JP5434203B2 - Authentication device, authentication program, authentication system, password generation device, portable security device, and password generation program - Google Patents

Description

  The present invention relates to an authentication device, an authentication program, and an authentication system that perform authentication using a one-time password, a password generation device that generates a one-time password, a portable security device, and a password generation program.

  In recent years, an authentication system using an OTP (one-time password) that is effective only once has been widely used in order to prevent unauthorized access to the system due to interception of password communication and the like to enhance security. As a method for generating the OTP, a counter synchronization method (for example, Patent Document 1), a time synchronization method, a challenge and response method, and the like are known.

  In the counter synchronization method, first, a password generation device called a token, or a device in which an IC card and a password generation device are separated is used. Each of such an apparatus and an authentication server that performs authentication holds a counter and key information used for generating an OTP in advance. The value of the counter is incremented by each device every time authentication is executed, and synchronization is taken. Each time authentication is performed, an OTP is generated from the counter and the key information by the token and the authentication server, and authentication is performed by comparing the two.

  The time synchronization method is a method of generating OTP using time and key information on the assumption that the time is synchronized in each device instead of synchronizing the counter. The challenge-and-response method generates a random character string (challenge) instead of a counter on the authentication server side, and inputs the character string on the token side to authenticate the result (response) of the given calculation. In this method, authentication is performed by collating with a server.

  In the authentication system using OTP, the password is changed every time, so that even if the password is intercepted by communication, the password cannot be reused. For this reason, safety is improved as compared with an authentication method using a normal password.

  In the counter synchronization method, when the authentication server does not perform authentication even though the OTP is generated with the token due to an erroneous operation or the like, the counter value may deviate between the token and the authentication server. Since the authentication value should not be immediately disabled when the counter value is shifted in this way, the authentication server usually provides a certain range for the counter value used for verification. That is, by generating a plurality of OTPs based on the held counter values and a plurality of counter values obtained by sequentially updating the counter values, and comparing the generated OTPs with the transmitted OTPs, a deviation in the counter values is determined within a predetermined range. The counter is synchronized by correcting the deviation within the range.

JP 2001-352324 A

  However, even if the deviation of the counter value is allowed as described above, the counter cannot be synchronized if the deviation exceeds the allowable range. Conventionally, in such a case, since the synchronization of the counter is restored by reissuing the token or the IC card, there is a problem that the processing load and cost for restoration increase for the system provider. In addition, the system user has a problem that the system cannot be used because the token and the IC card cannot be used during the reissue.

  The present invention has been made in view of the above, and an authentication device, an authentication program, an authentication system, and a password that can improve the convenience of the system while avoiding an increase in cost due to reissuing of a token, etc. It is an object to provide a generation device, a portable security device, and a password generation program.

In order to solve the above-described problems and achieve the object, the present invention provides a one-time password generated based on a generation counter updated every time a password is generated from a terminal device connected via a network. An authentication apparatus that receives and authenticates, and determines whether or not the counter storage unit that stores the generation counter and the number of times the authentication process using the one-time password has failed continuously is greater than a predetermined threshold value And a value for updating the generation counter when the number of times is determined to be greater than the threshold, and a predetermined numerical value for the generation counter stored in the counter storage unit. a challenge generator for generating an update counter of adding as a challenge value, a transmission unit that transmits the challenge value to the terminal device, the A reception unit that receives a response password transmitted from the terminal device as a response corresponding to a range value, a password generation unit that generates a verification password based on the update counter, the generated verification password, and the A password authenticating unit that collates a response password, and a counter updating unit that updates the generation counter of the counter storage unit with the update counter when the generated verification password and the response password match. It is characterized by having. According to the present invention, even if the counter deviation exceeds the allowable range and authentication fails continuously, an update counter for restoring the counter is generated as a challenge, and the response password received as a response to the challenge if There is authenticated, it is possible to synchronize the update counter as a new counter, while avoiding an increase in cost due to the re-issuance of the token, it is possible to improve the convenience of the system.

  Moreover, this invention is a program which can perform the said authentication apparatus. According to the present invention, even if the counter deviation exceeds the allowable range and authentication fails continuously, an update counter for restoring the counter is generated as a challenge, and the response password received as a response to the challenge Is authenticated, the update counter can be synchronized as a new counter, so that the convenience of the system can be improved while avoiding an increase in cost due to reissuance of tokens.

In addition, the present invention provides a counter storage unit that stores a generation counter that is updated each time a password is generated, and an update that is a value for updating the generation counter and that is added with a predetermined numerical value. A challenge acceptance unit that accepts a counter as an input of a challenge value, a password generation unit that generates a response password that is a password for a response to the challenge value based on the update counter, a display unit that displays the response password, A counter updating unit that updates the generation counter of the counter storage unit with the update counter. According to the present invention, even when the counter deviation exceeds the allowable range and authentication fails continuously, the update counter for restoring the counter is accepted as a challenge, and the update counter is synchronized as a new counter. it is possible to take, while avoiding an increase in cost due to the re-issuance of the token, it is possible to improve the convenience of the system.

  Moreover, this invention is a program which can execute the said password production | generation apparatus. According to the present invention, even when the counter deviation exceeds the allowable range and authentication fails continuously, the update counter for restoring the counter is accepted as a challenge, and the update counter is synchronized as a new counter. Therefore, the convenience of the system can be improved while avoiding an increase in cost due to reissuance of tokens.

