number is:
・ The prime number of 10 or more is said.
Although a single digit may be used, it is desirable to use a prime number of two or more digits for security.
· A prime number used when dividing a cyclic number sequence.
· A prime number smaller than the number of digits (a constant length of repetition) of a cyclic number sequence.
By changing the division number to a prime number other than the prime number currently used, it is possible to change the certificate without changing the certificate creation logic.
Relationship between cyclic sequence and number of divisions:
-Even if the number of divisions is used and random numbers for the number of divisions are extracted from the cyclic number sequence, the same numerical sequence can not be cut unless it is circulated several times the number of digits of the cyclic number sequence.
-A relationship in which the division number is changed to the next prime number and the new random number is extracted from the circulation number sequence, when the number of digits of the circulation number sequence has been circulated.

図6は、循環数列の桁数を説明の為に素数7を使用し7桁とし、分割数を素数2と素数3と素数5を利用した時の説明図となる。
601循環数列7桁、分割数2とした場合は、素数7と2を使用した説明図と成る。602循環数数列は1から7の数字が記載されているが実際はもっと大きな乱数を使用するが、分かりやすくするために1から7の数字を使用する。
603分割1回目にて分割数分循環数列から取り出す。取り出した乱数は1、2となる。
604分割2回目にて分割数分循環数列から取り出す。取り出した乱数は3、4となる。
605分割3回目にて分割数分循環数列から取り出す。取り出した乱数は5、6となる。
606分割4回目にて分割数分循環数列から取り出す。取り出した乱数は7、1となる。
607分割5回目にて分割数分循環数列から取り出す。取り出した乱数は2、3となる。
608分割6回目にて分割数分循環数列から取り出す。取り出した乱数は4、5となる。
609分割7回目にて分割数分循環数列から取り出す。取り出した乱数は6、7となる。
610分割8回目にて分割数分循環数列から取り出す。取り出した乱数は1、2となり元に戻る。
次に、循環数列を変える事無く、分割数を素数3にする。
613分割1回目にて分割数分循環数列から取り出す。取り出した乱数は1、2、3となる。
614分割2回目にて分割数分循環数列から取り出す。取り出した乱数は4、5、6となる。
615分割3回目にて分割数分循環数列から取り出す。取り出した乱数は7、1、2となる。
616分割4回目にて分割数分循環数列から取り出す。取り出した乱数は3、4、5となる。
617分割5回目にて分割数分循環数列から取り出す。取り出した乱数は6、7、1となる。
618分割6回目にて分割数分循環数列から取り出す。取り出した乱数は2、3、4となる。
619分割7回目にて分割数分循環数列から取り出す。取り出した乱数は5、6、7となる。
620分割8回目にて分割数分循環数列から取り出す。取り出した乱数は1、2、3、となり元に戻る。
次に、循環数列を変える事無く、分割数を素数5にする。
623分割1回目にて分割数分循環数列から取り出す。
取り出した乱数は1、2、3、4、5となる。
624分割2回目にて分割数分循環数列から取り出す。
取り出した乱数は6、7、1、2、3となる。
625分割3回目にて分割数分循環数列から取り出す。
取り出した乱数は4、5、6、7、1となる。
626分割4回目にて分割数分循環数列から取り出す。
取り出した乱数は2、3、4、5、6となる。
627分割5回目にて分割数分循環数列から取り出す。
取り出した乱数は7、1、2、3、4となる。
628分割6回目にて分割数分循環数列から取り出す。
取り出した乱数は5、6、7、1、2となる。
629分割7回目にて分割数分循環数列から取り出す。
取り出した乱数は3、4、5、6、7となる。
630分割8回目にて分割数分循環数列から取り出す。
取り出した乱数は1、2、3、4、5となり元に戻る。
循環数列7桁、分割数2、3、5としたどの場合も8回目に元に戻る。
分割数を変える事により循環数列という乱数の集合から分割数の長さ分、違った乱数を循環数列の桁×乱数の種類分抜き出せることが証明された。
つまり、素数の桁数分の循環数列とその循環数列で使用した素数より小さい素数を分割数に使えば循環数列の桁数分、違った乱数をいつでも取り出せるので1回だけお互いに循環数列を交換すれば無限大に乱数を取り出す事が出来る。
このケースでは循環数列に7桁の乱数を使用したが、たった7桁で21種類の違った乱数を取り出す事が可能と成る。FIG. 6 is an explanatory diagram when the number of digits of the cyclic number sequence is 7 and 7 digits are used for the purpose of explanation, and the number of divisions is 2 prime, 3 prime and 5 prime.
If it is assumed that the 601 circulation number sequence has 7 digits and the division number is 2, it is an explanatory diagram using prime numbers 7 and 2. Although the numbers in the 1's to 7's are described in the 602 cycle number sequence, in practice, larger random numbers are used, but the numbers from 1 to 7 are used for the sake of clarity.
In the first division 603, the division number is taken out from the circulation number sequence. The random numbers taken out are 1 and 2.
In the second division 604, the division number is taken out from the circulating number sequence. The random numbers taken out are 3 and 4.
At the third division 605, the division number is taken out from the circulating number sequence. The random numbers taken out are 5, 6.
At the fourth division of 606, the division number is taken out from the circulating number sequence. The random numbers taken out are 7 and 1.
607 divided 5 times and taken out from the circulating number sequence by the division number. The random numbers taken out are 2 and 3.
At the sixth 608 division, the division number is taken out from the circulating number sequence. The random numbers taken out are 4 and 5.
