JP3671188B2 - Authentication system and authentication method - Google Patents

Description

  The present invention relates to an authentication system and an authentication method.

  2. Description of the Related Art An authentication system that securely exchanges electronic information when trading electronic information on an open network is known.

  In the conventional authentication system, the server device machine of the sender is provided with electronic tally generation means, and the electronic tally generation means divides the electronic information into two tally information, and the first tally information is first sent to the relay machine center machine. And the other tally information is sent to the client apparatus machine of the recipient through the second communication path, and the center machine of the relay engine stores the first tally information in the storage device and When there is a request from the receiver, one of the tally information is sent, and when the receiver's client device machine is equipped with electronic tally integration means and receives the other tally information and uses the electronic information, When the first tally information is requested from the relay organization and retrieved, the first tally information and the second tally information are integrated and restored by the electronic tally integration means. A Umono (e.g., see Patent Document 1).

  However, in such a conventional authentication system, once one tally information is stolen by a third party, the third party can impersonate the relay organization as many times as possible using that information. And tally information could be replaced.

JP 2003-132229 A

  An object of the present invention is to provide an authentication system and an authentication method that can safely and surely prevent impersonation of an authenticated side by a third party.

Such an object is achieved by the present inventions (1) to (22) below.
(1) a first electronic device to be authenticated;
The first electronic device is provided on the first electronic device side, generates initial data and confirmation data from the initial data using a predetermined function, and includes the confirmation data and the initial data. Generating means for generating authentication data used for authentication of
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration means provided on the second electronic device side, for restoring the authentication division data to the authentication data;
A confirmation unit that is provided on the second electronic device side and that confirms whether or not the authentication data has been restored by the restoration unit;
The current authentication data generated by the generating means on the first electronic device side is divided by the dividing means into at least two current authentication divided data, and each of the current authentication divided data is divided into the first authentication data. 1 is transmitted from the electronic device side to the second electronic device side, and on the second electronic device side, the restoration unit attempts to restore the authentication data using each of the authentication divided data, and the confirmation unit restores the data. For the initial data of the restored data, confirmation data is generated using the predetermined function, and the generated confirmation data and the confirmation data of the restored data are obtained. In comparison, whether or not the authentication data has been restored is confirmed, and when it is confirmed by the confirmation means that the authentication data has been restored, the second electronic device is the first electronic device. Electronic devices is an authentication system for authenticating as a legitimate partner,
At least one of the current divided data for authentication is transmitted from the first electronic device side to the second electronic device side together with the previous divided authentication data at the time of previous authentication and is not transmitted. The divided authentication data is transmitted from the first electronic device side to the second electronic device side together with at least one of the divided authentication data from the next time.

(2) A first electronic device and a second electronic device that authenticate each other and are authenticated;
Provided on the first electronic device side, generating first initial data and confirmation data from the first initial data using a predetermined function, the confirmation data and the first initial data Generating means for generating authentication data used for authentication of the second electronic device,
A dividing unit that is provided on the first electronic device side and divides authentication data used for authentication of the second electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the second electronic device side and restoring the divided data for authentication divided by the dividing unit on the first electronic device side to the authentication data;
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
Provided on the second electronic device side, generating second initial data and confirmation data from the second initial data using a predetermined function, the confirmation data and the second initial data Generating means for generating authentication data used for authentication of the first electronic device,
A dividing unit that is provided on the second electronic device side and divides authentication data used for authentication of the first electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the first electronic device side and restoring the divided data for authentication divided by the dividing unit on the second electronic device side to the authentication data;
Confirmation means provided on the first electronic device side, for confirming whether or not the authentication data has been restored by the restoration means on the first electronic device side;
The current authentication data generated by the first electronic device side generating means on the first electronic device side is converted into at least two current authentication divided data by the first electronic device side dividing means. Each of the divided data for authentication is transmitted from the first electronic device side to the second electronic device side, and the second electronic device side uses the restoring means on the second electronic device side. Reconstruction is attempted using each of the authentication divided data of the current time, and the predetermined function is used for the first initial data among the restored data restored by the confirmation unit on the second electronic device side. Generating confirmation data, comparing the generated confirmation data with the confirmation data of the restored restoration data to confirm whether the authentication data has been restored, Before by confirmation means When the authentication data has been restored is confirmed, the second electronic device authenticates the first electronic device is a legitimate party,
The current authentication data generated by the second electronic device side generating means on the second electronic device side is converted into at least two current authentication divided data by the second electronic device side dividing means. Each of the divided data for authentication is transmitted from the second electronic device side to the first electronic device side, and the first electronic device side uses the restoring means on the first electronic device side. Reconstruction is attempted using each of the authentication divided data at this time, and the predetermined function is used for the second initial data among the restored data restored by the confirmation means on the first electronic device side. Generating confirmation data, comparing the generated confirmation data with the confirmation data of the restored restoration data to confirm whether the authentication data has been restored, Before by confirmation means When the authentication data has been restored is confirmed, the first electronic device is an authentication system wherein the second electronic device is authenticated as a legitimate party,
At least one of the current authentication divided data divided by the first electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted Transmit the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a batch,
At least one of the current authentication divided data divided by the second electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted An authentication system characterized in that the divided data for authentication this time and at least one of the divided data for authentication after the next time are collectively transmitted to the authentication side.

(3) a first electronic device to be authenticated;
The first electronic device is provided on the first electronic device side, generates initial data and confirmation data from the initial data using a predetermined function, and includes the confirmation data and the initial data. Generating means for generating authentication data used for authentication of
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into first authentication divided data and second authentication divided data by a predetermined dividing method;
A restoring means provided on the second electronic device side, for restoring the first authentication divided data and the second authentication divided data into the authentication data;
An authentication system provided on the second electronic device side and having confirmation means for confirming whether or not the authentication data has been restored by the restoration means;
On the first electronic device side, the current authentication data generated by the generating means at the time of the previous transmission is converted into the current first authentication divided data and the current second authentication data by the dividing means. The first divided data for authentication and the second divided data for authentication this time are collectively transmitted from the first electronic device side to the second electronic device side. On the first electronic device side, the next authentication data generated by the generating means is divided into the next first authentication divided data and the next second authentication divided data by the dividing means. The first authentication divided data and the next second authentication divided data are transmitted in a lump, and the second electronic device side uses the restoring means to transmit the current authentication divided data. First divided data for authentication, and And the confirmation means generates confirmation data using the predetermined function for the initial data of the restored data restored by the confirmation unit, and generates the confirmation data. The confirmed data is compared with the confirmation data in the restored data to confirm whether the authentication data has been restored, and the authentication data is restored by the confirmation means. When it is confirmed that the second electronic device is authenticated, the second electronic device authenticates that the first electronic device is a valid partner.

(4) A first electronic device and a second electronic device to be authenticated with each other,
Provided on the first electronic device side, generating first initial data and confirmation data from the first initial data using a predetermined function, the confirmation data and the first initial data Generating means for generating authentication data used for authentication of the second electronic device,
A division that is provided on the first electronic device side and that divides authentication data used for authentication of the second electronic device into first authentication division data and second authentication division data by a predetermined division method Means,
The first authentication divided data and the second authentication divided data which are provided on the second electronic device side and divided by the dividing means on the first electronic device side are restored to the authentication data. Recovery means to
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
Provided on the second electronic device side, generating second initial data and confirmation data from the second initial data using a predetermined function, the confirmation data and the second initial data Generating means for generating authentication data used for authentication of the first electronic device,
Authentication data provided on the second electronic device side and used for authentication of the first electronic device is divided into the first authentication divided data and the second authentication divided data by a predetermined dividing method. Dividing means to
The first authentication divided data and the second authentication divided data which are provided on the first electronic device side and divided by the dividing means on the second electronic device side are restored to the authentication data. Recovery means to
An authentication system provided on the first electronic device side, and having a confirmation means for confirming whether or not the authentication data has been restored by the restoration means on the first electronic device side;
On the first electronic device side, at the time of the previous transmission, the current authentication data generated by the generating device on the first electronic device side is transferred to the current first data by the dividing device on the first electronic device side. The first divided authentication data and the second divided authentication data are divided into the first divided divided data for authentication and the second divided divided data for authentication this time. Is transmitted from the electronic device side to the second electronic device side, and on the first electronic device side, the next authentication data generated by the generating means on the first electronic device side is transmitted to the first electronic device side. Are divided into the next first divided data for authentication and the second divided data for next authentication, and the second divided data for next authentication and the next second divided data. The divided data for authentication in a batch and the second electronic device The second electronic device side restoration means tries to restore the first authentication divided data and the current second authentication divided data, and the second electronic device side confirmation is performed. Means for generating confirmation data for the first initial data of the restored data using the predetermined function, and the generated confirmation data and the restored data The authentication data is compared to check whether or not the authentication data has been restored. When the confirmation means confirms that the authentication data has been restored, the second electronic The device authenticates that the first electronic device is a valid counterpart,
On the second electronic device side, the current authentication data generated by the generating device on the second electronic device side during the previous transmission is transferred to the current first data by the dividing device on the second electronic device side. The first authentication divided data and the current second authentication divided data are divided into the previous first authentication divided data and the current second authentication divided data. Is transmitted from the electronic device side to the first electronic device side, and on the second electronic device side, the next authentication data generated by the generating means on the second electronic device side is transmitted to the second electronic device side. Is divided into the next first divided data for authentication and the second divided data for next authentication, and the second divided data for next authentication and the next second divided data for authentication. The divided data for authentication in a batch, and the first electronic device In this case, the first restoration means tries to restore the first authentication divided data and the current second authentication divided data, and the first electronic device side confirmation means restores the first authentication divided data. For the second initial data of the restored data, confirmation data is generated using the predetermined function, and the generated confirmation data and the confirmation data of the restored data are confirmed. The first electronic device compares the data with each other to confirm whether the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the first electronic device 2. An authentication system for authenticating that the electronic device of 2 is a legitimate partner.