In addition, the present invention is a portable security device that can communicate with a display device that displays a password, a counter storage unit that stores a generation counter that is updated each time a password is generated, and a method for updating the generation counter A challenge acceptance unit that accepts as an input of a challenge value an update counter obtained by adding a predetermined numerical value to the generation counter, and a response password that is a password for responding to the challenge value based on the update counter A password generation unit that generates the response password, an output unit that outputs the generated response password to the display device, and a counter update unit that updates the generation counter of the counter storage unit with the update counter. Features. According to the present invention, even when the counter deviation exceeds the allowable range and authentication fails continuously, the update counter for restoring the counter is accepted as a challenge, and the update counter is synchronized as a new counter. it is possible to take, while avoiding an increase in cost due to the re-issuance of the token, it is possible to improve the convenience of the system.

The present invention also includes a password generation device that generates a one-time password, and an authentication device that receives and authenticates the one-time password generated by the password generation device from a terminal device connected via a network. The password generation device includes a first counter storage unit that stores a generation counter that is updated each time a password is generated, and an update counter for updating the generation counter as an input of a challenge value. A challenge accepting unit that accepts, a password generating unit that generates a response password that is a password for responding to the challenge value based on the update counter, a display unit that displays the response password, and the update counter Counter for updating the generation counter of the counter storage unit A second counter storage unit that stores the generation counter, and whether or not the number of times the authentication process using the one-time password has failed continuously is greater than a predetermined threshold value. A value for updating the generation counter when it is determined that the number of times is greater than the threshold, and the generation counter stored in the counter storage unit is predetermined. A challenge generation unit that generates an update counter added with a numerical value as a challenge value, a transmission unit that transmits the challenge value to the terminal device, and a response password transmitted from the terminal device as a response corresponding to the challenge value A receiving unit that generates a password for verification based on the update counter, and the generated verification A password authenticating unit that collates a password with the response password, and a counter that updates the generation counter of the second counter storage unit with the update counter when the generated verification password and the response password match. And an update unit. According to the present invention, even if the counter deviation exceeds the allowable range and authentication fails continuously, an update counter for restoring the counter is generated as a challenge, and the response password received as a response to the challenge if There is authenticated, it is possible to synchronize the update counter as a new counter, while avoiding an increase in cost due to the re-issuance of the token, it is possible to improve the convenience of the system.

  According to the present invention, it is possible to improve the convenience of the system while avoiding an increase in cost due to reissuance of tokens.

  Exemplary embodiments of an authentication device, an authentication program, an authentication system, a password generation device, a portable security device, and a password generation program according to the present invention will be described below in detail with reference to the accompanying drawings.

  The authentication apparatus according to the present embodiment generates an update counter when the OTP authentication process by the counter synchronization method continuously fails a predetermined number of times, and transmits a challenge in which the update counter is encrypted to the user terminal device. Here, the update counter is a counter for updating the generation counter that is a counter for generating the OTP and restoring the synchronization of the generation counter.

  Also, the password generation device according to the present embodiment decodes the update counter from the challenge input by the user based on the challenge transmitted to the terminal device, and generates an OTP from the update counter. When the generated OTP is authenticated, the authentication device updates the current counter with the update counter.

  First, an outline of the configuration of the authentication system in the present embodiment will be described with reference to FIG. FIG. 1 is a diagram illustrating an example of a network configuration of an authentication system 1 according to the present embodiment. As shown in the figure, the authentication system 1 includes an authentication device 10, a password display device 20, an IC card 30 as a password generation device, and a terminal device 40.

  The authentication device 10 and the terminal device 40 are connected via a network 50 such as the Internet.

  The authentication device 10 verifies the transmitted OTP by collating the OTP transmitted from the terminal device 40 with the OTP (collation password) generated for collation in the own device. In the present embodiment, the authentication device 10 generates a plurality of verification OTPs and verifies the transmitted OTPs. Then, the authentication device 10 determines that the authentication has failed when it does not match any of the plurality of verification OTPs.

  The password display device 20 performs processing for causing the IC card 30 to start generating OTP by inserting the IC card 30 that is a portable security device into a predetermined insertion slot, and processing for displaying the generated OTP. The user inputs the OTP displayed on the password display device 20 to the terminal device 40 and transmits it to the authentication device 10.

  The IC card 30 can communicate with the password display device 20 by being inserted into the insertion port of the password display device 20, and generates an OTP in response to a request from the password display device 20.

  The terminal device 40 is a client terminal for inputting an OTP generated by the IC card 30 and executing an application or the like that operates upon receiving the OTP authentication by the authentication device 10. For example, the terminal device 40 executes an application that operates on a WEB browser.

  Next, an outline of an OTP generation method according to the present embodiment will be described with reference to FIG. FIG. 2 is a schematic diagram for explaining an example of an OTP generation method.

  As shown in the figure, in the present embodiment, first, a stored generation counter (hereinafter simply referred to as a counter) is encrypted. Then, a part of the ciphertext obtained by encryption is extracted and combined to generate an OTP. In the figure, the counter is “0123”, and an example is shown in which four numerical values are extracted from the ciphertext obtained by encrypting this counter to generate OTP “8308”.

  As described above, in this embodiment, in order to reduce the size of the OTP, a part of the ciphertext obtained by encrypting the counter is extracted to generate the OTP. Note that the OTP generation method is not limited to this, and any conventionally used method can be applied as long as the OTP is generated according to the counter. For example, the ciphertext itself obtained by encrypting the counter may be generated as an OTP. In addition, any conventionally used method such as DES (Data Encryption Standard) can be applied to the encryption method used for encrypting the counter.

  Next, an outline of the OTP verification method of the present embodiment will be described with reference to FIG. FIG. 3 is a schematic diagram for explaining an example of an OTP verification method.

  The left side of the figure represents an example of an OTP generated in the IC card 30. Further, the right side of the figure represents an example of the OTP generated in the authentication device 10. As shown in the figure, the counter in the IC card 30 is “0125”, and the counter in the authentication device 10 is “0123” (counter 401 in the figure). That is, there is a deviation between the counters of both devices.

