JP6978168B1 - Authentication device and authentication system, one-time password generation authentication device and pseudo random number generator, encrypted data decryption system, login or entry or unlock system or access control system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a service providing system and an apparatus for making it difficult to falsify the possession state of a contract or an OTP token by issuing and authenticating an OTP token using a distributed ledger system. SOLUTION: This is an OTP authentication system used for decrypting and browsing encrypted data, logging in to a website, using paper and electronic tickets, and unlocking buildings and equipment, and is a distributed ledger system. A means to update a password by using a variable that can be changed at any time only by the contract administrator as an argument of a hash function that generates and authenticates a password, which has a function to authenticate with a contract that generates OTP using a blockchain or a blockchain. To be equipped with. Further, the OTP authentication system uses the block number on the blockchain as a variable corresponding to the change of time. [Selection diagram] Fig. 1

Description

The present invention relates to a system or device that uses a blockchain to generate a dynamic password based on a variable that can be changed at a certain time T to authenticate a user. The present invention relates to a service providing system or an apparatus using the present invention.

With the spread of the Internet, it has become possible to provide real-world services in digital space using computers and networks, from commercial transactions to electronic commerce and from face-to-face bank transactions to Internet banking (net banking). Web services with authenticated logins, such as browsing e-mail, browsing video and music sites, social networking services, internet banking, and logging in to e-commerce sites, are expanding.
When providing a service to a customer on a website using an internet service, the customer registered for the service is required to register a telephone number or user ID (or user's nickname), e-mail address and password, and log in to the website. .. After logging in to the website here, you may operate high-value data.
For example, when transferring money to another person's bank account in Internet banking, it is necessary to have an authentication method different from the password used for login and confirm whether the logged-in person is the user himself / herself. If the information is leaked to others and misused with the password alone, the property may be stolen by a malicious person by illegally accessing the Internet banking and supporting the movement of the asset.

Therefore, it is necessary to combine a method other than a password with a method for verifying the user's identity.
There are many ways to verify and authenticate the person. Knowledge that the person knows, 2. Owned property of the person, 3. There are three biological characteristics of the person. The following is an example.
1. 1. The knowledge that the person knows is a password, a password, a 4-digit PIN, and so on.
The password is static. It is also assumed that an attacker illegally obtains a password or conducts a password brute force attack. For password brute force attacks, the person must periodically update at different times to use a dynamic password. For a 4-digit PIN, it is assumed that a brute force attack will be performed in which a PIN from 0000 to 9999 is entered in a round-robin manner.
In order to counter this, the number of times the authentication is not successful is recorded, and if the authentication fails about 3 to 5 times in a row, the method of not performing the authentication is taken. For example, in Japan, it is conceivable to record the number of times authentication by PIN is executed, return the number to zero if it succeeds, and disable the execution of authentication itself when the number of times exceeds a certain number. If you enter the wrong PIN 3 to 5 times on the Individual Number Card being used, the use will be stopped.
2. 2. The person's possession is a dynamic password generator, an IC cash card, and an individual number card. (Outside the field of computers, keys and seals made of wood, metal, etc. also belong to the property used for authentication.)
In the present invention, when a password having a randomness that is too long to be remembered by a general person, for example, 256-bit private key data for public key cryptography, the private key is printed on paper or recorded on a digital device for use. So it is considered to be owned. In addition, among the IC cards, the personal number card contains the data of the electronic certificate, and the data and information of the private key recorded on the IC chip of the personal number card cannot be taken out to the outside, so it can be regarded as possession.
Generally, the number of numbers and letters that humans can memorize is 7 plus or minus 2 (Note 1). Humans cannot remember the 32-byte secret key that can express a number exceeding 7, for example, the number of 2 to the 256th power with 256 bits, and the 2048-bit secret key used for personal number cards, and the secret key data (secret). It is necessary to print the key information) on paper or engrave it on a board, record it on a recording board or magnetic tape, or store it in a digital device such as an optical disk, magnetic disk, or semiconductor memory. It is owned by the person.
Like stamps and metal keys, private keys are at risk of being duplicated if the data representing them is leaked. On the other hand, unlike biometric information, it is not non-updatable, and at the request of the user, the use of the illegally used private key is stopped, a new private key is assigned to the user, and the correspondence is performed. The private key can be switched. The private key information does not have to be set to one.
Private keys and dynamic password generators can be updated regularly between users and service providers to improve security. The dynamic password generator and private key update are performed by individuals and corporations that provide authentication means corresponding to the corresponding services. In addition to dynamic passwords, there is also an authentication method that sends a number table to the customer and checks whether the correct numerical characters can be entered on the website after login according to the number table.
In these methods, it is important that consensus building continues between the service provider (bank, etc.) and the user, and digital authentication means including the present invention are used as means for assisting consensus building. The present invention is just a tool such as a TOTP token, a valuable paper leaf, a metal key, etc., and whether or not the service can be received by using them is based on the agreement between the user and the service provider and the law of each country.
(Note 1) Miller, GA (1956). The magical number seven, plus or minus two: some limits on our capacity for processing information. Psychological Review, 63 (2), 81 --97.
3. 3. The person's biological characteristics include those that use physical information such as fingerprints, face, iris, voice, vein pattern information, and genetic information, and behavioral characteristics such as handwriting, walking, and speaker recognition.
Since biometric authentication uses information provided by the user, the key information for authentication is with the user if the user's body is alive, and is less likely to be lost compared to a metal key or the like. This characteristic is used for simple login in software such as computer terminal devices.
On the other hand, it is difficult to change biometric information. When biometric information is leaked, it is difficult to change it like a metal key or password. It is also conceivable to duplicate a fake biometric feature based on biometric data, which is the key to biometric authentication, to misidentify and break through the authentication sensing device that becomes a lock.
In addition, fingerprints and the like can be unlocked even if the user does not have the intention to log in. That is, there is a possibility that the attacker forcibly authenticates using the user's body when the user's intention is not clear.
In biometric authentication, it can be seen that the data of the person is transmitted to the device to be authenticated, and further factor is required to determine whether the data is based on the person's will. Therefore, when biometric features are used for authentication, it is preferable to use multi-factor authentication in combination with authentication based on knowledge or possessions.
When dealing with assets such as Internet banking services provided by banks, biometric authentication is used instead of the login password, and a means (password generator) that uses the person's possession for authentication is also used in multiple elements and stages. Authentication is performed to enhance security.

Here, one of the means for using the person's possession for authentication is a hardware-type dynamic password generator. The RFC6238 standard is known as an algorithm for generating a dynamic password. The RFC6238 standard uses a dynamically changing one-time password that is generated based on time. Such a one-time disposable password that changes with time is called a time-based one-time password (TOTP, Time-Based-One-Time-Password). TOTP can be used for hardware-type and software-type one-time password indicators. TOTP changes at certain fixed times.
Enter the 7 to 6 digit password displayed on the one-time password (OTP, One-Time-Password) display sent to you using TOTP into the Internet banking website or smartphone app, etc., and then enter TOTP. By performing authentication and performing operations on the website, it is considered that identity verification has been performed, the instructed program is operated, and important processing such as transfer to another bank's bank account is performed.
Two-factor authentication can be realized by using the one-time password generator owned by the person and the password of the knowledge known by the person together, and security can be improved.

On the other hand, the existing one-time password generator also had a problem. As an example, with existing hardware-type one-time password indicators (hardware-type TOTP tokens) that provide services such as Internet banking, it is necessary to synchronize the time between the bank's server terminal and the password indicator, and hardware-type TOTP. Since the battery used to maintain the function of the token as a clock and synchronize the time will be exhausted, it will be necessary to replace the battery regularly, and it will be new to the customer when updating the one-time password. There was a problem that it was necessary to mail or deliver a hardware-type TOTP token, and shipping costs were incurred.
Further, according to the RFC6238 standard (Non-Patent Document 3), the password calculates the hash value by using the time T as the argument of the hash function and the key information K (seed value K or secret variable K) that needs to be kept secret. If the information about K is leaked, it is necessary to update all the user's hardware type TOTP tokens. Therefore, regardless of the presence or absence of leakage, it is possible to maintain security by updating K together with the token at the time of regular battery replacement.
In addition, the display integer of the authentication password of the known hardware TOTP token is 6 to 7 digits, but if the processing capacity of the computer that performs the one-time password (OTP) token brute force attack increases, the display integer will be displayed. The inventor thought that it would be good if the number of digits could be increased and updated to 12 digits, etc., and the display time could also be updated and changed. (The inventor thought that it would be good if the number of OTP token display digits could be increased or decreased and the display time could be increased or decreased in order to counter brute force attacks by computer terminals with processing power that surpasses known computers in the future.)

The inventor was also searching for a way to log in with an OTP token on a website using an encrypted file. I thought that it would be very useful for the distribution of confidential information and contents if the plaintext data file that I wanted to convey to a specific individual corporation or group could be encrypted and decrypted using the key that is the access right.
It is common to use a fixed password to view encrypted files, but decrypt this by decrypting it using TOTP so that it can be viewed, executed, and used after decryption. The key viewing rights that can be used are converted into tokens like hardware tokens and exchanged to exchange confidential information, information within a certain community, use like electronic books, decryption, viewing, and use of paperwork software, etc. There was a problem of wanting to provide a device equipped with software to perform. Furthermore, I thought it was necessary to make it possible to view the content even when offline, such as in the event of a disaster.
In addition to browsing files, we also needed a login system for websites such as online banking sites, a real-world ticket and its reading system, an unlocking system for locking parts, and a starting system for vehicles, devices, and computer terminals. He wanted to be able to use access control systems that are available in both the real world and the web services and digital world.

Here, as in Non-Patent Document 1 and Non-Patent Property 2, cryptographic assets are stored using the distributed ledger system DLS, which has a blockchain type or directed acyclic graph type data structure and is difficult to tamper with among distributed terminals. A technology called smart contract (contract) has become available, which records issuance and transfer transactions, records program codes in transactions on DLS, and stores and operates them in data structures that are difficult to tamper with, such as blockchain.
Patent Document 1 is an example of using the blockchain or distributed ledger technology DLT related to music rights, and Patent Document 2 is also an example of a system that manages information of a plurality of file management systems with one contract of the distributed ledger. Is. Program information such as variables and functions belonging to the contract is recorded in the distributed ledger using the contract, and the terminals that become nodes via the network can be distributed all over the world, and the distributed type composed of the above nodes. It is a feature of the distributed ledger technology and the distributed ledger system that a program called a contract can be deployed (deployed) to the ledger system DLS all over the world and services can be provided across national borders.

Patent No. 6757042 Japanese Unexamined Patent Publication No. 2020-144586

Vitalik Buterin, Ethereum White Paper A NEXT GENERATION SMART CONTRACT & DECENTRALIZED APPLICATION PLATFORM, [online], [Search on November 16, 2020, Reiwa 2], Internet <URL: https://cryptorating.eu/whitepapers/ Ethereum / Ethereum_white_paper.pdf> IOTA Foundation, Differences between the Tangle and blockchain, [online], [Search November 16, 2020, Reiwa 2], Internet <URL: https://docs.iota.org/docs/getting-started/ 1.1 / the-tangle / tangle-vs-blockchain ＞ Internet Engineering Task Force (IETF), TOTP: Time-Based One-Time Password Algorithm, [online], [Search on November 16, 2020, Reiwa 2], Internet <URL: https://tools.ietf .org / html / rfc6238 ＞

The problem to be solved is that known hardware TOTP tokens require battery replacement and the token key information K cannot be updated by the service provider or token administrator. Another problem is that there are few methods for viewing encrypted books and other content using OTP. Another issue is that OTP tokens that solve these problems are not provided to, for example, website login tickets, ticket gates, entrance tickets to movie theaters, and equipment and building locking and unlocking systems. there were.

In the present invention, the block number Bn of the blockchain is mainly used for the value of T in the generation of TOTP in the distributed ledger system, or K and T are changed by the smart contract administrator in the distributed ledger system such as the blockchain. It is a major feature that it enables the generation of dynamic passwords.
The value of T is a value Tm or TB that changes at a certain time, and Tm uses the block number Bn that automatically changes according to the time change (time change) of the distributed ledger system, or the administrator of the smart contract (contract). There is a difference between changing and updating by manually sending a transaction for changing the data value to change Tm and K to the distributed ledger system. Changing and updating K by manually sending a transaction to the distributed ledger system by the contract administrator leads to updating K of the TOTP token, which is a necessary element in the present invention.
(In the present invention, it is assumed that the contract administrator manually sends the transaction to the distributed ledger system to change and update the transaction, but in addition to this, the transmitted transaction or OTP token set by the user who owns the OTP token. In some cases, the K value of TOTP can be changed by using the data value of the transaction sent by the user who does not own the TOTP.)

The present invention will be described. In the present invention, attention is paid to the block number of the blockchain. For the sake of explanation, the block number is paraphrased as the block number Bn in the present invention. It was devised in the present invention that the block number Bn is used for the numerical value T depending on the time used in TOTP. In the present invention, the method and the one-time password are referred to as BnTOTP. (In the embodiment of the present invention, Ethereum, which is one of the distributed ledger systems using the blockchain type data structure, is used, and in Ethereum, the block number Bn is called a block number.)
This name is BnTOTP because TOTP is operated by using the number Bn when the blockchain is the Bnth from the first block data (when the block number is the 0th) as the variable Bn representing the time and time change. Is called. Note that Bn is a number that is the basis of the calculation of BnTOTP, and BnTOTP may be generated by using a processed value (a variable obtained by obtaining a hash value by a hash function based on Bn and changing according to Bn).
In addition to generating time-based dynamic one-time password (OTP) tokens such as TOTP, it is one of the contract variables that accesses the blockchain at any time and calculates the OTP deployed on the blockchain. Focusing on the fact that a dynamic password OWP (OwnerPassword) can be used by updating the seed value of the OTP token without using the information by time T by changing the key information K, both TOTP (BnTOTP) and OWP Invent and implement an authentication system that uses.
In the present invention, the OWP does not use information about the latest time of the blockchain such as the block number, but the contract administrator who manages the contract on the blockchain of the authentication system rewrites the state of the internal variable of the contract to an arbitrary time. The dynamic password method in which the password generation value of all OWP method OTP tokens belonging to the contract is updated is called OWP.
In both TOTP (BnTOTP) and OWP, the internal variables of the contract are not limited to one contract and may be called from different contracts.
BnTOTP uses the fact that the block number Bn automatically changes the clock on the blockchain, and OWP changes when a variable on the blockchain is accessed and rewritten by an administrator or a general user at any time. Take advantage of being forced.
OWP can operate in the same way as BnTOTP and TOTP when the administrator user can update the seed value by periodically sending a signed transaction to the blockchain at the user terminal in OWP. However, while BnTOTP does not require a transaction for changing the seed value, OWP requires a transaction. When using OWP and BnTOTP as a password generator that is updated every 60 seconds, for example, in the case of OWP, it is necessary to manually or automatically transmit transaction data every 60 seconds, and the amount of data accumulated on the blockchain is BnTOTP. It occupies the storage area of the storage device of the terminal that becomes a node of the blockchain. Therefore, in the present invention, BnTOTP and OWP are used properly according to the intended use.
BnTOTP is used for web services connected to a network that wants to update the BnTOTP value every few tens of seconds via the network, and OWP is the same when disconnected from the network or for a long period of time (months to years). It is used for web services that may have an OWP value of, and for key applications that unlock valuable paper leaves and locks using paper or NFC tags.

In the present invention, an OTP token that uses Ethereum (Non-Patent Document 1), which is one of the blockchain platforms, to generate and authenticate BnTOTP and OWP using a blockchain and a smart contract, and an authentication system using the contract are provided. Invented and implemented. The present invention has been developed based on Ethereum, and a part of the explanation of the terminal as a node constituting the blockchain and the explanation of the user terminal are as described in Non-Patent Document 1, and the details of this patent application are provided. Not described.
And the explanations and figures and tables described in this patent application are explanations on the basis where Ethereum can be used, and not all the explanations necessary for execution in Ethereum are described, and the operation of Ethereum as a distributed ledger system. Will be mainly described with respect to the known Non-Patent Document 1. FIG. 9A illustrates the operation of the contract of the present invention on the Ethereum blockchain. FIG. 9B is an explanatory diagram of the operation of the present invention in a directed non-circular graph type distributed ledger system.
In FIGS. 9A and 9B, the operation of the OWP type password is possible from the smart contract. Since there is information derived from the block number and block data of the latest data block in the block chain of FIG. 9A, it can be used for the calculation of TOTP. BnTOTP type or TOTP type when hash value, time stamp, etc. are entered in each data block (chunk) and time information can be obtained from the latest data chunk or when the distributed ledger system has time information. Password can be generated.
The main feature of the present invention is to use an OWP type password. By changing the K inside the contract of the OTP token on the blockchain, all the passwords displayed by the token issued by the contract of the OTP token can be changed. Pseudo TOTP can be realized by changing the OWP type password at certain times.
On the other hand, with OWP passwords, transactions must be sent to the distributed ledger system. If a contract administrator or the like sends a transaction to the distributed ledger system in order to realize TOTP on the distributed ledger, network traffic may increase. In addition, transaction data increases, and the capacity of the storage device of the node terminal may increase.
There, an OWP-type password that allows the contract administrator to change the K value when it is necessary or when it is necessary (once every few weeks, months, or years), and every 60 seconds, etc. For TOTP applications where you want to update passwords frequently, a dynamic password is generated using a BnTOTP type password that mainly uses a block number and a BnTOTP type password that combines a BnTOTP type password with an OWP type password that can change the K value. Authentication helps reduce network traffic and the capacity used in the blockchain of the storage device. Therefore, the present invention is characterized by using either or both of the BnTOTP type and the OWP type.

The present invention is not a hardware type TOTP token but a software TOTP token based on the blockchain and its network so that the service provider can update the key information of the token without the need for battery replacement, on the blockchain at a certain time. The most important feature is that it is an authentication system in which the variable changed in the block data is the time-based variable Tm and the time-varying variable T in the RFC6238 standard.
Further, the main feature is that the authentication system uses the variable Bn of the block number for the latest block data on the blockchain as the variable T which fluctuates with time in the RFC6238 standard of the TOTP token.

The present invention comprises means such as a variable in which a part or all of the key information K of the RFC6238 standard can be accessed and changed only by the token administrator at an arbitrary time, and a function in which the variable can be changed. The main feature is that it can be updated by the administrator.
Here, when the key information K can be changed by the administrator, even if the variable T of the RFC6238 standard is not set or is a constant that does not change depending on the time, the value K that the administrator instructs at an arbitrary time and changes is a variable. It may be T. (In the present invention, an administrator is preferable to update the key information K, but a non-administrator user may change the K of the contract on the blockchain. All users involved in the token may change the K of the contract at any time. The authentication system of the present invention can operate as a dynamic password generation token according to the value voted by the user even if the specified value is input to the blockchain and voted.)

Using a software-type password generator token (OTP token) using a distributed ledger system such as a blockchain and an authentication system, a blockchain-type token (OTP token) is issued to the user, and the OTP token is encrypted, for example. It can be used as a token that is the key to decrypting data, for login to websites, entrance tickets for ticket gates and movie theaters, entrance / exit passage permits, valuable paper leaves, and NFC tags. The main feature is that it is an authentication system and an access control system that locks and unlocks.

Further, in the present invention, it is possible to change the owner of the OTP token on the blockchain and transfer the OTP token between different users. It is also possible to transfer OTP tokens between different users, which enables decryption of encrypted data of certain sentences, books, audio, video, and software contents.
However, in the present invention, the OTP token contract may have a function of limiting the transfer function, and has a control unit that enables or disables the transfer of the OTP token at any time according to the request of the contract administrator. The main feature is that it is an authentication system using OTP tokens.
The function of restricting the transfer function of the OTP token contract is assumed to be that some rights holders of the content obtained when decrypting the encrypted data want to control the distribution of information, and other restrictions on transfer are assumed. This is because it is expected to be used for prohibiting the transfer itself, such as a certain ticket or a hardware-type one-time password card for Internet banking of a bank. A transfer restriction function can be incorporated into the program of the OTP token contract so that the OTP token is not transferred contrary to the terms of service.
In the present invention, a control unit that restricts the transfer can be set, and depending on the desire of the service provider who is the user of the present invention, the transfer of the OTP token may be restricted at an arbitrary time (current time) so that the transfer cannot be performed. It is characterized by having a function to make it transferable. Further, in the present invention, a control unit for restricting transfer can be set, and depending on the desire of the service provider who is the user of the present invention, the control unit can be eliminated and the transfer of the OTP token can always be disabled.

