JP4704148B2 - User authentication system, authentication device, terminal device, and computer program - Google Patents

Description

  The present invention relates to a user authentication system, an authentication device, a terminal device, and a computer program.

In a user authentication method in a general service system, a user expiration date indicating a period during which the system can be used is set for each user, and the user expiration date of each user is held on the server side during user authentication. The user expiration date of the user is checked. Alternatively, an expiration date of the same period as the expiration date of the user is given to authentication information such as a password used by the user for authentication, and the expiration date of the password is regarded as the expiration date of the user. For example, TESLA (Timed Efficient Stream Loss-tolerant Authentication) disclosed in Non-Patent Document 1 is known as an authentication method for giving a certain expiration date to authentication information. In TESLA, a series of keys (Key Chain) is first generated using a one-way function. Then, an expiration period (interval duration) of each key is determined, and the key is updated as needed for each unit interval. The data sender selects a key that is currently valid from the time of transmission. Then, a message authentication code (MAC) of the transmission data is created using the selected key, and the message authentication code is added to the transmission data for transmission. In TESLA, after a certain period of time (key disclosure delay), the previously valid key is disclosed to all. The data receiver verifies the message authenticator of the received data after the corresponding key is disclosed.
A. Perrig, et al., “Efficient Authentication and Signature of Multicast Streams over Lossy Channels”, IEEE Symposium on Research in Security and Privacy, pp 56-73, May 2000.

  However, in the user authentication method in the conventional general service system described above, the expiration date for each user must be updated and held on the server side as appropriate. Further, since the user expiration date and the password are managed separately, the user expiration date and the password are separately verified at the time of user authentication, and the processing on the server side becomes complicated. Further, in order to set the expiration date for the password and to update the password as appropriate in order to ensure the security of the password, a separate dedicated system is required, and password management becomes complicated. For this reason, normally the user expiration date is also applied as the password expiration date, and the same password is used until the expiration date, but the defense capability against fraud such as user impersonation is reduced. There's a problem.

  In TESLA mentioned above, since the message authenticator cannot be verified until the key that created the message authenticator is released, the receiver buffers the received data until the corresponding key is released. There is a need to. For this reason, since a slight waiting time is required until the received data is authenticated, the expiration date of the sender of the data cannot be determined immediately. Furthermore, when a large amount of data is transmitted by an attacker, there is a problem that the buffer overflows and normal data is discarded. If the key expiration period is set short, the waiting time is shortened. However, the transmitted data is judged to be the data after the key has been released, even though it is within the validity period. May be adversely affected and may adversely affect system throughput.

  The present invention has been made in consideration of such circumstances, and an object of the present invention is to provide a user authentication system, an authentication device, and a terminal device capable of centrally managing user expiration dates and updating passwords. There is.

  Another object of the present invention is to provide a computer program for realizing the authentication device and terminal device of the present invention using a computer.

  In order to solve the above-described problem, a user authentication system according to the present invention is a user authentication system including a user terminal device and an authentication device that performs authentication of the user, and the authentication device has a one-way function. Password generating means for generating a series of first password groups by repetitive calculation; password management means for associating a series of expiration dates in reverse order to the password generation order for each password in the first password group; and the user Seed selection means for adopting as a seed the password having an expiration date including the end point of the user expiration date, and transmission means for transmitting password expiration date information relating to the seed and the first password group to the terminal device, Receiving means for receiving an authentication password from the terminal device and valid when the authentication password is received The password selecting means for selecting a verification password from the first password group, the authentication password and the verification password are compared, and if they match, it is determined that the authentication is successful, whereas if they do not match, the authentication fails. Determining means for determining that the terminal device receives a seed and password expiration date information from the authentication device, and uses the received seed as an initial value of an argument as a common argument with the authentication device. Password generating means for generating a series of second password groups by iterative calculation of direction functions, and for each password in the second password group based on the received password expiration date information, in the reverse order of the password generation order, A password management means for associating a series of expiration dates, and a password that is currently valid at the time of authentication. It includes a password selecting means for selecting from Seward group, and a transmitting means for transmitting the selected password to the authentication device, and wherein the.

  In the user authentication system according to the present invention, in the authentication device, in the case of the mismatch, the determination unit again uses the value of the one-way function with the verification password as an argument as a verification password, A comparison is made, and if they match, it is determined that the authentication is successful.

  In the user authentication system according to the present invention, the password management means includes a table for storing each password of the password group and each expiration date in association with each other.

  In the user authentication system according to the present invention, the password selection means generates a password to be selected at the time of selection by the password generation means.

  In the user authentication system according to the present invention, the password management means manages an expiration date based on a time of a clock in the own device.