  One of the causes of counter synchronization being lost is a user's erroneous operation. Only the counter in the IC card 30 advances due to a user's erroneous operation, resulting in a synchronization shift. The authentication device 10 can know the counter of the IC card 30 only when the authentication is successful.

  The authentication device 10 side allows a certain amount of counter deviation in consideration of such user malfunction. That is, the authentication device 10 generates M + 1 OTPs for verification from the latest counter held by the authentication device 10 to a predetermined number (M, 10 in the present embodiment) of counters. Then, when the authentication apparatus 10 receives the OTP to be authenticated from the IC card 30, if there is a match with the received OTP in the M + 1 verification OTPs, the authentication apparatus 10 determines that the authentication is successful.

  If the value of M is excessively large, there is a risk that authentication up to a counter with an input error may be successful, so care must be taken in the allowable counter range (value of M). That is, if the value of M is increased more than necessary, the security strength may be reduced. In the present embodiment, it is not necessary to increase the value of M more than necessary, so that security can be improved.

  In the figure, an example is shown in which ten collation OTPs for ten counters “0123” to “0132” are generated. In this example, since the OTPs that match the OTP generated by the IC card 30 are included in the 10 verification OTPs, the authentication is successful.

  If the counter in the IC card 30 is “1033” or more, the authentication fails because it is not included in the allowable range of the OTP generated in the authentication device 10.

  Next, the hardware configuration of each apparatus shown in FIG. 1 will be described. First, the hardware configuration of the authentication device 10 will be described. FIG. 4 is a diagram illustrating an example of a hardware configuration of the authentication device 10.

  The authentication device 10 according to the present embodiment is connected to a control device such as a CPU (Central Processing Unit) 11, a storage device such as a ROM (Read Only Memory) 12 and a RAM (Random Access Memory) 13, and a network. A communication I / F (Interface) 14 for performing communication, an external storage device such as an HDD (Hard Disk Drive) and a CD (Compact Disc) drive device, a display device such as a display device, and an input device such as a keyboard and a mouse A bus 15 for connecting each part is provided, and a hardware configuration using a normal computer is employed.

  Since the hardware configuration of the terminal device 40 is the same as that of the authentication device 10, the description thereof is omitted.

  Next, the hardware configuration of the password display device 20 will be described. FIG. 5 is a diagram illustrating an example of a hardware configuration of the password display device 20.

  The password display device 20 is an operation button that is an input device including a control device such as a CPU 21, a storage device such as a ROM 22 and a RAM 23, a display unit 24, a button for inputting a PIN, a button for starting OTP generation, and the like. 25 and an R / W (reader / writer) 26 that mediates communication between the IC card 30 and a bus 27 that connects each unit.

  The display unit 24 displays the OTP generated by the IC card 30. The number of digits that can be displayed on the display unit 24 is adjusted according to the data length of the OTP received from the IC card 30. Further, when displaying Roman letters for input of an operation mode or the like to be described later, it is necessary to mount a display unit 24 capable of displaying Roman letters.

  Next, the hardware configuration of the IC card 30 will be described. FIG. 6 is a diagram illustrating an example of a hardware configuration of the IC card 30.

  As shown in the figure, the IC card 30 includes a communication I / F 31, a CPU 32, a RAM 33, a ROM 34, and an EEPROM (Electronically Erasable and Programmable Read Only Memory) 35.

  The communication I / F 31 includes a contact terminal and mediates communication between the CPU 32 and an external device that operates by inserting the IC card 30 such as the password display device 20. Note that the communication between the IC card 30 and the password display device 20 is not limited to the contact type, and may be configured to perform communication by a non-contact type.

  The CPU 32 is a central processing unit that performs overall control of the IC card 30, performs processing according to a command received from an external device via the communication I / F 31, and transmits the result as a response.

  The RAM 33 is a volatile memory used as a work area for the CPU 32 to perform processing. The ROM 34 is a nonvolatile read-only memory that mainly stores programs necessary for the CPU 32 such as an operating system to perform processing. The EEPROM 35 is a non-volatile memory that can be rewritten as needed, and stores programs and data necessary for the CPU 32 to perform processing such as applications.

  Next, details of the function of each apparatus shown in FIG. 1 will be described. FIG. 7 is a block diagram illustrating an example of a functional configuration of each device of the authentication system 1 according to the present embodiment.

  First, the functional configuration of the authentication device 10 will be described. As shown in the figure, the authentication device 10 includes a counter storage unit 121, a key information storage unit 122, a transmission / reception unit 101, a password generation unit 102, a password authentication unit 103, a determination unit 104, and a challenge generation unit 105. And a counter update unit 106.

  The counter storage unit 121 stores a counter that is incremented by the password authentication unit 103 for each authentication. For example, the counter storage unit 121 stores a user ID for identifying a user and a counter for each user managed by the authentication device 10 in association with each other.

  The key information storage unit 122 stores key information used for generating the OTP. Note that the key information storage unit 122 may be configured such that the key information storage unit 122 stores master key information from which a unique key is generated for each user. In this case, the password generation unit 102 to be described later generates an individual key for each user from the master key information and the user ID, and uses the generated key for OTP generation.

  The transmission / reception unit 101 transmits / receives information to / from the terminal device 40 via the network 50. For example, the transmission / reception unit 101 receives a user ID and an OTP to be verified from the terminal device 40, transmits an authentication result to the terminal device 40, and transmits a challenge generated by the challenge generation unit 105 to the terminal device 40. , And a process of receiving a password (response password) transmitted from the terminal device 40 as a response to the challenge.