In the present invention, in addition to the transfer restriction, the user's token that violates the service provider's agreement can be forcibly released from the correspondence with the identifier on the user's blockchain, and the one-time password token can be removed from the user. It is also characterized by being able to be used for an authentication system having a control unit. However, this function is a function that can be realized in the Ethereum ERC721 standard and is a known technology.
In addition, this OTP token removal function can forcibly remove the OTP token of a certain token number of the user identifier calculated from the private key of a certain user by the contract administrator, so that the user and the service provider / OTP token contract can be forcibly removed. It is assumed that an agreement with the administrator is required and it is not normally used.
By restricting the transfer of OTP tokens between users and issuing and removing OTP tokens to a certain user, the user can generate the OTP of the present invention using the OTP token and authenticate the OTP, while the OTP token is substantially. It is possible to store and transfer OTP tokens in which the manager of the contract manages, manages, and distributes the ownership. It is assumed that it will be used for OTP token storage and transfer by a third party who is qualified to store OTP tokens, such as OTP token storage and transfer.
The concept of custody transfer is similar to the concept of centralized custody of securities and name rewriting of the Japan Securities Depository Center, and it may be a known concept, but one of the forms that realizes it on the blockchain under the ERC721 standard is transfer restrictions and tokens. It is considered that it may be realized by combining the issuance and removal of the above, and it is assumed that it can be adopted in the present invention.

The authentication system of the present invention is a software one-time password in which a blockchain unit constructed on a server terminal (terminal 3A in FIG. 3A or terminal 3B in FIG. 3B), which is a node that can be installed all over the world, is connected by a network 20 and distributed. Holds token information. Since the distributed ledger is used, even if a disaster occurs in one area, data can be disseminated from server terminals in other areas around the world. In addition, it may be possible to distribute services corresponding to the OTP token authentication system all over the world.
The smart contract, which is the one-time password program of the present invention, is transmitted as a transaction from the terminal of the contract administrator to a distributed ledger system such as a blockchain in the form of a byte code or the like, and is stored in block data with a blockchain and past block data. It becomes difficult and immutable due to the characteristics of the blockchain, which is linked to the blockchain, which is a concatenation of the one-time password program (contract) by an attacker, and the user for the OTP token and the token number of the OTP token belonging to the contract. There is an advantage that it becomes difficult to tamper with the correspondence with the identifier and the possession status of the OTP token.

In addition, it is difficult to lose the OTP token as long as the user and the user terminal have the private key used for access and the node terminal of the blockchain (the network to which the node terminal is connected). This is less likely to be lost than a hardware token or a software token installed and used on an existing computer or smartphone, and has the advantage of being accessible all over the world and being able to manage node terminals in a distributed manner.

The hardware token requires a battery to synchronize the time and time, and when the battery level is low, the time shifts and the user has to adjust the time. On the other hand, the blockchain used in the present invention has an advantage that servers distributed all over the world act as nodes and are driven while synchronizing the time, and time synchronization is not required.
The flow of time in the blockchain corresponds to the fact that blocks including new transactions are connected to the original blockchain at regular intervals, and the information Tm that reflects the time in the latest connected block is displayed. By using it as the seed variable T for calculating the TOTP of the TFC6238 standard, time synchronization is not required.

Further, with the hardware token, it is difficult to change K among the seed values, and the device is disposable, but the password generator using the blockchain of the present invention has an advantage that K can be updated. If a transaction for updating K is sent to the blockchain, the K values of all OTP tokens involved in K can be rewritten and updated.
When K is updated, the seed value used for OTP calculation changes and the appearance of future OTP calculation results is renewed.

In the present invention, the OTP token can be transferred if the service provider corresponding to the OTP token permits it. It is also possible to prohibit or allow the transfer of OTP tokens included in the contract between users. Encrypted content and tokens that can be used for decryption and viewing can be sent to domestic and overseas markets. This may make it easier to sell overseas while restricting the transfer of data usage rights such as books, audio and video, member sites and software. While having a transfer restriction function, it will be sold among users as the right or the book itself while owning e-books etc. as data.

If the token removal function is implemented in addition to the transfer restriction function, it is possible to control and manage illegal resale and prevent the token from being passed to countries where sales should be refrained. In addition, if the private key is lost or leaked and the token cannot be used normally, the user can notify the token administrator and assign the token to the user identifier calculated from the new user's private key.
(In the present invention, since the content and the token can be easily transferred from Japan to the foreign country, the transfer restriction and the token removal function are described. When the token administrator and the token user can agree on the terms of use of the token, etc. It is preferable to use it.)

FIG. 1 is an explanatory diagram showing a method of generating a one-time password and performing authentication using a blockchain. FIG. 1A is an explanatory diagram showing a concept when a method of generating and authenticating a one-time password (OTP) using the blockchain of the present invention is used for a server terminal. FIG. 1B is an explanatory diagram showing a concept of a method of decrypting encrypted data through an OTP authentication system using the blockchain of the present invention. FIG. 2A is an explanatory diagram of a terminal DA of a user UA that performs authentication using the authentication system of the present invention. FIG. 2AA is an explanatory diagram of a storage unit (storage device), a control unit (control device) input / output device, and the like of a user terminal DA that performs authentication using the authentication system of the present invention. FIG. 2B is an explanatory diagram of a terminal DB of a user UB different from that of FIG. 2A. The functions of the terminal DA and the terminal DB are equivalent. The private key information is different. FIG. 2C is an explanatory diagram of the terminal DC of the user UC that deploys and manages the contract in the blockchain unit. The functions of the terminal DA and the terminal DC are equivalent. The private key information is different. FIG. 3A is an explanatory diagram of a server terminal 3A that has a blockchain unit constituting the distributed ledger system DLS and is a node of the blockchain connected to the network 20. FIG. 3AA is an explanatory diagram of a smart contract (contract) of a control unit, a storage unit, and a blockchain unit recorded in the storage unit and the storage unit of the terminal 3A of FIG. 3A. FIG. 3AB is one of the explanatory diagrams of the contract of the blockchain unit recorded in the storage unit of the terminal 3A of FIG. 3A. FIG. 3AC is an explanatory diagram of a specific example of a blockchain unit contract that can change the transfer restriction function recorded in the storage unit of the terminal 3A of FIG. 3A, the number of characters / digits of the OTP, and the authentication standby time of the OTP. FIG. 3B is an explanatory diagram of a terminal 3B which has the same blockchain unit as the server P (3A) of FIG. 3A and is a node constituting the distributed ledger system DLS on the network 20. FIG. 3C is an explanatory diagram of a server terminal 3C that provides a service for authenticating the present invention by logging in to a website (web page, web application) or the like. FIG. 3D is an explanatory diagram of a terminal 3D that reads and authenticates a valuable paper leaf or a key on which the authentication information of the present invention recorded on a printed matter, a display screen, and an NFC tag is recorded, and performs a service. FIG. 3DA is an explanatory diagram of a storage unit (storage device, 30D) and an input / output device (34D, 35D) of the server SVLog (terminal 3D) shown in FIG. 3D. FIG. 3E is an explanatory diagram of a server terminal 3E that purchases an OTP token or outputs OTP authentication information to paper and an NFC tag to issue a ticket, a valuable paper leaf, a key, or the like. FIG. 3F is an explanatory diagram of the server terminal 3F that searches, monitors, and notifies the user terminal of transaction information and OTP token information from the blockchain information recorded in the server P (3A). FIG. 4A is an explanatory diagram of a terminal (4A) that decrypts encrypted data using the authentication system of the present invention for viewing, viewing, or using. FIG. 4B is an explanatory diagram (example) of a storage device of a terminal (4A) that decrypts encrypted data using the authentication system of the present invention for viewing, viewing, or using. FIG. 4C is an explanatory diagram when the plaintext data 4035A is encrypted or obfuscated in the storage device of the terminal 4A in FIG. 4B and incorporated in the software 403A 4030A. FIG. 5A is an explanatory diagram of a server terminal that decrypts encrypted data using the authentication system of the present invention and distributes an advertisement to a terminal (4A) for viewing / viewing or using. FIG. 5B is an explanatory diagram of a server terminal 5B that decrypts encrypted data using the authentication system of the present invention and distributes the encrypted data to a terminal (4A) for viewing, viewing or using. FIG. 5C is an explanatory diagram of a server terminal 5C that decrypts encrypted data using the authentication system of the present invention and transmits the encrypted data to a terminal (4A) for viewing / viewing or using. FIG. 6A is a flowchart showing the processing of a function that generates an OTP for a holder of an OTP token in the present invention. This is a basic OTP generation function. FIG. 6B is a flowchart showing the processing of a function for generating an OTP having an OTP generation count recording function for the holder of the OTP token in the present invention. FIG. 6C is a flowchart of a function for authenticating OTP when the accessor to be authenticated having a recording function such as the number of OTP authentications is limited to the user identifier of the token holder in the present invention. FIG. 6D is a flowchart of a function for authenticating OTP in the present invention, which has a recording function such as the number of OTP authentications and does not limit the users to be authenticated. FIG. 6E is a flowchart of a function for authenticating OTP when the recording function such as the number of OTP authentications is removed from FIG. 6C in the present invention. FIG. 6F is a flowchart of a function for authenticating an OTP when the accessor to be authenticated is not limited in the present invention. This is a basic OTP authentication function. FIG. 6G is a flowchart showing the processing of a function that authenticates an OTP by determining whether the access is an access of a holder of an OTP token having a recording function such as the number of OTP authentications in the present invention. FIG. 6H is a flowchart showing the processing of the function of determining whether the access is the holder of the OTP token and authenticating the OTP in the present invention. FIG. 6X shows a data structure recorded when a user terminal (1A or 4A) accesses a server terminal (3C, 3D, 3E, 3F, 5A, 5B) that performs a service using the authentication system of the present invention. It is a chart. FIG. 7A is one of the sequence diagrams illustrating the authentication system of the present invention (a block number Bn is mainly used for TB. It is also an explanatory diagram of a BnTOTP type password). FIG. 7B is an authentication sequence explanatory diagram when the contract administrator can change the internal variables KC and BC of the contract which are the seed values for calculating the password OWP in the present invention by using the function fscb. FIG. 7CA is a sequence diagram when the encrypted data in the present invention is decrypted and the decrypted plaintext data is viewed, viewed, and executed as a program. FIG. 7CB is a sequence explanatory diagram when plaintext data is encrypted and encrypted data is distributed / distributed in the present invention. FIG. 7CC is a sequence explanatory diagram when the encrypted data that has been browsed in the present invention is decrypted in an offline state not connected to the network and browsed as plaintext data. FIG. 7D is a sequence diagram illustrating the operation of the authentication system when logging in to a web-based service such as a website or web application in the present invention. FIG. 7E is a sequence diagram illustrating that the service is entered, unlocked, and started by authenticating with a password OWP using a valuable paper leaf or an NFC tag as an example in the present invention. FIG. 8A is a diagram illustrating the connection of terminals when logging in to a website. (Example 1, Embodiment 1) FIG. 8B is a diagram illustrating connection of a terminal when using a valuable paper leaf or a key by a printed matter and an NFC tag. (Example 2, Embodiment 2) FIG. 8C is a diagram illustrating a connection of a terminal that uses software CRHN (403A) when distributing (distributing) encrypted data through a communication network. (Example 3, Embodiment 3) FIG. 8D is a diagram illustrating a connection of a terminal that uses software CRHN (403A) when broadcasting encrypted data by data broadcasting. (Other Examples of Embodiment 3) It is a figure explaining the outline of the authentication system by OTP token which used the blockchain type data structure in the distributed ledger system DLS (distributed ledger system DLS). It is a figure explaining the outline of the authentication system by OTP token using the directed non-circular graph type data structure in the distributed ledger system DLS (distributed ledger system DLS).

The present invention consists of several elements. A typical explanatory diagram is FIG. Explanatory views of the terminal connection used in FIG. 1 are shown in FIGS. 8A, 8B, 8C, and 8D. A computer terminal (electronic computer terminal) such as a server terminal or a user terminal used in the present invention includes a control calculation device (control device, calculation device), a storage device, an input device, and an output device as the five major devices of a computer. Then, in the terminal, the control arithmetic unit, the storage device, the input device, and the output device are connected by wiring such as a circuit or an electric wire with a patterned conductor. Further, the control calculation device (control device, calculation device), the storage device, the input device, and the output device may be connected by wire (electric cable or optical fiber) or wirelessly. The terminal is equipped with a wireless or wired communication control device (communication device) and is connected to a network 20, an external terminal, or the like, and can also be connected to an external storage device or an input / output device. The terminal is equipped with a power supply and supplies electric power to drive the computer terminal.
Even if it is a computer that uses some kind of quantum instead of an electronic computer, or a classic computer that uses a machine such as a gear that uses mechanical energy without using electric power or movement of electrons, that is, a computer terminal that is not bound by the framework of an electronic computer. It may be within the scope of the description of the present invention if it uses a storage device such as a paper print information or a semiconductor memory magnetic disk optical disk described in the present invention, a hash function, and a distributed ledger.
1. 1. User UA terminal DA (terminal 1A)
A user UA and its terminal 1A comprising a computer terminal DA or a terminal 1A (terminal 1A of FIGS. 1 and 2A, FIG. 2AA) that displays or authenticates an OTP using the OTP token of the present invention.
The terminal 1A is a program for accessing the blockchain server 3A or the like in the storage device, a URI indicating the access destination server P (server 3A in FIG. 3A), and a private key PRVA used when accessing the blockchain (FIG. 2AA). The private key information 101A) is provided. The terminal 1A has a communication device 12A and accesses the server 3A via the network 20.
The present invention assigned to the user identifier A calculated from the private keys PRVA 101A and 101A as described in the flowchart of the OTP generation function of FIGS. 6A and 6B when accessing the server 3A for OTP generation. An OTP token with the token number TIMA of is required. When requesting OTP authentication, an OTP token having the token number TIDA of the present invention assigned to the user identifier A calculated from the private keys PRVA 101A and 101A may also be required (FIGS. 6C, 6E, FIG. 6G, FIG. 6H), and it is also possible that the OTP token is assigned to the user identifier A or the user identifier A and does not require a process of determining whether or not the user identifier A is owned, as in the flowchart of the OTP authentication function of FIGS. 6F and 6D. can.
In addition to the user UA of the terminal 1A, the user UB of the terminal 1B, the user UC of the terminal 1C, and the user UP of the terminal 4A also exist. The terminal 4A is one form of a user terminal that performs this authentication system like the terminal 1A. In the present invention, the user UP and the user UA are the same person, and the secret key 101A and the secret key 401A are the same, but the symbols may be changed for the sake of explanation.

2. 2. Server P (Server 3A)
<Specific assumptions in the examples, etc.>
In the present invention, as shown in FIG. 1, through a network 20 in which a server P (3A), a server B (3B), etc., which are nodes having a blockchain unit constituting a distributed ledger system DLS such as a blockchain, can be encrypted. They are interconnected. Ethereum was used for the distributed ledger system DLS such as blockchain. Known Ethereum is approximately every 15 seconds (15 seconds is a value set when creating a blockchain such as Ethereum, and the blockchain creator can create it in any number of seconds such as 15 seconds or 4 seconds. ), A new block is connected to the blockchain, and the block number Bn × 15 seconds has passed since the time when the block number was zero.
Proof of work type (PoW type) for consensus formation / consensus algorithm between nodes constituting the blockchain such as terminals 3A and 3B for connecting new data blocks to the blockchain in the main net and test net of Ethereum. , Proof of Work (Proof of Work) or Proof of Authority type (PoA type, Proof of Authority, Proof of Authority) or Proof of Stake type (PoS type, Proof of Stake), and other blocks Practical Byzantine Fault Tolerance (PBFT type, Practical Byzantine Fault Tolerance) and the like also exist in the chain type distributed ledger system. In order to carry out the present invention, a proof of authority type, a practical bysantin fault tolerance type, and a proof of stake type, which can be expected to have low power consumption and many transactions that can be processed, may be used.
The present invention preferably uses a consensus building method with low power consumption and high transaction processing speed, and for that purpose, a consensus building algorithm similar to a centralized distributed ledger management method may be used. Since the present invention is not an invention relating to a consensus formation algorithm of a distributed ledger system, the present invention does not touch upon consensus formation, but in the embodiment of the present invention, an Ethereum test using a proof of work type or a proof of authority type is used. The present invention was developed and implemented using a net.
Here, in the present invention, it is premised that the control unit (31A) and the storage unit (30A) of the server P (3A) are provided with equipment capable of forming and processing Ethereum, which is one of the blockchain boards, in the blockchain unit. do. Although all the elements for executing the blockchain system using Ethereum are not described in the present invention, in the present invention, the user terminals (1A and 4A in FIGS. 1A and 1B) and the server terminals 3A and 3B, 3C, 3D, 3E, 3F, 5A, 5B, 5C and the like may have a blockchain control unit and a blockchain data recording unit that can be Ethereum nodes. The server P (3A) is connected to the network 20 through the communication device 32A and is connected to a node terminal 3B of another blockchain and a terminal group corresponding to a plurality of 3Bs via the network 20 to form a distributed ledger type system.

The user's computer terminal DA (terminal 1A) and terminal DC (terminal 1C) access the server 3A having the blockchain unit through the network NT (network 20) (FIG. 1A).
It is assumed that the server 3A has an operating system and web browser software installed and can execute ECMAScript (ISO / IEC 16262) and the like. Then, install the client software such as the Ethereum client software geth (Go Ethereum, https://github.com/ethereum/go-ethereum, viewed January 3, 2021), which is the node of Ethereum, and execute the client software. It is working. And as an example, the Ethereum blockchain is recorded in the recording section.
There are two types of accounts in Ethereum: user accounts (EOA: Externally Owned Account) and contract accounts (Contract account). In the present invention, the user account EOA is referred to as a user identifier, and the contract account is referred to as a contract identifier as the address of a smart contract.
In the present invention, Ethereum is used as the base of the blockchain, and the contract is based on the smart contract standard for non-fangible tokens of the ERC721 standard. The following three are cited as references of the ERC721 standard. 1. 1. Ethereum Foundation, https://eips.ethereum.org/EIPS/eip-721, accessed December 11, 2020, 2. OpenZeppelin, https://docs.openzeppelin.com/contracts/3.x/erc721, viewed December 11, 2020, 3.0xcert.org, https://github.com/0xcert/ethereum-erc721, 2020 Retrieved December 11th.
In Ethereum, in a smart contract of the ERC721 standard, the administrator of the contract (having a user identifier C calculated from the private key 101C) issues a token in one unit and sends it to the user identifiers A and B as users. A token of the ERC721 standard is issued to the user identifier A by associating the token ID represented by an unsigned integer type variable with the user identifier A to be the holder thereof.
Here, in the present invention, the token ID in the ERC721 standard is referred to as a token number. Information that the user identifier A owns the token number TIDA is recorded in the contract.
For example, as in 3014A of FIG. 3AC, the possession information (3015A) of the token having the TIDA number is recorded in the user identifier A, and the possession information (3016A) of the token having the TIDB number is recorded in the user identifier B. The final ownership information is recorded, such as a token being issued by a contract for a certain identifier or being transferred between different user identifiers.
Transactions related to contract creation, transfer records, and changes to contract internal variables are recorded on the blockchain in a state where they are difficult to tamper with, and past token holding history information cannot be deleted. Once recorded on the blockchain and deployed, the contract program will not be tampered with.