In the seventh 609 division, the division number is taken out from the circulating number sequence. The random numbers taken out are 6 and 7.
At division 610 eighth time, it is taken out from the circulating number sequence by the division number. The extracted random numbers become 1 and 2 and return to the original.
Next, the division number is set to a prime number 3 without changing the circulating number sequence.
613 The first division cycle is taken out from the circulating number sequence by the division number. The random numbers taken out are 1, 2 and 3.
In 614 division second time, it is taken out from the circulating number sequence by the division number. The random numbers taken out are 4, 5, and 6.
At 615 division third time, it is taken out from the circulating number sequence by the division number. The random numbers taken out are 7, 1 and 2.
616 divided 4 times and taken out from the circulating number sequence by the division number. The random numbers taken out are 3, 4 and 5.
617 divided 5 times and taken out from the circulating number sequence by the division number. The random numbers taken out are 6, 7, and 1.
At 618th division in 618, the division number is taken out from the circulating number sequence. The random numbers taken out are 2, 3, and 4.
619 divided 7th time and taken out from the circulating number sequence by the division number. The random numbers taken out are 5, 6, and 7.
At the 620th division 8th time, it is taken out from the circulating number sequence by the division number. The extracted random numbers become 1, 2, 3 and so on, and return to the original.
Next, the division number is made prime number 5 without changing the circulating number sequence.
At 623 division first time, it is taken out from the circulation number sequence by the division number.
The random numbers taken out are 1, 2, 3, 4, and 5.
At 624 second time, it is taken out from the circulating number sequence by the division number.
The random numbers taken out are 6, 7, 1, 2 and 3.
625 divided 3rd time and taken out from the circulating number sequence by the divided number.
The random numbers taken out are 4, 5, 6, 7, 1.
626 divided 4 times and taken out from the circulating number sequence by the divided number.
The random numbers taken out are 2, 3, 4, 5, and 6.
627 divided 5 times and taken out from the circulating number sequence by the division number.
The random numbers taken out are 7, 1, 2, 3, and 4.
628 divided and taken out from the circulating number sequence by the division number 6th.
The random numbers taken out are 5, 6, 7, 1, and 2.
It is extracted from the circulation number sequence by the division number at the 7th time of the 629 division.
The random numbers taken out are 3, 4, 5, 6, and 7.
At the 630rd division 8th time, it is taken out from the circulating number sequence by the division number.
The extracted random numbers become 1, 2, 3, 4, and 5 and return to the original.
In any case where the circulating number sequence has 7 digits and the number of divisions is 2, 3 and 5, the eighth return is made to the original.
It has been proved that by changing the number of divisions, it is possible to extract different random numbers from the set of random numbers called cyclic number sequences by the length of the number of divisions by the number of digits of the cyclic number sequence x random number.
In other words, if you use a cyclic number sequence of prime numbers and a prime number smaller than the prime number used in the cyclic number sequence as the division number, you can take out random numbers by the number of digits of the cyclic number sequence and exchange random number sequences only once. If you do, you can retrieve random numbers infinitely.
In this case, 7-digit random numbers are used for the cyclic number sequence, but it becomes possible to take out 21 different random numbers with only 7 digits.