  The password generation unit 102 generates a verification OTP using the counter stored in the counter storage unit 121. Specifically, the password generation unit 102 obtains 10 verification OTPs from the key information stored in the key information storage unit 122 and the counter stored in the counter storage unit 121 as described in FIG. Generate. The counter stored in the counter storage unit 121 is updated with a value incremented by one.

  In addition, the password generation unit 102 uses the update counter generated by the challenge generation unit 105 to check the OTP for verification when the authentication fails continuously for a predetermined number of times as a threshold of the number of possible failures. Generate.

  The password authentication unit 103 authenticates the OTP by comparing the plurality of verification OTPs generated by the password generation unit 102 with the OTP received by the transmission / reception unit 101. When the authentication fails continuously for a predetermined number of times or more, the password authentication unit 103 authenticates the received response password by comparing the received response password with the verification OTP generated from the update counter. .

  The determination unit 104 determines whether or not the OTP authentication process by the password authentication unit 103 has failed a predetermined number of times. That is, the determination unit 104 determines whether or not the number of consecutive failures in the OTP authentication process is greater than a predetermined number of times as a threshold.

  The challenge generation unit 105 generates an update counter for updating the counter when it is determined that the authentication process has failed continuously a predetermined number of times. Then, the challenge generation unit 105 generates a challenge value (hereinafter simply referred to as “challenge”) to be transmitted to the terminal device 40 by encrypting the generated update counter. Any conventionally used method such as DES (Data Encryption Standard) can be applied to the encryption method used for encrypting the update counter. The challenge generation unit 105 may generate the update counter as a challenge value without encrypting the update counter.

  The challenge generation unit 105 can basically set an arbitrary counter as an update counter that is newly generated. However, it is necessary to be careful when using a counter (for example, the number of times of use) related to the life cycle of the OTP generation device (IC card 30). For example, when the counter value reaches a predetermined maximum value (for example, 65535), the OTP may not be generated after that. In such a case, if an update counter having a smaller value than the counter before recovery is generated, there is a possibility that the OTP generation device (IC card 30) can be used permanently. Therefore, it is desirable that the challenge generation unit 105 generates an update counter having a value larger than that before the recovery. For example, the challenge generation unit 105 generates a value obtained by adding a predetermined numerical value (for example, 100) to the current counter as an update counter.

  The counter update unit 106 updates the counter of the counter storage unit 121 with the update counter when the response password transmitted from the terminal device 40 in response to the challenge is authenticated. Specifically, the counter update unit 106 uses the update counter when the password authentication unit 103 determines that the response password matches the verification OTP generated by the password generation unit 102 based on the update counter. Update the counter.

  Next, the functional configuration of the password display device 20 will be described. As shown in the figure, the password display device 20 includes a control unit 201, a display unit 24, operation buttons 25, and an R / W 26. The functions of the display unit 24, the operation button 25, and the R / W 26 are the same as those in FIG.

  The control unit 201 controls the entire OTP generation process. For example, the control unit 201 causes the IC card 30 to start an OTP generation process when the IC card 30 is inserted into the insertion slot. The control unit 201 also controls processing for displaying the OTP generated by the IC card 30 on the display unit 24.

  Next, the functional configuration of the IC card 30 will be described. As shown in the figure, the IC card 30 includes a communication I / F 31, a key information storage unit 321, a counter storage unit 322, a mode reception unit 301, a challenge reception unit 302, a decryption unit 303, and a password generation unit. 304 and a counter update unit 305.

  Since the function of the communication I / F 31 is the same as that in FIG. 6, the same reference numerals are given and description thereof is omitted here.

  The key information storage unit 321 stores key information used in the challenge decryption process by the decryption unit 303 and the OTP generation process by the password generation unit 304. Note that the key information used in the challenge decryption process and the key information used in the OTP generation process may be the same or different.

  The counter storage unit 322 stores a counter that is incremented every time the password generation unit 304 generates an OTP. The counter may take a value from 0 to a predetermined maximum value (for example, 65535), and when the counter exceeds the maximum value, the OTP may not be generated.

  The mode receiving unit 301 receives the operation mode input by the user via the operation button 25 of the password display device 20. The operation mode is information indicating the type of operation of the IC card 30 that is a password generation device. The operation mode includes a generation mode and an update mode.

  The generation mode means a mode in which an OTP is generated using a counter stored in the counter storage unit 322. The update mode means a mode in which, when the counter stored in the counter storage unit 322 becomes out of synchronization with the counter in the authentication device 10, the counter is updated with the counter that has recovered synchronization.

  The challenge receiving unit 302 receives a challenge input by the user via the operation button 25 of the password display device 20. The user inputs the challenge transmitted from the authentication device 10 to the terminal device 40 and displayed on the display unit 42 using the operation button 25 of the password display device 20. The challenge receiving unit 302 receives the challenge input in this way from the password display device 20 via the communication I / F 31.

  The decryption unit 303 decrypts the challenge received by the challenge reception unit 302 using the key information stored in the key information storage unit 321 and outputs an update counter.

  The password generation unit 304 generates an OTP using the counter stored in the counter storage unit 322. Specifically, when the generation mode is input as the operation mode, the password generation unit 304 uses the key information stored in the key information storage unit 321 and the counter stored in the counter storage unit 322 to generate the FIG. As described above, one OTP is generated.

  When the update mode is input as the operation mode, the password generation unit 304 responds to the challenge from the update counter decrypted from the challenge by the decryption unit 303 and the key information stored in the key information storage unit 321. An OTP for generating a password is generated.

  The counter updating unit 305 updates the counter stored in the counter storage unit 322 with the update counter decoded by the decoding unit 303.

  Next, the functional configuration of the terminal device 40 will be described. The terminal device 40 includes an input unit 41, a display unit 42, an application unit 43, and a transmission / reception unit 44.