<Token on the distributed ledger used in the present invention>
In the present invention, Ethereum was used as the base of the blockchain when carrying out. Further, it is considered that the token of the ERC721 standard used in Ethereum can be used for issuing a non-fangible token equipped with OTP on Ethereum, and was adopted when carrying out the present invention.
Then, a smart contract (contract) in which a token of the ERC721 standard equipped with a program related to a one-time password (OTP) was used as a contract for the OTP token of the authentication system of the present invention. The ERC721 standard was used in carrying out the present invention, but this is one of the embodiments of the present invention, and the present invention can be carried out as long as it is a smart contract capable of providing the function of the OTP token of the present invention on the distributed ledger. .. The OTP tokens of the present invention are not limited to the ERC721 standard and similar tokens and smart contracts of tokens.
In the present invention, the OTP token or the OTP generation token / OTP generation contract indicates a contract that performs processing such as ownership of the token that generates OTP, its token issuance processing, token transmission processing, and display of information such as a token name. The OTP authentication function inside the OTP authentication contract or the OTP authentication contract has a variable and a processing unit for calculating an OTP that matches the OTP generation function of the OTP generation contract, and can perform OTP generation and authentication processing. 3AA, 3AB, and 3AC are illustrations of the contract, and FIG. 3DA is an example of having an authentication function in the terminal 3D instead of the terminal 3A.
In the chart explaining the server group (3A, 3B, etc.) having the blockchain unit and the terminals (1A, 1C, etc.) connected to the blockchain unit, the control unit (control unit) capable of executing the Ethereum blockchain and contract used in the embodiment. It is assumed that it has a processing unit) and a storage unit (recording unit).
The details of the control unit and storage unit conform to the specifications of Ethereum, and are also applied to systems with similar blockchain infrastructure. In the present invention, an ERC721 standard token is provided with an OTP generation function, and a contract (OTP generation contract) capable of issuing an ERC721 type OTP generation token is used. Then, the OTP authentication function that can be set to the same value as the seed value used for OTP generation of the OTP generation contract is provided in the OTP generation contract, or a separate OTP authentication contract is created and the OTP authentication contract is provided with the OTP authentication function. ,
The OTP generated by the OTP generation function is output to the user terminals 1A and 4A, and the output OTP and the information necessary for OTP authentication are transmitted from the user terminals 1A and 4A to the OTP authentication function or terminal 3D of the contract related to OTP authentication. It is input to the installed OTP authentication function to verify and authenticate whether it is the correct OTP, and in the case of the correct OTP, the return value data when the authentication is successful is transmitted to the processing unit of the user terminal.
The OTP generation token of the present invention is the ERC721 standard equipped with an OTP generation function, and is a blockchain of hardware TOTP tokens that can be owned by humans and used for logging in to Internet banking (net banking) services. It is made available by owning it in a distributed ledger such as.

<Token number and token issuance of non-fangable token of ERC721 standard>
In the one-time password generation function of the present invention and the contract including the same, one token number TIDA is issued (mint) to the user of a certain user identifier A for the token of the ERC721 standard. The issue function inside the contract (3042A in FIG. 3AC) is used to issue the token. As a general rule, 3042A cannot operate token issuance unless it is the private key PRVC (101C in FIG. 1C) of the contract administrator.

<Transfer of tokens and restrictions on transfer>
According to the ERC721 standard, tokens can be freely transmitted and transferred between different user identifiers.
Since the token for generating the OTP (OTP token) of the present invention conforms to the ERC721 standard, the token number TIDA can be sent to a user such as the user identifier B when the user of the user identifier A desires. The token is transmitted using the token transmission function of FIG. 3AC (3040A of FIG. 3AC). In the ERC721 standard, there is no function for prohibiting the transmission of tokens by the contract administrator, but in the present invention, it is possible to allow the execution of 3040A to be stopped by using the transfer restriction variable and the function (3041A).
In the present invention, it is also necessary to use a token such as a bank's one-time password token, a prohibited ticket, or a membership, which is restricted or non-transferable. The transfer restriction processing unit 3041A that controls the execution of the function) and the function group (approve function) related to the permission of transmission is provided, and the transfer restriction processing unit processes by the variable that can be changed only by the terminal 1C of the contract administrator (Owner). I made it possible to change it and restrict the transfer.
Specifically, a boolean variable that controls the execution of the transfer function and a boolean variable that controls the execution of the apply function are set in the contract (true / false as a global function that can be accessed from all the functions inside the contract). (Set a variable of value), it has a function taf that is a setter that can be accessed only by the identifier C of the contract administrator (C is calculated from 101C of terminal 1C), and the true that controls the execution of the transfer function by taf. By rewriting the variable of the false value and the variable of the truth value that controls the execution of the apply function, it is possible to switch between the transferable state and the non-transferable state.
(The token transfer restriction restricts the rewriting of the token ownership information between different user identifiers. The user identifier corresponds to the user's private key, and the token transfer restriction actually limits the token transfer between different private keys. Restrict exchanges.)

<Contract related to one-time password (smart contract)>
In the present invention, issuance of a one-time password token (OTP token) to a user (assignment of a token, mapping), transmission of a token (transfer of a token between users), acquisition of rating information, and a name of a token on a blockchain. Information can be acquired, URI information of tokens can be acquired, and the like. Then, hash using the seed value S generated based on the secret value KC, the variable TB that changes depending on the time (the block number Bn is used as TB in the present invention), the token number TIDA, and the user identifier A as the argument of the hash function fh. There is a one-time password generation contract (FIG. 3AA, FIG. 3AB, FIG. 3AC, 3008A or 30008AG) with a one-time password generation function that obtains a value and returns it as a one-time password.
Further, in the function for authenticating the one-time password or the contract for authenticating the one-time password of the present invention, the seed value S used in the function for generating the one-time password and the hash function fh verify the function input as an argument in the function for authenticating the one-time password. If the seed value used for and the hash function can be synchronized, it can be confirmed that the password matches when the password is correct. (Figs. 6A and 6B show flowcharts explaining the processing of the one-time password OTP generation function 3009A. FIGS. 6C, 6D, 6E, 6F and 6F show flowcharts explaining the processing of the one-time password OTP authentication function 3018A. 6G and FIG. 6H.)
The OTP authentication function may be built in the OTP generation contract including the OTP generation function, or the OTP authentication function may be built in the OTP authentication contract to store the OTP generation contract and the OTP authentication function separately. The OTP authentication contract may be separated and recorded in the block data of the same block number or different block numbers on the blockchain.
Further, the OTP authentication function may be in the terminal 3D not connected to the network, the OTP generation function may be in the terminal 3A on the network, and the OTP acquired by the terminal 1A in the terminal 3A may be used for authentication in the terminal 3D.
Contracts are recorded in other blockchains with different authentication functions and generation functions, and a system may be used in which OTP generation and authentication are shared between the two blockchains, but in that case, they are divided into two blockchains. The recorded OTP generation function and the calculation method used for the password calculation of the OTP authentication function, the hash function fh, and the seed value S must match.
As an example, the seed values A, TIDA, KC, Bn of the argument of the function used in the flowchart of the OTP generation function of FIG. 6A and the OTP authentication function of FIG. 6F, the hash function fh, and the calculation procedure using them match, and OTP generation It is necessary that the same OTP can be calculated by the function and the OTP authentication function, and after the hash value is obtained from the seed value and the hash function in F107 of FIG. When using the OTP of an N-digit unsigned integer, the remainder is obtained in the same way with the OTP authentication function, and the OTP authentication function and OTP can calculate the OTP of the N-digit unsigned integer by dividing the remainder by 10 to the Nth power. The OTP calculated by the generation function must match and synchronize.
Of the seed values, A and TIDA are token numbers corresponding to the OTP token holder and the serial number of the token held and are variables derived from the user, but KC is a value that can be updated by the contract administrator, so the KC value. Must be provided with a means that allows the OTP generation function and the OTP authentication function to match.
In addition, the variable Tm that changes at a certain time T such as the seed value Bn or BC must also match, and BC is a variable that the contract administrator needs to match, but the OTP authentication function and OTP also for Tm and Bn. When a phenomenon that does not match occurs in the generation function, it is necessary to provide a means for matching.
Contracts with OTP authentication functions and OTP generation functions deployed in the same blockchain (same blockchain identifier, distributed ledger system identifier) can use the same Bn, but OTP authentication functions between different blockchain identifiers. When operating a contract with an OTP generation function separately, when operating by adding or subtracting a correction value to Bn different between blockchain identifiers, if Bn does not match, setter so that Bn matches. It is necessary to have a means to make it possible to match, such as a function.

<Calculation of one-time password>
The terminal 3A performs processing according to the access of the terminal DA (terminal 1A) of the user UA. The user identifier A is calculated from the secret key PRVA (secret key 101A) recorded in the storage device of the terminal 1A.
As a supplement, Ethereum calculates the public key from the private key, calculates the hash value of the public key using the hash function, and cuts the hash value to use it as the user identifier. Specifically, Ethereum creates a 64-byte public key from a 32-byte private key using a method based on an elliptic curve called Secp256k1. It is also used for signatures (Elliptic Curve Digital Signature Algorithm, ECDSA, Elliptic Curve Digital Signature Algorithm). Then, a 32-byte hash value is obtained for a 64-byte public key using a hash function similar to SHA-3 called Keccak-256, and the remaining information is obtained by removing a part of the hash value (anonymized identifier). And.
In the contract of the present invention programmed inside the block chain according to the data of the block chain unit and the block chain recording unit of the server P (terminal 3A), the OTP generation function is contracted by the user identifier A which is the executor of the function. Confirm that you have the issued one-time password token (OTP token), and ask the token holder the token number TIDA and the KC value 3011A of the secret variable of the contract (inside shown in FIG. 3AA, FIG. 3AB, and FIG. 3AC). Variable KC 3011A) and variable TB that fluctuates on the blockchain at a certain time T are used as key values (key values, seed values) for password generation, and the hash function fh (hash function fh shown in FIGS. 3AA, 3AB, and 3AC). It is used as an argument of 3010A). A calculation example is OTP = fh (TIDA, KC, TB). The same applies when confirming the possession of the user identifier A or the OTP token when the OTP authentication function is executed.
Here, in the embodiment, the user identifier A is added to the key value, and the calculation is performed as OTP = fh (A, TIDA, KC, TB) in the present invention.
Then, the one-time password BnTOTP = fh (A, TIDA, KC, Bn) based on the block number using the latest block number Bn (3001A shown in FIG. 3AA is the block number Bn) is used for the TB. In the present invention, an OTP token using the method of calculating the OTP to be used is used.
When Bn is used for Tm (or TB), OTP = fh (A, TIDA, KC, TB) or OTP = fh (TIDA, KC, TB) may be used. Specifically, OTP = fh (A, TIDA, KC, Bn) or OTP = fh (TIDA, KC, Bn) may be used.
Here, the reason why OTP = fh (TIDA, KC, TB) may be used is that, for example, in the case of OTP which is updated every 60 seconds for a short time, Bn changes every 60 seconds even if the user who owns it is changed. This is because OTP = fh (TIDA, KC, Bn) calculated in the past 60 seconds ago can be invalidated. In the embodiment of the present invention, OTP = fh (A, TIDA, KC, TB) was preferably used.
Further, the internal variable BC value 3013A (internal variable BC3013A described in FIGS. 3AA, 3AB and 3AC) of the contract of the OTP generation token is used for the TB, and the 3013A uses the secret key 101C of the administrator terminal 1C of the contract. The administrator sets the one-time password OWP = fh (A, TIDA, KC, BC) by changing to an arbitrary value at an arbitrary time using the setter function 3012A that can access the blockchain and rewrite 3013A. In the present invention, an OTP token using a method for calculating an OTP, which is characterized in that a password can be changed according to a BC value, is used.
When BC is used for Tm (or TB), OTP = fh (A, TIDA, KC, TB) may be preferred over OTP = fh (TIDA, KC, TB). Specifically, OTP = fh (A, TIDA, KC, BC) may be preferable to OTP = fh (TIDA, KC, BC).
Here, the reason why OTP = fh (A, TIDA, KC, TB) is preferable to OTP = fh (TIDA, KC, TB) is that, for example, KC and BC can be changed by the contract administrator at any time and contract management. Depending on the judgment of the person, there is a possibility that it will not be changed for a long period of time or even once for more than several years, and if the KC or BC is not renewed for a long period of time or even once, if OTP = fh (TIDA, KC, BC), it will be held by token transfer. When the user identifier is changed, an OTP that is unique to the token number but not unique to the user identifier is generated and authenticated, so users who have acquired OTP transfer OTP tokens one after another and acquire OTP to acquire OTP. There is a problem that the value OTP = fh (TIDA, KC, BC) can be shared, duplicated and recorded (a problem similar to the duplication of a master key in a metal key), whereas OTP = fh (A, TIDA, KC, BC). ), Which is suitable because an OTP unique to the user identifier and token number can be generated and authenticated by calculating the OTP, and is preferably used in the embodiment of the present invention.
Then, like the BC value 3013A, the KC value 3011A can be changed to an arbitrary value at an arbitrary time by using the setter function 3012A that can access the blockchain using the secret key 101C of the contract administrator terminal 1C and rewrite the 3011A. By changing the secret variable KC of both the one-time password BnTOTP and OWP, the key value KC of all OTP tokens belonging to the contract can be updated with an arbitrary numerical value at an arbitrary time. The BC value and KC value that can be changed can be regarded as the same, the BC value and KC value can be regarded as the same, and OTP calculation can be performed as one variable. In addition, multiple BC values and KC values are prepared. It may be used or a KC value (mapping variable KCA described later) unique to the user identifier or token number may be set and used for those KC values.

<Calculation of a one-time password consisting of n-digit integers>
Information BnTOTP calculated by a hash function to make a password for a 7- to 6-digit integer used in banking transactions such as net banking using the Internet is type-converted to an unsigned integer, and the integer value is n. It is also possible to obtain the remainder when divided and use it as an n-digit integer password.
Here, n may take a value of 6 to 7. If a function fOTPN that is a setter in which the variable n can be rewritten only by the administrator of the contract is set in the contract (when the variable n and the function fOTPN are recorded in 3031A), n is set as 6. After recording and deploying the contract on the blockchain, it is possible to increase n from 6 to 12 to make a 12-digit password in order to increase the computing power required for brute force attacks. This is a difficult method to achieve with hardware TOTP tokens. Although it is not preferable in terms of security, if the number of digits may be small, n may be changed from 6 to 3 after the contract is created, and the number of digits of the OTP to be displayed may be 3 digits.
In addition, the contract is equipped with multiple OTP generation functions and authentication functions, and the OTP authentication function and OTP generation function when performing important operations (for example, performing high-priced transfers and settlements at a bank) are less important. An OTP authentication function and an OTP generation function that require authentication can be provided in the contract or in the terminal 3D. When performing an important operation in the above, increase the value of n, and when performing an operation of low importance, decrease the value of n to change the number of digits at the time of input, and the effort of the number of input characters required for OTP authentication. It is also possible to make it easier for humans to input from the input device of the terminal by hand or the like.
When the same 3031A is set in the generation contract and the authentication contract (or authentication function) so that the seed values match in the OTP authentication function and the OTP generation function, and the value of 3030A is changed even after the contract is deployed on the blockchain. It is necessary for the terminal 1C, which is the administrator of the contract, to send the transaction of the setting change to 3A and rewrite the variables and the like so that the generated contract and the authentication contract side match.
The one-time password of the present invention can be expressed as an unsigned integer or a hexadecimal number. Numbers, letters, symbols, etc. can be used for the password.

<Processing related to block numbers>
In the blockchain, new blocks are connected every certain time such as 15 seconds and 10 minutes, and the block number Bn increases by one. When the time for the user UA to generate an OTP from the server P (3A) to the terminal 1A, call it, display it, and authenticate it (standby time for OTP authentication) is too short, for example, on a web page such as an Internet banking site, the terminal DA (1A) I want to input the OTP displayed on the display, but it is assumed that the OTP cannot be input because the human manual input cannot catch up because the OTP is updated every 15 seconds. In fact, at the time of development of the present invention, a blockchain in the Ethereum test network whose block number changes every 15 seconds was used, but it was occasionally confirmed that it was difficult for the inventor to input.
Therefore, using the variable n that increases the interval to be displayed based on the block number Bn, the remainder m divided by n of Bn is obtained as the Bn mod n, and m is subtracted from Bn as Bnr (as Bn−m = Bnr). Instead of Bn, Bnr was used as an argument of the hash function to calculate OTP. For example, when the block number is 15 seconds and n is set to 2, the password is changed when the block number Bn is odd or even, and the password display time can be increased from 15 seconds to 30 seconds. By increasing n from 2 to 3, 4, 5, the display time and the authentication time can be further increased. Functions and variables that increase the time during which this OTP can be generated, authenticated, displayed, and waited for input are shown in FIG. 3AC, 3030A. Note that n is an unsigned integer of 1 or more. It cannot be set to n = 0.
Generate the same 3030A in the authentication contract and the authentication contract (or authentication function) so that the seed values match in the authentication function and the generation function, and generate when changing the value of 3030A even after deploying the contract to the blockchain. It is necessary for the terminal 1C, which is the administrator of the contract, to send the transaction of the setting change to 3A and rewrite the variables and the like so that the contract and the authentication contract side match.

<OTP using values determined by the blockchain>
In the example, the one-time password OTP token issuing section, OTP token and user ownership relationship recording section, and OTP generation in the form of a smart contract in which the OTP authentication part of the present invention is added to the EERC721 standard which is an example in the Ethereum test net. A unit and an authentication unit that verifies and authenticates the generated password are provided in the blockchain contract. The block number Bn can be used in the blockchain unit.
In Ethereum, a vote on the GasLimit value (BlockGasLimit value) is held among the nodes that make up the blockchain. And Ethereum has a feature that the block size is variable depending on the GasLimit value. The V value 3004A and the block size BSZ value 3005A determined by this vote are also used as the seed value of the blockchain in the present invention. For example, if all is done, the one-time password BnTOTP is BnTOTP = fh (A, TIDA, KC, Bn, BC, V), or BnTOTP = fh (A, TIDA, KC, Bn, BSZ), or BnTOTP = fh ( OTP can be generated by using a plurality of arguments that are seed values for generating OTP, such as A, TIDA, KC, Bn, BC, BSZ). It is also possible to regard OTP as a pseudo-random number and use it as a pseudo-random number generator.
BnTOTP = fh (KC, Bn), BnTOTP = fh (Bn), or BnTOTP = fh (fh (Bn)) may be used simply for a smart contract for a TOTP-based pseudo-random number generator using the block number Bn on Ethereum. In the present invention, after confirming that a TOTP-based pseudo-random number generator using the block number Bn can be implemented, there is a history of applying the pseudo-random number generator to the OTP authentication system. When used as a pseudo-random number, the token number TIDA or the user-side voting value mapping variable VU described later may be used as the seed value.

For Ethereum in the examples, web3. There is an ECMAScript module that connects a blockchain unit such as js with a web browser of a user terminal. Using the ECMAscript module, access the Ethereum blockchain on a web browser using the user's private key, specified user identifier, contract identifier, blockchain identifier, and token name, and use the OTP generation function and OTP authentication function of the present invention. Operate to obtain the OTP etc. and the return value CTAU of the authentication result, log on to the website (Fig. 8A), enter with the paper ticket 18A or Near Field Communication (NFC) tag 19A, and electronically lock with the NFC tag. It may be used as an unlocking key (Fig. 8B).
Further, in the OTP authentication system of the present invention, the software CRHN (403A in FIG. 4A) is used to execute the OTP authentication function, and the return value data CTAU obtained when the authentication result is correct (CTAU is the blockchain shown in FIG. 3AA or the like). 3021A recorded in the contract of FIG. 3AA and 4031A of FIG. 4B obtained by acquiring OTP authentication and storing 3021A of FIG. 3AA in the terminal 4A) are used, and the key data AKTB obtained from the outside of the blockchain is used. Key data TTKY (symmetric key encryption) that performs common key encryption (symmetric key encryption) according to the program of 403A using the software secret key data CRKY (40302A of FIG. 4B) recorded inside FIG. 4B (4032A) and 403A (FIG. 4B). 4033A) and the data 4035A encrypted with the key data TTKY (4033A in FIG. 4B) can be distributed, and the access right can be decrypted by the user given as an ERC721 type token with a one-time password authentication function. The OTP authentication system of the present invention can be used as a system for distributing and decrypting encrypted data.
The return values CATU3021A of the OTP authentication functions 3018A, 3018A and 3018DA may be modified by providing means for the contract administrator to change, and may return one or more return values CTAU3021A, as well as the user identifier A and token number. A mapping variable CATU3021A (mapping variable 3021A called CTAU [TIDA] or CTAU [A]) using TIDA as a key and a setter function for changing the value of the variable using a token number or a user identifier as a key may be provided.