  In the user authentication system according to the present invention, the password management means starts a timer at the time of sending and receiving the seed and password expiration date information, and manages the expiration date based on the time of the timer. .

  An authentication device according to the present invention is an authentication device that authenticates the user with a user terminal device, a password generation unit that generates a series of first password groups by repetitive calculation of a one-way function, and the first For each password in one password group, password management means for associating a series of expiration dates in the reverse order of password generation, and the password having an expiration date including the end point of the user expiration date of the user as a seed A seed selecting means for transmitting, a transmitting means for transmitting password expiration date information relating to the seed and the first password group to the terminal device, a receiving means for receiving an authentication password from the terminal device, and the authentication password received Password selecting means for selecting a verification password effective at the time from the first password group, and the authentication Comparing the password with the verification password, determines the authentication success if they match, on the other hand, characterized by comprising a determination means that the authentication failure when disagreement.

  A terminal device according to the present invention is a terminal device that authenticates a user with an authentication device, a receiving unit that receives seed and password expiration information from the authentication device, and an initial value of an argument for the received seed As a password generation means for generating a series of second password groups by repetitive calculation of a one-way function common to the authentication device, and each password in the second password group based on the received password expiration date information, Password management means for associating a series of expiration dates in reverse order of password generation, password selection means for selecting a currently valid password from the second password group at the time of authentication, and the selected password for the authentication device And transmitting means for transmitting to.

A computer program according to the present invention is a computer program for performing server processing for authenticating a user with a user terminal device, and generates a series of first password groups by repetitive calculation of a one-way function. For each password in the first password group, a password generation function, a password management function for associating a series of expiration dates in reverse order to the password generation sequence, and an expiration date including the end point of the user expiration date of the user A seed selection function that employs the password as a seed; a transmission function that transmits password expiration date information relating to the seed and the first password group to the terminal apparatus; and a reception function that receives an authentication password from the terminal apparatus; , A valid verification password when the authentication password is received is the first password A password selection function that selects from a password group, and a determination function that compares the authentication password and the verification password, determines that the authentication is successful if they match, and determines that the authentication fails if they do not match Is realized by a computer.
Thereby, the above-described authentication device can be realized using a computer.

A computer program according to the present invention is a computer program for performing a client process for authenticating a user with an authentication device, the receiving function receiving seed and password expiration information from the authentication device, and the reception Based on the received password expiry information, a password generation function for generating a series of second password groups by using a repeated one-way function common to the authentication device with the seed as an initial value of the argument For each password in the group, a password management function that associates a series of expiration dates in reverse order of the password generation order, a password selection function that selects a currently valid password from the second password group at the time of authentication, A transmission function for transmitting the selected password to the authentication device. Characterized in that to realize the Yuta.
As a result, the terminal device described above can be realized using a computer.

  According to the present invention, it is possible to centrally manage user expiration dates and update passwords.

Hereinafter, an embodiment of the present invention will be described with reference to the drawings.
FIG. 1 is a block diagram showing a configuration of a user authentication system according to an embodiment of the present invention. The user authentication system illustrated in FIG. 1 includes a server device 10 and a client device 20. The server device 10 and the client device 20 include communication units 11 and 21, respectively, and transmit / receive data to / from each other via a communication network. The communication units 11 and 21 perform highly secure data communication using encryption or the like.

  In the server device 10, the processing unit 12 performs server processing related to user authentication. The storage unit 13 stores various data related to the server process. In the client device 20, the processing unit 22 performs client processing related to user authentication. The storage unit 23 stores various data related to the client process.

  Hereinafter, each example according to the present embodiment will be described in detail.

The user authentication method according to the first embodiment includes a preparation phase and an authentication phase.
First, the preparation phase according to the first embodiment will be described with reference to FIG.
FIG. 2 is a sequence diagram in the preparation phase of the first embodiment according to the present invention. In FIG. 2, first, the server device 10 generates a master key MK in advance (step S1), and generates and stores a series of password groups by iterative calculation of a one-way function using the master key MK as an initial value of an argument. (Step S2).

In the password group generation processing, as shown in the flowchart of FIG. 3, first, a master key MK is set for the password _Pn (step S11). Next, password generation using the hash function h, which is a one-way function, is repeated n times using the password P _n as an initial value of an argument, thereby newly generating n passwords (steps S12 to S15). In the password generation step (steps S13 and S14), a hash value h (P _{j + 1} ) using the password P _{j + 1} as an argument of the hash function h is calculated, and the hash value h (P _{j + 1} ) is stored as the password P _j . However, j = n−1, n−2,..., 1, 0.
This by repeating the password generation step, n number of passwords from a password P _n is newly generated, the sum of (n + 1) Password P ₀ to P _n is generated and stored.

