JP2024093467A - Authentication device, authentication method, and authentication program - Google Patents

Abstract

An authentication system capable of protecting communications via a porting layer from fraud is provided.
[Solution] When providing a specific program including a data transmission process to a user's terminal 20, the server 10 is equipped with an algorithm generation unit 111 that generates an encryption algorithm to be incorporated into the data transmission process based on a random seed value, a program transmission unit 112 that transmits a program including the generated encryption algorithm to the terminal 20, and a data decryption unit 113 that, when receiving data encrypted by an encryption algorithm from the terminal 20, decrypts the encrypted data by a decryption algorithm corresponding to the encryption algorithm generated using the seed value, and after authenticating the authenticity of the encrypted data by being able to decrypt it by the data decryption unit 113, obtains the decrypted data.
[Selected Figure] Figure 1

Description

The present invention relates to a system that protects communication data generated by a program executed on a terminal and authenticates its validity.

Conventionally, measures against online fraudulent activities have become essential when providing services via the Internet. For example, Non-Patent Document 1 introduces an authentication system that performs additional checks such as verification by telephone or email for accounts that may be subject to fraudulent use.

Amazon Fraud Detector, Internet <https://aws.amazon.com/jp/fraud-detector/>

When a program is distributed from a server to a client terminal, measures to protect the program are important as a measure to protect intellectual property and to prevent unauthorized attacks. In this case, for example, protection of the program is an issue when porting a compiled program such as WASM, which is relatively resistant to reverse engineering, to a script layer such as JavaScript (registered trademark), which is relatively vulnerable.
In this case, the compiled program part exists independently, and the exposed porting layer (OS, browser, runtime, etc.) can control (hook) input and output with the outside, so it is necessary to design it in consideration of attacks that use the compiled program part as a black box. However, such a design is difficult, and a method for protecting such a vulnerable porting layer is required.

The present invention aims to provide an authentication system that can protect communications via the porting layer from fraud.

The authentication device according to the present invention includes an algorithm generating unit that generates an encryption algorithm to be incorporated into a data transmission process based on a random seed value when providing a predetermined program including a data transmission process to a user terminal, and a program transmitting unit that transmits the program including the generated encryption algorithm to the terminal;
a data decryption unit that, when receiving data encrypted by the encryption algorithm from the terminal, decrypts the encrypted data by a decryption algorithm corresponding to the encryption algorithm generated by using the seed value,
The authenticity of the encrypted data is verified by the data decryption unit being able to decrypt the data, and the decrypted data is then acquired.

The program may include the seed value, and the data decryption unit may receive the seed value from the terminal along with the encrypted data.

The algorithm generation unit may store a generation time of the encryption algorithm in association with the seed value, and the data decryption unit may only accept data that is within a predetermined expiration date for the generation time stored in association with the received seed value.

The algorithm generation unit may store the user's account in association with the seed value, and the data decryption unit may accept only data associated with the account stored in association with the received seed value.

The algorithm generation unit may randomly replace elements of a conversion table for numeric conversion in the encryption algorithm based on the seed value.

The algorithm generation unit may include the decryption algorithm corresponding to the encryption algorithm in the program, and the authentication device may encrypt data to be sent to the terminal using the encryption algorithm, so that the data can be decrypted only by the terminal having the program.

The authentication method according to the present invention includes an algorithm generation step of generating an encryption algorithm to be incorporated into a data transmission process based on a random seed value when providing a predetermined program including a data transmission process to a user terminal, a program transmission step of transmitting the program including the generated encryption algorithm to the terminal, and a data decryption step of decrypting the encrypted data using a decryption algorithm corresponding to the encryption algorithm generated using the seed value when data encrypted by the encryption algorithm is received from the terminal. When the data is decrypted in the data decryption step, the computer authenticates the authenticity of the encrypted data and obtains the decrypted data.

The authentication program according to the present invention is for causing a computer to function as the authentication device.

According to the present invention, communication from a terminal to a server via a porting layer can be protected from fraud.

FIG. 1 is a diagram illustrating a functional configuration of an authentication system according to an embodiment. 4 is a sequence diagram showing a communication procedure in the authentication system according to the embodiment. FIG. FIG. 2 is a diagram showing an overview of the AES encryption algorithm on which the one-time encryption algorithm in the embodiment is based.

An example of an embodiment of the present invention will now be described.
In the authentication system of this embodiment, the authentication device authenticates that communication data generated by a program provided from the authentication device to the terminal is normal by incorporating a one-time encryption algorithm into the program.

FIG. 1 is a diagram showing the functional configuration of an authentication system 1 according to the present embodiment.
The authentication system 1 includes a server 10 (authentication device) that provides a program, and a terminal 20 that executes the provided program and communicates with the server 10 .