3. 3. It is preferable that the communication between the computer DA (terminal 1A) of the user UA and the server P (terminal 3A) is encrypted in the network 20 which is a network communication path. In the present invention, a one-time password is exchanged between the terminal 1A and the server terminal 3A, and it is preferable that the communication path connecting the terminal 1A and the terminal 3A to the network 20 is encrypted at that time. If it is not encrypted, there is a risk that the communication with the blockchain via the network 20 will be read.
In addition, it is preferable that there is a method for concealing transaction and contract processing contents and contract variable information on the base of the blockchain.
When configuring the network, a wired or wireless communication method may be used. Two-way communication is required when the token of the present invention is used when generating and authenticating a one-time password. However, depending on the usage pattern, only the one-time password is generated by two-way communication, and the authentication is performed by the terminal 3D that reads the paper ticket and the NFC tag for locking / unlocking (the usage pattern of 3D is shown in FIG. 8B). Can be made to.
Further, in the application of decrypting the encrypted data, it is possible to authenticate and decrypt the encrypted data obtained by one-to-many broadcasting by the authentication system of the present invention according to the generated OTP. The station 5C that operates the station 5C in space is the station that broadcasts, and the station 5CC communicates by performing wireless communication using the network 2. A network 20 or the like is used for decrypting encrypted data by bidirectional data communication.

4. Service using password 4A. Website login usage <Login process>
When the authentication system of the present invention is used for logging in or operating a website, the login process is performed using the server SVLogin (terminal 3C in FIG. 8A). FIG. 8A shows a connection diagram of the terminal. The terminal 1A, the terminal 3A, and the terminal 3C are connected via the network 20. The server terminal 3C may be an actual server terminal 3C, a virtual server terminal 3C, or a virtual machine terminal 3C.
The storage device data of the server terminal 3C is stored in the terminal 1A, the server terminal 3C is constructed in the terminal 1A as a virtual machine, and the terminal 1A is communicated with the terminal 3A via the network 20 while communicating with the terminal 1A inside the terminal 1A. By connecting, it becomes possible to log in to the virtual machine terminal 3C built in the terminal 1A. For example, the terminal 3C may be an electronic book service or an online game server service that requires login after the service has ended.
Wallet software that has the information of the user's private key 101A by transmitting and displaying the web application and website data that the blockchain part of the server 3A and the user's terminal 1A can communicate and exchange with each other by ECMAscript or the like on the terminal 3C. (If there is no wallet software, enter, describe, and output the private key information 101A itself to the website) Enter the token number that can be used to log in to the server terminal 3C owned by the user in the website data, and enter that information and One-time password generation from wallet software information A block number-based one-time password BnTOTP is generated using the user identifier A and token number TIDA as arguments from the one-time password generation function of the contract, and the input value is entered when BnTOTP is entered on the website. Is authenticated by the one-time password authentication function of the one-time password authentication contract.
BnTOTP calculated by the OTP authentication function and generation function is represented by the argument and function BnTOTP = fh (A, TIDA, KC, Bn) using the hash function fh, the contract internal variable KC, and the above A and TIDA. ..
Here, the wallet software can calculate the secret key information and the user identifier information calculated from the private key, and some can display the number of ERC721 tokens held in a certain held private key and user identifier. (An example of wallet software is Metamask, a browser extension software type wallet software at https://metamask.io. Some can communicate with the hardware wallet DWALT1603A that records the private key.)
When the authentication result is correct, information about the blockchain such as the user identifier A and token number TIDA that have accessed the server 3A, the IP address or location information of the terminal 1A, and the device ID (device ID) or terminal 1A unique to the terminal 1A. It is also possible to store the sensor value of the sensor 144A of the input device 14A as the environment value IPV of the terminal in the server 3A with the data structure shown in FIG. 6X and monitor whether or not there is unauthorized access.
As the sensor value of the sensor 144A of the terminal 1A, the sensor values of the sensor 144A, the environment sensor 1440A, the position sensor 1441A, the motion sensor 1442A, and the biometric authentication sensor 1443A are mainly used with the consent of the user. If it is not preferable in terms of privacy but it is unavoidable, the input itself of the input device 14A such as 140A, 141A, 143A, 142A may be used. When an input device such as 143A, 142A, 141A, or 140A is used as a sensor value, it cannot be used without the consent of the user to provide information.
Here, the environment sensor 1440A is a sensor capable of measuring information related to the environment around the terminal such as a temperature sensor, a humidity sensor, a pressure sensor, a pressure sensor, an illuminance sensor, an optical sensor, a chemical sensor, and an odor sensor by using physical means. be.
The position sensor 1441A includes a magnetic sensor, a geomagnetic sensor, or an accelerometer, measures acceleration and magnetism as physical quantities, and measures the position used for the magnetic compass function that indicates the orientation of the terminal using gravity acceleration and the orientation with respect to the geomagnetism. It is a sensor that does. The motion sensor 1442A includes both an accelerometer and a gyro sensor (angular velocity sensor), and is a sensor that detects movement such as acceleration of the terminal, and measures the movement of the terminal.
The biometric authentication sensor 1443A is a sensor when the terminal 1A has an image sensor such as a camera or thermography and uses the image sensor to perform authentication derived from the structure of the face, or a fingerprint sensor that performs fingerprint authentication using a scanner. It is a sensor for authentication derived from the structure of the ear, and a sensor for authentication using the motion and pressure signal felt by the attached terminal when walking. A known method can be used for biometric authentication.

<Login execution and post-execution processing>
The website and web application data after logging in from the terminal 3C to the terminal 1A are sent. Further, the server terminal SVLogin terminal 3C records the value input by the user using the input device of the terminal 1A on the page after login through the network, and the user data is operated according to the input value. Specific examples of this include transfer processing after login in Internet banking, data recording / change and voting processing on member sites, voting processing at online general meetings of shareholders, and processing in online games. Depending on the processing after OTP authentication, the blockchain is made to access the user and the user terminal 1A, and when the processing is performed, the OTP generation function is executed to acquire the OTP, and then the acquired OTP is used as an argument to perform the authentication function. Is executed, variables such as 3017A and 3017AA are changed.
Here, when used for authentication and login of a website or the like, 3017A or 3017AA records the points or currency balance of a member who can use the service, and when information such as the login right and electronic ticket of the present invention is presented at the time of service provision. The balance may be deducted by the amount of points or currency corresponding to the service. In addition to membership points, membership numbers, currency balances, and other data such as online games, important data that you do not want to be tampered with may be recorded. The 3017A or 3017AA may perform a transfer / transfer process in which the balance is changed according to the instruction of another user in the contract or the contract administrator, and a part of the balance of one user is added to the balance of another user.
(Here, even when a paper, an electronic ticket, or a terminal that can be a login right is presented to a service providing device such as a terminal 3D and authenticated, the points or currency balance of the member who can use the service is recorded in 3017DA, and the electronic ticket of the present invention is recorded. , When the information of the paper ticket is presented at the time of service provision, the balance may be deducted by the amount of points or currency corresponding to the service. Among the data of the storage device in the terminal 3D, other users or The balance may be changed according to the instruction of the administrator of the terminal 3D, and a transfer / transfer process may be performed in which a part of the balance of one user is added to the balance of another user. The terminal 3D is the network 20 like the terminal 3C. If it is possible to connect to the node terminal 3A, terminal 3F or 3E, the terminal 3D is regarded as equivalent to the terminal 3C and the same processing as the terminal 3C is performed).
3017A and 3017AG mean the asset balance and the amount of data possessed by the OTP token corresponding to the token number, and they may be operated after the authentication function is executed. There may be 3021A, 3022A, 3023A of FIG. 3AB as a process included in the execution of the authentication function 3018A at the time of executing the OTP authentication function 3018A (or a process linked separately after the processing of the authentication function).
The 3018A, 3021A, 3022A, and 3023A specifically have an Internet banking authentication contract, in which the customer's asset balance is recorded, and the authentication function 3018A is followed by another user token in the contract. 3022A, which has a process of transferring money when the OTP authentication function matches the transfer destination within the range of the balance recorded in 3017AA by the transfer source user to the number (assuming that the token number and the bank account number are associated) There may be.
The 3022A may be a process for setting a transfer process, a time deposit, a transfer limit amount, and the like. And not limited to banking use, financial fields such as securities and insurance, changes in intentions and important matters such as voting on private or public public or private member sites, or important user data in online games etc. It can be used for recording.

<Detection of unauthorized login>
In the present invention, the IP address (hashed or processed value of the IP address) or location information (hashed or processed value of the location information) of the logged-in user, or the device ID (or hash value) of the computer and the token number. , The user identifier is recorded in 3011C of the storage device 30C of SVLogin (terminal 3C of FIG. 3C) in the data structure or data format shown in FIG. 6X, and the IP address of the logged-in user (value obtained by hashing or processing the IP address). The terminal 3C is provided with a processing unit (3110C, 3111C, 3112C, 3113C in FIG. 3C) for monitoring the position information (value obtained by hashing or processing the position information) or the device ID (or hash value) of the computer. The processing unit (Fig. 3C) has a function to determine at any time whether the token number or user identifier is being accessed from a different IP address, different location information, or different device ID, notify the user if they are different, and block access. 3110C, 3111C, 3112C, 3113C).
Here, regarding the device ID of the computer, in addition to the computer manufacturing ID such as the device ID, the operating software ID, and the web browser ID, the acceleration sensor, magnetic sensor, pressure sensor (pressure sensor), and temperature mounted on the terminal 1A. Using the IPV value (data structure shown in FIG. 6X) including the sensor 144A (sensors shown in 1440A, 1441A, 1442A, and 1443A of FIG. 144A) of the terminal 1A including the sensor, and the hashed IPV. May be good. This method is another use example of the present invention 4B. 4C. It may be used for 4T.
For example, when the terminal 1A is a smartphone equipped with a magnetic sensor in the position sensor 1441A of 144A and equipped with a magnetic sensor capable of detecting magnetic field in a three-dimensional direction capable of measuring geomagnetism, the orientation of the magnetic sensor built into the smartphone is the user terminal. It depends on the direction of. If the access is normal, there is only one access information from the user terminal corresponding to the value of the magnetic sensor, but if another user illegally obtains the private key and tries to log in, the attacker will be on the remote earth. It is difficult to spoof because it has to match the value of the magnetic sensor of the user's computer in a certain position. Not only one sensor but multiple sensors can be used, for example, a geomagnetic sensor and a temperature sensor, or a temperature and barometric pressure sensor (temperature and pressure sensor) can be combined. It is preferable that the IP address (and the hash value or anonymized value of the IP address) and the sensor value can be used together.
Here, the sensor built in the terminal 1A will also be described. It is not necessary to have all the sensors built in the terminal, and it is preferable that one or more sensors are adopted.
The environment sensor of 1440A includes a temperature sensor, a pressure sensor (pressure sensor), a humidity sensor, and an illuminance sensor, and the measured values of the four types of sensors can be individually input to the terminal 1A.
The position sensor of 1441A includes a magnetic sensor that detects magnetism and an accelerometer that detects acceleration, and is a sensor that can detect the position of the terminal. The measured values of the magnetic sensor and the accelerometer sensor can be individually input to the terminal 1A.
The motion sensor of 1442A includes an accelerometer and a gyro sensor that detects an angular velocity, and is a sensor that can detect the movement of a terminal. The measured values of the accelerometer (accelerometer) and the gyro sensor can be input to the terminal 1A individually.
For the biometric sensor of 1443A, for example, the camera 142A is used for face and blink information, the fingerprint scanner is used for fingerprints, and the sensor for detecting the vein pattern iris and ear structure is used. If it is information related to walking, it may be measured using a shoe-shaped motion sensor device corresponding to an acceleration sensor of an external terminal capable of communicating with the terminal 1A 1442A or the communication device 12A of the terminal 1A, or a motion sensor group attached to clothes. .. In a terminal equipped with a microphone / sound sensor 143A by voice authentication, the acoustic information can be hashed and used as an IPV value while protecting personal privacy as unique acoustic information that the terminal can feel the voice around the terminal. sell. When information related to biometric authentication or privacy is used for the information in FIG. 6X, it may be preferable to hash, process, and anonymize the information acquired by the sensor.
However, for financial purposes such as banks and securities, it may be preferable to record information such as IP addresses as they are for crime prevention.

<Countermeasures against unauthorized access using multiple private keys>
In the embodiment of the authentication system of the present invention, a single secret key 101A may be used, a secret key different from 101A such as the secret key 101A2 is used, and two or more secret keys are used for the user terminals 1A and 1B, and the contract. The administrator terminal 1C or the like may access the function or variable of the contract of the server 3A having the blockchain unit, or may access the terminal 3C or the terminal 3D that provides the service. It may be used for decrypting encrypted data using the authentication system of the present invention.
When the token number of the OTP token associated with the 101A using the secret key 101A of the terminal 1A is TIDA, the BnTOTP calculated by the OTP authentication function and the generation function is the hash function fh, the contract internal variable KC, and the above A, It is represented by an argument and a function of BnTOTP-1 = fh (A, TIDA, KC, Bn) using TIDA.
Here, in addition to the secret key 101A mounted on the terminal 1A, there is a second secret key called 101A2, and the user identifier A2 calculated from the secret key 101A2 and the token number TIDA2 of the OTP token issued in association with the user identifier A2. When there is, the second BnTOTP-2 = fh (A2, UIDA2, KC, Bn) can be calculated.
After generating BnTOTP-1 and BnTOTP-2 with the OTP generation function, the argument of the function in the authentication function in the contract having the authentication function is A, TIDA, BnTOTP-1, A2, TIDA2, BnTOTP2-2. The user identifier calculated from the two private keys 101A and 101A2, the token number of the OTP token, and the OTP (BnTOTP-1 and BnTOTP-2 are shown here as examples, but in the case of OWP, OWP-1 and OWP-2 are used. The format is also conceivable.) The authentication function may be executed and the authentication may be performed. If one of the two secret keys is leaked by using the two secret keys as described above, for example, if 101A is leaked and misused and used, the function if the other secret key 101A2 is not leaked. Since BnTOTP-2 (OWP-2 in the case of OWP), which is an argument of, is unknown to the attacker, the authentication function cannot be executed, and the effect of preventing unauthorized access is expected.
Here, when a plurality of private keys are used for OTP token authentication, the user identifier A calculated from the private key 101A and the user identifier A2 calculated from the private key 101A2 in the contract for authenticating the OTP token are used as the user UA. If it is a user identifier used by, it is necessary to register it in a variable inside the contract or in the service provider / service provider database. In addition to the user identifier, it may have a part for registering that the token numbers TIDA and TIDA2 are distributed to the same user UA in a contract including an OTP authentication function. The number of private keys is not limited to two, and may be three or more.

When two identifiers A and A2 of UA or token numbers TIDA and TIDA2 are registered in a terminal that is a service provider in the present invention such as a server terminal 3C or 3D, and A, TIDA, and BnTOTP-1 are logged in to the website, After performing authentication for input, authentication for input of A2, TIDA2, and BnTOTP-2 may be performed.
BnTOTP-1 = fh (A, TIDA, KC, Bn) and BnTOTP-2 = fh (A2, TIDA2, KC, Bn) are separately set by the server 3C on the server terminal 3C or 3D of the website login destination instead of the blockchain. It is also possible to perform authentication processing on the login screen of the website to be distributed and request OTP input and authentication of a plurality of OTP tokens on the server terminal 3C or 3D. In this case, 3C and 3D need to be recorded in the recording device of 3C and 3D by associating the user identifier A and A2 or TIDA and TIDA2 derived from the plurality of private keys of the user UA.
When using the server terminal 3C or 3D to authenticate the OTP token with a plurality of private keys, it is calculated from the user identifier A and the secret key 101A2 calculated from the secret key 101A on the server terminal 3C and 3D that authenticate the OTP token. It is necessary to register the user identifier A2 to be used as the user identifier used by the user UA. Alternatively, it may include a part for registering that the token numbers TIDA and TIDA2 are distributed to the same user UA in the server terminal 3C or 3D including the OTP authentication function. It is also necessary to record if the contract identifier of the OTP token is different. The number of private keys is not limited to two, and may be three or more.
The database of the correspondence between the plurality of private keys and the OTP tokens issued for them may be recorded only in the server terminal or only in the contract on the blockchain or both. It is also conceivable to use a plurality of private keys to access both the server terminal 3C or 3D and the contract on the blockchain.

The Ethereum used in the implementation of the present invention uses a 256-bit secret key per user identifier, but if two secret keys are used in the embodiment of the OTP authentication system of the present invention, it becomes a 512-bit secret key, and N pieces are used. For example, OTP authentication can be performed with a private key of 256 × N [bit], and the actual data length of the private key can be expanded.
By increasing the data length, it is possible to increase the resistance to attacks by those who attempt unauthorized access. As an example, when three private keys are set to be used, even if one of the three private keys is leaked, the contract function or variable can be prevented from being accessed unless the remaining two are leaked. If the majority of the private keys cannot be obtained, the OTP tokens assigned to those private keys cannot be authenticated, and the provision of the service can be blocked. This is a kind of multisig technology. (Multisig: Multiple signatures using multiple private keys.)
By performing OTP authentication by combining multiple private keys, it may be possible to perform operations related to secret key identity verification. For example, there are two private keys, one is the private key 101A2 that can be shared with a third party and the identity can be confirmed, and the other is the private key 101A generated inside the terminal 1A by the user, and the use of the private key. When it seems that there is probably no leakage of the private key immediately after starting, the user identifiers A2 and A calculated with the private keys of both 101A2 and 101A are used as a third-party organization or they are used as the user identifier and the actual person UA. Use the TIDA and TIDA2 tokens on the server terminal 3C of a third-party organization that associates with the third-party organization, and log in to the website of the third-party organization or the organization that associates with OTP. sign up.
With the token numbers TIDA and TIDA2 OTP tokens assigned to A and A2 or A and A2, the administrator of the terminal 3C knows the private key 101A2 of A2 transmitted to the user UA. It can be seen that the private key 101A corresponding to A is possessed. At this time, it is assumed that A, A2, and the user UA are linked and the identity can be easily confirmed. Then, it is determined that the user identifier corresponds to the private key owned by the user UA, and the user identifier A is used as a destination address such as a token, for example, a login right to a certain member site or an admission ticket to a certain venue. -It may be possible to issue and distribute keys to lock and unlock, and OTP tokens to decrypt encrypted data.
When issuing the OTP token of the present invention, it is necessary to confirm whether the user identifiers A and A2 are the identifiers of the actual user UA, and the OTP token is set to a secret key completely different from the secret key 101A due to an input error of the user identifier A. Is issued, and it is necessary to confirm whether the destination user identifier of the OTP token is the person who can record and use the private key of the actual user such as user UA, UB, UC, and the person himself / herself. Since it is considered necessary to confirm, the above-mentioned identity verification method is shown. However, it is only one form, and it is not always the case that the identity verification is performed by the OTP token using a plurality of private keys when the present invention is carried out. Other known methods may be used as the identity verification method.

<Information that will be the signboard of the contract, including the rating and contact information for the contract administrator>
In addition to the rating information, the signboard variable 3024A (KNBN, 3024A in FIG. 3AC) may record the name of the service provided by the contract, the name of the token, and the explanatory matter in the variable and publish it as public variable as the signboard information. .. Further, the information that becomes the signboard may be rewritten by the contract administrator.
Specifically, in the case of Internet banking, business such as bank name, postal code, bank head office address, corporate number, representative telephone number (facsimile number), contact information to the nearest ministry that has jurisdiction over the bank, etc. is available at 3024A. You may fill in the necessary information regarding the contract and publish it as a public variable. The contract may be programmed so that the contract administrator can rewrite the one-time password generation token contract or the one-time password authentication contract by filling in the legally required items when providing the service.
The information 3024A serving as a signboard may be entered in the contract of the present invention as necessary and may be rewritten by the contract manager. The 3024A may include a setter function necessary for rewriting so that only the private key 101C of the contract administrator's terminal 1C can access it.

<Rating>
Rating information is recorded in the contract of the one-time password generation token to indicate the service target age and the like. Rating information is described in the public variable KNBN (3024A shown in FIGS. 3AA to 3AC) which serves as a signboard. The rating information written in 3024A describes the target person of the service of the OTP token. As an example, when the present invention is used for a car key, it is described because it is a service that should be used by a licensed user of a certain age or older. Whether it is for minors or adults, and whether a qualification such as a license is required depends on the service.
Here, the variable of the contract that stores the rating information is preferably a public variable that can be viewed by all users. The rating may also be rewritten by the contract administrator.