  (5) The authentication system according to any one of (1) to (4), wherein the function is a HASH function.

(6) a first electronic device to be authenticated;
A generating means provided on the first electronic device side for generating authentication data used for authentication of the first electronic device;
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration means provided on the second electronic device side, for restoring the authentication division data to the authentication data;
A confirmation unit that is provided on the second electronic device side and that confirms whether or not the authentication data has been restored by the restoration unit;
The current authentication data generated by the generating means on the first electronic device side is divided by the dividing means into at least two current authentication divided data, and each of the current authentication divided data is divided into the first authentication data. 1 is transmitted from the electronic device side to the second electronic device side, and the restoration is attempted by the restoration means on the second electronic device side using the respective divided data for authentication at this time. Mirror data that is the same data as the authentication data is generated, and the generated mirror data is compared with the restored data restored by the restoration means to check whether the authentication data has been restored. When the confirmation means confirms that the authentication data has been restored, the second electronic device authenticates that the first electronic device is a valid counterpart. A stem,
At least one of the current divided data for authentication is transmitted from the first electronic device side to the second electronic device side together with the previous divided authentication data at the time of previous authentication and is not transmitted. The divided authentication data is transmitted from the first electronic device side to the second electronic device side together with at least one of the divided authentication data from the next time.

(7) a first electronic device to be authenticated;
A generating means provided on the first electronic device side for generating authentication data used for authentication of the first electronic device;
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into first authentication divided data and second authentication divided data by a predetermined dividing method;
A restoring means provided on the second electronic device side, for restoring the first authentication divided data and the second authentication divided data into the authentication data;
An authentication system provided on the second electronic device side and having confirmation means for confirming whether or not the authentication data has been restored by the restoration means;
On the first electronic device side, the current authentication data generated by the generating means at the time of the previous transmission is converted into the current first authentication divided data and the current second authentication data by the dividing means. The first divided data for authentication and the second divided data for authentication this time are collectively transmitted from the first electronic device side to the second electronic device side. On the first electronic device side, the next authentication data generated by the generating means is divided into the next first authentication divided data and the next second authentication divided data by the dividing means. The first authentication divided data and the next second authentication divided data are transmitted in a lump, and the second electronic device side uses the restoring means to transmit the current authentication divided data. First divided data for authentication, and Each time the second authentication divided data is restored, the confirmation means generates mirror data that is the same data as the authentication data, and the generated mirror data and the restoration means restore the mirror data. Compared with the restored data, it is confirmed whether or not the authentication data has been restored. When the confirmation means confirms that the authentication data has been restored, the second electronic device An authentication system for authenticating that the first electronic device is a legitimate partner.

  (8) The generation unit generates the authentication data based on a predetermined random number equation, and the confirmation unit generates the mirror data based on the same random number equation as the generation unit. Or the authentication system as described in (7).

  (9) The generation unit generates the authentication data based on a predetermined random number formula and an encryption formula, and the confirmation unit generates the mirror based on the same random number formula and the same encryption formula as the generation unit. The authentication system according to (6) or (7), which generates data.

  (10) The generation means substitutes the current authentication data into the random number expression to obtain the next authentication data, and the confirmation means uses the same random number expression as the generation means for the mirror data. The authentication system according to (8) or (9), wherein the next authentication data is obtained by substituting into.

  (11) The generation unit generates the authentication data based on the number of transmissions, and the confirmation unit determines the number of transmissions between the first electronic device and the second electronic device. The authentication system according to (6) or (7), wherein the mirror data is generated based on the authentication data.

  (12) The generation unit generates the authentication data based on the number of transmissions and an encryption method, and the confirmation unit transmits the transmission between the first electronic device and the second electronic device. The authentication system according to (6) or (7), wherein the mirror data is generated based on the number of times and the same encryption method as the generation unit.

  (13) The generating unit generates the authentication data based on a predetermined function, and the checking unit is based on the same function as the function used by the generating unit to generate the authentication data. The authentication system according to (6) or (7), wherein the mirror data is generated.

(14) A first electronic device and a second electronic device to be authenticated and mutually authenticated,
A generating unit that is provided on the first electronic device side and generates authentication data used for authentication of the second electronic device;
A dividing unit that is provided on the first electronic device side and divides authentication data used for authentication of the second electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the second electronic device side and restoring the divided data for authentication divided by the dividing unit on the first electronic device side to the authentication data;
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
A generating means provided on the second electronic device side for generating authentication data used for authentication of the first electronic device;
A dividing unit that is provided on the second electronic device side and divides authentication data used for authentication of the first electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the first electronic device side and restoring the divided data for authentication divided by the dividing unit on the second electronic device side to the authentication data;
Confirmation means provided on the first electronic device side, for confirming whether or not the authentication data has been restored by the restoration means on the first electronic device side;
The current authentication data generated by the first electronic device side generating means on the first electronic device side is converted into at least two current authentication divided data by the first electronic device side dividing means. Each of the divided data for authentication is transmitted from the first electronic device side to the second electronic device side, and the second electronic device side uses the restoring means on the second electronic device side. Attempting restoration using each of the divided data for authentication this time, and generating the mirror data that is the same data as the authentication data by the confirmation means on the second electronic device side, Comparing the restored data restored by the restoring means on the second electronic device side to confirm whether the authentication data has been restored, and the authenticating data being restored by the checking means If it is confirmed, the second electronic device authenticates the first electronic device is a legitimate party,
The current authentication data generated by the second electronic device side generating means on the second electronic device side is converted into at least two current authentication divided data by the second electronic device side dividing means. Each of the divided data for authentication is transmitted from the second electronic device side to the first electronic device side, and the first electronic device side uses the restoring means on the first electronic device side. Attempting restoration using each of the divided data for authentication this time, and generating the mirror data that is the same data as the authentication data by the confirmation means on the first electronic device side, The restoration data restored by the restoration means on the first electronic device side is compared to confirm whether or not the authentication data is restored, and the authentication data is restored by the confirmation means If it is confirmed, the first electronic device is an authentication system wherein the second electronic device is authenticated as a legitimate party,
At least one of the current authentication divided data divided by the first electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted Transmit the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a batch,
At least one of the current authentication divided data divided by the second electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted An authentication system characterized in that the divided data for authentication this time and at least one of the divided data for authentication after the next time are collectively transmitted to the authentication side.

(15) A first electronic device and a second electronic device that authenticate each other and are authenticated;
A generating unit that is provided on the first electronic device side and generates authentication data used for authentication of the second electronic device;
A division that is provided on the first electronic device side and that divides authentication data used for authentication of the second electronic device into first authentication division data and second authentication division data by a predetermined division method Means,
The first authentication divided data and the second authentication divided data which are provided on the second electronic device side and divided by the dividing means on the first electronic device side are restored to the authentication data. Recovery means to
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
A generating means provided on the second electronic device side for generating authentication data used for authentication of the first electronic device;
Authentication data provided on the second electronic device side and used for authentication of the first electronic device is divided into the first authentication divided data and the second authentication divided data by a predetermined dividing method. Dividing means to
The first authentication divided data and the second authentication divided data which are provided on the first electronic device side and divided by the dividing means on the second electronic device side are restored to the authentication data. Recovery means to
An authentication system provided on the first electronic device side, and having a confirmation means for confirming whether or not the authentication data has been restored by the restoration means on the first electronic device side;
On the first electronic device side, at the time of the previous transmission, the current authentication data generated by the generating device on the first electronic device side is transferred to the current first data by the dividing device on the first electronic device side. The first divided authentication data and the second divided authentication data are divided into the first divided divided data for authentication and the second divided divided data for authentication this time. Is transmitted from the electronic device side to the second electronic device side, and on the first electronic device side, the next authentication data generated by the generating means on the first electronic device side is transmitted to the first electronic device side. Are divided into the next first divided data for authentication and the second divided data for next authentication, and the second divided data for next authentication and the next second divided data. The divided data for authentication in a batch and the second electronic device The second electronic device side restoration means tries to restore the first authentication divided data and the current second authentication divided data, and the second electronic device side confirmation is performed. Means for generating mirror data which is the same data as the authentication data, comparing the generated mirror data with the restored data restored by the restoring means on the second electronic device side, It is confirmed whether or not the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the second electronic device is a valid counterpart to the first electronic device. Authenticate
On the second electronic device side, the current authentication data generated by the generating device on the second electronic device side during the previous transmission is transferred to the current first data by the dividing device on the second electronic device side. The first authentication divided data and the current second authentication divided data are divided into the previous first authentication divided data and the current second authentication divided data. Is transmitted from the electronic device side to the first electronic device side, and on the second electronic device side, the next authentication data generated by the generating means on the second electronic device side is transmitted to the second electronic device side. Is divided into the next first divided data for authentication and the second divided data for next authentication, and the second divided data for next authentication and the next second divided data for authentication. The divided data for authentication in a batch, and the first electronic device The first electronic device side restoration means attempts to restore the first authentication divided data and the current second authentication divided data, and the first electronic device side confirmation is performed. Means for generating mirror data that is the same data as the authentication data, comparing the generated mirror data with the restored data restored by the restoring means on the first electronic device side, and It is confirmed whether or not the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the first electronic device is a valid counterpart of the second electronic device. An authentication system characterized by authenticating that

  (16) The first electronic device side generation means generates the authentication data based on a predetermined function, and the first electronic device side confirmation means generates the second electronic device side. The means generates the mirror data based on the same function as the function used to generate the authentication data, and the generation means on the second electronic device side generates the authentication data based on a predetermined function. And generating the mirror data based on the same function as the function used for generating the authentication data by the generating unit on the first electronic device side. The authentication system according to (14) or (15) above.

  (17) The authentication system according to any one of (1) to (16), wherein the transmission is performed via a communication line.

  (18) The authentication system according to (17), wherein the communication line is an Internet line.