The (n + 1) passwords P _{0 to} P _n are stored in association with the expiration dates of the passwords P _{0 to} P _n . FIG. 4 shows an example of assigning expiration dates for the passwords P _{0 to} P _n . As shown in FIG. 4, each of the passwords P _{0 to} P _n is assigned with (n + 1) consecutive periods _{0 to n} divided as the respective expiration dates. The length of each period 0-n is a fixed time T. FIG. 5 shows a configuration example of the password management table 131 that stores the passwords P _{0 to} P _n and their respective expiration dates. As shown in FIG. 5, the passwords P _{0 to} P _n are stored in the password management table 131 in association with the periods _{0 to n} assigned as their own expiration dates.

  Returning to FIG. 2, the server device 10 then receives terminal attribute information from the client device 20 (step S <b> 3). As the attribute information of the terminal, for example, an attribute related to a user who uses the client device 20, position information where the client device 20 exists, and the like can be cited.

  Next, the server device 10 determines the length of the user expiration date of the user according to a predetermined rule based on the received terminal attribute information (step S4). The user expiration date is an integer multiple of a fixed time T that is the expiration date per password. Next, the server device 10 generates a seed that can generate passwords for a period corresponding to the determined user expiration length (step S5).

  In the seed generation process, first, the switching time between the period including the current time and the next period following the period is checked from the password management table 131, and the switching time is adopted as the first password use start time TS. . Next, the password management table 131 is used to check the period in which the user expiration date has elapsed from the use start time TS, and the password associated with the checked period is obtained from the password management table 131. Adopted for seed SD. Next, the number of periods existing from the use start time TS to the period corresponding to the password adopted for the seed SD is checked from the password management table 131, and the number of periods is used as the number Q of passwords generated from the seed SD. adopt. Further, the expiration date length per password (password effective time TP) is a predetermined time T.

The seed generation process described above will be described more specifically using the example shown in FIG. Here, the data example of the password management table 131 in FIG. 5 is used.
In the example of FIG. 6, the fixed time T is 60 seconds, and the user expiration date is 5 minutes. 6, a period including the current time is a period associated with the password P ₁ 1 (see FIG. 5), the time of switching of the next period 2 following the said period between 1 in 2 hours, 0 minutes, is there. Therefore, the use start time TS is set to 2: 0. Next, the period during which the use start time 2:00 0 to 5 minutes elapsed time "2 o'clock 5 minutes" of a user expiration date length, which is the is the period at the end is, in the period 6 that is associated with the password P ₆ is there. Therefore, seed SD uses a password _{P 6.} Next, the number of periods existing from the use start time TS “2: 0” to the period 6 corresponding to the password P ₆ as the seed SD is the password P ₂ , P ₃ , P ₄ , P ₅ . There are four periods 2, 3, 4, and 5 corresponding to each. Accordingly, the number Q of passwords generated from the seed SD (password P ₆ ) is set to four. The password valid time TP is set to a fixed time T “60 seconds”.

Thus, four passwords P ₅ , P ₄ , P ₃ , and P ₂ that are “the number Q of passwords to be generated” are generated in order from the password P ₆ that is the seed SD, using the hash function h. be able to. The passwords P ₂ , P ₃ , P ₄ , P ₅ , and P ₆ are valid only during the corresponding periods ₂ , ₃ , ₄ , ₅ , and ₆ respectively. Therefore, these five passwords P ₂ , P ₃ , P ₄ , P ₅ , and P _{6 form} a password group corresponding to the user expiration date length “5 minutes”. In other words, the password P ₂ is a made of the first enabled, the use start time TS is 0 minutes 2:00, the expiration date is up to 1 pm 2 pm 0 minutes to 2. Password P ₃ is a one that is valid in the following password P _2, the expiration date is up to 2 hours 2 minutes minutes to 2 pm 1. Thereafter, the password becomes valid in the order of the passwords P ₄ , P ₅ , and P ₆ every “60 seconds” that is the password valid time TP, and at 2: 5, which is the time when the last password P ₆ expires, The passwords P ₂ , P ₃ , P ₄ , P ₅ and P ₆ are invalid.

  Returning to FIG. 2, the server device 10 then transmits the seed SD, the password valid time TP, the number Q of passwords to be generated, and the use start time TS to the client device 20 (step S6). Here, the password expiration time TP, the number Q of passwords to be generated, and the use start time TS are information (user expiration date information) for specifying the user expiration date. That is, the period from the use start time TS to the time when “password valid time TP × number of generated passwords Q” has elapsed is the user valid period. Furthermore, it is information (password expiration date information) that specifies the expiration date of each password. That is, each period from the use start time TS every password valid time TP becomes the validity period of each password.