4B. Paper or IC-type admission ticket to the entrance or building equipment, use ticket, use as unlocking key Ticket or admission ticket, server SVLog when used to lock and unlock building equipment (shown in Fig. 8B and Fig. 3D) Server terminal 3D) is used. FIG. 8B shows a connection diagram of the terminal. The server SVLog (terminal 3D) does not necessarily have to be a server when there are few users who process entrance, etc., and may be a computer SVLog (terminal 3D) having smaller computing power, storage device capacity, and physical size than the server. .. The terminal 3D may be a built-in terminal that operates a lock device for a building, a lock device for an automobile, or a starter for a prime mover. The 3D may be a terminal (Micro Control Unit, Micro Control Unit, Micro Controller, Microcomputer) having an MCU for an embedded system.
In the present invention, the recorded information of the IC tag / IC card type ticket 19A or the paper ticket 18A having a communication function such as NFC (and the display surface 1500A of the display displaying the same OTP authentication information as the paper ticket 18A) The password OWP generated from the blockchain is used (here, the IC is an integrated circuit and is an integrated circuit).

The 19A is an IC card having a non-contact NFC tag or a contact type terminal, and the user may set a PIN or the like as a password in the 19A so as not to illegally use the user who is not the user of the 19A. When communicating between 19A and the terminal 3D and transmitting authentication information such as OWP, password authentication by the PIN set in 19A is requested, and when password authentication is possible, the NFC tag information is transmitted to the terminal 3D communication device 32D. It may be transmitted to the terminal 3D through.

Here, PIN is an abbreviation for personal identification number, and PIN is, for example, a password of a 4-digit integer. The PIN of 19A is used as a final means of confirming the intention to use the service when using the service using 19A. Since the 19A communicates wirelessly, a PIN may be used so that the information of the 19A is not transmitted to the terminal 3D without the user who owns the 19A knowing. The 19A may encrypt the communication content when performing wireless or wired communication with 3D. The authentication information using the OWP recorded in the 19A may be encrypted using a PIN or the like (the OWP may be encrypted using a means such as common key encryption using the PIN as a key). 18A and 1500A can be confirmed by showing the intention of the user who has them by hand, but 19A has a PIN code because there is a possibility that payment can be made even if it is separated to some extent by wireless communication etc. You may be able to do it. In addition to 19A, the OWP used for 18A and 1500A may be encrypted with a PIN. The PIN is not limited to a 4-digit integer and may be any number of alphanumerical characters.
Although the security of 19A is improved by using the PIN, requiring the PIN input every time the service is authenticated may require the user to input the PIN and reduce the user's convenience. Maybe. Therefore, although the NFC communication device 341D (the communication device is 341D or 32D) that reads the wireless communication signals of 19A and 19A is non-contact, the communication distance is 10 cm (specifically, the communication distance is 10 cm using a frequency such as 13.56 MHz). (Near field communication technology with a known degree), the service provider indicates the above conditions (19A with a communication distance of about 10 cm) for 19A, and the authentication system of the present invention using the NFC tag 19A is used even without a PIN. If it is permissible to provide the service according to the authentication result, OTP authentication is performed by simply holding the 19A over the 3D 32D or 341D without setting the PIN etc., and the service is provided according to the authentication result. The present invention may be carried out. (PIN can be set for 19A for security. And 19A can be used without setting PIN. If PIN is not set, the payment speed at the entrance or ticket gate will be improved. , Ease of use, usability, and convenience can be prioritized.)
Locking / unlocking key 19A used for keyless entry of automobiles and remote (communication distance exceeds 10 cm and exceeds 1 m) for unlocking automobile doors and remote of building doors (communication distance exceeds 10 cm and exceeds 1 m) Even with the locking / unlocking key 19A used for unlocking, there are some uses where it is necessary to use PIN and some uses where it is not necessary. A PIN may not be required for 19A for automotive applications where the communication distance exceeds 10 cm and 1 m.
It may be preferable to use a PIN for locking / unlocking in buildings where the communication distance exceeds 10 cm and exceeds 1 m, and for locking / unlocking safes / vaults.

The password OWP is calculated as OWP = fh (A, TIDA, KC, BC) using the hash function fh, the user identifier A, the token number TIDA, the contract internal secret variable KC value 3011A, and the variable BC value 3013A that can be changed by the contract administrator. Will be done. The OWP is calculated and generated by the OTP generation function 3009A using the hash function fh and the argument. In this usage example, the 3009A includes a calculation process that can be expressed as OWP = fh (A, TIDA, KC, BC) as OTP = OWP.
The paper ticket 18A is manufactured by printing the OWP information acquired by using the one-time password OWP generation function 3009A of the present invention on paper or the like. The information recorded in 18A includes at least the user identifier A, the token number TIDA and the password OWP. The information described in 18A can be displayed at 1500A. If a device such as a camera that reads 18A or 1500A is installed in the service providing terminal 3D, it looks like a valuable paper leaf such as a ticket, as well as a safe / vault that locks and unlocks, a building door, an entrance / exit, etc. Vehicles such as automobiles and computer terminals can read the authentication information, and entrance / exit and locking / unlocking are possible.
The NFC tag 19 can manufacture the 19A by storing the authentication information including the user identifier A, the token number TIDA, and the password OWP held by the terminal 1A in the 19A via the communication device 12A of the terminal 1A, and is a valuable paper such as a ticket. It is used as a leaf, an entrance / exit tag, a lock / unlock key, or an access control release.
As shown in FIG. 8B, the NFC tag 19A recording the A, TIDA, and OWP, the display screen 1500A of the terminal 1A displaying A, TIDA, and OWP, and the paper ticket 18A on which the screen 1500A is printed may be used.

As shown in FIG. 8B, 18A and 1500A are read by the camera scanner 340D of the terminal 3D. At this time, 18A and 1500A may display character string information in which A, TIDA, and OWP are concatenated, or may display barcode information (one-dimensional and two-dimensional barcodes).
As shown in FIG. 8B, 19A may communicate with 32D of the terminal 3D to transmit character string information in which A, TIDA, and OWP are linked. It is assumed that NFC is used for communication between 19A and 32D.
The password OWP authentication function 3018DA (3018DA in FIG. 3DA) provided in the control unit and storage unit (31D and 30D) of the terminal 3D that received A, TIDA, and OWP from 1500A, 18A, and 19A is shown in FIGS. 6F and 6D. Does the input OWP (ArgOWP) match VeriOWP = fh (A, TIDA, KC, BC) calculated using the KC and BC values recorded in the terminal 3D according to the flowchart regarding the processing of the OTP authentication function of? After verification and if they match, it is determined that authentication has been achieved, and the terminal 3D operates the opening / closing device 350D or the locking device 350D (locking / unlocking device 350D) or the starting device 350D or the access control device 350D of the device in which the terminal 3D is incorporated. Then, the entrance process of the ticket gate and the entrance is processed, or the vehicles such as locked buildings and automobiles and the containers such as the safe are unlocked, and the vehicles, computers, machines and equipment are started.

The authentication function 3018DA receives OWP (as OWP = ArgOWP), A, and TIDA as arguments from the information of 1500A, 18A, and 19A according to the flowchart regarding the processing of the OTP authentication function of FIGS. 6F and 6D. Then, VeriOWP = fh (A, TIDA, KC, BC) is calculated using the 3D KC value 3011DA, BC value 3013DA, and hash function 3010DA shown in FIG. 3DA. Here, the hash functions fh, KC value, and BC value used in the calculation of VeriOWP and ArgOWP are the seed values KC, BC, and the seed values KC, BC of the terminal 3A that generates the OWP for 18A and 19A on the blockchain and the terminal 3D that provides the service. The hash functions fh and the like must all match.
If the return value of the function of the authentication function 3018DA is the value when the authentication result is correct, the terminal 3D can open the opening / closing device of the 350D, unlock the locking device (locking / unlocking device), and start the device, and the authentication is performed. If it fails, the switchgear is closed, the locking device (locking / unlocking device) is not operated, and the device is not started.
(If the variables and procedures used to calculate OWP in 3A on the blockchain do not match the variables and procedures used to calculate OWP in terminal 3D, 1500A, 18A and 19A including the correctly generated OWP are used. Even if it is presented on the terminal 3D, the wrong authentication result is calculated and the entrance process and unlocking process cannot be performed. Specifically, the user UA with the NFC tag 19A containing the correct authentication information recorded the wrong 3011DA or 3013DA. Even if it is presented to the terminal 3D, the terminal 3D verifies the OWP with the wrong authentication function 3018DA using the wrong 3011DA or 3013DA, and from the execution result of the authentication function, 19A can be illegally entered, entered or unlocked. It is judged that there is no such thing, and the opening / closing device and the locking device are kept closed, or the warning buzzer is sounded.)

The administrator of the contract and the administrator of the service and the terminal 3D match the hash function 3010A of the node terminal 3A of the blockchain with the 3010DA of the terminal 3D, match the KC value 3011A of the terminal 3A with the 3011DA of the terminal 3D, and match the terminal 3A. The BC value 3013A of the terminal 3A and the 3013DA of the terminal 3D are matched, and when other variables and functions are used for the calculation of OWP, they are matched, and the calculation method and the variable of the OWP type OTP in the terminal 3A and the terminal 3D are used. Must be matched and synchronized. By matching the OTP calculation method with the variables used in the calculation, the OTP authentication service of the present invention in the real world using paper or NFC tags using 1500A, 18A, or 19A becomes possible.
When the secret value KC or BC is changed when the terminal 3D is a terminal that manages the lock built into the door or safe of the building, the user of the door or safe built with the terminal 3D is locked. Wired or wireless to the communication device 32D of the lock management terminal 3D provided at a position that can be accessed after unlocking the equipment (specifically, the back side of the safe door or the back side of the building door, the indoor side of the building door). The 32D KC value 3011DA and BC value 3013DA may be updated according to the software provided by the manufacturer of the terminal 3D.

Comparing the present invention with a metal key, OWP = ArgOWP, the information of A, TIDA and ArgOWP is the key, and the information of A, TIDA and VeriOWP corresponds to the lock. In the present invention, the key and lock information is variable, the key and lock information cannot be synchronized, and authentication cannot be performed unless the conditions for calculating the key and the conditions for calculating the lock match. (For reference, in the case of BnTOTP that is supposed to be used for logging in to a website, the information of A, TIDA, and ArgBnTOTP is the key, and the information of A, TIDA, and VeriBnTOTP corresponds to the lock.)
The OTP token that is the key to the blockchain and the OWP type password generated by the OTP token are shared by the distributed ledger technology and can be stored in a state where they are difficult to tamper with. When doing so, the administrator of the terminal 3D updates the lock information to the latest information, or the information that can authenticate the OWP type password of the terminal 1A, the user identifier A, and the token number TIDA with 1500A, 18A, or 19A. It is required to set.

In order to match the OWP calculated by the terminal 3D and the terminal 3A, it is conceivable that the KC values 3011A / 3011DA and BC values 3013A / 3013DA are not changed after the contract is deployed. In the above usage mode, the password is not updated and there is a security problem, but it is expected to be used as a one-time admission ticket for a certain event used in a limited community with a small number of people, for example. It may be easier to use the present invention by reducing the labor of the service provider and using the usage mode in which the KC value and the BC value can be changed but not actually changed.
In this case, it is preferable to specify the expiration date and warranty period on the OTP token. When used for products such as simple safes and locks, there may be a form in which services are provided in the form of disposable contracts by using a method in which a product warranty period is set and contracts are not managed for a period exceeding that period.

When using 1500A, 18A, or 19A as an admission ticket for a limited community event, 1500A, 18A, or 19A was manufactured or created in addition to the three essential information of user identifier A, token number TIDA, and OWP. The time and expiration date, the address of the place where the admission ticket can be used, the name and contact information of the person in charge of issuing the admission ticket and providing the service may be recorded in 1500A, 18A or 19A, and such information may be recorded as character string information. It is preferable that the information on the valuable paper leaf can be visually confirmed by a human being by displaying and printing on 1500A or 18A and displaying it as a character string on the display of the terminal 1A in the case of 19A.
By displaying the three essential information of the user identifier A, the token number TIDA, and the OWP as a two-dimensional bar code and making them readable by a camera or a scanner, the information necessary for authentication can be read by the 3D 340D. In addition, since OWP can be misused when read, the user identifier and token number are described as a character string, and the three essential information of user identifier A, token number TIDA and OWP are printed or printed as a two-dimensional bar code for authentication separately. Only the displayed or recorded OWP may have 1500A or 18A in the form of being recorded as a two-dimensional bar code.
For 1500A, the terminal 1A may have a function of reading out information other than OWP visually or by voice and notifying the user of the token number, the user identifier, the expiration date of the service, and the information of the service provider. If security is maintained, there may be an image recognition terminal that reads out 18A.
(OWP is confidential information that should not be entered except for the service providing terminal 3D. Use software with security problems to read 18A and 1500A containing OWP, read them aloud, shoot, recognize images, and PIN. If the information of 19A that is not protected by such as is read, there is a risk that OWP etc. will be leaked and used illegally.)

<Processing to use the OTP token at the time of admission>
The user can perform OTP authentication of the present invention on the ticket to the execution count recording portion 3017A or 3017AA (or 3017DA) of the authentication function 3018A (or 3018DA) by the contract on the terminal 3D or the blockchain, and execute the authentication function to authenticate. You may record the truth value of whether or not you used the service, whether or not the ticket is valid, or the integer value of the number of times the ticket was used, and the point where you can use the ticket service on 3017A or 3017AG (or 3017DA). Alternatively, the currency balance is charged, and when the information of the electronic ticket 19A, the paper ticket 18A, and the screen display type ticket 1500A of the present invention is presented at the time of service provision, the balance is deducted by the number of points or currency corresponding to the service. It may be in the form of falling.
As in the case of using it in the login process of the website, as the process included in the execution of the authentication function 3018A (or 3018DA) when the OTP authentication function 3018A (or 3018DA) is executed, 3021A, 3022A, 3023A (or FIG. 3DA) of FIG. 3AB. 3021DA, 3022DA, 3023DA) may be performed.
In the OTP token that the service provider and the user agree to use, the function to make it used is secret to the terminal 1C when the contract administrator receives the user's request or the user makes an unauthorized use. 3017A or 3017AA (or 3017DA) may be rewritten from the setter function set in the contract using the key 101C.
For example, at a ticket gate or a service provision window, the currency of 3017A or 3017AA (or 3017DA) is settled in advance in the variables 3017A or 3017AA (or 3017DA) in addition to the truth value indicating the presence or absence of admission and the integer indicating the number of times. The OTP token that the administrator terminal 1C can access from the terminal 1A of the user UA is given a process for charging the balance like a means and increasing the variables 3017A and 3017AA (or 3017DA) according to the numerical value of the charged currency. can.
Then, it is possible to reduce the amount equivalent to the service charge from the balance of 3017A or 3017AA (or 3017DA) charged with the numerical value equivalent to the amount of money according to the usage amount of the service. In this case, when the authentication function 3018A (or 3018DA) determines whether the balance value of 3017A or 3017AA (or 3017DA) is higher than the value of the service charge in F115 or F116 of the flowchart of FIG. 6D, and the balance is insufficient. Requires processing such as stopping the execution of the authentication function, prompting the balance to be recharged, and contacting the service provider.

<Function to detect and notify normal or illegal entry>
The token number when authentication is performed by 1500A, 18A, or 19A recorded in the SVLog (terminal 3D) in order to investigate and determine whether the private key PRVA (101A of terminal 1A) is leaked and the service is used illegally. The appearance of the user identifier may be photographed and saved by the security camera 342D. The appearance is preferably biometric information such as face, physique, body shape, motion, and walking. The intention of using the biometric information is, for example, to prevent unauthorized entry at a venue where the service is provided. Here, by copying 1500A, 18A, and 19A including the same OWP authentication information, user identifier A, and token number TIDA, and duplicating and reusing the OWP, different people can enter using the same authentication information (A, TIDA, and OWP). Monitor what you do in the same way.
The surveillance camera 342D (342D in FIG. 8B) that records the appearance of the user is shown in FIG. 8B as an example of the case of recording biometric information. However, recording biometric information is not an essential function for the present invention, but a function necessary for station ticket gates, entrance processing, etc., and a security camera 342D may be built into a large safe or vault. However, when the terminal 3D is installed in a container such as a small safe or a hand-held safe due to the limitation of the battery capacity used for the power supply unit 37D of the terminal 3D and the balance of economy, the security camera 342D is difficult or unnecessary to use. There is. Whether or not the 342D can be mounted can be determined depending on the application and the embodiment.
Similarly, when the terminal 3D is used for locking a car or a building, the 342D may not be installed in consideration of privacy. It may be equipped with 342D for crime prevention while sacrificing privacy. For example, it may be preferable to have a security camera for applications such as taxi and bus, car rental and rental, car rental, and car sharing. Depending on the service, it is necessary to inform the user of the use of means for recording the existence of the user, such as a security camera, at the time of service provision or contract.

About 3D As a function that can be used for crime prevention when the security camera 342D is not used, authentication using OWP with sound or light using a light emitting element 351D such as a lamp in FIG. 8B or a sounding element 352D such as a buzzer was successful. Set and use the operation when and the operation when it fails. Specifically, when the terminal 3D is provided in a container such as a safe and used, the information used for authentication is recorded in the NFC tag 19A, and the terminal 3D inside the safe uses the communication device 32D to record the information of the NFC tag 19A. If the reading authentication result is correct, the safe can be unlocked, and if it is not correct, a buzzer sounds a warning. Instead of a buzzer, a communication device 32D may wirelessly emit a radio wave beacon or a radio beacon to the surroundings.
A security camera 342D and a light emitting element 351D such as a lamp or a sounding element 352D such as a buzzer may be used in combination.
As an example, when a user UA who tries to authenticate by presenting the token number 1500A, 18A, or 19A used at the ticket gate of a station that has been authenticated, used, and invalid again appears, the ticket gate opening / closing device 350D is closed. Then, keep the UA on the spot, use the security camera 342D and the light emitting element 351D such as a lamp or the sounding element 352D such as a buzzer together to inform the surroundings, and inform the station employees whether the token is being used illegally. You can ask the user UA.

Not only when the terminal 3D is a container such as a safe, the terminal 3D operates the light emitting element 351D and the sounding element 352D according to the output of the authentication result even at the ticket gate / entrance, the car / building, and whether the authentication result is correct or not. It is used to inform the surroundings of the terminal 3D (the surroundings are within the range of the distance that the 351D, 352D, and 32D can transmit the signal to the user and the terminal) and the service provider. The light emitting element 351D may be a semiconductor element that emits light by passing a current such as a light emitting diode in addition to a lamp such as a light bulb.

<When detecting the number of authentications and the person who authenticated>
1. 1. When the terminal 3D is connected to the internetwork and connected to the server 3A at the ticket gate or the entrance.
A user UA who has leaked the private key PRVA and has the original usage right presents 1500A, 18A, and 19A by reading them with a 3D input device or communication device, and before passing through the ticket gate or entrance, another person UB It is assumed that the private key PRVA (101A) is obtained by some means, duplicated and recorded on its own terminal, and illegally used to pass through the entrance. Alternatively, unauthorized use due to the outflow of OWP and reuse is also conceivable.
Image data that enables identity verification and identity tracking by recording the appearance of the UB in the event of unauthorized use, the time at the time of authentication settlement, the position and terminal number of the authentication terminal (station name, etc. at the ticket gate), walking status, etc. To get. Then, the occurrence of authentication is recorded by incrementing or decrementing variables 3017A and 3017AA that record the number of executions of the authentication function 3018A of the authentication contract on the blockchain.
In addition, the user UA is notified by e-mail or the like that the service has been used at an entrance with a certain service. It can be used by the user UA to claim that the ticket has been illegally used by the service provider, compare it with the face, system, walking information, etc. of the UB who entered illegally, and determine whether the user UA has entered illegally.
Here, when the server 3D becomes a node of the blockchain like the server 3A, the authentication function 3018A is recorded in the blockchain part (300D and 310D) of the 3D because 3D has the same function as the 3A, and the authentication function 3018A is recorded instead of the 3A. The terminal 1A of the user UA may access the blockchain portion of the user UA and execute the authentication function 3018A.
At the time of unauthorized use, it may be necessary to stop the use of the user UA's OTP token and limit the spread of damage caused by the unauthorized use. Therefore, a variable that allows the service provider to stop the use of the OTP token of the user UA by using the terminal 1C may be provided in the contract of the OTP token of the terminal 3A and can be changed by using the setter function. Alternatively, if the service provider's main server terminal manages the balance for each token separately from the blockchain at a ticket gate, etc., it can be handled by changing the settings for each customer of the main server terminal.