(19) a first electronic device to be authenticated;
The first electronic device is provided on the first electronic device side, generates initial data and confirmation data from the initial data using a predetermined function, and includes the confirmation data and the initial data. Generating means for generating authentication data used for authentication of
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration means provided on the second electronic device side, for restoring the authentication division data to the authentication data;
In an authentication system provided on the second electronic device side, and having a confirmation means for confirming whether or not the authentication data has been restored by the restoration means on the second electronic device side,
On the first electronic device side, the current authentication data generated by the generating means is divided into at least two current authentication divided data by the dividing means, and each of the current authentication divided data is Transmission from the first electronic device side to the second electronic device side, the restoration is attempted by the restoration means on the second electronic device side using each of the divided data for authentication this time, by the confirmation means, For the initial data of the restored data, confirmation data is generated using the predetermined function, the generated confirmation data, the confirmation data of the restored data, And confirming whether or not the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the second electronic device An authentication method for electronic devices to authenticate as a legitimate partner,
At least one of the current divided data for authentication is transmitted from the first electronic device side to the second electronic device side together with the previous divided authentication data at the time of previous authentication and is not transmitted. The authentication divided data is transmitted from the first electronic device side to the second electronic device side together with at least one of the divided authentication data from the next time.

(20) A first electronic device and a second electronic device to be authenticated and mutually authenticated,
Provided on the first electronic device side, generating first initial data and confirmation data from the first initial data using a predetermined function, the confirmation data and the first initial data Generating means for generating authentication data used for authentication of the second electronic device,
A dividing unit that is provided on the first electronic device side and divides authentication data used for authentication of the second electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the second electronic device side and restoring the divided data for authentication divided by the dividing unit on the first electronic device side to the authentication data;
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
Provided on the second electronic device side, generating second initial data and confirmation data from the second initial data using a predetermined function, the confirmation data and the second initial data Generating means for generating authentication data used for authentication of the first electronic device,
A dividing unit that is provided on the second electronic device side and divides authentication data used for authentication of the first electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the first electronic device side and restoring the divided data for authentication divided by the dividing unit on the second electronic device side to the authentication data;
An authentication system provided on the first electronic device side and having a confirmation unit for confirming whether or not the authentication data has been restored by the restoration unit;
On the first electronic device side, the current authentication data generated by the first electronic device side generating means is converted into at least two current authentication divided data by the first electronic device side dividing means. Each of the divided data for authentication is transmitted from the first electronic device side to the second electronic device side, and the second electronic device side restore means on the second electronic device side. Then, restoration is attempted using each of the authentication divided data, and the predetermined function is applied to the first initial data among the restored data by the confirmation means on the second electronic device side. Generating confirmation data by using the generated confirmation data and comparing the confirmation data among the restored restoration data to confirm whether the authentication data has been restored; By the confirmation means When it is confirmed that the authentication data has been restored, the second electronic device authenticates that the first electronic device is a valid partner, and the second electronic device side The current authentication data generated by the second generating means is divided into at least two current authentication divided data by the second dividing means, and each of the current authentication divided data is divided into the second electronic data. Transmission is performed from the device side to the first electronic device side, and the first electronic device side attempts to restore the first electronic device using the authentication divided data by the second restoration means. The confirmation means on the side generates confirmation data using the predetermined function for the second initial data of the restored data, and the generated confirmation data and the restored data Restored data And confirming whether or not the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the first electronic device Is an authentication method for authenticating that the second electronic device is a valid counterpart,
At least one of the current authentication divided data divided by the first electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted Transmit the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a batch,
At least one of the current authentication divided data divided by the second electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted An authentication method characterized by transmitting the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a lump.

(21) a first electronic device to be authenticated;
A generating means provided on the first electronic device side for generating authentication data used for authentication of the first electronic device;
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration means provided on the second electronic device side, for restoring the authentication division data to the authentication data;
In an authentication system provided on the second electronic device side, and having a confirmation means for confirming whether or not the authentication data has been restored by the restoration means on the second electronic device side,
On the first electronic device side, the current authentication data generated by the generating means is divided into at least two current authentication divided data by the dividing means, and each of the current authentication divided data is Transmission from the first electronic device side to the second electronic device side, the restoration is attempted by the restoration means on the second electronic device side using each of the divided data for authentication this time, by the confirmation means, Whether or not the authentication data is restored by generating mirror data that is the same data as the authentication data and comparing the generated mirror data with the restored data restored by the restoration means And when the confirmation means confirms that the authentication data has been restored, the second electronic device authenticates that the first electronic device is a valid counterpart. There is provided a method,
At least one of the current divided data for authentication is transmitted from the first electronic device side to the second electronic device side together with the previous divided authentication data at the time of previous authentication and is not transmitted. The authentication divided data is transmitted from the first electronic device side to the second electronic device side together with at least one of the divided authentication data from the next time.

(22) A first electronic device and a second electronic device that authenticate each other and are authenticated;
A generating unit that is provided on the first electronic device side and generates authentication data used for authentication of the second electronic device;
A dividing unit that is provided on the first electronic device side and divides authentication data used for authentication of the second electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the second electronic device side and restoring the divided data for authentication divided by the dividing unit on the first electronic device side to the authentication data;
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
A generating means provided on the second electronic device side for generating authentication data used for authentication of the first electronic device;
A dividing unit that is provided on the second electronic device side and divides authentication data used for authentication of the first electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the first electronic device side and restoring the divided data for authentication divided by the dividing unit on the second electronic device side to the authentication data;
An authentication system provided on the first electronic device side and having a confirmation unit for confirming whether or not the authentication data has been restored by the restoration unit;
On the first electronic device side, the current authentication data generated by the first electronic device side generating means is converted into at least two current authentication divided data by the first electronic device side dividing means. Each of the divided data for authentication this time is transmitted from the first electronic device side to the second electronic device side, and on the second electronic device side, the restoring means on the second electronic device side Then, restoration is attempted using each of the divided data for authentication at this time, and the confirmation means on the second electronic device side generates mirror data that is the same data as the authentication data, and the generated mirror data And the restoration data restored by the restoration means on the second electronic device side to confirm whether or not the authentication data has been restored, and that the authentication data has been restored by the confirmation means. Is confirmed, the second electronic device authenticates that the first electronic device is a valid partner, and is generated by the second generation means on the second electronic device side. The current authentication data is divided into at least two current authentication divided data by the second dividing means, and each of the current authentication divided data is sent from the second electronic device side to the first electronic device. To the first electronic device side, the second restoration unit tries to restore the authentication data using each of the authentication divided data, and the first electronic device side confirmation unit uses the authentication unit for the authentication. The mirror data that is the same data as the data is generated, and the generated mirror data is compared with the restored data restored by the restoration means on the first electronic device side, so that the authentication data is restored. Falcon And when the confirmation means confirms that the authentication data has been restored, the first electronic device authenticates that the second electronic device is a valid counterpart. There,
At least one of the current authentication divided data divided by the first electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted Transmit the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a batch,
At least one of the current authentication divided data divided by the second electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted An authentication method characterized by transmitting the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a lump.

  According to the present invention, even if the authentication data sent from the authenticated side to the authenticating side is stolen by an unauthorized third party, the third party can infer the data necessary for the next authentication. Because you cannot, you can not impersonate the other party at the next authentication. Thereby, the impersonation to the other party by an unjust 3rd party can be prevented easily and reliably.

  DESCRIPTION OF EMBODIMENTS Hereinafter, an authentication system of the present invention will be described in detail based on preferred embodiments shown in the accompanying drawings.

  FIG. 1 is a block diagram showing a server device and a client device of the authentication system of the present invention, FIG. 2 is a diagram showing generation of HASH values and authentication data from initial data, and FIG. The figure which shows 1st Embodiment of an authentication system, FIG. 4 is a figure explaining a confirmation means.

  The authentication system illustrated in FIGS. 1 and 2 is an authentication system that performs data communication via an open network such as an Internet line and performs authentication of a server device with a client device.

  Note that the authentication system of the present invention can also be applied to uses other than the open network (for example, a closed network (private line)).

  As shown in FIG. 1, the authentication system includes a communication line (transmission path) 10, a server device 25, and a client device 24.

  The communication line 10 is provided for communication between the server device 25 and the client device 24.

  The client device 24 includes a control unit 41, a generation unit 42, a division unit 43, a restoration unit 44, a confirmation unit 45, and a storage unit 46.

  The server device 25 includes a control unit 61, a generation unit 62, a division unit 63, a restoration unit 64, a confirmation unit 65, and a storage unit 66.

  The control means 41 and 61 control the overall drive of the server device 25 and the client device 24, respectively.

  The generation units 42 and 62 generate authentication data used for authentication of the server device 25 and the client device 24, respectively.

  Each of the dividing means 43 and 63 divides the authentication data into two pieces of authentication divided data.

  The dividing method by the dividing means 43 and 63 is not particularly limited, but it is preferable to divide by encryption. Of the methods of encrypting and dividing, the secret sharing method is preferable. Examples of other division methods include a method called secret division using an exclusive OR (XOR) operation, and a method of performing encryption using key encryption after physical division.

  Here, the secret sharing method is a method of managing one secret information (secret) by distributing it to a plurality of shared information (shares).

  More specifically, this secret information is distributed and encoded into n pieces (where n is an integer of 2 or more) of distributed information (share), and k pieces of arbitrary distributed information are collected to restore the original secret information. However, the original secret information cannot be restored even if k−1 or less pieces of distributed information are collected. Further, even if each of the shared information (shares) is seen, partial information of the secret information is not known.

At this time, the shared information w _i (i = 1, 2,..., N) is k− using the secret information S, the prime number p, and the random number r _j (j = 1, 2,..., K−1). It can be expressed as the following polynomial (1) from the following polynomial (1). At this time x _i does not contain the same value.

wi = f (xi) (i = 1, 2,..., n) (1)
f (x) = S + r ₁ x + r ₂ x ² +. . . + R _k-1 x ^k-1 (mod p) (2)
Here, mod indicates a remainder.