  Next, the client device 20 generates and stores a series of password groups by iterative calculation of a one-way function using the seed SD as an initial value of an argument based on the information such as the seed SD received from the server device 10 (step) S7). In this password group generation process, password generation using the hash function h, which is a one-way function, with the seed SD as an initial value of an argument is repeated “number Q of passwords to be generated” times to newly generate Q passwords P Is generated.

The password group generation processing of the client device 20 will be described more specifically using the example of FIG. 6 above. First, the hash value h (P ₆ ) using the seed SD (password P ₆ ) as an argument of the hash function h. ) And the hash value h (P ₆ ) is stored as the password P ₅ . Next, a hash value h (P ₅ ) using the password P ₅ as an argument of the hash function h is calculated, and the hash value h (P ₅ ) is stored as the password P ₄ . This operation is repeated four times in total, and four passwords P ₅ , P ₄ , P ₃ , P ₂ that are “the number Q of passwords to be generated” are sequentially generated and stored. As a result, a total of five passwords P ₂ , P ₃ , P ₄ , P ₅ , P ₆ including the password P ₆ as the seed SD are generated and stored.
Note that the hash function h used in the client device 20 is the same as that used in the server device 10 and is shared with the server device 10 in advance.

Further, the Q passwords P generated by the client device 20 are stored in association with the expiration date of each password P. The expiration date of each password P is calculated from the use start time TS and the password expiration time TP. This expiration date calculation process, In more detail using the example of FIG. 6, for the first password P _2, password expiration time TP "60 seconds" from the use start time TS "0 pm 2" Minute period 2 is the expiration date. For the next password P ₃ , the period 3 of the password valid time TP “60 seconds” from the expiration date “2: 1” of the password P _{2 is set as} the valid period. Similarly, for the password P ₄ , the period 4 from the time “2: 2” when the password P ₃ expires to the password valid time TP “60 seconds”, and for the password P ₅ , when the password P ₄ expires from "3 pm 2" period of password expiration time TP "60 seconds" worth 5, the password P ₆ from the expiration time "2 o'clock 4 minutes" of the password P ₆ password expiration time TP "60 seconds" worth of Period 6 is defined as the respective expiration date.

FIG. 7 shows a configuration example of the password management table 231 that stores the passwords P _{2 to} P ₆ and their respective expiration dates. As shown in FIG. 7, the passwords P _{2 to} P ₆ are stored in the password management table 231 in association with the periods 2 to 6 assigned as their own expiration dates. In the example of FIG. 7, the password management table 231 includes five passwords P ₂ that are sequentially valid every other minute from the use start time TS “2: 0” to the user expiration time of 5 minutes. , P ₃ , P ₄ , P ₅ , P ₆ are held. That is, the password P ₂ from 2: 0 to 2:01, the password P ₃ from 2: 1 to 2: 2, the password P ₄ from 2: 2 to 2: 3, and the password P ₄ from 2: 3 to 2 up to 4 minutes password _{P 6} until the password _P 5, 2 o'clock 4 minutes to 2 hours 5 minutes, but is a valid password in each period three, four, five, six.

This completes the preparation phase according to the first embodiment.
As described above, in the preparation phase according to the first embodiment, the password is valid during the period from the first password use start time TS to the user expiration date, and is sequentially valid every password valid time TP. A plurality of passwords are shared on both the server side and the client side. Here, the user expiration date is a period from the use start time TS of the first password until the user expiration date elapses. That is, the total validity period of all passwords shared on both the server side and the client side is the user validity period. In other words, the user expiration date is divided into a plurality of periods, and a unique password is prepared for each period.

Next, an authentication phase according to the first embodiment will be described with reference to FIG.
FIG. 8 is a sequence diagram in the authentication phase according to the first embodiment of the present invention. In FIG. 8, first, the client device 20 selects a password that is valid at the current time of the clock in the device from the password management table 231 (step S21), and transmits the selected password to the server device 10 (step S22). ).

  Next, when the server device 10 receives the password from the client device 20, the server device 10 selects a password that is valid at the current time of the clock in the own device from the password management table 131 (step S23). Next, the server device 10 compares the password (authentication password) received from the client device 20 with the password (verification password) selected from the password management table 131 (step S24). As a result of this comparison, if the two match, it is determined that the authentication of the user is successful, while if the two do not match, it is determined that the authentication of the user is unsuccessful. Next, the server device 10 transmits the authentication result to the client device 20 (step S25).