2. 2. When the terminal 3D is connected to the local area network (LAN) at the ticket gate or the entrance and is connected to the server 3A.
When connected to the local area network of a station or facility and disconnected from the internetwork 20, the storage device of the terminal 3D is matched with the hash functions 3010A and 3010DA used to generate 1500A, 18A and 19A. Match KC values 3011A and 3011DA, match BC values 3013A and 3013DA, match them when other variables and functions are used for OWP calculation, and calculate OWP type OTP between terminal 3A and terminal 3D. And the variables used in the calculation must be matched and synchronized. Then, the number of times of authentication by the authentication function 3018D or the data changed at the time of authentication may be recorded in 3017DA or recorded in 3016D.
Through the LAN in the facility such as a movie theater or a station, the staff of the facility has a terminal having the right to access the terminal 3D and accesses the database 3116D (including 3114D and 3115D) of the terminal 3D to obtain the user identifier and token number. As a key, it is possible to search and grasp the service provision status for the OTP token of the token number. If the valuable paper leaf printed on 18A cannot read the information required for authentication, the user identifier and token number are obtained from 18A and collated with the customer information of 3116D, and there is a purchase history of OTP tokens to provide the service. Determine if the user can provide it (you may need an ID to perform this procedure).

3. 3. When the terminal 3D is offline without connecting to the network.
Even when the terminal 3D incorporated in the ticket gate, the entrance, the lock device of the car, the lock device of the building, the lock device of the container such as the safe is not connected to the network 20, the storage device of the terminal 3D is 1500A or 18A. When the hash functions 3010A and 3010DA used to generate or 19A are matched, the KC values 3011A and 3011D are matched, the BC values 3013A and 3013DA are matched, and other variables and functions are used in the OWP calculation. They must be matched, and the OWP-type OTP calculation method and the variables used in the calculation at the terminal 3A and the terminal 3D must be matched and synchronized. Then, the number of times of authentication by the authentication function 3018DA or the data changed at the time of authentication may be recorded in 3017DA or recorded in 3016D.
There is a terminal 3D in the part that can be accessed after unlocking, and the 3D communication device 32D is equipped with a connector or terminal for wired communication or a wireless communication device that can limit the accessible terminals, and is a terminal of a user or an administrator. The OWP generated by the OTP generation function 3009A of the terminal 3A by changing the KC value 3011DA or BC value 3013DA of the storage device 30D or the hash function fh from the communication device of (1A or 1C) via the communication device 32D of the terminal 3D. And the authentication function 3018DA are provided with means that can be changed so that the generated OWPs are the same. By leaving room for updating the KC value 3011DA or BC value 3013DA used for OWP calculation, for example, the data that is the unlocking key of the locking device of a car or building can be updated periodically, and the key of the locking device of a car or building can be updated. Can be updated.

<When detecting the number of one-time password generation and authentication>
In the present invention, one-time password generation and authentication are not performed by the same function of the contract. A variable and a processing unit that counts and increments (increments) the number of executions of each OTP generation function or OTP authentication function at the time of generation and authentication can be provided, and the number of executions 3017A, 3017AG, and 3017AA can be obtained by using a blockchain. It is less likely to be tampered with. By monitoring the variables 3017A and 3017AG used at the time of generation among the variables that count the number of executions, it is possible to prevent unauthorized use. (Although it is not on the blockchain, it is a variable that also counts 3017DA of the terminal 3D)

For example, if there is a function to increment the number of times OWP is generated on the blockchain when generating OWP (18A) as a paper ticket, the data of the paper ticket including OWP (or the display screen data 1500A) is used. You can also receive notifications before they are fraudulently used at the entrance and authenticated. In that case, a processing unit 3111D for monitoring the blockchain is provided in SVLog (terminal 3D) or the like, and the recording variable 3017AG (number of calls) of the one-time password generation number of the token of the token number TIDA of the user who provides the service, or It is necessary to detect the change in the recording variable 3017AA or 3017DA of the number of authentications and contact the user who owns the token by e-mail, notification application, telephone line, etc. via the network. In addition to e-mail, a non-fangable token indicating that the one-time password generation function has been used may be sent to the user identifier A, which is the owner of the token number TIDA.

When the user does not have an e-mail address, a non-fangible token (illegal use notification type token, notification leaflet type token) different from the OTP token indicating that a one-time password has been generated or authenticated is sent to the user identifier A. You can also do it. In this case, the non-fangable token acts like a receipt indicating the usage status. (This fraudulent use notification type token can be used for other embodiments and uses of the present invention. Website login, ticket / valuable paper leaf by paper or NFC tag, use for decrypting encrypted data described later. It is difficult to notify unauthorized use of the terminal 3D built in the or safe. In this case, it may be possible for the terminal 3D to emit a wireless beacon to notify the surroundings.)
In the service provided at high speed with a large number of ticket gates and entrances to the facility, in addition to taking pictures of the appearance with a security camera etc., the service provider catches unauthorized visitors and ID cards such as personal number cards and passports It is also assumed that personal information such as presentation and date of birth will be confirmed and authenticated. When using it as an accommodation voucher for an event that accommodates a small number of people or an accommodation facility such as a hotel, you can provide and use the service by confirming and authenticating 1500A, 18A, 19A after entering the person's name etc. at the reception desk. Maybe.

<Rating and signboard information>
Similar to the service using the server terminal 3C, in the authentication system using the valuable paper leaf using paper or NFC tag and the terminal 3D that authenticates it, the one-time password generation token is used to indicate the target age of the user. Rating information 3024A is recorded in the contract. Further, the signboard information 3024A of the contract of the OTP token is also set in the same manner. For example, it is rating information such as qualification / license information required for users of vehicles such as automobiles, ships, and heavy machinery, and equipment / devices, and rating information of movie theaters.
If 18A or 19A is attached to a product by pasting it, the rating information will be based on the product. For example, when 18A is pasted to control the distribution of alcoholic beverages, rating information that only adults can drink may be recorded.

4C. Decryption and viewing of encrypted data and files Software CRHN (Software 403A) that decrypts encrypted data using the OTP authentication system using the blockchain of the present invention can be used. Here, software CRHN is software 403A of FIG. 4B. FIG. 8C shows a connection diagram of the terminal.
When decrypting and viewing data 4034A (4034A in FIG. 4B) such as an encrypted file, the computer DP used by the user UP (terminal 4A in FIG. 4A) is used to access the server terminal 3A and the secret of the terminal 4A. BnTOTP is generated and authenticated using the OTP token assigned to the key 401A, the return value CTAU4031A of the OTP authentication function 3018A is obtained, and the return value 4031A, the preset password value AKTB4032A, and the software 403A are specified internally. Browsing, viewing, and printing out information using software 403A that generates common key TTKY4033A that can perform file encryption and decryption based on the private key CRKY40302A and software 403A calculation method and encrypts and decrypts files, and the software 403A. In the present invention, an authentication system capable of decrypting and using encrypted data can be used.
For decryption, in addition to TTKY4033A calculated from CTAU4031A and AKTB4032A, TTKY4033A calculated from the obfuscated or encrypted key CRKY4032A built in CTAU4031A, AKTB4032A and software CRHN is preferably used.
Further, in addition to the above key information, the key CAPKY40303A obtained from the contract of the contract identifier APKY40301A recorded in the terminal that becomes the node of the blockchain such as the terminal 3A according to the program recorded in the software CRHN so as to make it difficult to identify the TTKY4033A is used. Alternatively, the processing may be complicated so as to make it difficult to identify the 4033A, and the programs may be obfuscated / encrypted.
At this time, the present invention functions as an access control technique for the content contained in the encrypted data.

<Distribution of encrypted data>
The encrypted data 4034A is distributed from the server terminal 5B called SVCRHNdrive to the computer terminal 4A through the network 20 and stored in the storage device 40A. The server terminal 5B may be an actual server, a virtual server, or a virtual machine terminal. It may be a cloud-type data storage service. It may also have a function of managing versions, recording the update history of encrypted data and the hash value of encrypted data, and displaying it to the user.
The terminal 5B may have a function of searching for encrypted data that can be decrypted by the user's own OTP generation token of the present invention. Also, for the issuer of the token (the issuer is assumed to be an individual, a corporation, a publisher, or a software company), the keywords presented by the issuer (data name, creation time, keywords, books, etc. are classified, rating information) are used. It may be provided with a function that can search the contract identifier of the OTP token and the corresponding encrypted data.
Terminal 5B has a function to sell books, audio / video, and software to customers in the form of issuing OTP tokens to the user identifier A calculated from the private key of the customer's terminal 4A on the e-commerce website or web application. You may be prepared for. Encrypted data search function corresponding to OTP token and OTP token when conducting electronic commerce, notification of AKTB4032A and download function of encrypted data, customer's name, email address, user identifier when purchasing token It may be provided with a database for registering and storing personal information and contact information of the OTP token purchaser such as a telephone number. The terminal 5B may record the user's address and notify the AKTB4032A or the fact of purchasing the OTP token in the form of a mail delivery of a letter.

Then, using the contact information such as the user name, e-mail address, address information, and user identifier of the customer recorded in the database, any arbitrary file 4034A encrypted by 4032A, 4031A, 40302A, and 403A is decrypted. The key information AKTB4032A may be sent by e-mail together with the files 4034A encrypted with 4032A, 4031A, 40302A and 403A.
Alternatively, send the file 4034A encrypted with 4032A, 4031A, 40302A and 403A by e-mail, and AKTB4032A is a means other than blockchain or e-mail (the text recording 4032A is delivered by mail as a correspondence, to the SMS of the telephone number. Send as a message, send by facsimile, etc., or receive a transaction that describes AKTB3042A in a blockchain based blockchain different from the blockchain in which the OTP token exists using the private key 401A), and use AKTB4032A as a user. It is transmitted to the user UP of the terminal 4A, and the UP inputs 4032A to the 403A of the 4A, and the OTP token calculates the TTKY403A from the return value 4031A and the key information 40302A of the software 403A and the calculation procedure of the 403A, and decrypts the encrypted file 4034A. The decrypted plaintext file 4035A can be obtained and used by viewing or executing the data of 4035A.

<Distribution restriction function of tokens that decrypt encrypted data>
The distribution of tokens may be restricted by the right holder who is the administrator of the tokens. In the embodiment, the token can be transferred to another person according to the Ethereum ERC721 standard, but when the token is transferred, a variable or process 3041A that controls the execution of the transfer function (transmission function 3040A) by the right holder is added. .. The OTP token of the present invention was invented in the process of using a non-transferable TOTP token for Internet banking on a blockchain, and is basically characterized by being equipped with a function of restricting transfer. If the provider of the service corresponding to the OTP token or the provider of the content does not allow the transfer of the OTP token of the present invention between different user identifiers, the variable for restricting the transfer of the contract of the OTP token and the related function 3041A are transmission functions. Takes the value of a variable that prevents the execution of 3040A.
When the right holder of the data or file content corresponding to the OTP token is the contract administrator (or when the right holder entrusts the contract management to the contract administrator), the execution of the contract transmission function 3040A is stopped. If the value of the contract variable 3041A is changed from the state in which it is in the state of being executable, it becomes transferable between users with different user identifiers.

An example of transfer of OTP token is shown. User UP (user of terminal 4A) and user UB (user of terminal 1B) can also exchange OTP token information on the blockchain via the network 20 and server P (server terminal 3A). It is also possible to transfer the OTP token from UP to UB using the transmission function 3040A.
The UB to which the OTP is transmitted from the UP (actually, it is accessed from 4A at 3A using the private key 401A, and the database or ledger 3014A that describes the correspondence between the OTP token and the user identifier in the OTP token contract is described by 3040A. The owner information is rewritten from UA to UB), the encrypted file is downloaded from the terminal 5B, the encrypted data that the UP who was the owner of the token has in the terminal 1A is duplicated and used, or on the network. It is possible to obtain the encrypted file in circulation and decrypt the encrypted data.
Here, if AKTB4032A is used when encrypting the encrypted file, it is necessary to obtain 4032A from the user UP. Content for which AKTB4032A is not set can be decrypted with the encrypted file 4034A, the CTAU4031A obtained by authenticating the OTP token, the software 403A, and the private key 40302A inside the software. By acquiring the software 403A that allows the user UB to transfer the OTP token, notify the AKTB, and view the encrypted data and encrypted data from the user UP, the UB can view the content data that the UP was viewing and also view it. You can get the right or the ownership.
In the embodiment of the present invention, the encrypted data is encrypted with TTKY4033A when the file encryption and decryption key TTKY4033A can be generated based on CTAU4031A, AKTB4032A, the private key CRKY4032A inside the viewing software 403A, software 403A, and the like. You can decrypt the file.

The transfer function of the OTP token using the transfer restriction function of the present invention can be used not only for the token for decrypting the encrypted data but also for the OTP token belonging to the contract having all the OTP generation functions of the present invention, FIG. 8A. It can be used for the OTP token for logging in to the website of the terminal 3C described in FIG. 8B, and the OWP token for generating the password OWP for creating the key for the paper, NFC tag type ticket, valuable paper leaf, unlocking, etc. can.
OTP tokens are transferable under the contract program, but depending on the service supported by the OTP token, it is expected that usage restrictions will be imposed by the right holder of the service, and that domestic and foreign laws and regulations will be imposed. The contract administrator makes changes to 3041A when the transfer is restricted.

<Version control of encrypted data>
The encrypted file distribution server terminal 5B is equipped with so-called blockchain-type storage that attaches data and files to transactions and records them in a distributed ledger on a blockchain platform that can take extremely large block sizes and transaction data upper limits. You may. Not limited to the blockchain, it may be a storage system that can be version-controlled and is difficult to tamper with. (Specific examples of existing technologies and services that implement preferable functions when included in the terminal 5B include platforms for software development and version management such as Github. Inc. in the United States and GitHub of GitHub Japan GK).
The terminal 5B receives the access of the user terminal, displays the corresponding encrypted file and the OTP token according to the search key information requested by the user terminal, and issues the OTP token of a certain contract identifier by the electronic commerce function. Present the user identifier of the issue destination to the terminal 5B or the contract administrator terminal 1C of the corresponding contract identifier, settle the purchase price, etc., purchase the OTP token, and instruct the user identifier of the OTP token purchaser to issue the token. If the AKTB4032A is required, the AKTB4032A may be used at the time of encryption to create and distribute the encrypted file 4034A.
When distributing the 4034A, the user's e-mail may be sent with the AKTB4032A and the encrypted file of the content attached. Alternatively, the user may be notified of AKTB4034A by e-mail, and the corresponding encrypted file may be downloaded from a download-only URI that can access a terminal such as 5B. The URI may be described in the e-mail or 5B logs in. If the site is also a member site with functions, the URI may be displayed on the user-only display screen after login to inform the user.

In online storage where tampering can be detected or version controlled, encrypted data 4034A is a book that is open to the public and sold, and it may be necessary to revise the book data and distribute different editions. In this case, the revised version can be uploaded to 5B having a version control function as encrypted data and distributed while leaving the data of the version before revision so as not to be tampered with.
At this time, the revised version of the new encrypted data can be decrypted with the old version of the OTP token that can decrypt the existing version of the old encrypted file. For example, when there is a defective program in a computer game instead of a book and you want to distribute a revised version to improve it, it is preferable that you can decrypt it with the old version of OTP token, and it is an encrypted computer. It is supposed to be used for decrypting software data. In this case, the new version and the sieve version still have the same contract identifier.
Alternatively, the rights holder can sell the sieved version of the token while distributing the encrypted data by encrypting the new version so that it can be decrypted with a new version of the token different from the old version. This corresponds to, for example, in paper books, both printed and distributed sifted books and revised new editions of books are sold as goods at bookstores and second-hand bookstores. A contract with an OTP token with a different contract identifier is deployed for the new version of the token and the sieve version of the token, and the user is notified. It is up to the consumer to decide whether to purchase a new version of the OTP token. (It is also possible to deploy OTP token contracts for each version of computer software)

<Content rating>
In order to indicate the age suitable for viewing the information of the encrypted data, the rating information 3024A of the content of the encrypted file that can be decrypted by the token is recorded in the contract of the one-time password generation token. Ratings may be recorded in 40351A and 40352A in FIG. 4B.
Content ratings are recorded on the blockchain, and others can directly access the blockchain or search and browse from server terminals such as 5B and 3F to consider purchasing tokens.
<Certificate of content>
When decrypting the encrypted data, it is preferable to have a certificate from a third party indicating that the plaintext does not contain a malicious program. It is the information described in 40351A and 40352A of FIG. 4B.
This is also related to the rating of the content, and it may be necessary to have a third party censor the plaintext data of the content and investigate whether there is a problem with the operation of the program.

<Content browsing execution environment>
Even if the content certificate is used, a third party may unintentionally overlook the existence of a malicious program and issue a content certificate (40351A or 40352A in FIG. 4B). Therefore, it may be preferable that the execution environment of the software 403A is executed in the virtual machine environment.

<Function to detect browsing from multiple environments at a certain time (unauthorized access detection function)>
In the present invention, when the encrypted content is decrypted and browsed by the software CRHN, or when the software CRHN is browsed,
The program that connects to the advertisement server CRHNcm (server terminal 5A in FIG. 5A) is executed, the advertisement is delivered from the terminal 5A, and the IP address (IP address hashing or processing) of the user who browses the content or executes the software is executed. Value),
Location information (value obtained by hashing or processing location information), computer device information (or its hash value), terminal sensor value (or its hash value),
Then, the token number and the user identifier are recorded in the terminal 5A as data as shown in FIG. 6X, and for a certain token number or user identifier, the token number and the user identifier are recorded.
It can be provided with a processing unit that determines at any time whether or not the user is accessing with a different IP address, a different location information, a different device ID, and sensor information of an input device attached to a different terminal.
Here, regarding the device information of the computer and the device ID of the computer, in addition to the computer manufacturing ID such as the device ID, the operating software ID, and the web browser ID, the acceleration sensor, magnetic sensor, and pressure sensor mounted on the terminal 4A, A measured value such as a temperature sensor or a hash of the measured value may be used.
This assumes that the advertising server will be used as a server to monitor the unauthorized use of simple content. However, it is used only when the right holder who distributes the software 403A or the encrypted content requests the unauthorized use monitoring function of the content.
When the software 403A is browsed, the encrypted data can be decrypted by the OTP authentication system of the present invention without executing the program for connecting to the server terminal 5A. Then, in the embodiment, the right holder of the software 403A of the present invention or the right holder of the plain text data of the encrypted data records a program for connecting to the 5A, and when the user of the software 403A or the content agrees, the server terminal 5A A program that connects to can be executed.
(Here, the right holder is mainly the copyright holder of software and contents. Plaintext data is protected from the viewpoint of intellectual property rights such as copyright. Also, confidential information such as corporate business secrets. If it is, it is protected as an intellectual property right. Plaintext data created by an individual is protected by copyright.)

In addition, the advertising function using 5A may not be required when, for example, confidential information such as a design drawing of a product before release is encrypted and decrypted by the software of the present invention and treated as an in-house text encryption tool. When providing this software to the above-mentioned corporation, it is conceivable that the advertisement display function and the content fraud monitoring function using the advertisement distribution server are not used. When an individual uses it as a hobby, the right holder can install an advertisement display function and an advertisement fraud monitoring function, and for business use of individuals and corporations, the advertisement function is not installed as the software and device of the present invention. Available.

Further, data and files are decoded and executed by the software CRHN (403A) of the terminal 4A, the result is displayed on the display screen 450A which is an output device, and if voice information is included, it is output as sound by the speaker 451A.
It makes it difficult for the image to be screen-captured by software on the display screen of the software CRHN (in this case, it can be copied if the display 450A is copied by silver salt or a digital camera), or the content file or printing by the printer from the software side. Can be set not to allow. Printing may or may not be possible at the request of the content right holder. The user identifier of the viewer can always be displayed on the player screen of the content.