The principle of the secret sharing method is explained using these equations as follows.
In the equation (1), if y = f (x), the secret information S indicates the y-axis intercept. Since equation (1) is a k−1 order polynomial, when k pieces of distributed information w _i (i = 1, 2,..., N) are collected, the polynomial y = f (x ) Is uniquely determined. However, if only k−1 pieces of distributed information are collected, only k−1 coordinate points are known, and a polynomial cannot be obtained uniquely. Therefore, there is a possibility of passing through all y-axis intercepts. Therefore, I do not know confidential information.

  By using the above secret sharing method, partial information leakage due to each divided shared information can be suitably prevented.

  The restoration means 44 and 64 restore the authentication division data to the authentication data, respectively. These main functions are achieved by the CPUs 40 and 60 provided in the server device 25 and the client device 24, respectively. Each of the storage means 46 and 66 stores authentication divided data and HASH function h (x) (described later) divided by the dividing means of each device. The main functions of the storage means 46 and 66 are achieved by a memory (for example, RAM, ROM, EEPROM, etc.) provided in the server device 25 and the client device 24, a magnetic recording medium, an optical recording medium, a magneto-optical recording medium, or the like. The As the server device 25 and the client device 24, for example, a personal computer can be used.

  The HASH function h (x) refers to a function that is “computatively difficult” to obtain an original value x such that h (x) = y from the function value y.

Further, in the following description, the description that the server device 25 executes using the above-described units is omitted, and the server device 25 simply performs the description. The same applies to the client device 24.

  In the present invention, the function to be used is not limited to the HASH function. The function includes various mathematical expressions.

Hereinafter, an operation (operation) of the authentication system will be described.
First, as shown in FIG. 2, the client device 24 generates initial data 30. Next, the client device 24 performs an operation using the initial data 30 and the HASH function h (x), and generates a HASH value H1 (confirmation data). Next, the authentication data 1 is generated by connecting (adding) the HASH value H1 to the initial data 30.

  Next, as shown in FIG. 3, the generated authentication data 1 is divided into authentication divided data A1 and authentication divided data B1 using the secret sharing method described above (step S101).

Next, the client device 24 stores the authentication divided data A1, and the server device 25 stores the authentication divided data B1 (step S102).
Next, the server apparatus 25 uses the same method (hereinafter referred to as a generation method) for generating the authentication data 1 from the initial data 30 and the HASH function h (x) described above, and uses the authentication data 2 The authentication data 2 is divided into authentication divided data A2 and authentication divided data B2 by using the same method as the authentication data 1 dividing method (step S103). Next, the server device 25 transmits to the client device 24 authentication pair data B1A2 in which the authentication divided data A2 is connected to the authentication divided data B1 (step S104). The server device 25 also stores the divided data for authentication B2.
Next, the client device 24 receives the authentication pair data B1A2 via the communication line 10 (step S105), and tries to restore the authentication divided data A1 and the authentication divided data B1 by the restoring means (step S106). ).

  As shown in FIG. 4, when the predetermined authentication data 50 is restored, the client device 24 next checks whether the restored authentication data 50 is the valid authentication data 1.

Specifically, the client device 24 generates the HASH value H3 for the initial data 101 of the authentication data 50 using the HASH function h (x) stored in the storage unit 46 of the client device 24. Then, it is determined whether or not the HASH value H3 is equal to the HASH value H2 of the restored authentication data 50.
Hereinafter, the above operation is simply referred to as confirmation.

  When the client device 24 determines that the generated HASH value H3 is equal to the HASH value H2 that is connected to the initial data 101 of the restored authentication data 50, the client device 24 determines that the authentication data 50 is Then, it is determined that the authentication data is equal to the authentication data 1, and the server device 25 is authenticated as a valid partner. In addition, the client device 24 stores authentication division data A2. This is the initial setting.

  Next, the server device 25 generates the authentication data 3 and uses the same method as the authentication data 1 dividing method for the authentication data 3 to generate the authentication divided data A3 and the authentication divided data B3. (Step S107). Next, the server device 25 transmits to the client device 24 authentication pair data B2A3 in which the authentication divided data B2 is connected to the authentication divided data B2 (step S108). The server device 25 stores authentication division data B3.

  Next, the client device 24 receives the authentication pair data B2A3 via the communication line 10 (step S109), and tries to restore the authentication divided data A2 and the authentication divided data B2 (step S110). If it is confirmed that the authentication data 2 has been restored, the client device 24 authenticates that the server device 25 is a valid partner. Further, the client device 24 stores the divided data for authentication A3. When the client device 24 authenticates the server device 25 as a legitimate partner, the client device 24 thereafter performs data transmission / reception, for example.

  In the next authentication, the same operation is repeated using the divided data for authentication A3 and B3 (the same applies after the next time).

  In the present embodiment, the authentication data is divided into authentication divided data A1 and authentication divided data B1 for the previous and current transmissions, and transmitted from the server device 25 to the client device 24, and authentication by the previous transmission is performed. Since authentication is performed by confirming that the divided data A2 for authentication and the divided data for authentication B2 obtained by the current transmission are restored, an unauthorized third party transfers the data from the server device 25 to the client device 24 in one transmission. Even if the sent authentication data is stolen, the third party cannot analogize the data required for the next authentication, so it is possible to safely and reliably prevent the next third party server device from being spoofed. can do.

<< Electronic key system >>
Next, an example in which the authentication system of the first embodiment is applied to an electronic key system will be described with reference to FIG. In this embodiment, it is assumed that the electronic key 51 is applied as the server device 25 and the electronic door 52 is applied as the client device 24.

  The electronic key system shown in FIG. 5 includes an electronic key 51, an electronic door 52 provided with a lock means, and a wireless communication line 20.

  The wireless communication line 20 is provided for performing wireless communication between the electronic key 51 and the electronic door 52.

  The electronic key 51 includes control means, generation means, division means, and storage means. The electronic door 52 includes a control unit, a storage unit, a restoration unit, and a confirmation unit. The functions of these means are equivalent to the functions of the means included in the server device 25 and the client device 24 described above.

Hereinafter, an operation (operation) of the electronic key system will be described.
First, when the electronic door 52 recognizes the electronic key 51 by a predetermined operation of the operator (user), the electronic door 52 creates the authentication data 1 from the initial data 30 in the first embodiment. The authentication data 5 is generated using the same method. The authentication data 5 is divided into authentication divided data A1 and authentication divided data B1 using the secret sharing method described above (step S501). Next, the electronic door 52 stores the divided data for authentication A1, and the electronic key 51 stores the divided data for authentication B1 obtained through the communication line 20 (step S502). Next, when the operator operates the electronic key 51, the electronic key 51 generates authentication data 6, and the authentication data 6 is used for authentication using a method similar to the method for dividing the authentication data 5. The data is divided into divided data A2 and authentication divided data B2 (step S503). Next, the authentication pair data B1A2 in which the authentication division data A2 is connected to the authentication division data B1 is transmitted to the electronic door 52 (step S504). Also, the electronic key 51 stores authentication division data B2. Next, the electronic door 52 receives the authentication pair data B1A2 via the communication line 20 (step S505), and tries to restore the authentication divided data A1 and the authentication divided data B1 (step S506). If predetermined authentication data (not shown) is recovered by the restoration attempt, the electronic door 52 confirms the predetermined authentication data, and as a result, the authentication data 5 is confirmed. For example, the electronic door 52 authenticates that the electronic key 51 is a valid partner. The electronic door 52 stores the divided data for authentication A2. This is the initial setting.

  Next, when the operator operates the electronic key 51, the electronic key 51 generates authentication data 7, and the authentication data 7 is divided using the same method as the method for dividing the authentication data 5. The data is divided into data A3 and authentication divided data B3 (step S507). Next, the electronic key 51 transmits the authentication pair data B2A3 in which the authentication divided data B3 is connected to the authentication divided data B2 to the electronic door 52 (step S508). The electronic key 51 stores authentication division data B3.

  Next, the electronic door 52 receives the authentication pair data B2A3 via the communication line 20 (step S509), and tries to restore the authentication divided data A2 and the authentication divided data B2 (step S510). If it is confirmed that the authentication data 6 has been restored, the electronic door 52 authenticates that the electronic key 51 is a valid partner, and sends a signal of a predetermined voltage to the lock means. Thereby, the lock | rock of the electronic door 52 is cancelled | released. The electronic door 52 stores the divided data for authentication A3.

  In the next authentication, the same operation is repeated using the authentication divided data A3 and B3.

  By using the authentication system of the present invention, a secure and reliable electronic key system can be configured.

<< Electronic lock system >>
There is an electronic lock (for example, if a four-digit password provided on a door matches, a signal of a predetermined voltage is applied to the electronic lock and the lock of the electronic lock is released). The electronic lock system is composed of an electronic lock and a lock collation side (side that issues a command to open the lock). The electronic lock releases the lock in response to a command from the key collating side.

  The authentication system of the present invention is applied to this electronic lock system, the electronic lock has the same configuration as the client device 24 of the first embodiment, and the lock verification side has the same configuration as the server device 25 of the first embodiment. . In this system, after authentication, the lock collator sends a command to open the lock. This command unlocks the electronic lock. Thereby, a safe and reliable electronic lock system can be constituted.

  The present embodiment is not limited to the electronic key system and the electronic lock system, and can be applied to other systems.

Next, a second embodiment of the authentication system of the present invention will be described.
FIG. 6 is a diagram for explaining a second embodiment of the authentication system of the present invention.

  Hereinafter, the authentication system 100 according to the second embodiment will be described focusing on the differences from the first embodiment described above, and description of similar matters will be omitted.

  The authentication system 100 according to the second embodiment is different from the first embodiment in that mutual authentication is performed in both the server device 25 and the client device 24.

Hereinafter, an operation (operation) of the authentication system will be described.
First, the client device 24 uses the first initial data (not shown) and the HASH function h (x) to generate the authentication data 11 from the generation method described above, and the server device 25 The authentication data 21 is generated from the generation method described above using the initial data 2 (not shown) and the HASH function h (x). The client device 24 divides the authentication data 11 into divided authentication data A1 and divided authentication data B1, and the server device 25 divides the data 21 into divided authentication data C1 and divided authentication data D1 (step S201). ). The client device 24 stores authentication division data A1 and authentication division data C1, and the server device 25 stores authentication division data B1 and authentication division data D1 (step S202).