図7のように702循環数列を503桁とすると703分割数を安全の為に11からの素数を使用したとしても素数503までは91種類の素数があり、当然ではあるが素数同士なので、704商が割り切れていない。乱数を取り出す種類を計算する式は下記のようになる。
503×91=45,773(取り出せる乱数の種類)
45,773種類の乱数が取り出せるということは、1日に5回ログインしたとしても45,773÷5回÷365日=25.08と成り25年分の乱数を取り出す事が出来る。もし、これが自然数で循環数列と分割数を使うと割り切れてしまう為に循環数列の同じ場所から乱数を抜き出す事に成るので、25年も違った場所から乱数を向き取ることは出来ない。このため素数と素数の組合せが重要となり、更に1回の循環数列の交換で25年間毎回違う乱数を使用しお互いに認証し合えるというところにある。1回の循環数列交換でその後はまったくお互いの情報のやり取りが無く、お互いを認証し合える証明書が発行できる。
1000以下の素数は全部で168個ある。もし循環数列を素数1009にて作成すれば
1009×(168−4)=165、476(取り出せる乱数の種類)
165、476÷5回÷365日=90.67
となり、1日に5回の認証を行っても、90年間も毎回違う証明書が簡単、安全に作成が可能となる。つまり、循環数列の長さにより指数関数的に使用年数を増やす事も可能となる。上記式の“−4”は素数2、3、5、7を除いた為である。As shown in FIG. 7, assuming that the 702 circulation number sequence has 503 digits, even if the prime number from 11 is used for safety because the division number 703, there are 91 kinds of prime numbers up to prime number 503, and it is natural that they are prime numbers. The quotient is not divisible. The formula for calculating the type to extract random numbers is as follows.
503 × 91 = 45,773 (kinds of random numbers that can be extracted)
That 45,773 kinds of random numbers can be taken out is 45,773 divided by 5 times 365 days = 25.08 even if logged in 5 times a day, and 25 years of random numbers can be taken out. If this is a natural number and it is divided by using a cyclic number sequence and a division number, random numbers are extracted from the same place in the cyclic sequence, so it is impossible to take random numbers from different places for 25 years. For this reason, the combination of prime numbers and prime numbers becomes important, and it is possible to mutually authenticate each other by using different random numbers every 25 years in one exchange of cyclic sequence. After one cycle number exchange, there is no mutual exchange of information, and certificates can be issued which can authenticate each other.
There are a total of 168 primes less than 1000. 1009 × (168−4) = 165, 476 (types of random numbers that can be taken out) if a cyclic number sequence is created with a prime number 1009
165, 476 ÷ 5 times ÷ 365 days = 90.67
Therefore, even if authentication is performed 5 times a day, different certificates can be created easily and safely every time for 90 years. That is, it is also possible to increase the number of years of use exponentially according to the length of the cyclic number sequence. The "-4" in the above equation is because primes 2, 3, 5, 7 have been removed.