<Viewing data when offline>
In the present invention, even when the user goes offline due to a disaster or the like and is disconnected from the internetwork and isolated, it is conceivable that there is data to be viewed using the software 403A of the terminal 4A. For example, it is assumed that you want to use the files of books such as evacuation routes and encyclopedias that are useful for disasters. The blockchain itself is a database of servers that can be distributed around the world and is resistant to local disasters. However, it was assumed that the device of the disaster victim could not connect to the network and the software 403A at hand could not connect to the blockchain, so the encrypted file could not be decrypted.
Therefore, in the present invention, when the file is decrypted with the software 403A in advance before a disaster occurs when online, the viewed certificate data 4036A (4036A shown in FIG. 4B. Bookmark data, OFBKMK in this text) is used. The key information created and encrypted with the user private key PRVP (401A in FIG. 4B) recorded inside the certificate data is decrypted and used as a key for viewing. In this case as well, the present invention functions as an access control technique for the content.

<Viewed certificate data used when offline>
In the examples of the present invention
First, the key information TTKY4033A for encrypting and decrypting the file is calculated, the TTKY4033A is encrypted using the user's private key 401A or the key information based on the key information to make it CTTKY40361A, and the 40361A is converted to the CTTKY40361A using the secret key 40302A built in the software 403A. It is encrypted and used as ACTTKY40360A.
Next, the blockchain information such as the block number at the time when the terminal 4A can perform OTP authentication to decrypt and view the data, and the contract identifier of the one-time password generation and authentication contract are combined into one object data or file and referred to as 40362A.
Next, the secret key 40302A is used as the key information of HMAC, and the data obtained by concatenating 40360A and 40362A is used as the message of HMAC, and the MAC value 40363A is obtained by HMAC.
Then, the data obtained by concatenating 40360A, 40362A, and 40363A is used as the viewed certificate data OFBKMK4036A.

<Viewing when offline>
Decryption is obtained using the viewed certificate data OFBKMK4036A, the user's private key 401A, and the key information 40302A inside the software 403A to obtain TTKY4033A.
Specifically, software 403A decodes ACTTKY40360A described in OFBKMK4036A using 40302A to obtain CTTKY40361A. Then, CTTKY40361A is decrypted using 401A, TTKY4033A is obtained, and encrypted data or files using TTKY are decrypted and made available for viewing. As the encryption of the information inside the 4036A, encryption such as common key encryption and public key encryption can be used, but common key encryption may be preferably used.
Here, it may not be necessary to restrict viewing in the event of a disaster, but when the network is disconnected, it is not possible to distinguish whether the reason for the disconnection is a disaster or user convenience, and there are files that you want to restrict viewing even in the event of a disaster. Therefore, the software 403A may have a function of setting a limit on the viewing time or the like.

Some users may attempt to exploit the browsing function using 4036A when the terminal 4A is disconnected from the network 20. Therefore, in order to protect the content of the right holder, it is sometimes preferable to use the viewed certificate data to restrict the usage of users who browse offline. (It should be noted that the usage pattern of 4036A, which does not set viewing restrictions at the discretion of the content right holder, is also conceivable.)
As a specific countermeasure example and embodiment, the software 403A detects the time information of the computer or smartphone on which the 403A is installed and the time when the authentication and contents of the certificate data OFBKMK4036A can be viewed when used offline, and the 4036A After confirming that the time is earlier than the time of the current computer terminal such as a smartphone, the information contained in the information of 4036A is decrypted to obtain 4033A, and the encrypted data and the file 4034A are decrypted to obtain 4034A. Record the time of decoding and browsing using 4036A (current time when browsing started at 4036A), and browse only for a specified time from the current time when browsing started at 4036A until a certain time in the future. Allow. When the time has elapsed by a certain designated time, the process of stopping the browsing is performed, the software 403A is stopped, and the use of the plaintext data 4035A is stopped.

Here, among the computer terminals 4A, most of the smartphone type terminals 4A are equipped with a radio signal receiving device 422A or 423A from the global positioning satellite system GNSS for positioning of position information, and provide this function because the time is updated. Cheap. The signal from GNSS contains time information. For computers that do not have a built-in means for obtaining time information, such as GNSS, in a state where it is difficult to remove, set the time to a value different from the original time with the computer's BIOS (Basic Input Output System) offline, and the software 403A is correct now. There is a risk that the software 403A will allow browsing even when it is time to stop browsing, hindering the acquisition of the time.
To view using the certificate data OFBKMK4036A that has already been viewed in software 403A, it can be received from broadcasting stations that convey the time even in the event of a disaster such as NITZ (Network ID and Time Zone, network ID and time zone), JJY, GNSS, etc. preferable. Further, it is preferable that the device capable of receiving the time information is difficult to remove. For example, the wireless communication device 422A or broadcast receiving device 423A of the terminal and the CPU (Central Processing Unit) in the control calculation units 41A and 43A are sealed with a metal shield, and the authentication number as a wireless device (wireless device in Japan) is attached to the shield. Construction design certification, Federal Communications Commission FCC wireless device certification ID, etc.) may be engraved, sealed as a semiconductor package, or the internal parts may be sealed with transparent adhesive. It may be sealed in a visible form.
A CPU including 41A and 43A and a GNSS or JJY or NITZ receiving device 422A or 423A are mounted on the same semiconductor package or the same semiconductor substrate, and the CPU or system-on-chip (SoC) device is used as a control unit or control unit. It is preferable to mount it as a calculation unit. (In the SoC chip installed in smartphones and tablet terminals sold as of 2020, the modem to the wireless communication station that transmits the CPU and NITZ and the wireless signal of GNSS (US GPS and Japan QZSS) are received. There is a built-in modem that can be used. For example, SoC such as Qualcom Co., Ltd. in the United States.)
In SoC, it is one semiconductor chip, but it may be a semiconductor component in which a plurality of IC chips called SIP (System in Package) are mounted in one package and sealed.
In addition, NITZ (Network Identity and Time Zone), which uses base stations such as mobile phones and smartphones, may not function if the base station for mobile phones is damaged in the event of a disaster, so move away from the disaster area. It is preferable that the time can be corrected by using the time data of a radio station on the ground (JJY or the like in Japan) or the time data of a radio station in space such as GNSS.
In addition to GNSS and JJY among systems that use broadcasting, it may be possible to acquire the time by satellite broadcasting. It is assumed that the time information transmitted from the meteorological observation satellite or the broadcasting satellite in the geostationary orbit is received by the user terminal. There may be a radio station 5C that broadcasts the time on the moon or the like.

Among the storage devices of the user terminal, a volatile RAM that records the private key information of the program 403A at the time of execution of the program 403A, a ROM that can record the private key information of the user, or a non-volatile memory NVRAM is mounted on the SoC together with the CPU as a package. It may be sealed. This is read when the terminal is disassembled, the signal exchange of the storage device is measured from the part where the parts constituting the terminal are joined with solder, etc. using an electric signal measuring device, and the secret key of 403A is executed. It is intended to prevent attacks by measuring electrical signals at the terminals of parts and reverse engineering. In order to prevent reverse engineering in the connection path between the storage device and the control arithmetic unit, it is preferable that the storage unit and the processing unit used in the present invention are formed on the same substrate or sealed in the same package. (This requirement also relates to terminal 1A, terminal 4A and terminal 3D.)
It is preferable that it is difficult to access the signal processing unit of the storage device and the control device, and if the access is performed, the storage device and the control device of the terminal may be destroyed. The control unit and the storage unit of the terminal may be sealed with a sealing resin or an adhesive, or the terminal may be disassembled and sealed with a sealing resin or an adhesive so that the terminal cannot be disassembled into the storage unit or the control unit.
However, among the storage devices, it is sufficient that the storage device corresponding to the capacity of information necessary for the operation of the software can be sealed, and for the purpose of improving the processing and convenience of the terminal, for example, the storage capacity capable of recording the encrypted data 4034A is provided. Non-volatile semiconductor memory may be added to increase the number. A magnetic disk such as a hard disk drive or an optical disk may be used as the external storage device. Further, the storage device recording 4034A may be removed from the terminal 4A and handed to another person for distribution.

<Restrictions and permission to print and copy content>
The information that the content right holder grants permission to the plaintext data 4035A and 403A decrypted from the encrypted data 4034A according to the permission to the content right holder such as encrypted data and files is described, and 403A is for personal use only. The content can be printed using the printer of the output device. When printing, the 403A can print the user identifier and token number printed for each page at the time of printing, the printing time, the name of the content, the contract identifier, the block number at the time of printing, TOTP, etc. like a time stamp. can. This is to confirm the print time and the printer of the printed text. The printer is represented by a user identifier.

The decrypted content of the encrypted data displayed on the display screen of the terminal 4A shall be copied as an image or video using a terminal such as a silver salt camera, a film camera, a digital camera using an image sensor, or a smartphone equipped with a digital camera. May be possible.
Therefore, the content obtained by decrypting the encrypted data displayed on the display screen of the terminal 4A is used to simply prevent copying the silver salt camera / imaging element as an image or video using a terminal such as a smartphone equipped with a digital camera. Uses a head-mounted display 453A (head-mounted display 453A). In the present invention, the head-mounted display 453A is not always used, and a display 450A mounted on a conventional desktop terminal, laptop terminal, notebook terminal, mobile phone or smartphone terminal may be used.
Here, when the head mount display 453A is attached, the head mount display 453A sensor 4530A is equipped with a biometric authentication function such as face recognition, iris recognition, ear structure-derived authentication, illuminance sensor or optical sensor, and thermographic image of body temperature distribution. You may use it. The primary purpose of the authentication function is to confirm whether or not a living body actually wears the 453A, and it is also possible to acquire personal biometric information attached to the authentication function and perform biometric authentication.

Software 403A may limit the output device 45A that outputs the decoded data. Specifically, 453A is used to simply prevent the display screen from being copied as an image or moving image using a silver halide camera or a digital camera. On the other hand, 450A is used when the content of the display screen is shared and viewed with a plurality of people and the shooting of the display screen is permitted in the scene. The right holder of the content included in the encrypted data can decide to limit these output methods, and the output method is described in the plaintext data when the encrypted data is decrypted by a program, etc., and when the program is executed and viewed. The device that outputs the decoded data is limited to. For example, a display device / display device such as a head-mounted display 453A or a display 450A, a printer of 452A, and a speaker of 451A can be used as an example, and the output of decrypted data, files, and contents can be limited for each output device.

Even when using 453A, if it is necessary to duplicate the screen, the manufacturer of software 403A may separately output to 450A in addition to 453A. For example, when duplicating by means such as obtaining evidence for resolving disputes related to the contents of encrypted data, the software setting information is disclosed to the investigative agency so that it can be output at 450A even if it is specified to output at 453A. Make it viewable. Upon request, the provider of Software 403A will provide a copyable version of 403A to help resolve disputed people, even if copying is restricted using a head-mounted display 453A. can.
For example, when the information displayed on the display is information that violates laws and regulations (for example, information that infringes portrait rights) and there is a victim due to that information, when providing information to investigative authorities or lawyers. The data that can be used only on the head-mounted display 453A of the 403A may be displayed on the normal display 450A so that the information can be shared for the resolution of the dispute.

From the viewpoint of retaining information, it may be preferable that a user who has viewed certificate data can record the data on paper or the like within the range of personal use even if he / she is offline. The technology of the computer, storage device, blockchain, etc. used in the present invention is not an information recording medium having a long track record like the recording means invented in the past such as paper, clay plate, and stone plate, so the present invention is used. Of the information, if the right holder of the information desires, it is preferable that the data used in the present invention and the information regarding the possession of the token can be recorded on paper or the like. Information may continue to remain if music video data and software data can also be stored as plaintext files in a storage device such as a magnetic tape or a magnetic disk.
The present invention is designed on the assumption that it will function for as many years as the actual storage date of paper, that is, for more than 100 years and for centuries or more. The software of the present invention is designed with an emphasis on data possession, content right holder protection, and information recording from the viewpoint of retaining data of existing modern culture and life, and it is intended to pass on information to posterity. thinking.
In the present invention, it is possible to distribute a file in the form of an encrypted file all over the world, and the information is distributed by decrypting the encrypted data using a key called an OTP token. It is preferable for some right holders to responsibly store the plaintext data that is the original of the encrypted data. The inventor does not intend to lose the preservation of the original just because there is data on books sold all over the world.
In addition, the issued OTP token and the corresponding encrypted data 4034A, software 403A, AKTB4032A, and other key information for decryption are collectively recorded in a library as a book or video / audio information, so that the book by the means of the present invention can be used for a long time. May make it easier to store for months.

4T. Use in broadcasting (distribution of encrypted data that is not bidirectional)
As an application of FIG. 8C, there is an application of encrypted data broadcasting. FIG. 8D shows a connection diagram of the terminal. As shown in FIG. 8D, the encrypted data may be encrypted data of audio / video broadcast by one-to-many radio broadcasting, and the data of radio broadcasting or television broadcasting (television broadcasting) may be encrypted and broadcast station. It can also be applied to transmit from 5C (5C in FIG. 8D), decode the encrypted data received by the wireless receiver 423A built in the terminal 1A of the user UP, and watch audio and video.
For the distribution of contents by television broadcasting or the like, the exchange of data and file contents by two-way communication and on-demand distribution between the computer and the computer network shown in FIG. 8C is received by a plurality of receptions with the broadcasting station server terminal 5C shown in FIG. 8D. It is a live broadcast / live distribution on the machine terminal 4A (television with a receiver).
Here, it is preferable that the plurality of receivers 4A (television type computer terminal 4A with a broadcast receiver) can be connected to the Internet in the present invention, and are provided with the authentication system using the one-time password of the present invention and the function of browsing encrypted contents. If the receiver cannot connect to the Internet and the global blockchain, the broadcasting station will add time information, block number Bn, one-time password authentication, and content decryption to the broadcast data, in addition to the secret key information built into the receiver. You need to send some of the key information you need to.
In this method, one-to-many data transmission that can transmit data from one broadcasting station to a plurality of users is possible. If the radio waves that serve as communication paths can be secured independently, information can be transmitted to the public without worrying about congestion of smartphones and computer networks 20, and public data information such as newspapers, official bulletins, and textbook data, and voice. There is an advantage in sending videos and videos. (Access control using common key encryption is also performed using IC cards in existing Japanese satellite and terrestrial digital broadcasting.)

When the method of using the OTP token of the present invention as a viewing right for broadcasting and decrypting and viewing the broadcasting data is applied, access is performed using the private key and the token assigned to the private key even if there is no IC card. Control becomes possible. The key information used for encryption can be changed on the contract side by additionally issuing and issuing tokens without reissuing the IC card.
However, the encrypted data (contents) is transmitted from the broadcasting station in a one-to-many format, but the acquisition and authentication of the OTP and the acquisition of the return value of the authentication function are performed through the internetwork 20. Therefore, it is desirable that the broadcast data viewing terminal 4A of this type is provided with both a wireless receiving device from a broadcasting station and a communication device with the Internet. In the present invention, an embodiment like the terminal 4A shown in FIG. 8D is assumed for a television terminal 4A, a smartphone terminal 4A, or a tablet-type mobile terminal 4A having a communication function.

The terminal 4A is not limited to a mobile terminal such as a smartphone, and it is assumed that the terminal 4A is a large-screen television terminal 4A that cannot be carried by humans. When the television type terminal 4A is used, the private key may be recorded in the external recording device 46A and used as the 401A. This embodiment is similar to a television device with an IC card reader having an existing access control function.
Alternatively, the private key 401A can be recorded and used in the storage device 40 of the television terminal 4A. However, in this case, when the terminal 4A is discarded or transferred, it may be necessary to separately record the information of the private key 401A in a different storage device and then erase the 401A from the 40A. In the present invention, a secret key stored in a terminal 1A or a terminal 4A without using a storage device for storing a secret key such as a hardware wallet or an IC card (IC card / NFC card having a secret key such as a personal number card). If there is, it is necessary to erase the data in the storage device of the terminal after copying the private key to a new terminal or recording medium at the time of disposal or transfer of the terminal.

<About receiving terminals that are not connected to the network>
Although the terminal 4A is not connected to the Internet in FIG. 8D, when the terminal 4A has a wireless communication device linked with the smartphone type terminal 1A, the terminal 4A may connect to the Internet 20 through the terminal 1A.

If you do not have a means to connect to the Internet and you cannot communicate with a terminal that can connect to the Internet, there are the following methods A and B.
A. When using the method using OWP shown in FIG. 8B.
As an example, an OTP token for generating an OWP is acquired at the terminal 1A, and a password OWP is generated while accessing the terminal 3A using the OTP token. Enter the generated password OWP, token number and user identifier in the television terminal 4A, or have the 420A read the NFC tag 19A in which the password is recorded, and when authentication is possible, it is recorded in the authentication function of the terminal 4A. The encrypted data broadcasted is decrypted using the return value CTAU, and if the decryption is possible, the content is viewed.
B. Similar to FIG. 8B, the broadcast data contains a seed value, and when a decryption password is generated according to the change in the seed value, in the example shown in A, the source information of the decrypting TTKY4033A is only CTAU4031A. Become. Therefore, the information corresponding to AKTB4032A may be input to the terminal 4A, and the key used for calculating TTKY4033A may be broadcast in the encrypted data during data broadcasting. The key information to be broadcast may be concealed or encrypted so that only 403A can decipher it.

In the case of a television terminal 4A or the like equipped with only a wireless receiving device, time information or a block number Bn read by 5C from 3A or the like is added to the transmission information of the broadcasting station 5C, and Bn is received on the television terminal 4A side. , OTP may be generated and authenticated from the authentication function provided in the terminal 4A and the internal secret variable used for the authentication function, and the key necessary for decrypting the encrypted data may be generated, and the broadcast encrypted data may be decrypted at any time. The broadcast data may include a part of the key information for decrypting the encrypted content inside the broadcast data.

Broadcast data can be recorded in the storage device (corresponding to the recording terminal of the television device) of the receiver (television receiver) in encrypted form, and if you want to watch it again, authentication with the OTP token required for decryption The later return value CTAU is acquired, information such as AKTB is input, the key for decryption TTKY4033A is calculated, and the content of the encrypted data recorded and recorded using 4033A can be decrypted and viewed.

<Television-type computers, television-type game consoles, computers and game consoles connected to televisions>
Here, when the receiver terminal 4A is a television device, it is a device that can be used for entertainment or the like by sharing information with a family member at home or the like. A television device having a large screen is more suitable for sharing information with a plurality of people than a head-mounted display 453A. It can also be assumed that the computer terminal 4A has a television viewing function capable of connecting to the Internet. In that case, the viewing of the television broadcast data encrypted by the software 403A and the execution of the computer game software in the form of the encrypted data can be executed on the same terminal.
The private key 401A corresponding to the OTP token to which the right to watch the broadcast, the right to play the computer game, and the right to log in to the website are assigned is recorded in the terminal 4A, and the OTP token is encrypted for viewing / encryption of the television broadcast. It is also possible to provide a multimedia terminal 4A that can execute encrypted game software, browse newspapers and magazines by decrypting encrypted book data, and log in to the online game server terminal 3C using OTP tokens. Be done.

<Installation location and form of broadcasting station>
The terminal 5C can be used for both wired broadcasting and wireless broadcasting, but in this item, it is preferable to assume a service of distributing information in one direction to a plurality of receivers by wireless.

The installation location of the broadcasting station 5C may be an artificial satellite in outer space regardless of whether it is on the ground or in the air. The orbit of the satellite may be a geostationary orbit. It may be a satellite that moves along a certain orbit. An artificial satellite that actively moves by thrust using a propellant or the like may be used. It may be used for a radio station that broadcasts time information such as JJY or a positioning satellite system that includes time information such as GNSS. It may be on a satellite such as the moon. It may be on a planet such as the earth.

<Broadcasting station for GNSS with built-in blockchain that uses a one-time password as a simple time stamp>
It is an artificial satellite type terminal 5C that has a function to become a blockchain node like 3A in the broadcasting station 5C or 5C, and the data for broadcasting is the encrypted data part and the time stamp in the positioning data of the global positioning satellite system GNSS. It may be used for parts. The terminal 5C for positioning or time broadcasting may be a satellite terminal that moves along a certain orbit, or a terminal installed on a natural celestial body such as the moon surface.
In this case, the broadcasting station 5C has a clock such as an atomic clock that calculates the time, has time data according to the clock or a local blockchain on a server in the artificial satellite, and the blockchain type of the present invention recorded in the contract. It can be transmitted as a radio wave including a signal for GNSS positioning by using a one-time password and attaching a hash value calculated using time information and TB and KC values. In addition to location information, it is also possible to send unique encrypted data and time stamp information. The terminal 4A may also be able to receive time information from the terminal 5C that has become the GNSS broadcasting station.
By attaching BnTOTP and message authentication code MAC value to the navigation data for positioning broadcast by the broadcasting station 5C for GNSS, it is possible to perform OTP authentication using 3A at the time of distribution of positioning information and check the authenticity of the positioning information. .. By attaching the BnTOTP or OWP of the present invention to the positioning signal or the navigation data for positioning, it is possible to prevent the navigation data for positioning from being tampered with, and to prevent the calculation of incorrect position information due to spoofing of the positioning signal and the incorrect navigation due to incorrect position information. Can lead to. By the above method, the terminal 4A can know the authenticated position information and time information.
When 5C is in space, another broadcasting station 5CC can perform bidirectional communication and change a part of the key information K of the blockchain of 5C according to the instruction of 5CC.