  Next, the client device 24 uses the first initial data (not shown) and the HASH function h (x) to generate the data 12 from the above-described generation method, and the data 12 is converted into the authentication divided data A2. The data is divided into authentication divided data B2 (step S203), and authentication divided data A2 is stored.

  Next, the client device 24 transmits to the server device 25 the authentication pair data B2A1 in which the data B1 is connected to the data A1 (step S204). When the server device 25 receives the authentication pair data B2A1 via the communication line 10 (step S205), it tries to restore the authentication divided data A1 and the authentication divided data B1 (step S206). If it is confirmed that the authentication data 11 has been restored, the server device 25 authenticates that the client device 24 is a valid partner. The server device 25 also stores the divided data for authentication B2.

  Next, the server device 25 uses the second initial data (not shown) and the HASH function h (x) to generate the authentication data 22 from the generation method described above, and authenticates the authentication data 22. It divides | segments into the division | segmentation data C2 for authentication, and the division | segmentation data D2 for authentication (step S207), and the division | segmentation data D2 for authentication is stored. Next, the authentication pair data D1C2 is transmitted to the client device 24 (step S208). When the client device 24 receives the authentication pair data D1C2 via the communication line 10 (step S209), it tries to restore the authentication divided data C1 and the authentication divided data D1 (step S210). If it is confirmed that a predetermined predetermined authentication data (not shown) has been restored by the restoration attempt, the client device 24 authenticates that the server device 25 is a valid partner. Further, the client device 24 stores the divided data for authentication C2. This is the initial setting.

  Next, using the first initial data (not shown) and the HASH function h (x), the client device 24 generates data 13 from the above-described generation method, and the data 12 is divided into authentication divided data. The data is divided into A2 and authentication divided data B2 (step S211).

  Next, the authentication pair data B3A2 in which the data B3 is connected to the data A2 is transmitted to the server device 25 (step S212). When the server device 25 receives the authentication pair data B3A2 via the communication line 10 (step S213), it tries to restore the authentication divided data A2 and the authentication divided data B2 (step S214). Further, the server device 25 stores the authentication divided data B3.

  If it is confirmed that the authentication data 12 has been restored, the server device 25 uses the second initial data (not shown) and the HASH function h (x) to authenticate from the generation method described above. Data 23 is generated. The authentication data 23 is divided into divided authentication data C3 and divided authentication data D3 (step S215). The divided data for authentication D3 is stored in the server device 25.

  Next, the authentication pair data D2C3 is transmitted to the client device 24 (step S216). When the client device 24 receives the authentication pair data D2C3 via the communication line 10 (step S217), the client device 24 attempts to restore the authentication divided data C2 and the authentication divided data D2. If it is confirmed that the authentication data 22 has been restored, the client device 24 authenticates that the server device 25 is a valid partner. Further, the client device 24 stores the divided data for authentication C3. When the client device 24 and the server device 25 authenticate each other as a legitimate partner, for example, data transmission / reception is performed thereafter.

  In the next authentication, the same operation is repeated using authentication divided data A3, B3, C3, and D3.

  In the authentication system 100 of the present embodiment, the server device 25 and the client device 24 can perform bidirectional communication, so that efficient authentication can be performed.

Next, a third embodiment of the authentication system of the present invention will be described.
FIG. 7 is a diagram for explaining a third embodiment of the authentication system of the present invention.

  The authentication system 100 according to the third embodiment is different from the first embodiment in that a random number is generated for the data 31 (original data) using a random number expression and authentication is performed.

  In the present embodiment, the present invention is not limited to using the random number, and various functions such as a HASH function can be used. The function includes various mathematical expressions.

Hereinafter, an operation (operation) of the authentication system will be described.
First, the client device 24 generates data 31. Next, the authentication data R1 is generated using the random number expression 110 for the data 31 (step S301). The generated authentication data R1 is divided into divided authentication data A1 and divided authentication data B1 (step S302), and the random number expression 110, the authentication data R1 and the divided authentication data A1 are stored in the client device 24. The random number expression 110, the authentication data R1, and the authentication divided data B1 are stored in the server device 25 (step S303). This is the initial setting.

  Next, the server device 25 generates the authentication data R2 using the random number expression 110 for the authentication data R1 (step S304), and divides it into the authentication divided data A2 and the authentication divided data B2 (step S304). S305). Next, the authentication pair data B1A2 obtained by connecting the authentication division data A2 to the authentication division data B1 is transmitted to the client device 24 (step S306). Further, the authentication data R2 and the data B2 are stored in the server device 25. When the server device 25 receives the authentication pair data B2A1 via the communication line 10 (step S307), it tries to restore the authentication divided data A1 and the authentication divided data B1 using the random number expression 110 (step S307). S308). If it is confirmed that the authentication data R1 has been restored, the client device 24 authenticates the server device 25 as a legitimate partner, and uses the random number formula 110 for the authentication data R1 to authenticate the data (mirror). Data) R2 is created (step S308). Data A2 is stored in the client device 24. When the client device 24 authenticates the server device 25 as a legitimate partner, the client device 24 thereafter performs data transmission / reception, for example.

  In the next authentication, the server device 25 generates the authentication data R3 by using the random number expression 110 for the authentication data R2 (step S310), and divides into the authentication divided data A3 and the authentication divided data B3. (Step S311). Next, the authentication pair data B2A3 obtained by connecting the authentication division data A3 to the authentication division data B2 is transmitted to the client device 24 (step S312). Further, the authentication data R3 and the data B3 are stored in the server device 25. When the server device 25 receives the authentication pair data B3A2 via the communication line 10 (step S313), it tries to restore the authentication divided data A2 and the authentication divided data B2 using the random number expression 110 (step S314). ).

  Specifically, the authentication data (mirror data) R2 on the client device 24 side generated in step S308, the authentication division data A2, and the authentication data R2 restored by the authentication division data B2 are compared. Thus, it is confirmed whether or not the authentication data R2 has been restored.

  If it is confirmed that the authentication data R2 has been restored, the client device 24 authenticates the server device 25 as a valid partner, and uses the random number expression 110 for the authentication data R2 to authenticate the data (mirror). Data) R3 is created (step S315). Data A3 is stored in the client device 24.

  In the next authentication, the same operation is repeated thereafter using the random number expression 110, the authentication data R3, and the authentication divided data A3 and B3.

  In the case of mutual authentication, the client device 24 side and the server device 25 side mutually perform the processing of the present embodiment, as in the second embodiment described above.

  In this embodiment, by using the output (random number value) from the random number expression for the authentication data for creating the authentication divided data, the random value used for each operation for creating the authentication divided data changes, and the random number As long as the formula and the data 31 are not stolen, it is possible to prevent impersonation of the server device 25 by a third party.

  In the present embodiment, the authentication data R1 using a random number expression is used for the data 31. However, the present invention is not limited to this. You can also

  According to the authentication system of the third embodiment, the same effect as that of the first embodiment described above can be obtained.

  In this authentication system, it is possible to prevent impersonation of the server device 25 by a third party more reliably by creating the authentication data R1 using a predetermined random number expression for the data 1.

Next, a fourth embodiment of the authentication system of the present invention will be described.
FIG. 8 is a diagram showing a fourth embodiment of the authentication system of the present invention.
The authentication system according to the fourth embodiment is different from the third embodiment in that authentication is performed by encrypting random data generated using a predetermined random number expression for data 31 using an encryption key generation expression. Yes.

Hereinafter, an operation (operation) of the authentication system will be described.
First, the client device 24 generates data 4. Next, random number data (not shown) is generated using the random number expression 110 for the data 4. The generated random number data is encrypted using the encryption key generation formula 120 to generate authentication data S1 (step S401).

  The created authentication data S1 is divided into divided authentication data A1 and divided authentication data B1 (step S402), and the encryption key generation formula 120, random number formula 110, random number data, and data A1 are stored in the client device 24. The encryption key generation formula 120, the random number formula 110, the authentication data S1, and the authentication divided data B1 are stored in the server device 25 (step S403). This is the initial setting.

  Next, the server device 25 generates the authentication data S2 using the encryption key generation formula 120 and the random number formula 110 for the authentication data S1, and the authentication data S2 is divided into the authentication split data A2 and the authentication split data. Divide into B2 (step S404). Next, the server device 25 transmits the authentication pair data B1A2 in which the authentication divided data A2 is connected to the authentication divided data B1 to the client device 24 (step S405). The server device 25 also stores the divided data for authentication B2. When the server device 25 receives the authentication pair data B2A1 via the communication line 10 (step S406), using the encryption key generation formula 120 and the random number formula 110, the authentication split data A1, the authentication split data B1 and Is restored (step S407). If it is confirmed that the authentication data S1 has been restored, the client device 24 authenticates that the server device 25 is a legitimate partner, and uses the authentication data S1 as an input value to generate the encryption key generation formula 120 and the random number formula. Data for authentication (mirror data) S2 is created from 110 (step S408). In addition, the client device 24 stores authentication division data A2. When the client device 24 authenticates the server device 25 as a legitimate partner, the client device 24 thereafter performs data transmission / reception, for example.

  In the next authentication, the server device 25 generates the authentication data S3 using the random number expression 110 and the encryption key generation expression 120 for the authentication data S2 (step S410), and the authentication divided data A3 and the authentication data S3. The data is divided into divided data B3 (step S411). Next, the authentication pair data B2A3 in which the authentication divided data A3 is connected to the authentication divided data B2 is transmitted to the client device 24 (step S412). Further, the authentication data R3 and the data B3 are stored in the server device 25. When the server device 25 receives the authentication pair data B3A2 via the communication line 10 (step S413), it tries to restore the authentication divided data A2 and the authentication divided data B2 using the random number expression 110 (step S414). ).