循環数列という安全で安心できる証明書を1回発行する事により、その証明書から安全に新たな証明書を無限に作成する事が出来る。
もし、循環数列全て使用してしまった時は基となる循環数列を新たな素数桁に変更し、不足分の乱数を加えれば良いからである。例えば、循環数列が503桁だった場合、次の大きな素数509に循環数列を変える時は6桁の乱数を基の循環数列に加え、分割数を503が使用可能と成るので509個分新たに証明書を作ることが可能と成る。
更に、次の素数521にすれば、分割数が503と509が使用可能と成り、併せて1030個の乱数を抜き取る事が可能と成る。
素数の数は無限にある事がユークリッドの定理により証明されているので、無限に証明書発行が可能と成る。更に、ラビン‐ミラー素数判定法などを使用すれば簡単に素数を得ることが出来る。By issuing a safe and secure certificate called a cyclic number sequence once, it is possible to create an infinitely new certificate from the certificate safely.
If all the cyclic sequences have been used, it is sufficient to change the base cyclic sequence to new prime digits and add a random number for the shortfall. For example, when the cyclic number sequence is 503 digits, when changing the cyclic number sequence to the next large prime number 509, a 6-digit random number is added to the basic cyclic number sequence and the number of divisions becomes 503, so 509 new It is possible to make a certificate.
Further, if the next prime number 521 is used, the division numbers 503 and 509 become usable, and it becomes possible to extract 1030 random numbers altogether.
Since Euclidean's theorem proves that the number of prime numbers is infinite, the certificate can be issued infinitely. Furthermore, prime numbers can be easily obtained by using the Rabin-Miller prime number determination method or the like.

図8循環数列の桁増加は、循環数列5桁、分割数2、3から循環数列7桁に増やし、分割数を新たな5に変化させた時の説明図と成る。この例では新たな乱数aとbを連続し先頭に挿入しているが、aとbをバラバラに違った場所に挿入し、挿入した位置情報を101証明書発行システム、105認証装置、106PC間で同期を取ればよい。
この乱数追加によっての利点は、素の証明書をネット上でやり取りする必要が無く、新たに挿入する乱数と乱数を挿入する位置情報だけネットを利用し同期すれば良いので証明書の漏洩と言った問題を回避する事が可能と成る。FIG. 8 is an explanatory diagram when the digit number increase of the circulation number sequence is increased from 5 digits of the circulation number sequence and 2 and 3 of the division number to 7 digits of the circulation number sequence and the division number is changed to 5 new. In this example, new random numbers a and b are continuously inserted at the beginning, but a and b are inserted separately at different places, and the inserted position information is between the 101 certificate issuing system, 105 authentication devices, 106 PCs You can synchronize at.
The advantage of this random number addition is that it is not necessary to exchange the original certificate on the net, and it is sufficient to synchronize only the random number to be newly inserted and the position information to insert the random number using the net and say that the leakage of the certificate. It is possible to avoid the problem.

827循環数列7桁に増加、分割数5にした場合や830循環数列7桁に増加、分割数5にした場合のように挿入した乱数を含めた場合、その箇所数×分割数分証明書を増加させることが可能と成る。この場合0023の増加証明書数に、乱数×素数分、更に増加される。
しかし、応用技術でこのパターンを使用する事は管理が複雑に成るので使用しないほうが望ましい。When the random number is increased to 7 digits of the 827 cyclic number sequence and increased to 7 digits of the 830 cyclic number sequence and is included as in the case of 5 division number, the certificate for the number of places x divided number is included. It is possible to increase. In this case, the number of increased certificates in 0023 is further increased by random number × prime number.
However, it is desirable not to use this pattern in application technology, as it complicates management.