The terminal 20 is an information processing device such as a personal computer, a tablet, or a smartphone that is operated by a user and executes a predetermined program.
This terminal 20 is provided with a porting layer that mediates communication with the outside when communicating with the server 10 by executing a program provided by the server 10. Therefore, data transmitted to the server 10 by executing the program is encrypted by a one-time encryption algorithm incorporated in the program.

The server 10 is an information processing device equipped with a control unit 11, a memory unit 12, various input/output interfaces, etc., and performs encrypted communication while authenticating the validity of data received from the terminal 20 by executing a program provided to the terminal 20.

The control unit 11 is a part that controls the entire server 10, and realizes each function in this embodiment by appropriately reading and executing various programs stored in the storage unit 12. The control unit 11 may be a CPU.

The memory unit 12 is a storage area for various programs and various data for causing the hardware group to function as the server 10, and may be a ROM, RAM, flash memory, hard disk drive (HDD), etc.

The control unit 11 includes an algorithm generation unit 111, a program transmission unit 112, and a data decoding unit 113.

When providing a predetermined program including a data transmission process to the user's terminal 20, the algorithm generation unit 111 generates a one-time encryption algorithm to be incorporated into the data transmission process based on a random seed value.
For example, the algorithm generation unit 111 generates a one-time encryption algorithm as described below based on a random seed value linked to a user ID and time information (the time the one-time encryption algorithm was generated) in response to the result of user authentication such as login.

The program transmission unit 112 transmits to the terminal 20 a program including the generated one-time encryption algorithm and the seed value used to generate the one-time encryption algorithm.

This program is a program that is desired to be executed in the user environment (for example, an application program such as a game), and a one-time encryption algorithm is incorporated into the encryption process of data sent to the server 10 during execution, and the program is provided at a specified time, such as for each user or when the program is updated.
By executing the program, the terminal 20 transmits a seed value linked to an ID and a generation time to the server 10 at the start of communication, and then performs encrypted communication with the server 10 using a one-time encryption algorithm.

When the data decryption unit 113 receives encrypted data from the terminal 20, the data decryption unit 113 decrypts the encrypted data using a decryption algorithm corresponding to the one-time encryption algorithm generated using the seed value.
The control unit 11 authenticates the validity of the encrypted data by the data decryption unit 113 being able to decrypt the received data, and then acquires the decrypted data.

The seed value corresponding to the encrypted data may be notified from the terminal 20 to the server 10, but is not limited to this. For example, a seed value that is valid at the time of reception, or a seed value associated with a user ID, may be extracted from the information stored by the algorithm generation unit 111.

Here, when the algorithm generation unit 111 stores the generation time of the one-time encryption algorithm in association with the seed value, the data decryption unit 113 receives only data that is within a predetermined expiration date for the generation time stored in correspondence with the received seed value, and rejects communication if the expiration date has been exceeded.

In addition, when the algorithm generation unit 111 stores the user's account information (e.g., user ID) in association with the seed value, the data decryption unit 113 receives only the data associated with the account stored in association with the received seed value. In other words, when performing encrypted communication, the server 10 checks the account associated with the seed value, and subsequently prevents the communication from being used by any account other than the associated account.

It is assumed that the terminal 20 has received authentication information in advance from the server 10. This authentication information may be something like a user identifier randomly issued by the server 10, or may be authentication information issued in response to login authentication such as an ID/password.
In addition, when the server 10 performs authentication to identify an account for login, etc. through this encrypted communication, the server 10 will not allow login if the account is not the same as the account linked to the seed value used to generate the one-time encryption algorithm.

Figure 2 is a sequence diagram showing the communication procedure in authentication system 1 in this embodiment.

In step S1, the terminal 20 requests delivery of the entire program or at least a part of it including the encryption algorithm by transmitting authentication information issued by the server 10 to the server 10.

In step S2, prior to encrypted communication with the terminal 20, the server 10 distributes a program including a one-time encryption algorithm and a seed value associated with the one-time encryption algorithm.

In step S3, the terminal 20 transmits a seed value to the server 10 in accordance with the distributed program prior to encrypted communication with the server 10.

In step S4, the terminal 20 encrypts the data using a one-time encryption algorithm linked to the seed value in accordance with the distributed program and transmits the data to the server 10.

Here, the method of generating a one-time program that includes a one-time encryption algorithm is not limited, and any method that can dynamically generate an encryption algorithm will suffice. As an example, a method of dynamically generating an encryption algorithm by converting the encryption algorithm of AES (Advanced Encryption Standard) will be shown.