The authentication process described above will be described more specifically using the example of FIG.
First, during the period from the use start time TS “2: 0” of the first password P ₂ to the user expiration time length “5 minutes” by the above-described preparation phase, it is valid from “2: 0 to 2: 5” The five passwords P ₂ , P ₃ , P ₄ , P ₅ , and P ₆ that are sequentially valid every password valid time TP “60 seconds” are both in the server device 10 and the client device 20. Shared. Specifically, the server device 10 stores the effective password P ₂ , in each period 2, 3, 4, 5, 6 at intervals of 1 minute from 2: 0 to 2: 5 in the password management table 131 of FIG. P ₃ , P ₄ , P ₅ , P ₆ are held. The client device 20 stores the valid passwords P ₂ , P ₃ , P ₄ in the period ₂ , ₃ , ₄ , 5, 6 at 1-minute intervals from 2: 0 to 2: 5 in the password management table 231 of FIG. , P ₅ , P ₆ are held. The passwords P ₂ , P ₃ , P ₄ , P ₅ , and P ₆ of both the server device 10 and the client device 20 are repeated for the hash function h using the same hash function h and the password P ₆ as an initial value. It is obtained by calculation and is the same.

Next, the client device 20 selects a password P ₅ valid at the current time “2: 3: 30” from the password management table 231 and transmits the password P ₅ to the server device 10 for authentication (see FIG. 9). ). Next, when receiving the authentication password P ₅ from the client device 20, the server device 10 selects a password effective at the current time from the password management table 131 and compares it with the password P ₅ received from the client device 20. By this authentication process, in each period 2, 3, 4, 5, 6 within the user expiration date, passwords P ₂ , P ₃ , P ₄ , P ₅ unique to each period ₂ , ₃ , ₄ , ₅ , _{6 are used.} , P ₆ can be used for limited-time authentication.

The server device 10 performs processing in consideration of a time lag with the client device 20 in the above-described authentication processing. FIG. 10 is an explanatory diagram for explaining a time shift compensation process according to the server device 10. 10, the client device 20, in order to authenticate the period from time t1 t2, and transmits to the server apparatus 10 a valid password P ₁ during the period as an authentication password Pc. Here, if the arrival of the authentication password Pc to the server device 10 is delayed due to a transmission delay of the communication network, the server device 10 is the period following the period in which the client device 20 tried to perform authentication (from time t2 to t3). There is a possibility that the authentication password Pc (P ₁ ) from the client device 20 is received during the period. Then, the server apparatus 10, a valid password _{P 2} during the period from time t2 t3 select the verification password Ps, compared authentication password Pc _{(P 1)} from the verification password Ps _{(P 2)} and the client device 20 Then, it is determined that the authentication has failed due to the mismatch.

  Therefore, in order to prevent such a situation, first, the server device 10 selects a valid password as the verification password Ps at the time when the authentication password Pc is received from the client device 20, and compares the verification password Ps with the authentication password Pc. (Step S241 in FIG. 10). If the comparison results in a mismatch, the hash value h (Ps) with the verification password Ps as an argument is used as the verification password Ps, and the authentication password Pc is compared again (step S242 in FIG. 10). As a result of this comparison, if they match, it is determined that the authentication is successful. As a result, it becomes possible to cope with a time lag due to a transmission delay or the like of the communication network.

  According to the first embodiment described above, since the total validity period of all passwords shared on both the server side and the client side becomes the user validity period, the password validity period and the user validity period are managed together. be able to. Furthermore, since each password is updated according to the expiration date, the user expiration date can be managed and the password can be updated centrally.

  Further, since the password can be automatically generated from the seed using the hash function on the client side, it is possible to save time and effort required for the user to update the password.

  In the first embodiment described above, a password shared on both the server side and the client side is generated and stored in advance. However, at the time of authentication, a password that is valid for the period is both on the server side and the client side. You may make it produce | generate. In this case, only the seed and password expiration date information need be stored. Thereby, the password group can be managed.

  The user authentication method according to the second embodiment has the same preparation phase and authentication phase as those of the first embodiment. The second embodiment is a modification of the first embodiment described above, and the method for managing the expiration date of each password is different from the first embodiment. Hereinafter, differences from the first embodiment will be mainly described.

First, the preparation phase according to the second embodiment will be described with reference to FIG.
FIG. 11 is a sequence diagram in the preparation phase of the second embodiment according to the present invention. In FIG. 11, first, the server device 10 generates and stores a series of password groups by repetitive calculation of a one-way function using the master key MK as an initial value of an argument, as in the processing shown in FIG. 2 in the first embodiment. (Steps S31 to S32). Here, each password P is stored in the password management table 131 in association with a valid period, as in FIG. However, in the second embodiment, the period i uses a period based on a timer time described later.

  Next, when receiving the terminal attribute information and the client identification information (client ID) from the client apparatus 20 (step S33), the server apparatus 10 is based on the received terminal attribute information as in the first embodiment. Then, the length of the user expiration date of the user is determined according to a predetermined rule (step S34), and a seed SD that can generate a password for a period corresponding to the determined user expiration length is generated (step S34). S35).