図9循環数列と分割数が自然数の場合は、素数を使わずに自然数を使用した場合の例を示す。
901循環数列8桁、分割数4とした場合は、循環数列が8桁も有るにも関わらず2種類の乱数しか取り出せない。
906循環数列8桁、分割数4とし、1桁ずつずらした場合は、循環数列が8桁なので、最大に乱数を取り出す為に1桁ずつずらしたが、この場合8種類の乱数は取り出せるが、908分割1回目と909分割2回目を比較すれば分かるが1バイトしかずれないので盗聴者から見た場合、1バイトつまり256種類のHexを908分割1回目に加えれば、909分割2回目の乱数を容易に解読できることになるので安全ではないので複雑な管理を行う必要がある。FIG. 9 shows an example where natural numbers are used without using prime numbers when the circulating number sequence and the division number are natural numbers.
In the case where the 901 circulation number sequence has eight digits and the division number is four, only two types of random numbers can be extracted although there are eight digits in the circulation number sequence.
In the case of 906 cyclic sequence with 8 digits and division number 4 and shifted by 1 digit, the cyclic sequence has 8 digits, so 1 random digit is shifted to extract random numbers at the maximum, but in this case 8 kinds of random numbers can be taken out If you compare the 908 division first and the 909 division second but you can see only 1 byte, from the viewpoint of the eavesdropper, if you add 1 byte or 256 types of Hex to the 908 division first, the 909 division second random number It is necessary to do complicated management because it is not safe because it can be easily deciphered.

図10のように循環数列を自然数にして、分割数をその自然数を割り切る事が出来ない数にした場合、循環数列分割数共に素数の場合と同じ結果となるが、素数同士の場合との違いは複雑な管理にある。素数同士であれば、絶対に割り切れない事は既に証明されている。更に、ユークリッドの定理やラビン‐ミラー素数判定法などの多数の方式により、大きな素数の中に含まれる小さな素数の種類やその値など簡単に知る事が可能となるが、自然数の場合1つ1つ自分で調べ管理する必要が有り複雑となる。As shown in FIG. 10, when the cyclic number sequence is a natural number and the division number is a number that can not divide the natural number, the cyclic number sequence division number both have the same result as the prime number, but the difference from the prime numbers Is in complex management. It has already been proved that prime numbers can not be divided by any means. Furthermore, although it is possible to easily know the kind and value of small prime numbers contained in large prime numbers by a large number of methods such as Euclidean theorem and Rabin-Miller prime number determination method, one natural number 1 It is necessary to investigate and manage by yourself and it becomes complicated.

ロジックが簡単な為に安価に実装できることや、ロジックが簡単という事実に反しパスワードが使い捨てなので総当たり攻撃やパスワードが漏洩しても次に何を使うかわからないという堅牢なセキュリティ機能を有することから、今後、ますます盛んになる事が予想されるIoTなどに、安心して使用できる認証システムとして利用される。It has a robust security function that logic can be implemented inexpensively because it is simple, and it has a disposable security password against the fact that logic is simple, so it does not know what to use next if brute force attacks or passwords leak. It will be used as an authentication system that can be used safely for IoT, etc., which is expected to become increasingly popular in the future.

Claims (3)