  Specifically, the authentication data S2 (mirror data) on the client device 24 side generated in step S408 is compared with the authentication data R2 restored by the authentication split data A2 and the authentication split data B2. Thus, it is confirmed whether or not the authentication data R2 has been restored.

  If it is confirmed that the authentication data S2 has been restored, the client device 24 authenticates the server device 25 as a legitimate partner, and uses the random number expression 110 for the authentication data S2 to authenticate the data (mirror). Data) S3 is created (step S415). Data A3 is stored in the client device 24.

  In the case of mutual authentication, the client device 24 side and the server device 25 side mutually perform the processing of the present embodiment, as in the second embodiment described above.

  In the next authentication, the same operation is repeated thereafter using the random number expression 110, the encryption key generation expression 120, the authentication data S3, and the authentication divided data A3 and B3.

  According to the authentication system of the fourth embodiment, the same effects as those of the first or third embodiment described above can be obtained.

  In this authentication system 100, the authentication data encrypted by using the predetermined encryption key generation formula 120 for the random number data is created to further prevent the third party from impersonating the server device 25. Can do.

  In the present embodiment, the authentication data S1 using the random number expression 110 is used as the data 31. However, the present invention is not limited to this, and for example, authentication data using a mathematical expression based on the number of communications may be used as the data. it can.

According to the authentication system of the present invention, even if the data sent from the server device to the client device is stolen, the data required for the next authentication cannot be inferred. It cannot be impersonated as a device.
Thereby, the impersonation of the server apparatus by the third party can be surely prevented.

  The authentication system of the present invention has been described based on the illustrated embodiment. However, the present invention is not limited to this, and the configuration of each unit is replaced with an arbitrary configuration having the same function. be able to. In addition, any other component may be added to the present invention.

  Further, the present invention may be a combination of any two or more configurations (features) of the above embodiments.

  In each of the embodiments described above, the case where two pieces of data are exchanged has been described. However, the present invention is not limited to this. For example, three or more pieces of data can be exchanged simultaneously.

  In the first, third, and fourth embodiments, the authentication data transmitted from the server device 25 is authenticated by the client device 24. However, the present invention is not limited to this. For example, the authentication data transmitted from the client device is used. The authentication data transmitted from the server device may be authenticated by another server device, or the authentication data transmitted from the client device may be authenticated by another client device. May be.

  In the present invention, a plurality of server devices may be provided, or a plurality of client devices may be provided.

It is a block diagram which shows the server apparatus and client apparatus of the authentication system of this invention. It is a figure which shows the production | generation of the HASH value from initial data, and the data for authentication. It is a figure which shows 1st Embodiment of the authentication system of this invention. It is a figure explaining a confirmation means. It is a figure which shows the Example at the time of applying the authentication system of this invention to an electronic key system. It is a figure which shows 2nd Embodiment of the authentication system of this invention. It is a figure which shows 3rd Embodiment of the authentication system of this invention. It is a figure which shows 4th Embodiment of the authentication system of this invention.

Explanation of symbols

  1, 2, 3, 4, 5, 6, 7, 11, 12, 13, 21, 22, 23, 50 ... authentication data, 10, 20 ... communication line, 24 ... client device, 25 ... Server device, 31 ... Data, 40, 60 ... CPU, 41, 61 ... Control means, 42, 62 ... Generation means, 43, 63 ... Dividing means, 44, 64 ... Restoration means, 45, 65 ... Confirmation means, 46, 66 ... Storage means, 51 ... Electronic key, 52 ... Electronic door, 100 ... Authentication system, 30, 101 ..Initial data, 110 ... random number expression, 120 ... encryption key generation expression, A1, B1, A2, B2, A3, B3, C1, C2, D1, D2, C3, D3 ... authentication division Data, R1, R2, R3, S1, S2, S3... Authentication data, S101 to S11 ... step, S201~S218 ··· step, S301~S315 ··· step, S401~S415 ··· step, S501~S510 ··· step

Claims (22)