  Next, the server device 10 acquires the time stamp TMS (step S36). Next, the server device 10 transmits the seed SD, the password valid time TP, the number Q of passwords to be generated, and the time stamp TMS to the client device 20 (step S37), and activates a timer after the transmission (step S38). The timer is provided for each user. Here, the password expiration time TP and the number Q of passwords to be generated are information (user expiration date information) for specifying the user expiration date. That is, the period from the time when the timer is activated in step S38 to the time when "password effective time TP x number of passwords Q to be generated" has elapsed becomes the user expiration date. Furthermore, it is information (password expiration date information) that specifies the expiration date of each password. That is, each password is valid for each period from the time when the timer is activated in step S38.

The seed generation process will be specifically described using an example shown in FIG.
In the example of FIG. 12, the password valid time TP is 60 seconds, and the user valid time length is 5 minutes. In FIG. 12, the timer activation time is the timer time “0 minutes”. Passwords P ₀ , P ₁ , P ₂ , P ₃ , and so on for periods ₀ , ₁ , ₂ , ₃ , ₄ , 5, and 6 from the timer time “0 minutes” to the password valid time TP “60 seconds”, respectively. P ₄ , P ₅ , and P ₆ are effective. Here, assuming that the timer time “0 minutes” is the start time of the user expiration date, the end time of the user expiration date is the timer time “5 minutes”. The password P ₄ valid for the period 4 immediately before the timer time “5 minutes” is adopted as the seed SD. The number Q of passwords to be generated is set to 4 which is the number of periods existing between the timer times “0 minutes” and “5 minutes”. Thereby, from the seed SD (password P ₄ ), four passwords P ₃ , P ₂ , P ₁ , P ₀ which are “number Q of passwords to be generated” are generated in order using the hash function h. be able to. The passwords P ₀ , P ₁ , P ₂ , P ₃ , P ₄ are valid only during the corresponding periods ₀ , ₁ , ₂ , ₃ , ₄ respectively.

  Returning to FIG. 11, the server device 10 then associates the time stamp TMS, the timer, and the client ID (step S39). Specifically, the time stamp TMS, the timer, and the client ID are stored in the timer correspondence table 300 shown in FIG. FIG. 13 shows a configuration example of the timer correspondence table 300.

  When the client device 20 receives the seed SD, the password valid time TP, the number Q of passwords to be generated, and the time stamp TMS from the server device 10, the client device 20 activates a timer (step S40). Next, based on the seed SD received from the server device 10, the password valid time TP, and the number Q of passwords to be generated, the client device 20 performs a series of passwords by repeating a one-way function with the seed SD as an initial value of an argument. A group is generated and stored (step S41). In this password group generation process, as in the first embodiment, password generation using the hash function h, which is a one-way function, with the seed SD as an initial value is repeated “number Q of passwords to be generated” Q passwords P are generated. Each password P is stored in the password management table 231 in association with a valid period, as in FIG. However, in the second embodiment, the period i uses a period based on the timer time.

In the example of FIG. 12, the client device 20 uses the hash function h from the seed SD (password P ₄ ) to create four passwords P ₃ , P ₂ , P ₁ , which are “number Q of passwords to be generated”. P ₀ is generated in order. Then, the passwords P ₀ , P ₁ , P ₂ , P ₃ , and P ₄ are held in the password management table 231 in association with the periods ₀ , ₁ , ₂ , ₃ , and ₄ that are the expiration dates.

  Next, the client device 20 stores the time stamp TMS and the timer in association with each other (step S42).

Next, an authentication phase according to the second embodiment will be described with reference to FIG.
FIG. 14 is a sequence diagram in the authentication phase of the second embodiment according to the present invention. In FIG. 14, first, the client device 20 selects a password that is valid at the timer time in the own device from the password management table 231 (step S51).

Next, the client device 20 calculates a hash value related to the selected password (step S52). In this hash value calculation process, first, an exclusive OR operation is performed for each bit of the password, the own client ID, and the time stamp TMS stored in association with the timer. Then, a hash value is calculated using the exclusive OR operation value as an argument of the hash function h. Next, the client device 20 transmits the calculated hash value to the server device 10 (step S53).
For example, as illustrated in FIG. 15, if the timer time in the client device 20 is “3 minutes 30 seconds”, the password P ₃ valid for the period 3 including the “3 minutes 30 seconds” is authenticated. selected as a password, to the server apparatus 10 calculates the hash value according to the password P _3.