2つの素数から構成され、
1つの素数は循環数列の桁数に使用し、
もう一つの素数は分割数に使用され、
循環数列の桁数に使用される素数は、
分割数に使用される素数より大きく、
循環数列は16進数0から16進数Fまでを使用して作成された乱数の集合体とし、
循環数列は1列の輪と成った乱数の数列であり、
分割数は循環数列を分割する目的で使用し、
分割数の素数桁分の乱数を循環数列から抜き出して証明書とし使用し、
次に循環数列から乱数を抜き出す時には、
分割数分抜き出す箇所をずらして使用し、
循環数列に使用された素数と分割数の種類を掛け合わせた数値分の異なる内容の乱数を抜き出し、
毎回異なる証明書を作成する事が可能な
証明書発行システム。Composed of two prime numbers,
One prime number is used for the number of digits in the cyclic number sequence,
Another prime number is used for the division number,
The prime number used for the number of digits in the cyclic number sequence is
Greater than the prime used for the division number,
The cyclic sequence is a collection of random numbers created using hex 0 to hex F,
A cyclic number sequence is a sequence of random numbers consisting of one row of rings,
The division number is used to divide a cyclic number sequence,
Extract a random number for the prime digit of the division number from the cyclic number sequence and use it as a certificate,
The next time you extract a random number from the cyclic sequence,
Shift the location to extract the number of divisions,
Extract random numbers with different contents for the number obtained by multiplying the prime number used for the cyclic number sequence and the type of division number,
A certificate issuing system that can create different certificates each time. 基となる素数で表す桁数の乱数かから構成される循環数列発行によって発行された循環数列から異なる乱数を全て取り出した時、
新たな大きな素数を使用し循環数列を再構成する時、
不足する桁数分の乱数を乱数の挿入場所と実際に挿入する乱数を認証装置や
PCなどの端末間にて同期させる事により、
新たな大きな素数より小さな素数であり、
且つ最後に使用した分割数より大きな素数の種類と
新たな大きな素数を掛け合わせた分、
新たな証明書を作製する事が可能と成る
証明書発行システム。When all different random numbers are taken out from the cyclic number sequence issued by the cyclic number sequence issue consisting of a random number of the number of digits represented by the base prime number,
When reconstructing a cyclic sequence using new large prime numbers,
By synchronizing the random number for the number of missing digits with the insertion place of the random number and the random number for actually inserting between terminals such as the authentication device and PC,
Is a prime number smaller than the new large prime number,
At the same time, the number of types of prime numbers greater than the number of divisions used last and the new prime numbers,
A certificate issuing system that makes it possible to create new certificates. 前記、循環数列から全種類の乱数を抜き出した後、
基となる循環数列をネットワークなどの通信手段を使用し公開する事無く、
新たな循環数列を作成しネットワークなどでお互いに同期する事も無く、
不足分の乱数と乱数の挿入箇所情報だけを同期する事により、
新たな循環数列を作成する事が出来る
証明書発行システム。After extracting all kinds of random numbers from the cyclic sequence,
It is not necessary to disclose the basic circulation number sequence using communication means such as a network,
There is no need to create a new cyclic sequence and synchronize with each other in a network etc.
By synchronizing only the missing random number and the insertion point information of the random number,
A certificate issuing system that can create a new circulation number sequence.
JP2017202974A 2017-10-03 2017-10-03 Certificate issuance and authentication system Active JP7098099B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2017202974A JP7098099B2 (en) 2017-10-03 2017-10-03 Certificate issuance and authentication system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2017202974A JP7098099B2 (en) 2017-10-03 2017-10-03 Certificate issuance and authentication system

Publications (2)

Publication Number Publication Date
JP2019068392A true JP2019068392A (en) 2019-04-25
JP7098099B2 JP7098099B2 (en) 2022-07-11

Family

ID=66340137

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2017202974A Active JP7098099B2 (en) 2017-10-03 2017-10-03 Certificate issuance and authentication system

Country Status (1)

Country Link
JP (1) JP7098099B2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110443927A (en) * 2019-08-12 2019-11-12 北京百佑科技有限公司 Passwords of visitors generation method, verification method, server and intelligent door lock