  The input unit 41 is an interface such as a keyboard and a mouse for the user to input information and commands necessary for the operation of the application. For example, the input unit 41 is operated by the user in order to input the OTP displayed on the password display device 20.

  The display unit 42 is a display device such as a display that displays a WEB browser screen or the like to the user.

  The application unit 43 is an application that operates by inputting the OTP generated by the IC card 30 and receiving the OTP authentication by the authentication device 10. The transmission / reception unit 44 transmits / receives various information such as OTP necessary for the operation of the application unit 43 to / from the authentication device 10 via the network 50.

  The counter storage unit 121, the key information storage unit 122 of the authentication device 10, the key information storage unit 321 of the IC card 30, and the counter storage unit 322 are general devices such as a hard disk drive (HDD), an optical disk, a memory card, and a RAM. It can be constituted by any storage medium that is used in general.

  Next, authentication processing by the authentication system 1 according to the present embodiment configured as described above will be described with reference to FIG. FIG. 8 is a flowchart showing the overall flow of the authentication process in the present embodiment.

  First, the password generation unit 102 of the authentication device 10 generates a predetermined number of verification OTPs for verification with the OTP received from the terminal device 40 (step S801). For example, the password generation unit 102 generates M + 1 counters up to a counter “count” stored in the counter storage unit 121 and a counter “count + M” obtained by adding a predetermined numerical value M to “count”. Then, the password generation unit 102 generates M + 1 OTPs based on each of the M + 1 counters as the verification OTP.

  On the other hand, the user inserts the IC card 30 into the password display device 20, and instructs the start of an OTP generation process for generating an OTP by pressing a predetermined button or the like. The control unit 201 of the password display device 20 receives a start instruction and instructs the password generation unit 304 of the IC card 30 to generate an OTP. As described above, the IC card 30 can execute the OTP generation process by being inserted into the password display device 20. FIG. 8 shows a flow of processing in the IC card 30, and processing in the password display device 20 such as OTP display processing is omitted.

  The password generation unit 304 of the IC card 30 receives an OTP generation instruction via the communication I / F 31 and executes an OTP generation process (step S802). Details of the OTP generation process will be described later. The password generation unit 304 of the IC card 30 outputs the generated OTP to the password display device 20 via the communication I / F 31.

  The user can input the OTP output to the display unit 24 or the like of the password display device 20 to the terminal device 40. That is, the input unit 41 of the terminal device 40 inputs the OTP designated by the user (step S803). Then, the transmission / reception unit 44 transmits the input OTP to the authentication device 10 (step S804).

  The terminal device 40 transmits an OTP together with a user ID for identifying the user. The authentication device 10 can identify the user by the user ID and specify the verification OTP generated from the identified user counter.

  The password authentication unit 103 of the authentication device 10 verifies the OTP received by the transmission / reception unit 101 (step S805). Specifically, the password authentication unit 103 verifies whether or not there is a match with the received OTP among the M + 1 verification OTPs generated in advance in step S801.

  Then, the password authentication unit 103 determines whether or not the OTP authentication has failed (step S806). If the authentication fails, that is, if there is no matching OTP (step S806: YES), the password authentication unit 103 adds 1 to the number of authentication failures (step S807). It is assumed that the initial value of the number of failures is set to 0.

  Next, the determination unit 104 determines whether or not the number of failures is greater than a predetermined threshold (step S808). When the number of failures is larger than the threshold (step S808: YES), the transmission / reception unit 101 transmits an update mode selection request for selecting the update mode to restore the counter to the terminal device 40 (step S809).

  The counter update unit 106 newly generates an update counter for updating the current counter “count” (step S810). For example, the counter update unit 106 generates a value obtained by adding a predetermined number 100 to the current counter as an update counter.

  Then, the password generation unit 102 generates a verification OTP using the generated update counter (step S811). In addition, the challenge generation unit 105 generates a challenge in which the generated update counter and the check code of the update counter are encrypted (step S812).

  The check code is information for verifying the validity of the update counter. The challenge generation unit 105 generates, for example, an error detection code such as CRC (Cyclic Redundancy Check) as a check code for the update counter. The check code is not limited to this, and any information can be applied as long as it can detect an update counter error or verify its validity.

  FIG. 9 is a diagram showing an overview of challenge generation processing by the challenge generation unit 105. As shown in FIG. 9, the challenge generation unit 105 first calculates the check code of the update counter and adds it to the end of the update counter. Then, the challenge generation unit 105 encrypts the entire data with the check code added using the key information stored in the key information storage unit 122, and generates a challenge.

  By encrypting the update counter in this way, it is possible to reduce the risk of the update counter being known to an attacker due to eavesdropping or the like. Further, by using the check code, it is possible to avoid attacks such as falsification of the update counter. Note that only the update counter may be encrypted without using the check code.

  Returning to FIG. 8, the transmission / reception unit 101 transmits the generated challenge to the terminal device 40 (step S813).

  The terminal device 40 receives the update mode selection request transmitted from the authentication device 10 in step S809. Then, for example, an update mode is selected in order to update the counter on the display unit 42, and an indication that the counter update process should be executed is displayed (not shown). By confirming this display, the user can designate the update mode for the IC card 30 and execute the recovery of the counter.

  Further, the terminal device 40 receives the challenge transmitted from the authentication device 10 in step S813. Then, for example, the received challenge is displayed on the display unit 42 (not shown). Thus, the user can input a challenge to the IC card 30 using the operation button 25 of the password display device 20 or the like.