Figure 3 shows an overview of the AES encryption algorithm that is the basis of the one-time encryption algorithm in this embodiment.

First, the cipherkey is expanded, and when the key length is, for example, 256 bits, round keys [0] to [14] are generated.
The plaintext to be encrypted is XORed with the round key [0], and then a round consisting of four processes (SubBytes, ShiftRows, MixColumns, AddRoundkey) is repeated 14 times to output the ciphertext.

Here, SubBytes indicates that the numerical value is replaced in units of one byte in a certain manner.
In AES, one method for this substitution (substitution using a fixed S-box) is defined; however, if strict consideration of tamper resistance is sacrificed, a new encryption algorithm can be generated using an infinite number of substitution patterns, for example, as follows:

That is, the algorithm generation unit 111 randomly replaces elements of a conversion table (matrix) for numeric conversion in the encryption algorithm based on a seed value.
For example, let F(0) be a table in which no replacement is performed. If F(1) is a table in which a value at a certain position (x, y) in the table has been replaced with a value at another position (x', y') that is randomly calculated based on a seed value, then F(X×Y), which is the result of performing this operation on all values in the table, is the conversion table for SubBytes', which is the new SubBytes.

The method of generating a new conversion table is not limited to this, and for example, a similar operation may be performed with an existing conversion table (S-box) as F(0). In addition, the number of replacement operations may be increased or decreased, and a termination condition may be set as appropriate, such as terminating the operation when all elements have been replaced at least once.
By using the SubBytes' thus generated, a new encryption algorithm is obtained based on AES.

The encryption logic that is generated one time also requires key data. The key itself or data for calculating the key data may be included in the encryption logic, or may be received from the main program.
If key data is included in the encryption logic, it is possible to make the key data more difficult to discover in the program, for example by calculating it from some kind of calculation result. However, the security of this method is based on the fact that the encryption logic itself is different each time, so sufficient security is ensured even if the key data is discovered.
In addition, taking into consideration the possibility that decryption logic may be generated from encryption logic, in order to maintain security strength within the same protection range as, for example, SSL (Secure Socket Layer), the program transmission unit 112 may distribute the encryption logic using SSL.

According to this embodiment, the server 10 generates a one-time encryption algorithm based on a random seed value, and transmits a program including this one-time encryption algorithm and the seed value to the terminal 20 .
As a result, when the server 10 receives the seed value and the encrypted, legitimate data, it can decrypt the encrypted data using a decryption algorithm that corresponds to the one-time encryption algorithm generated using the seed value.By being able to decrypt the data in this manner, it is possible to authenticate the authenticity of the encrypted data and then obtain the decrypted data.

The basis for the security of the authentication system 1 is that even if an attacker obtains an encryption algorithm, it is difficult for him to obtain, in a short period of time, a decryption algorithm, which is the inverse operation of the encryption algorithm.
In conventional systems, an attacker could perform a man-in-the-middle attack on a proxy server by rewriting a program on a terminal owned by the attacker and replacing the CA certificate, as shown in Fig. 4. In contrast, in this embodiment, the encryption algorithm itself is provided by the server 10, so the attacker must create a decryption algorithm from only the encryption algorithm, which is more difficult than the conventional replacement of the CA certificate. On the other hand, the server 10, which automatically generates the encryption algorithm, makes it easy to decrypt.

In this way, data transmitted to the server 10 by a program to be protected executed on the terminal 20 is difficult to decrypt by an attacker other than the server 10. Therefore, the authentication system 1 can protect communication via the porting layer in the terminal 20 from fraud.
As a result, for example, by protecting authentication programs for phishing detection, etc., it is possible to expect improved security, and by protecting application programs for games, etc., it is possible to prevent fraudulent activities such as cheating, and it is expected that the user experience will be improved.

The program sent to the terminal 20 may include a seed value used to generate the encryption algorithm, so that the server 10 can receive the seed value from the terminal 20 along with the encrypted data and easily identify the encryption algorithm and decryption algorithm that correspond to this seed value.

The server 10 may store the generation time of the one-time encryption algorithm in association with the seed value.
Although it is difficult to create a decryption program from only the one-time encryption algorithm of this embodiment, the encryption method is no longer completely tamper-resistant because the encryption method on which it is based has been modified as described above. In other words, considering the possibility that it may be broken within a certain period of time, it is necessary to change the method at a period shorter than this certain period. The server 10 can improve security by accepting only data within a predetermined expiration date with respect to the generation time stored in correspondence with the received seed value.