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07226732A (en) * 1994-02-14 1995-08-22 Fujitsu Ltd Communication terminal equipment verification device
JP2003108901A (en) * 2001-09-29 2003-04-11 Kokuyo Co Ltd Card payment system and card payment assisting method
JP2011004039A (en) * 2009-06-17 2011-01-06 Mitsubishi Electric Engineering Co Ltd Wireless lan encryption communication system
JP2011145464A (en) * 2010-01-14 2011-07-28 Nihon Univ Device and program for generation of pseudo-random number
US20120290632A1 (en) * 2011-05-11 2012-11-15 Hiroshi Nakazawa Method of generating random numbers ii
JP2016021700A (en) * 2014-07-15 2016-02-04 株式会社日立製作所 Information processing system, information processor, and control method for information processing system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH07226732A (en) * 1994-02-14 1995-08-22 Fujitsu Ltd Communication terminal equipment verification device
JP2003108901A (en) * 2001-09-29 2003-04-11 Kokuyo Co Ltd Card payment system and card payment assisting method
JP2011004039A (en) * 2009-06-17 2011-01-06 Mitsubishi Electric Engineering Co Ltd Wireless lan encryption communication system
JP2011145464A (en) * 2010-01-14 2011-07-28 Nihon Univ Device and program for generation of pseudo-random number
US20120290632A1 (en) * 2011-05-11 2012-11-15 Hiroshi Nakazawa Method of generating random numbers ii
JP2016021700A (en) * 2014-07-15 2016-02-04 株式会社日立製作所 Information processing system, information processor, and control method for information processing system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110443927A (en) * 2019-08-12 2019-11-12 北京百佑科技有限公司 Passwords of visitors generation method, verification method, server and intelligent door lock
CN110443927B (en) * 2019-08-12 2021-04-27 北京百佑科技有限公司 Visitor password generation method, visitor password verification method, server and intelligent door lock

Also Published As

Publication number Publication date
JP7098099B2 (en) 2022-07-11

Similar Documents

Publication Publication Date Title
Gope et al. Lightweight and privacy-preserving two-factor authentication scheme for IoT devices
CN106656907B (en) Method, device, terminal equipment and system for authentication
US8132020B2 (en) System and method for user authentication with exposed and hidden keys
Kaur et al. A Secure Two‐Factor Authentication Framework in Cloud Computing
Idriss et al. Lightweight highly secure PUF protocol for mutual authentication and secret message exchange
KR101753859B1 (en) Server and method for managing smart home environment thereby, method for joining smart home environment and method for connecting communication session with smart device
JP2013509840A (en) User authentication method and system
Ren et al. A novel dynamic user authentication scheme
CN105656862A (en) Authentication method and device
Panchal et al. Designing secure and efficient biometric-based access mechanism for cloud services
Garrett et al. On vulnerability analysis of several password authentication protocols
CN106034122A (en) Information processing method, electronic equipment and server
Prabakaran et al. Secure channel for financial transactions in cloud environment using blockchain technology
Mehraj et al. Contemplation of effective security measures in access management from adoptability perspective
Leea et al. An S/Key-like one-time password authentication scheme using smart cards for smart meter
JP7098099B2 (en) Certificate issuance and authentication system
Tan et al. Securing password authentication for web-based applications
CN115632797A (en) Safety identity verification method based on zero-knowledge proof
Jiang et al. Identity authentication scheme of cloud storage for user anonymity via USB token
Eldow et al. Literature review of authentication layer for public cloud computing: a meta-analysis
Chen et al. Analysis and improvement of user authentication framework for cloud computing
Muhaya Security analysis and improvement of a mutual authentication scheme under trusted computing
Balilo et al. Design of physical authentication based on OTP KeyPad
KR20090013616A (en) Server certification system and method using server certification code
Aboshosha et al. Secure Authentication Protocol Based on Machine-metrics and RC4-EA Hashing.

Legal Events

Date Code Title Description
A711 Notification of change in applicant

Free format text: JAPANESE INTERMEDIATE CODE: A711

Effective date: 20180710

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20200707

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20210326

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20210511

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20210616

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20211130

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20220120

C60 Trial request (containing other claim documents, opposition documents)

Free format text: JAPANESE INTERMEDIATE CODE: C60

Effective date: 20220120

A911 Transfer to examiner for re-examination before appeal (zenchi)

Free format text: JAPANESE INTERMEDIATE CODE: A911

Effective date: 20220228

C21 Notice of transfer of a case for reconsideration by examiners before appeal proceedings

Free format text: JAPANESE INTERMEDIATE CODE: C21

Effective date: 20220303

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20220329

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20220419

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20220607

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20220609

R150 Certificate of patent or registration of utility model

Ref document number: 7098099

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150