  In the case of a configuration that transmits an update mode selection request, there is a possibility that the update mode selection request is also transmitted to the attacker and it is known that the counter can be updated by the attacker. In order to avoid this, the update mode selection request may not be transmitted. In this case, for example, it may be described in the operation manual of the IC card 30 that the counter can be restored by selecting the update mode.

  The counter update unit 305 of the IC card 30 determines whether or not the update mode has been selected by the user (step S814). If the update mode is not selected, that is, if the generation mode is selected (step S814: NO), the process returns to step S802 and the process is repeated. When the update mode is selected (step S814: YES), the challenge receiving unit 302 receives the challenge input by the user via the communication I / F 31 (step S815).

  Next, the decryption unit 303 decrypts the accepted challenge using the key information stored in the key information storage unit 321 and extracts an update counter and a check code from the decrypted data (step S816). Next, the counter update unit 305 determines whether or not the decrypted check code is valid (step S817). Specifically, the counter update unit 305 calculates a check code from the decrypted update counter and compares it with the decrypted check code.

  When the calculated check code does not match the decrypted check code (step S817: NO), the counter update unit 305 outputs that an error has occurred (step S818), and ends the authentication process.

  Although omitted in the figure, an error occurs when the decrypted update counter is compared with the counter currently stored in the counter storage unit 322 and the update counter is equal to or smaller than the stored counter. You may comprise so that it may determine that it carried out and to complete | finish a process. This is because if the update counter is less than or equal to the stored counter, the user may be generating OTP maliciously.

  If the calculated check code matches the decoded check code (step S817: YES), the counter update unit 305 updates the counter of the counter storage unit 322 with the decoded update counter (step S819).

  Next, the password generation unit 304 generates a response password to be transmitted to the authentication device 10 as a response to the challenge from the update counter (step S820).

  After generating the response password, the input unit 41 of the terminal device 40 inputs the response password specified by the user (step S821). Then, the transmitting / receiving unit 44 transmits the input response password to the authentication device 10 (step S822).

  The password authentication unit 103 of the authentication device 10 verifies the response password received by the transmission / reception unit 101 (step S823). Specifically, the password authentication unit 103 verifies whether the verification OTP generated from the update counter in step S811 matches the received response password.

  Then, the password authentication unit 103 determines whether authentication of the response password has failed (step S824). If the authentication fails, that is, if the verification OTP and the response password do not match (step S824: YES), the password authentication unit 103 adds 1 to the number of authentication failures (step S807) and repeats the process. .

  When the authentication is successful, that is, when the verification OTP matches the response password (step S824: NO), the password authentication unit 103 clears the number of failures to 0 (step S825). Then, the password authentication unit 103 employs an update counter as a synchronized counter stored in the counter storage unit 121 (step S826).

  If it is determined in step S806 that the authentication is successful, that is, if there is a matching OTP for matching (step S806: NO), the password authentication unit 103 clears the number of failures to 0 (step S827). Then, the password authentication unit 103 employs a counter corresponding to the matching OTP for matching as the synchronized counter stored in the counter storage unit 121 (step S828).

  Next, the counter update unit 106 adds 1 to the adopted counter and stores it in the counter storage unit 121 (step S829), and ends the authentication process. When it is determined in step S808 that the number of failures is equal to or less than the threshold (step S808: NO), the counter update unit 106 adds 1 to the counter (step S829), and ends the authentication process.

  Although not shown in the figure, the authentication device 10 transmits the authentication result of the OTP and the response password to the terminal device 40. The terminal device 40 outputs the authentication result to the user through the display unit 42 or the like. Thereby, the user can know the authentication result of the input OTP or whether or not the synchronization recovery is successful.

  Next, details of the OTP generation processing in step S802 will be described with reference to FIG. FIG. 10 is a flowchart showing the overall flow of the OTP generation process in the present embodiment.

  First, the password generation unit 304 acquires key information from the key information storage unit 321 and also acquires the current counter from the counter storage unit 322 (step S1001). Next, the password generation unit 304 stores the acquired counter in a temporary storage unit such as the RAM 33 (step S1002).

  Next, the password generation unit 304 updates the counter in the counter storage unit 322 by incrementing the counter (adding 1) (step S1003). Then, the password generation unit 304 generates an OTP using the acquired key information and the counter stored in the temporary storage unit (step S1004).

  The reason for updating the counter in the counter storage unit 322 before generating the OTP is that the OTP generator (password display device 20) is turned off immediately after the OTP is generated, so that the same OTP is updated many times. This is for the purpose of not being generated.

  Finally, the password generation unit 304 outputs the generated OTP to the password display device 20 via the communication I / F 31 (step S1005), and ends the OTP generation process.

  As described above, the authentication device according to the present embodiment generates an update counter when the OTP authentication process has failed continuously a predetermined number of times, and transmits a challenge in which the update counter is encrypted to the user terminal device. On the other hand, the password generation device (IC card) according to the present embodiment decodes the update counter from the challenge input by the user based on the challenge transmitted to the terminal device, and generates an OTP from the update counter. When the generated OTP is authenticated, the authentication device can update the current counter with the update counter and restore the synchronization of the counter with the password generation device. With such a configuration, it is not necessary to widen the allowable range of the counter in order to avoid a high-cost response such as token reissuance, and thus it is possible to suppress a decrease in security strength.

(Modification)
In the above embodiment, the example in which the password generation device is realized as an IC card that operates by being inserted into the password display device has been described. The configuration of the password generation device is not limited to this, and can be realized as a device having both the function of a password display device and the function of an IC card.

  FIG. 11 is a diagram illustrating an example of a network configuration of the authentication system 2 according to the present modification including the password generation device 60 configured as described above. As shown in the figure, the authentication system 2 includes an authentication device 10, a password generation device 60, and a terminal device 40.