A first electronic device to be authenticated;
The first electronic device is provided on the first electronic device side, generates initial data and confirmation data from the initial data using a predetermined function, and includes the confirmation data and the initial data. Generating means for generating authentication data used for authentication of
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration means provided on the second electronic device side, for restoring the authentication division data to the authentication data;
A confirmation unit that is provided on the second electronic device side and that confirms whether or not the authentication data has been restored by the restoration unit;
The current authentication data generated by the generating means on the first electronic device side is divided by the dividing means into at least two current authentication divided data, and each of the current authentication divided data is divided into the first authentication data. 1 is transmitted from the electronic device side to the second electronic device side, and on the second electronic device side, the restoration unit attempts to restore the authentication data using each of the authentication divided data, and the confirmation unit restores the data. For the initial data of the restored data, confirmation data is generated using the predetermined function, and the generated confirmation data and the confirmation data of the restored data are obtained. In comparison, whether or not the authentication data has been restored is confirmed, and when it is confirmed by the confirmation means that the authentication data has been restored, the second electronic device is the first electronic device. Electronic devices is an authentication system for authenticating as a legitimate partner,
At least one of the current divided data for authentication is transmitted from the first electronic device side to the second electronic device side together with the previous divided authentication data at the time of previous authentication and is not transmitted. The divided authentication data is transmitted from the first electronic device side to the second electronic device side together with at least one of the divided authentication data from the next time. A first electronic device and a second electronic device that authenticate each other and are authenticated;
Provided on the first electronic device side, generating first initial data and confirmation data from the first initial data using a predetermined function, the confirmation data and the first initial data Generating means for generating authentication data used for authentication of the second electronic device,
A dividing unit that is provided on the first electronic device side and divides authentication data used for authentication of the second electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the second electronic device side and restoring the divided data for authentication divided by the dividing unit on the first electronic device side to the authentication data;
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
Provided on the second electronic device side, generating second initial data and confirmation data from the second initial data using a predetermined function, the confirmation data and the second initial data Generating means for generating authentication data used for authentication of the first electronic device,
A dividing unit that is provided on the second electronic device side and divides authentication data used for authentication of the first electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the first electronic device side and restoring the divided data for authentication divided by the dividing unit on the second electronic device side to the authentication data;
Confirmation means provided on the first electronic device side, for confirming whether or not the authentication data has been restored by the restoration means on the first electronic device side;
The current authentication data generated by the first electronic device side generating means on the first electronic device side is converted into at least two current authentication divided data by the first electronic device side dividing means. Each of the divided data for authentication is transmitted from the first electronic device side to the second electronic device side, and the second electronic device side uses the restoring means on the second electronic device side. Reconstruction is attempted using each of the authentication divided data of the current time, and the predetermined function is used for the first initial data among the restored data restored by the confirmation unit on the second electronic device side. Generating confirmation data, comparing the generated confirmation data with the confirmation data of the restored restoration data to confirm whether the authentication data has been restored, Before by confirmation means When the authentication data has been restored is confirmed, the second electronic device authenticates the first electronic device is a legitimate party,
The current authentication data generated by the second electronic device side generating means on the second electronic device side is converted into at least two current authentication divided data by the second electronic device side dividing means. Each of the divided data for authentication is transmitted from the second electronic device side to the first electronic device side, and the first electronic device side uses the restoring means on the first electronic device side. Reconstruction is attempted using each of the authentication divided data at this time, and the predetermined function is used for the second initial data among the restored data restored by the confirmation means on the first electronic device side. Generating confirmation data, comparing the generated confirmation data with the confirmation data of the restored restoration data to confirm whether the authentication data has been restored, Before by confirmation means When the authentication data has been restored is confirmed, the first electronic device is an authentication system wherein the second electronic device is authenticated as a legitimate party,
At least one of the current authentication divided data divided by the first electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted Transmit the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a batch,
At least one of the current authentication divided data divided by the second electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted An authentication system characterized in that the divided data for authentication this time and at least one of the divided data for authentication after the next time are collectively transmitted to the authentication side. A first electronic device to be authenticated;
The first electronic device is provided on the first electronic device side, generates initial data and confirmation data from the initial data using a predetermined function, and includes the confirmation data and the initial data. Generating means for generating authentication data used for authentication of
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into first authentication divided data and second authentication divided data by a predetermined dividing method;
A restoring means provided on the second electronic device side, for restoring the first authentication divided data and the second authentication divided data into the authentication data;
An authentication system provided on the second electronic device side and having confirmation means for confirming whether or not the authentication data has been restored by the restoration means;
On the first electronic device side, the current authentication data generated by the generating means at the time of the previous transmission is converted into the current first authentication divided data and the current second authentication data by the dividing means. The first divided data for authentication and the second divided data for authentication this time are collectively transmitted from the first electronic device side to the second electronic device side. On the first electronic device side, the next authentication data generated by the generating means is divided into the next first authentication divided data and the next second authentication divided data by the dividing means. The first authentication divided data and the next second authentication divided data are transmitted in a lump, and the second electronic device side uses the restoring means to transmit the current authentication divided data. First divided data for authentication, and And the confirmation means generates confirmation data using the predetermined function for the initial data of the restored data restored by the confirmation unit, and generates the confirmation data. The confirmed data is compared with the confirmation data in the restored data to confirm whether the authentication data has been restored, and the authentication data is restored by the confirmation means. When it is confirmed that the second electronic device is authenticated, the second electronic device authenticates that the first electronic device is a valid partner. A first electronic device and a second electronic device that authenticate each other and are authenticated;
Provided on the first electronic device side, generating first initial data and confirmation data from the first initial data using a predetermined function, the confirmation data and the first initial data Generating means for generating authentication data used for authentication of the second electronic device,
A division that is provided on the first electronic device side and that divides authentication data used for authentication of the second electronic device into first authentication division data and second authentication division data by a predetermined division method Means,
The first authentication divided data and the second authentication divided data which are provided on the second electronic device side and divided by the dividing means on the first electronic device side are restored to the authentication data. Recovery means to
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
Provided on the second electronic device side, generating second initial data and confirmation data from the second initial data using a predetermined function, the confirmation data and the second initial data Generating means for generating authentication data used for authentication of the first electronic device,
Authentication data provided on the second electronic device side and used for authentication of the first electronic device is divided into the first authentication divided data and the second authentication divided data by a predetermined dividing method. Dividing means to
The first authentication divided data and the second authentication divided data which are provided on the first electronic device side and divided by the dividing means on the second electronic device side are restored to the authentication data. Recovery means to
An authentication system provided on the first electronic device side, and having a confirmation means for confirming whether or not the authentication data has been restored by the restoration means on the first electronic device side;
On the first electronic device side, at the time of the previous transmission, the current authentication data generated by the generating device on the first electronic device side is transferred to the current first data by the dividing device on the first electronic device side. The first divided authentication data and the second divided authentication data are divided into the first divided divided data for authentication and the second divided divided data for authentication this time. Is transmitted from the electronic device side to the second electronic device side, and on the first electronic device side, the next authentication data generated by the generating means on the first electronic device side is transmitted to the first electronic device side. Are divided into the next first divided data for authentication and the second divided data for next authentication, and the second divided data for next authentication and the next second divided data. The divided data for authentication in a batch and the second electronic device The second electronic device side restoration means tries to restore the first authentication divided data and the current second authentication divided data, and the second electronic device side confirmation is performed. Means for generating confirmation data for the first initial data of the restored data using the predetermined function, and the generated confirmation data and the restored data The authentication data is compared to check whether or not the authentication data has been restored. When the confirmation means confirms that the authentication data has been restored, the second electronic The device authenticates that the first electronic device is a valid counterpart,
On the second electronic device side, the current authentication data generated by the generating device on the second electronic device side during the previous transmission is transferred to the current first data by the dividing device on the second electronic device side. The first authentication divided data and the current second authentication divided data are divided into the previous first authentication divided data and the current second authentication divided data. Is transmitted from the electronic device side to the first electronic device side, and on the second electronic device side, the next authentication data generated by the generating means on the second electronic device side is transmitted to the second electronic device side. Is divided into the next first divided data for authentication and the second divided data for next authentication, and the second divided data for next authentication and the next second divided data for authentication. The divided data for authentication in a batch, and the first electronic device In this case, the first restoration means tries to restore the first authentication divided data and the current second authentication divided data, and the first electronic device side confirmation means restores the first authentication divided data. For the second initial data of the restored data, confirmation data is generated using the predetermined function, and the generated confirmation data and the confirmation data of the restored data are confirmed. The first electronic device compares the data with each other to confirm whether the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the first electronic device 2. An authentication system for authenticating that the electronic device of 2 is a legitimate partner.   The authentication system according to claim 1, wherein the function is a HASH function. A first electronic device to be authenticated;
A generating means provided on the first electronic device side for generating authentication data used for authentication of the first electronic device;
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration means provided on the second electronic device side, for restoring the authentication division data to the authentication data;
A confirmation unit that is provided on the second electronic device side and that confirms whether or not the authentication data has been restored by the restoration unit;
The current authentication data generated by the generating means on the first electronic device side is divided by the dividing means into at least two current authentication divided data, and each of the current authentication divided data is divided into the first authentication data. 1 is transmitted from the electronic device side to the second electronic device side, and the restoration is attempted by the restoration means on the second electronic device side using the respective divided data for authentication at this time. Mirror data that is the same data as the authentication data is generated, and the generated mirror data is compared with the restored data restored by the restoration means to check whether the authentication data has been restored. When the confirmation means confirms that the authentication data has been restored, the second electronic device authenticates that the first electronic device is a valid counterpart. A stem,
At least one of the current divided data for authentication is transmitted from the first electronic device side to the second electronic device side together with the previous divided authentication data at the time of previous authentication and is not transmitted. The divided authentication data is transmitted from the first electronic device side to the second electronic device side together with at least one of the divided authentication data from the next time. A first electronic device to be authenticated;
A generating means provided on the first electronic device side for generating authentication data used for authentication of the first electronic device;
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into first authentication divided data and second authentication divided data by a predetermined dividing method;
A restoring means provided on the second electronic device side, for restoring the first authentication divided data and the second authentication divided data into the authentication data;
An authentication system provided on the second electronic device side and having confirmation means for confirming whether or not the authentication data has been restored by the restoration means;
On the first electronic device side, the current authentication data generated by the generating means at the time of the previous transmission is converted into the current first authentication divided data and the current second authentication data by the dividing means. The first divided data for authentication and the second divided data for authentication this time are collectively transmitted from the first electronic device side to the second electronic device side. On the first electronic device side, the next authentication data generated by the generating means is divided into the next first authentication divided data and the next second authentication divided data by the dividing means. The first authentication divided data and the next second authentication divided data are transmitted in a lump, and the second electronic device side uses the restoring means to transmit the current authentication divided data. First divided data for authentication, and Each time the second authentication divided data is restored, the confirmation means generates mirror data that is the same data as the authentication data, and the generated mirror data and the restoration means restore the mirror data. Compared with the restored data, it is confirmed whether or not the authentication data has been restored. When the confirmation means confirms that the authentication data has been restored, the second electronic device An authentication system for authenticating that the first electronic device is a legitimate partner.   8. The generation unit according to claim 6 or 7, wherein the generation unit generates the authentication data based on a predetermined random number equation, and the confirmation unit generates the mirror data based on the same random number equation as the generation unit. Authentication system.   The generating means generates the authentication data based on a predetermined random number expression and an encryption expression, and the confirmation means generates the mirror data based on the same random number expression and the same encryption expression as the generation means. The authentication system according to claim 6 or 7.   The generation unit substitutes the current authentication data into the random number formula to obtain the next authentication data, and the confirmation unit substitutes the current mirror data into the same random number formula as the generation unit. The authentication system according to claim 8 or 9, wherein the next authentication data is obtained.   The generating means generates the authentication data based on the number of transmissions, and the confirmation means is based on the number of transmissions between the first electronic device and the second electronic device. The authentication system according to claim 6 or 7, wherein the mirror data is generated.   The generation means generates the authentication data based on the number of transmissions and an encryption formula, and the confirmation means includes the number of transmissions between the first electronic device and the second electronic device. The authentication system according to claim 6 or 7, wherein the mirror data is generated based on the same encryption formula as that of the generation means.   The generation unit generates the authentication data based on a predetermined function, and the confirmation unit determines the mirror data based on the same function as the function used by the generation unit to generate the authentication data. The authentication system according to claim 6 or 7, wherein: A first electronic device and a second electronic device that authenticate each other and are authenticated;
A generating unit that is provided on the first electronic device side and generates authentication data used for authentication of the second electronic device;
A dividing unit that is provided on the first electronic device side and divides authentication data used for authentication of the second electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the second electronic device side and restoring the divided data for authentication divided by the dividing unit on the first electronic device side to the authentication data;
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
A generating means provided on the second electronic device side for generating authentication data used for authentication of the first electronic device;