The server 10 may store the user's account information in association with the seed value, and receive only the data associated with the account stored in association with the received seed value.
This makes it possible to cope with cases where the time required for decryption is shorter than expected. In other words, even if a decryption program can be created from the encryption algorithm, the use of this encryption method is limited to one account. For this reason, even if a cheat program that uses the decryption program to transmit data not intended by the original program is developed, it cannot be distributed as something that can be used by a wide range of users. Furthermore, the method of generating the encryption algorithm is closed within the server 10 and cannot be seen by an attacker. For this reason, an attacker cannot know in advance when and what encryption algorithm will be applied to which account.

When the server 10 uses a method that uses a conversion table, such as the S-box of AES, it can easily generate a large number of different one-time encryption algorithms by randomly replacing the elements of the conversion matrix for numerical conversion based on a seed value.

In this embodiment, a configuration has been described in which only the data transmitted from the terminal 20 is encrypted, but normal encryption is a two-way encryption that is applied to both the transmitted data and the received data.
In accordance with this, the server 10 may distribute a one-time decryption algorithm included in a program, similar to the one-time encryption algorithm. As a result, the server 10 encrypts data to be transmitted to the terminal 20 using the one-time encryption algorithm, and the data can be decrypted only by the terminal 20 having the distributed program. Furthermore, the encryption method may be different for transmission and reception. As a result, secure two-way encrypted communication is realized.

Note that, according to this embodiment, an attack may occur in which unintended transmission data of the program is inserted into communication with the server 10. However, such an attack can be detected by the server 10, for example, by assigning a value indicating the data order to each piece of transmission data generated by the program.

According to this embodiment, for example, unauthorized data communications can be suppressed, which makes it possible to contribute to Goal 9 of the United Nations-led Sustainable Development Goals (SDGs), which is to "build resilient infrastructure, promote sustainable industrialization and foster innovation."

Although the embodiments of the present invention have been described above, the present invention is not limited to the above-described embodiments. Furthermore, the effects described in the above-described embodiments are merely a list of the most favorable effects resulting from the present invention, and the effects of the present invention are not limited to those described in the embodiments.

The authentication method by the server 10 (authentication device) is realized by software. When realized by software, the programs that make up this software are installed in an information processing device (computer). These programs may be recorded on removable media such as CD-ROM and distributed to users, or may be distributed by being downloaded to the user's computer via a network. Furthermore, these programs may be provided to the user's computer as a web service via a network without being downloaded.

1 Authentication system 10 Server (authentication device)
11 Control unit 12 Storage unit 20 Terminal 111 Algorithm generation unit 112 Program transmission unit 113 Data decoding unit

Claims (8)

an algorithm generating unit that generates an encryption algorithm to be incorporated in a data transmission process based on a random seed value when providing a predetermined program including the data transmission process to a user terminal;
a program transmission unit that transmits the program including the generated encryption algorithm to the terminal;
a data decryption unit that, when receiving data encrypted by the encryption algorithm from the terminal, decrypts the encrypted data by a decryption algorithm corresponding to the encryption algorithm generated by using the seed value,
an authentication device that authenticates the authenticity of the encrypted data by the data decryption unit succeeding in decrypting the data, and then acquires the decrypted data; the program includes the seed value;
The authentication device according to claim 1 , wherein the data decryption unit receives the seed value from the terminal together with the encrypted data. the algorithm generation unit stores a generation time of the encryption algorithm in association with the seed value;
3. The authentication device according to claim 2, wherein the data decryption unit accepts only data that is within a predetermined expiration date with respect to the generation time stored in correspondence with the received seed value. The algorithm generator stores the user's account in association with the seed value;
The authentication device according to claim 2 , wherein the data decryption unit accepts only data associated with an account that is stored in correspondence with the received seed value. The authentication device according to any one of claims 1 to 4, wherein the algorithm generation unit randomly replaces elements of a conversion table for numeric conversion in the encryption algorithm based on the seed value. the algorithm generation unit includes the decryption algorithm corresponding to the encryption algorithm in the program;
5. The authentication device according to claim 1, wherein data to be transmitted to said terminal is encrypted by said encryption algorithm so that the data can be decrypted only by said terminal having said program. an algorithm generating step of generating, when providing a predetermined program including a data transmission process to a user terminal, an encryption algorithm to be incorporated in the data transmission process based on a random seed value;
a program transmission step of transmitting the program including the generated encryption algorithm to the terminal;
a data decryption step of receiving data encrypted by the encryption algorithm from the terminal and decrypting the encrypted data by a decryption algorithm corresponding to the encryption algorithm generated using the seed value,
An authentication method in which the computer authenticates the authenticity of the encrypted data by successfully decrypting the data in the data decryption step, and then acquires the decrypted data. An authentication program for causing a computer to function as an authentication device according to any one of claims 1 to 4.