  Next, when receiving the hash value from the client device 20, the server device 10 refers to the timer correspondence table 300 and acquires the timer and the time stamp TMS related to the client device 20 (step S54). Next, the server device 10 selects a password effective at the timer time from the password management table 131 as a verification password (step S55). Next, the server device 10 calculates a hash value (step S56). In this hash value calculation process, first, a bitwise exclusive OR of the password selected from the password management table 131, the client ID acquired from the timer correspondence table 300, and the time stamp TMS acquired from the timer correspondence table 300 is provided. Perform the operation. Then, a hash value is calculated using the exclusive OR operation value as an argument of the hash function h.

  Next, the server device 10 compares the hash value received from the client device 20 (hash value related to the authentication password) with the hash value calculated in step S56 (hash value related to the verification password) (step S57). If they match, it is determined that the authentication of the user is successful, whereas if they do not match, it is determined that the authentication of the user has failed. Next, the server device 10 transmits the authentication result to the client device 20 (step S58).

  Also in the second embodiment described above, the server device 10 can perform the time lag compensation processing of FIG. 10 described above, and compensate for the time lag with the client device 20 by the time lag compensation processing. be able to.

  Further, passwords valid during the period at the time of authentication may be generated on both the server side and the client side.

  According to the above-described second embodiment, as in the first embodiment, since the total expiration period of all passwords shared on both the server side and the client side is the user expiration date, the password expiration date and the user The expiration date can be managed collectively. Furthermore, since each password is updated according to the expiration date, the user expiration date can be managed and the password can be updated centrally.

  In Example 2, since the same password is used depending on the period, there is a concern about replay attacks, so the hash value related to the password is calculated using a different value each time, such as the time stamp TMS exemplified above. It is desirable to compare the hash values. This makes it possible to defend against replay attacks. On the server side, it is desirable for security to periodically update the master key MK and update the password.

  As described above, according to the present embodiment, it is possible to centrally manage the user expiration date and update the password. This reduces the load on the server side. In addition, since the valid password is updated at regular intervals, the security of the service system can be maintained.

Also, a program for realizing the functions of the server device 10 and the client device 20 shown in FIG. 1 is recorded on a computer-readable recording medium, and the program recorded on the recording medium is read into a computer system and executed. Accordingly, server processing related to user authentication and client processing related to user authentication may be performed. Here, the “computer system” may include an OS and hardware such as peripheral devices.
Further, the “computer system” includes a homepage providing environment (or display environment) if a WWW system is used.
The “computer-readable recording medium” means a flexible disk, a magneto-optical disk, a ROM, a writable nonvolatile memory such as a flash memory, a portable medium such as a CD-ROM, a hard disk built in a computer system, etc. This is a storage device.

Further, the “computer-readable recording medium” means a volatile memory (for example, DRAM (Dynamic DRAM) in a computer system that becomes a server or a client when a program is transmitted through a network such as the Internet or a communication line such as a telephone line. Random Access Memory)), etc., which hold programs for a certain period of time.
The program may be transmitted from a computer system storing the program in a storage device or the like to another computer system via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting the program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line.
The program may be for realizing a part of the functions described above. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer system, and what is called a difference file (difference program) may be sufficient.

  The embodiment of the present invention has been described in detail with reference to the drawings. However, the specific configuration is not limited to this embodiment, and includes design changes and the like within a scope not departing from the gist of the present invention.

It is a block diagram which shows the structure of the user authentication system which concerns on one Embodiment of this invention. It is a sequence diagram in the preparation phase of Example 1 which concerns on this invention. It is a flowchart of the password group production | generation process (step S2) shown in FIG. The allocation example expiration each password P ₀ to P _n according to the first embodiment of the present invention; FIG. It is a figure which shows the structural example of the password management table 131 which the server apparatus 10 which concerns on Example 1 of this invention has. It is explanatory drawing for demonstrating the seed production | generation process which concerns on Example 1 of this invention. It is a figure which shows the structural example of the password management table 231 which the client apparatus 20 which concerns on Example 1 of this invention has. It is a sequence diagram in the authentication phase of Example 1 which concerns on this invention. It is explanatory drawing for demonstrating the password selection process which concerns on Example 1 of this invention. It is explanatory drawing for demonstrating the time shift compensation process which concerns on Example 1 of this invention. It is a sequence diagram in the preparation phase of Example 2 which concerns on this invention. It is explanatory drawing for demonstrating the seed production | generation process which concerns on Example 2 of this invention. It is a figure which shows the structural example of the timer corresponding table 300 which concerns on Example 2 of this invention. It is a sequence diagram in the authentication phase of Example 2 which concerns on this invention. It is explanatory drawing for demonstrating the password selection process which concerns on Example 2 of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10 ... Server apparatus, 11, 21 ... Communication part, 12, 22 ... Processing part, 13, 23 ... Storage part, 20 ... Client apparatus, 131, 231 ... Password management table, 300 ... Timer correspondence table