A dividing unit that is provided on the second electronic device side and divides authentication data used for authentication of the first electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the first electronic device side and restoring the divided data for authentication divided by the dividing unit on the second electronic device side to the authentication data;
Confirmation means provided on the first electronic device side, for confirming whether or not the authentication data has been restored by the restoration means on the first electronic device side;
The current authentication data generated by the first electronic device side generating means on the first electronic device side is converted into at least two current authentication divided data by the first electronic device side dividing means. Each of the divided data for authentication is transmitted from the first electronic device side to the second electronic device side, and the second electronic device side uses the restoring means on the second electronic device side. Attempting restoration using each of the divided data for authentication this time, and generating the mirror data that is the same data as the authentication data by the confirmation means on the second electronic device side, Comparing the restored data restored by the restoring means on the second electronic device side to confirm whether the authentication data has been restored, and the authenticating data being restored by the checking means If it is confirmed, the second electronic device authenticates the first electronic device is a legitimate party,
The current authentication data generated by the second electronic device side generating means on the second electronic device side is converted into at least two current authentication divided data by the second electronic device side dividing means. Each of the divided data for authentication is transmitted from the second electronic device side to the first electronic device side, and the first electronic device side uses the restoring means on the first electronic device side. Attempting restoration using each of the divided data for authentication this time, and generating the mirror data that is the same data as the authentication data by the confirmation means on the first electronic device side, The restoration data restored by the restoration means on the first electronic device side is compared to confirm whether or not the authentication data is restored, and the authentication data is restored by the confirmation means If it is confirmed, the first electronic device is an authentication system wherein the second electronic device is authenticated as a legitimate party,
At least one of the current authentication divided data divided by the first electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted Transmit the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a batch,
At least one of the current authentication divided data divided by the second electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted An authentication system characterized in that the divided data for authentication this time and at least one of the divided data for authentication after the next time are collectively transmitted to the authentication side. A first electronic device and a second electronic device that authenticate each other and are authenticated;
A generating unit that is provided on the first electronic device side and generates authentication data used for authentication of the second electronic device;
A division that is provided on the first electronic device side and that divides authentication data used for authentication of the second electronic device into first authentication division data and second authentication division data by a predetermined division method Means,
The first authentication divided data and the second authentication divided data which are provided on the second electronic device side and divided by the dividing means on the first electronic device side are restored to the authentication data. Recovery means to
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
A generating means provided on the second electronic device side for generating authentication data used for authentication of the first electronic device;
Authentication data provided on the second electronic device side and used for authentication of the first electronic device is divided into the first authentication divided data and the second authentication divided data by a predetermined dividing method. Dividing means to
The first authentication divided data and the second authentication divided data which are provided on the first electronic device side and divided by the dividing means on the second electronic device side are restored to the authentication data. Recovery means to
An authentication system provided on the first electronic device side, and having a confirmation means for confirming whether or not the authentication data has been restored by the restoration means on the first electronic device side;
On the first electronic device side, at the time of the previous transmission, the current authentication data generated by the generating device on the first electronic device side is transferred to the current first data by the dividing device on the first electronic device side. The first divided authentication data and the second divided authentication data are divided into the first divided divided data for authentication and the second divided divided data for authentication this time. Is transmitted from the electronic device side to the second electronic device side, and on the first electronic device side, the next authentication data generated by the generating means on the first electronic device side is transmitted to the first electronic device side. Are divided into the next first divided data for authentication and the second divided data for next authentication, and the second divided data for next authentication and the next second divided data. The divided data for authentication in a batch and the second electronic device The second electronic device side restoration means tries to restore the first authentication divided data and the current second authentication divided data, and the second electronic device side confirmation is performed. Means for generating mirror data which is the same data as the authentication data, comparing the generated mirror data with the restored data restored by the restoring means on the second electronic device side, It is confirmed whether or not the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the second electronic device is a valid counterpart to the first electronic device. Authenticate
On the second electronic device side, the current authentication data generated by the generating device on the second electronic device side during the previous transmission is transferred to the current first data by the dividing device on the second electronic device side. The first authentication divided data and the current second authentication divided data are divided into the previous first authentication divided data and the current second authentication divided data. Is transmitted from the electronic device side to the first electronic device side, and on the second electronic device side, the next authentication data generated by the generating means on the second electronic device side is transmitted to the second electronic device side. Is divided into the next first divided data for authentication and the second divided data for next authentication, and the second divided data for next authentication and the next second divided data for authentication. The divided data for authentication in a batch, and the first electronic device The first electronic device side restoration means attempts to restore the first authentication divided data and the current second authentication divided data, and the first electronic device side confirmation is performed. Means for generating mirror data that is the same data as the authentication data, comparing the generated mirror data with the restored data restored by the restoring means on the first electronic device side, and It is confirmed whether or not the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the first electronic device is a valid counterpart of the second electronic device. An authentication system characterized by authenticating that   The generation means on the first electronic device side generates the authentication data based on a predetermined function, and the confirmation means on the first electronic device side is the generation means on the second electronic device side. The mirror data is generated based on the same function as the function used for generating the authentication data, and the generation unit on the second electronic device side generates the authentication data based on a predetermined function, 15. The confirmation unit on the second electronic device side generates the mirror data based on the same function as the function used by the generation unit on the first electronic device side to generate the authentication data. Or the authentication system of 15.   The authentication system according to claim 1, wherein the transmission is performed via a communication line.   The authentication system according to claim 17, wherein the communication line is an Internet line. A first electronic device to be authenticated;
The first electronic device is provided on the first electronic device side, generates initial data and confirmation data from the initial data using a predetermined function, and includes the confirmation data and the initial data. Generating means for generating authentication data used for authentication of
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration means provided on the second electronic device side, for restoring the authentication division data to the authentication data;
In an authentication system provided on the second electronic device side, and having a confirmation means for confirming whether or not the authentication data has been restored by the restoration means on the second electronic device side,
On the first electronic device side, the current authentication data generated by the generating means is divided into at least two current authentication divided data by the dividing means, and each of the current authentication divided data is Transmission from the first electronic device side to the second electronic device side, the restoration is attempted by the restoration means on the second electronic device side using each of the divided data for authentication this time, by the confirmation means, For the initial data of the restored data, confirmation data is generated using the predetermined function, the generated confirmation data, the confirmation data of the restored data, And confirming whether or not the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the second electronic device An authentication method for electronic devices to authenticate as a legitimate partner,
At least one of the current divided data for authentication is transmitted from the first electronic device side to the second electronic device side together with the previous divided authentication data at the time of previous authentication and is not transmitted. The authentication divided data is transmitted from the first electronic device side to the second electronic device side together with at least one of the divided authentication data from the next time. A first electronic device and a second electronic device that authenticate each other and are authenticated;
Provided on the first electronic device side, generating first initial data and confirmation data from the first initial data using a predetermined function, the confirmation data and the first initial data Generating means for generating authentication data used for authentication of the second electronic device,
A dividing unit that is provided on the first electronic device side and divides authentication data used for authentication of the second electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the second electronic device side and restoring the divided data for authentication divided by the dividing unit on the first electronic device side to the authentication data;
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
Provided on the second electronic device side, generating second initial data and confirmation data from the second initial data using a predetermined function, the confirmation data and the second initial data Generating means for generating authentication data used for authentication of the first electronic device,
A dividing unit that is provided on the second electronic device side and divides authentication data used for authentication of the first electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the first electronic device side and restoring the divided data for authentication divided by the dividing unit on the second electronic device side to the authentication data;
An authentication system provided on the first electronic device side and having a confirmation unit for confirming whether or not the authentication data has been restored by the restoration unit;
On the first electronic device side, the current authentication data generated by the first electronic device side generating means is converted into at least two current authentication divided data by the first electronic device side dividing means. Each of the divided data for authentication is transmitted from the first electronic device side to the second electronic device side, and the second electronic device side restore means on the second electronic device side. Then, restoration is attempted using each of the authentication divided data, and the predetermined function is applied to the first initial data among the restored data by the confirmation means on the second electronic device side. Generating confirmation data by using the generated confirmation data and comparing the confirmation data among the restored restoration data to confirm whether the authentication data has been restored; By the confirmation means When it is confirmed that the authentication data has been restored, the second electronic device authenticates that the first electronic device is a valid partner, and the second electronic device side The current authentication data generated by the second generating means is divided into at least two current authentication divided data by the second dividing means, and each of the current authentication divided data is divided into the second electronic data. Transmission is performed from the device side to the first electronic device side, and the first electronic device side attempts to restore the first electronic device using the authentication divided data by the second restoration means. The confirmation means on the side generates confirmation data using the predetermined function for the second initial data of the restored data, and the generated confirmation data and the restored data Restored data And confirming whether or not the authentication data has been restored, and when the confirmation means confirms that the authentication data has been restored, the first electronic device Is an authentication method for authenticating that the second electronic device is a valid counterpart,
At least one of the current authentication divided data divided by the first electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted Transmit the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a batch,
At least one of the current authentication divided data divided by the second electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted An authentication method characterized by transmitting the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a lump. A first electronic device to be authenticated;
A generating means provided on the first electronic device side for generating authentication data used for authentication of the first electronic device;
A second electronic device for authenticating the first electronic device;
A dividing unit provided on the first electronic device side, for dividing the authentication data into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration means provided on the second electronic device side, for restoring the authentication division data to the authentication data;
In an authentication system provided on the second electronic device side, and having a confirmation means for confirming whether or not the authentication data has been restored by the restoration means on the second electronic device side,
On the first electronic device side, the current authentication data generated by the generating means is divided into at least two current authentication divided data by the dividing means, and each of the current authentication divided data is Transmission from the first electronic device side to the second electronic device side, the restoration is attempted by the restoration means on the second electronic device side using each of the divided data for authentication this time, by the confirmation means, Whether or not the authentication data is restored by generating mirror data that is the same data as the authentication data and comparing the generated mirror data with the restored data restored by the restoration means And when the confirmation means confirms that the authentication data has been restored, the second electronic device authenticates that the first electronic device is a valid counterpart. There is provided a method,
At least one of the current divided data for authentication is transmitted from the first electronic device side to the second electronic device side together with the previous divided authentication data at the time of previous authentication and is not transmitted. The authentication divided data is transmitted from the first electronic device side to the second electronic device side together with at least one of the divided authentication data from the next time. A first electronic device and a second electronic device that authenticate each other and are authenticated;
A generating unit that is provided on the first electronic device side and generates authentication data used for authentication of the second electronic device;
A dividing unit that is provided on the first electronic device side and divides authentication data used for authentication of the second electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the second electronic device side and restoring the divided data for authentication divided by the dividing unit on the first electronic device side to the authentication data;
Confirmation means provided on the second electronic device side, for confirming whether or not the authentication data has been restored by the restoration means;
A generating means provided on the second electronic device side for generating authentication data used for authentication of the first electronic device;
A dividing unit that is provided on the second electronic device side and divides authentication data used for authentication of the first electronic device into at least two pieces of authentication divided data by a predetermined dividing method;
A restoration unit provided on the first electronic device side and restoring the divided data for authentication divided by the dividing unit on the second electronic device side to the authentication data;
An authentication system provided on the first electronic device side and having a confirmation unit for confirming whether or not the authentication data has been restored by the restoration unit;
On the first electronic device side, the current authentication data generated by the first electronic device side generating means is converted into at least two current authentication divided data by the first electronic device side dividing means. Each of the divided data for authentication this time is transmitted from the first electronic device side to the second electronic device side, and on the second electronic device side, the restoring means on the second electronic device side Then, restoration is attempted using each of the divided data for authentication at this time, and the confirmation means on the second electronic device side generates mirror data that is the same data as the authentication data, and the generated mirror data And the restoration data restored by the restoration means on the second electronic device side to confirm whether or not the authentication data has been restored, and that the authentication data has been restored by the confirmation means. Is confirmed, the second electronic device authenticates that the first electronic device is a valid partner, and is generated by the second generation means on the second electronic device side. The current authentication data is divided into at least two current authentication divided data by the second dividing means, and each of the current authentication divided data is sent from the second electronic device side to the first electronic device. To the first electronic device side, the second restoration unit tries to restore the authentication data using each of the authentication divided data, and the first electronic device side confirmation unit uses the authentication unit for the authentication. The mirror data that is the same data as the data is generated, and the generated mirror data is compared with the restored data restored by the restoration means on the first electronic device side, so that the authentication data is restored. Falcon And when the confirmation means confirms that the authentication data has been restored, the first electronic device authenticates that the second electronic device is a valid counterpart. There,
At least one of the current authentication divided data divided by the first electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted Transmit the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a batch,
At least one of the current authentication divided data divided by the second electronic device is transmitted together with the previous authentication divided data at the time of previous authentication, and the untransmitted An authentication method characterized by transmitting the divided data for authentication this time and at least one of the divided data for authentication after the next time to the authentication side in a lump.

Images