  The configurations and functions of the authentication device 10, the terminal device 40, and the network 50 are the same as those in FIG. 1 showing the configuration example of the authentication system 1 according to the above-described embodiment. To do.

  The password generation device 60 includes a control unit 601, a display unit 24, an operation button 25, a key information storage unit 321, a counter storage unit 322, a mode reception unit 301, a challenge reception unit 302, and a decryption unit 303. A password generation unit 304 and a counter update unit 305.

  As described above, in the password generation device 60 of this modification, the password display device 20 and the IC card 30 of the above embodiment are integrated, and the R / W 26 and the IC card 30 included in the password display device 20 are integrated. The included communication I / F 31 has been deleted. In addition, the function of the control unit 601 is changed. Since other configurations and functions are the same as those in FIG. 1, the same reference numerals are given, and description thereof is omitted here.

  The control unit 601 controls the entire OTP generation process. For example, the control unit 601 starts the OTP generation process when the password generation device 60 is powered on. In addition, the control unit 601 controls processing for displaying the generated OTP on the display unit 24.

  The authentication process by the authentication system 2 according to the present modification is different from the authentication system 1 of the above embodiment only in that the password generation device 60 executes the process executed by the IC card 30, and the overall flow is as follows. Is the same as that in FIG. 8, and the description thereof is omitted here.

  As described above, in the authentication device according to this modification, even when the password generation device is realized as a device in which the password display device and the IC card are integrated, the same function as in the above embodiment is realized. can do.

  An authentication program executed by the authentication apparatus according to the present embodiment is a file in an installable format or an executable format, and is a CD-ROM (Compact Disk Read Only Memory), a flexible disk (FD), a CD-R (Compact). The program is recorded on a computer-readable recording medium such as a disk recordable (DVD) or a digital versatile disk (DVD).

  Further, the authentication program executed by the authentication apparatus according to the present embodiment may be provided by being stored on a computer connected to a network such as the Internet and downloaded via the network. The authentication program executed by the authentication apparatus according to the present embodiment may be provided or distributed via a network such as the Internet.

  Further, the authentication program according to the present embodiment may be provided by being incorporated in advance in a ROM or the like.

  The authentication program executed by the authentication device according to the present embodiment has a module configuration including the above-described units (transmission / reception unit, password generation unit, password authentication unit, determination unit, challenge generation unit, counter update unit). As actual hardware, the CPU 11 (processor) reads the authentication program from the storage medium and executes it, so that the above-described units are loaded on the main storage device, and the above-described units are generated on the main storage device. It is like that.

  The password generation program executed by the password generation apparatus according to the present embodiment is a file in an installable format or an executable format, and is a CD-ROM (Compact Disk Read Only Memory), a flexible disk (FD), a CD. It is provided by being recorded on a computer-readable recording medium such as -R (Compact Disk Recordable) or DVD (Digital Versatile Disk).

  Further, the password generation program executed by the password generation device according to the present embodiment may be stored on a computer connected to a network such as the Internet and provided by being downloaded via the network. . The password generation program executed by the password generation apparatus according to the present embodiment may be provided or distributed via a network such as the Internet.

  Further, the password generation program according to the present embodiment may be provided by being incorporated in advance in a ROM or the like. The password generation program executed by the password generation device according to the present embodiment has a module configuration including the above-described units (mode reception unit, challenge reception unit, decryption unit, password generation unit, counter update unit). As actual hardware, the CPU 32 (processor) reads the authentication program from the storage medium and executes it, so that the above-described units are loaded onto the main storage device, and the above-described units are generated on the main storage device. It has become.

  As described above, the authentication device, the authentication program, the authentication system, the password generation device, the portable security device, and the password generation program according to the present invention are an authentication device, an authentication program, an authentication system, Suitable for password generation device, portable security device, and password generation program.

It is a figure which shows an example of the network structure of the authentication system concerning this Embodiment. It is a schematic diagram for demonstrating an example of the production | generation method of OTP. It is a schematic diagram for demonstrating an example of the verification method of OTP. It is a figure which shows an example of the hardware constitutions of an authentication apparatus. It is a figure which shows an example of the hardware constitutions of a password production | generation apparatus. It is a figure which shows an example of the hardware constitutions of IC card. It is a block diagram which shows an example of a function structure of each apparatus of the authentication system concerning this Embodiment. It is a flowchart which shows the whole flow of the authentication process in this Embodiment. It is a figure which shows the outline | summary of the challenge production | generation process by a challenge production | generation part. It is a flowchart which shows the whole flow of the OTP production | generation process in this Embodiment. It is a figure which shows an example of the network structure of the authentication system concerning a modification.

1, 2 Authentication system 10 Authentication device 11, 21, 32 CPU
12, 22, 34 ROM
13, 23, 33 RAM
14, 31 Communication I / F
15, 27 Bus 24 Display 25 Operation button 26 R / W
35 EEPROM
DESCRIPTION OF SYMBOLS 20 Password display apparatus 30 IC card 40 Terminal apparatus 41 Input part 42 Display part 43 Application part 44 Transmission / reception part 50 Network 60 Password generation apparatus 101 Transmission / reception part 102 Password generation part 103 Password authentication part 104 Judgment part 105 Challenge generation part 106 Counter update part 121 counter storage unit 122 key information storage unit 201 control unit 301 mode reception unit 302 challenge reception unit 303 decryption unit 304 password generation unit 305 counter update unit 321 key information storage unit 322 counter storage unit 401 counter 601 control unit

Claims (11)