Claims (10)

A user authentication system having a user terminal device and an authentication device for authenticating the user,
The authentication device
Password generating means for generating a series of first password groups by repetitive calculation of a one-way function;
For each password in the first password group, password management means for associating a series of expiration dates in the reverse order of the password generation order;
A seed selection means for adopting as a seed the password having an expiration date including an end point of the user expiration date of the user;
Transmitting means for transmitting password expiration date information relating to the seed and the first password group to the terminal device;
Receiving means for receiving an authentication password from the terminal device;
Password selection means for selecting a verification password valid from the first password group at the time of receiving the authentication password;
The authentication password and the verification password are compared, and if they match, it is determined that the authentication is successful, and on the other hand, the determination password is determined to be authentication failure if they do not match,
The terminal device
Receiving means for receiving seed and password expiration information from the authentication device;
Password generation means for generating a series of second password groups by using the received seed as an initial value of an argument and repeating the one-way function common to the authentication device;
Based on the received password expiration date information, for each password in the second password group, password management means for associating a series of expiration dates in reverse order to the password generation order;
A password selecting means for selecting a currently valid password from the second password group when performing authentication;
Transmitting means for transmitting the selected password to the authentication device,
A user authentication system. In the authentication apparatus, the determination unit performs comparison with the authentication password again using the value of the one-way function with the verification password as an argument when the mismatch is found, and authentication is performed when the values match. Determine success,
The user authentication system according to claim 1. The password management means includes a table that stores each password in the password group and each expiration date in association with each other.
The user authentication system according to claim 1, wherein the system is a user authentication system. The password selection means generates a password to be selected at the time of selection by the password generation means.
The user authentication system according to claim 1, wherein the system is a user authentication system. The password management means manages the expiration date based on the time of the clock in its own device.
The user authentication system according to any one of claims 1 to 4, wherein the user authentication system is provided. The password management means activates a timer at the time of giving and receiving the seed and password expiration date information, and manages the expiration date based on the time of the timer,
The user authentication system according to any one of claims 1 to 4, wherein the user authentication system is provided. An authentication device for authenticating the user with a user terminal device;
Password generating means for generating a series of first password groups by repetitive calculation of a one-way function;
For each password in the first password group, password management means for associating a series of expiration dates in the reverse order of the password generation order;
A seed selection means for adopting as a seed the password having an expiration date including an end point of the user expiration date of the user;
Transmitting means for transmitting password expiration date information relating to the seed and the first password group to the terminal device;
Receiving means for receiving an authentication password from the terminal device;
Password selection means for selecting a verification password valid from the first password group at the time of receiving the authentication password;
The authentication password and the verification password are compared, and if they match, it is determined that the authentication is successful, whereas if they do not match, the determination means determines that the authentication is unsuccessful;
An authentication apparatus comprising: A terminal device that authenticates a user with an authentication device,
Receiving means for receiving seed and password expiration information from the authentication device;
Password generation means for generating a series of second password groups by using the received seed as an initial value of an argument and repeating the one-way function common to the authentication device;
Based on the received password expiration date information, for each password in the second password group, password management means for associating a series of expiration dates in reverse order to the password generation order;
A password selecting means for selecting a currently valid password from the second password group when performing authentication;
Transmitting means for transmitting the selected password to the authentication device;
A terminal device comprising: A computer program for performing server processing for authenticating the user with a user terminal device,
A password generation function for generating a series of first password groups by repetitive calculation of a one-way function;
For each password in the first password group, a password management function that associates a series of expiration dates in the reverse order of the password generation order;
A seed selection function that employs as a seed the password having an expiration date that includes an end point of the user expiration date of the user;
A transmission function for transmitting password expiration date information relating to the seed and the first password group to the terminal device;
A receiving function for receiving an authentication password from the terminal device;
A password selecting function for selecting a valid verification password from the first password group at the time of receiving the authentication password;
The authentication password and the verification password are compared, and if they match, it is determined that the authentication is successful, and on the other hand, if they do not match, the determination function that determines that the authentication is unsuccessful;
A computer program for causing a computer to realize the above. A computer program for performing client processing for authenticating a user with an authentication device,
A receiving function for receiving seed and password expiration information from the authentication device;
A password generation function for generating a series of second password groups by repeating the one-way function common to the authentication device, using the received seed as an initial value of an argument;
Based on the received password expiration date information, for each password in the second password group, a password management function for associating a series of expiration dates in reverse order to the password generation order;
A password selection function for selecting a currently valid password from the second password group when performing authentication;
A transmission function for transmitting the selected password to the authentication device;
A computer program for causing a computer to realize the above.

Images