An authentication device that receives and authenticates a one-time password generated based on a generation counter updated every time a password is generated from a terminal device connected via a network,
A counter storage unit for storing the generation counter;
A determination unit that determines whether or not the number of times the authentication process using the one-time password has failed continuously is greater than a predetermined threshold;
An update counter that is a value for updating the generation counter when the number of times is determined to be greater than the threshold and that is obtained by adding a predetermined numerical value to the generation counter stored in the counter storage unit ; A challenge generation unit for generating a challenge value;
A transmission unit for transmitting the challenge value to the terminal device;
A receiving unit for receiving a response password transmitted from the terminal device as a response corresponding to the challenge value;
Based on the update counter, a password generation unit that generates a verification password;
A password authentication unit for verifying the generated verification password and the response password;
A counter update unit that updates the generation counter of the counter storage unit with the update counter when the generated verification password matches the response password;
An authentication apparatus comprising: The password generation unit further generates a plurality of verification passwords based on the generation counter of the counter storage unit and a plurality of generation counters obtained by sequentially updating the generation counter of the counter storage unit. ,
The determination unit determines whether or not the number of consecutive failures in the authentication process for authenticating that the one-time password matches any of the generated verification passwords is greater than the threshold. about,
The authentication device according to claim 1. The challenge generation unit further generates an error detection code of the update counter, and generates the challenge value obtained by encrypting the error detection code and the update counter;
The authentication device according to claim 1. A counter storage unit that stores a generation counter that is updated each time a password is generated;
A challenge acceptance unit that accepts an update counter that is a value for updating the generation counter and adds a predetermined numerical value to the generation counter as an input of a challenge value;
A password generation unit that generates a response password that is a password for a response to the challenge value based on the update counter;
A display unit for displaying the response password;
A counter update unit for updating the generation counter of the counter storage unit with the update counter;
A password generation device comprising: The challenge reception unit receives an input of a challenge value obtained by encrypting the error detection code of the update counter and the update counter,
A decoding unit that decodes the update counter and the error detection code from the accepted challenge value;
The password generation unit determines whether or not the error detection code generated from the decoded update counter and the decoded error detection code match, and if they match, based on the decoded update counter Generating the response password,
The password generation device according to claim 4 . The password generation unit compares the update counter with the generation counter stored in the counter storage unit. When the update counter is greater than the generation counter stored in the counter storage unit, the update counter Generating the response password based on:
The password generation device according to claim 4 . A mode for receiving an input of an operation mode including an update mode for updating the generation counter stored in the counter storage unit and a generation mode for generating a one-time password using the generation counter stored in the counter storage unit A reception part,
The challenge accepting unit accepts input of the challenge value when the update mode is accepted as the operation mode;
The password generation device according to claim 4 . A portable security device that can communicate with a display device that displays a password,
A counter storage unit that stores a generation counter that is updated each time a password is generated;
A challenge acceptance unit that accepts an update counter that is a value for updating the generation counter and adds a predetermined numerical value to the generation counter as an input of a challenge value;
A password generation unit that generates a response password that is a password for a response to the challenge value based on the update counter;
An output unit for outputting the generated response password to the display device;
A counter update unit for updating the generation counter of the counter storage unit with the update counter;
A portable security device comprising: An authentication system comprising: a password generation device that generates a one-time password; and an authentication device that receives and authenticates the one-time password generated by the password generation device from a terminal device connected via a network. ,
The password generator is
A first counter storage unit that stores a generation counter that is updated each time a password is generated;
A challenge acceptance unit that accepts an update counter for updating the generation counter as an input of a challenge value;
A password generation unit that generates a response password that is a password for a response to the challenge value based on the update counter;
A display unit for displaying the response password;
A counter update unit that updates the generation counter of the first counter storage unit with the update counter,
The authentication device
A second counter storage unit for storing the generation counter;
A determination unit that determines whether or not the number of times the authentication process using the one-time password has failed continuously is greater than a predetermined threshold;
An update counter that is a value for updating the generation counter when the number of times is determined to be greater than the threshold and that is obtained by adding a predetermined numerical value to the generation counter stored in the counter storage unit ; A challenge generation unit for generating a challenge value;
A transmission unit for transmitting the challenge value to the terminal device;
A receiving unit for receiving a response password transmitted from the terminal device as a response corresponding to the challenge value;
Based on the update counter, a password generation unit that generates a verification password;
A password authentication unit for verifying the generated verification password and the response password;
A counter update unit that updates the generation counter of the second counter storage unit with the update counter when the generated verification password matches the response password;
An authentication system characterized by An authentication program executed by an authentication device that receives and authenticates a one-time password generated based on a generation counter updated every time a password is generated from a terminal device connected via a network,
The authentication apparatus includes a counter storage unit that stores the generation counter,
The authentication device;
A determination unit that determines whether or not the number of times the authentication process using the one-time password has failed continuously is greater than a predetermined threshold;
An update counter that is a value for updating the generation counter when the number of times is determined to be greater than the threshold and that is obtained by adding a predetermined numerical value to the generation counter stored in the counter storage unit ; A challenge generation unit for generating a challenge value;
A transmission unit for transmitting the challenge value to the terminal device;
A receiving unit for receiving a response password transmitted from the terminal device as a response corresponding to the challenge value;
Based on the update counter, a password generation unit that generates a verification password;
A password authentication unit for verifying the generated verification password and the response password;
A counter update unit that updates the generation counter of the counter storage unit with the update counter when the generated verification password matches the response password;
Authentication program to function as. Computer
A counter storage unit that stores a generation counter that is updated each time a password is generated;
A challenge acceptance unit that accepts an update counter that is a value for updating the generation counter and adds a predetermined numerical value to the generation counter as an input of a challenge value;
A password generation unit that generates a response password that is a password for a response to the challenge value based on the update counter;
A display unit for displaying the response password;
A counter update unit for updating the generation counter of the counter storage unit with the update counter;
Password generation program to function as

Images