<Rating>
If rating is required, specify it in the contract and issue a token to the user from the contract.
In the present invention, the contract is provided with a variable KNBN in which rating information can be described in the contract.

5. Service provider, token administrator (Owner)
A user UA who is qualified to provide the service (for example, assuming a bank account holder who has a contract for an OTP token with login authority to a website / web application that performs Internet banking) and its private key toward the terminal 1A. From 101A to the user identifier A calculated from the blockchain unit of the terminal 3A, the administrator UC generates an OTP from the terminal 1C (terminal DC) to the server P (terminal 3A) which is a node of the blockchain through the network 20 (network NT). Issue a token.
The OTP generation token is recorded on the blockchain as a smart contract. A smart contract (contract) behaves as a program that is difficult to repair and tamper with, and once the contract is deployed in the blockchain part of the blockchain system DLS such as terminals 3A and 3B, it is a variable that can be changed using a setter function or the like. Others cannot be tampered with, modified, modified or erased. The service manager changes the numerical values of the KC value 3011A and the BC value 3013A of the contract through the function fscb3012A which is a setter for changing the internal variables provided inside the contract.
Contract functions can program user identifiers and conditions that they are authorized to execute. In the present invention, an internal seed value (internal secret variable) KC value 3011A or BC value 3013A for calculating OTP that can be executed only by the administrator, and a function fscb3012A that only the administrator can access KC3011A or BC3013A are set, and the contract Only the administrator can rewrite and update the secret key information that calculates the OTP of the contract. The function fscb3012A may exist individually in both the KC value 3011A and the BC value 3013A, or may be a function that simultaneously rewrites the KC value 3011A and the BC value 3013A.
The present invention provides the user with a dynamic password OWP by updating the KC value 3011A or BC value 3013A of the secret value of the password generated by the OTP token. The one-time password BnTOTP using the block number Bn is also characterized in that the KC value 3011A of the seed value is updated, so that the seed values KC3011A and BC3013A rewritten by the functions fscb and fscb are provided in the contract. It is a feature.

When issuing a token, the token contract administrator should set the token-specific URI or character string information in the form of a mapping variable using the token number as a key in addition to the token number, and give the character string information to the token of a certain token number. You can also. From the URI information, the serial number of the OTP token can be displayed in the form of a one-dimensional barcode or the like on the software that handles the token.
This URI information conforms to ERC721 and is a known function. The serial number of the token, the URI of the image information unique to the token (URL of the image file of the web server having the image information), and the like can be described in the URI or the character string information.

<Countermeasures in case the private key of the contract administrator is leaked>
The service administrator has a private key 101C for accessing the blockchain unit like other users, and the private key 101C (secret key PRVC) recorded in the terminal 1C (terminal DC) of the contract administrator UC is used. If leaked, the contract that manages the OTP token may be attacked, and the variable internal variables of the contract may be rewritten or the OTP token may be issued maliciously. Therefore, when rewriting the variables of the contract, the contract may include a part that controls the execution of the contract by a plurality of private keys.
A technique for controlling access by using a private key other than the private key 101C may be used for the contract. Not only 101C but also a multi-sig technique that can access a function that can be used only by the administrator and browse or rewrite variables may be used in the contract by using one or more secret keys different from 101C and 101C.

Alternatively, when executing an OTP token such as an internal variable of a contract that manages OTP or a token issuing function to improve security, it is calculated from the secret key 101C to execute the function. There is a contract internal variable that can be accessed and set from the user identifier C and the private key having the user identifiers D, E, F, and G other than the user identifier C, and the token issuing function, KC value 3011A, and BC value 3013A are changed. When executing a function, determine whether the variables that can be set by the user identifiers D, E, F, and G are executable values, and one of the values set by D, E, F, and G executes the function. When it is a variable value to be stopped (prevented), a function to suspend the execution of the token issuing function, the setter function of KC value / BC value, and other functions that can be changed only by the contract administrator who changes the state of the contract can be considered. ..

The concept of accessing and setting from the user identifier C and the private key having the user identifiers D, E, F, and G other than the user identifier C is likened to an existing device and has a plurality of dials and keys, and all dials are provided. It is the same as the idea of a safe or vault that can be opened only when the key can be unlocked. The safe has multiple dials and metal keys and locks, and even if you obtain the private key 101C of the user identifier C, other users will not unlock the locked safe unless these multiple elements are properly unlocked. The internal variables of the contract cannot be manipulated unless the locks of multiple elements by the secret keys of the identifiers D, E, F, and G are unlocked. Unable to unlock functions that perform important operations, such as token issuance functions).
In addition to the contract administrator's private key 101C (101C indicates user identifier C), there is one or more private keys held by other users (auditor user identifiers D, E, F, and G), all of which are individual. It has a boolean value that can be set by accessing, and it is possible not to execute the function for the contract administrator unless the true value set by the user identifiers D, E, F, and G is taken. This is a storage unit of a variable or processing unit such as 3042A in 3008A, 3008AG, 3008AA in FIG. 3AC.

Also, instead of the form in which all of the user identifiers D, E, F, and G agree and the variable is set to the true value of the truth value, as an example, 11 auditor users are set and a mapping type corresponding to those users is set. It has a boolean variable, aggregates the true number of mapping variables (true or false votes), and executes a contract function that can be operated by the administrator if the majority of 11 users are not reached. It can be programmed to stop (again, in FIG. 3AC, in 3008A, 3008AG, 3008AA, a variable such as 3042A or a storage unit of the processing unit).
<Simple measures to prepare for the leakage of the contract administrator's private key>
In a specific example, an example using five private keys of users C, D, E, F, and G was shown, but a contract using two different secret keys is used to easily make the contract operation impossible at the time of unauthorized access. You may access it as an administrator. A secret key 101C of the contract administrator and a secret key 101B for stopping the issuance of OTP tokens when the 101C is leaked are prepared, and a function execution stop variable and its setter variable that can be accessed only by 101B are provided, and the function execution is stopped. The OTP token issuance function and contract internal variables (3042A, 3043A, 3024A, 3030A, 3031A, 3011A in FIG. 3AC) are used to execute the function when the variable is true and not to execute the function when the variable is false. , 3013A) can be set.
If the condition does not cause the leakage of the private key, or if the leakage is acceptable, the contract of the OTP token may be accessed using only a single private key 101C to change the state of the control.
However, it is preferable to use some kind of multiple private keys to take measures when the private key of the contract administrator is leaked.

6. Supplementary information on OTP tokens Using the URI information of tokens, symbols and patterns can be created from the URI information. Of the 32-byte URI information conforming to the ERC721 standard, each byte is separated from the beginning, and each byte has a numerical value so that it can be used as a card game number or the like.
When used as a login ticket for a website, the website may change its behavior according to the URI information of the token after logging in to the website. When a token is used as a ticket, a URI barcode may be displayed on the display and printed. In addition, remarks information at the time of token issuance may be written in the URI part. The URI information may be character string information in the ERC721 standard, or may be 32-byte hexadecimal number information. The data length of the URI may be variable.
When printing as a paper ticket, in the application software used for printing, necessary information such as service name and contract identifier, user identifier, token number, password information, printing date and time (user name, contact information if necessary) In addition, a part of the print design on the paper of the ticket may be changed and printed according to the URI information of the token.

<Generation and recall of one-time password based on time using block number Bn>
The basic operation of one-time password generation and authentication in the present invention will be described. An authentication method using BnTOTP in the system shown in FIG. 1 will be described.
A user terminal 1A, a server terminal 3A, and a network 20 are used to generate an OTP and authenticate it. In the user terminal 1A, the secret key 101A, the URI on the network 20 of the server terminal 3A as the node of the specified blockchain, the contract identifier 3019A of the OTP token that generates the specified OTP, and the secret key 101A to the blockchain unit. 1A is the OTP generation function 3009A shown in FIGS. 3AA, 3AB, and 3AC, in which the user identifier A calculated by the process and the specified token number TIDA assigned to the user identifier A in the specified contract identifier 3019A are used as arguments. Through the blockchain access program, the blockchain portion of the server 3A is accessed through the network 20 and a function call is made. The terminal 1A accesses the blockchain portion of the terminal 3A and performs processing according to the program of the OTP generation function 3009A of the contract recorded in the blockchain portion.
When the block number Bn is used to generate the OTP in the embodiment of FIG. 1, the OTP generation function 3009A shown in FIGS. 3AA, 3AB, and 3AC follows the F100 to F105 of the flow chart shown in FIG. , Bn, and A are used as the arguments of the hash function fh, and then the arguments are passed to the hash function to generate the hash value BnTOTP with BnTOTP = fh (A, TIDA, KC, Bn), and the OTP authentication function 3009A. Alternatively, 3009A transmits BnTOTP to the terminal 1A as the return value of the function 3009A. If the argument input by the terminal 1A or the user calling the function does not match the condition of F101, the execution of the OTP generation function is stopped. The hash function fh is, for example, SHA256 of SHA-2.
Flowchart processing F100 receives two arguments, the user identifier A and the token number TIDA, by inputting the arguments of the OTP generation function 3009A. It should be noted that a plurality of arguments such as the third and fourth may be taken depending on the intended use.
If the BnTOTP generated by F104 is not used as the return value, the BnTOTP is converted into an unsigned integer as shown in F107, and the n-digit password is divided by 10 to the nth power. It can be transmitted as BnTOTP-n, or it can be the return value of the OTP generation function 3009A as an OTP of a 7-digit integer value with n as 7, but in that case, the same calculation is performed with the OTP authentication functions 3018A and 3018DA, and the OTP is performed. It is necessary to program the OTP authentication function to perform the verification of.
In the embodiment, the same contract is provided with an OTP generation function that generates a 32-byte OTP that uses the processing of F100 to F105 and an OTP generation function that generates an OTP of an n-digit unsigned integer that uses the processing from F100 to F107. It is possible to create a contract for an OTP token that generates OTP, and usually authenticates with an n-digit (at least the number of digits is good) OTP generation function and the corresponding OTP authentication function. Authentication can also be performed using an OTP generation function of 32 bytes, which is larger than the quantity (a maximum number of 2 to the 256th power of an integer, and it is assumed that a brute force attack is difficult) and a corresponding OTP authentication function.

In the embodiment of the present invention, Ethereum is used as the blockchain substrate, the SHA256 function that outputs a return value with a hash value of 32 bytes is used as the hash function fh, and the option of F104 is not provided in the processing program of the OTP generation function, and BnTOTP is used. An OTP generation function that calculates a 32-byte OTP with = fh (A, TIDA, KC, Bn) (in FIG. 6A, a function that operates via the flow chart in the order of F100, F101, F102, F103, F104, F105, or the figure. A function that operates in 6B via a flow chart in the order of F100, F108, F101, F102, F103, F104, F105.)
An OTP generation function (F100, F101, F102, F103, F104, F107 in FIG. 6A) that converts the BnTOTP into an unsigned integer and calculates the OTP of a 7-digit number that is a remainder divided by 10 to the 7th power. A function that operates via F100, F108, F101, F102, F103, F104, and F107 in the order of F100, F108, F101, F102, F103, F104, and F107.) It was carried out in.
Here, the difference between FIGS. 6A and 6B is necessary for recording or increasing the number of executions of the function 3009A for the variables 3017A and 3017AG that store the number of times the execution of the OTP generation function 3009A is recorded, or for executing the function 3009A. Whether or not there is a change process F108 such as an increase / decrease in the numerical balance.
In F101, the user identifier of the function executor (function executor, message sender, user identifier of msg.sender) that executes the OTP generation function 3009A of the OTP token from the input argument is associated with the OTP token of the token number TIDA. It is determined whether or not it matches the identifier of the user who owns it (here, the user identifier A). Without this process F101, a user who does not have the OTP token can execute the OTP function. Therefore, when the message sender executes 3009A, the process of determining whether the message sender is the holder of the OTP token. is required.
In F100, it is possible to input only TIDA and perform processing, but in reality, in F101, the user identifier of the function executor (user identifier of function executor, message sender msg.sender) is msg at the time of function execution processing. .. Since the user identifier of the sender is input to the OTP generation function as A, it is considered that A is used as an argument and described in F101.
(Note) In the conditional statement F101 for generating OTP tokens, it is determined whether or not the holder is an OTP token, but this part is regarded as the number of OTP tokens held by a certain user identifier, and the number of possessed OTP tokens is one or more. It is also possible to generate an OTP with the token number as an argument, but in this case as well, when checking the number of tokens held by the function executor, msg. Since the token balance (remaining number) of the user identifier (msg. Sender = A if the executor is the user identifier A) is checked using the user identifier called sender, it may be considered that the user identifier is used for function execution. Maybe. The description here is just an example.

In the embodiment, the hash function fh is SHA256 or SHA-3 of SHA-2, and MD5, RIPEMD, SHA-1, SHA-2, or SHA-3 can be used. fh may be a cryptographic hash function. For example, when fh is SHA256, BnTOTP = SHA256 (A, TIDA, KC, Bn). In the embodiment, the variables are encoded and combined in the order of the arguments, and the hash value of the data is obtained by the SHA256 function or the like.
As a specific example, it is a process such as SHA256 (EncodePacked (A, TIDA, KC, Bn)). Here, the function CodePacked (W.XY, Z) is a function, a library, or a processing method that wraps (packs) the variables W, X, Y, and Z in this order, encodes them, and outputs a message Mes.
If the order in which the arguments are packed is changed by the CodePacked function, the data changes, the internal message Mes changes, and the argument value of SHA256 (Mes) changes, so the hash value calculated from that also changes. For example, SHA256 (EncodePacked (A, TIDA, KC, Bn)) and SHA256 (EncodePacked (TIDA, A, KC, Bn)) generate different hash values BnTOTP.

The embodiment described here is characterized in that it is based on four arguments, TIDA, KC, Bn, and A. Four variables processed by performing hash values and the like based on TIDA, KC, Bn, and A may be used as arguments of the hash function fh after being processed inside the OTP generation function. That is, the arguments of the function for calculating OTP may be derived from the above four in the case of TIDA, KC, Bn, and A as an example.
TIDA and A may lead to personal information, and if the service provider and the user agree to use them, A and TIDA can be used, but if not, or by law, the handling of personal information will be handled. If it should be strict, it may be necessary to anonymize A and TIDA and use them as arguments of the OTP authentication function. (A and TIDA need to be used directly as EOA and token numbers in Ethereum, and there is a risk that the current blockchain based on Ethereum will not be able to meet that request.)
Also, from the viewpoint of personal information protection, it is preferable that the blockchain platform is also concealed in such a way that transactions transmitted to the blockchain when purchasing or issuing an OTP are hidden only by some people. In Ethereum, the token number of a user identifier or a certain contract identifier can be viewed from all over the world, and by linking that identifier with the user's personal information, it may be possible to guess which user is the user of which OTP token service. .. The user identifier A, the token number TIDA, and the contract identifier of the OTP token can be searched on the server terminal 3F.
In a known example, the service corresponding to the terminal 3F is provided as a blockchain search service such as Etherscan and a blockchain search server terminal that performs the blockchain search service. The terminal 3F may be equipped with a function for restricting searches for privacy protection. For example, when the user identifier A accesses and searches on the 3rd floor, the contract identifier and transaction information related to A can be displayed, and the information of the transaction and the contract identifier that are permitted to be disclosed can be viewed.
When the present invention is performed in a public network blockchain system such as Ethereum where all transactions are open to the public, the service provider records the correspondence between the user identifier A and the user UA when confirming the identity of the user of the user identifier. Service providers and OTP token issuers may be required to manage information so that it is not leaked to the outside world.
Customer information and services are owned by the service provider, OTP tokens are issued by the OTP token management organization, and only the service provider and the user have a correspondence relationship between the OTP token token number and the user's personal information. It may be possible to protect personal information by not disclosing the information.

<Separation of OTP generation terminal and OTP authentication terminal>
In the present invention, the OTP generation terminal and the OTP authentication terminal can be performed on the same terminal 1A. Further, it can be used separately for the OTP generation terminal and the OTP authentication terminal. That is, it can be used as a communicationable hardware type OTP generation mobile terminal 1A having an output device capable of generating and displaying an OTP, and a login authentication terminal 4A equipped with an OTP input device for website login.
There are a terminal 1A that generates OTP, a terminal 4A that has a blockchain unit that causes the terminal 1A to generate an OTP by an OTP token, and a terminal 4A that can access a terminal 3C that handles services such as a website. And the terminal 4A are connected to the network 20, and after 1A executes the OTP generation function to generate the OTP and output it to the output device 15A of the terminal 1A, the user UA visually observes the OTP generation function of the terminal 4A. The terminal 4A can input to the input device, perform OTP authentication using the input OTP, communicate and exchange the result with the terminal 3C, and log the terminal 4A according to the authentication result to provide the service.

<Time-based one-time password authentication and authentication result recall using block number Bn>
The operation of the OTP authentication function 3018A that verifies and authenticates the OTP shown in FIGS. 3AA, 3AB, and 3AC is similar to that of the OTP generation function 3009A. VeriBnTOTP = fh (A, TIDA, KC, Bn) is obtained by using TIDA, A, which is input to the argument of the one-time password authentication function when the user accesses the server 3A, and the IF statement among the input ArgBnTOTP. It is determined whether ArgBnTOTP matches VeriBnTOTP by the conditional expression according to the above, and if it matches, the return value at the time of OTP authentication is returned to the terminal 1A. It is also possible to perform processing when authentication is possible.
If they do not match, the return value when authentication cannot be performed is returned to the terminal 1A, and processing is performed when authentication cannot be performed. Here, in the BnTOTP, a 32-byte OTP is generated in the embodiment, but the same applies when BnTOTP is read as a password BnTOTP-n of an input n-digit number and a 7-digit integer password of n = 7. Is. 6C to 6H show a flowchart regarding the processing of the authentication function 3018A.
Typical connection diagrams of terminals are shown in FIGS. 1A and 1B.

The flowchart of the authentication function 3018A shown in FIGS. 6C to 6H will be described. Flowchart processing F110 receives three arguments of user identifier A, token number TIDA, and password ArgOTP by inputting arguments of OTP authentication function 3018A. The OTP authentication function may take a plurality of arguments such as the fourth and fifth depending on the intended use.

FIG. 6F is one of the examples of the authentication function 3018A, and is a basic processing example. Authentication using the process shown in FIG. 6F can be used for terminal 3C, terminal 3D, and decryption of encrypted data. F110 receives the user identifier A and the token number TIDA as the arguments of the authentication function, and F113 calculates VeriOTP from the arguments. At this time, the block number Bn and the secret variable KC value are used. VeriOTP = fh (A, TIDA, KC, Bn) is calculated, and it is compared whether ArgOTP, which is the OTP of the argument input by F114, and VeriOTP match. If they match, it is determined that authentication has been completed, and F116 processing is performed. If they do not match, F118 processing is performed. Examples of connection of terminals using FIG. 6F are FIGS. 8A, 8B, 8C, and 8D.
The form of the OTP authentication function shown in FIG. 6F can be used in the terminal 3C and the terminal 3D.

FIG. 6D shows variables 3017A, 3017AA, and 3017DA such as the true / false value and the integer used for the processing of FIG. 6F, to which the processing F115 for rewriting the true / false value or the integer value after the execution of the OTP authentication function 3018A is added. Is. 3017A, 3017AA, and 3017DA are data such as a false value, an integer, and a character string. 3017A, 3017AA, and 3017DA are mapping variables having a data type such as a true / false value type, an unsigned integer type, and a character string type using the token number as a key. The mapping variable is an example, and it is sufficient if the data associated with the token number as a key can be recorded. Examples of connection of terminals using FIG. 6D are FIGS. 8A, 8B, 8C, and 8D.

FIG. 6C is a processing example assuming that it is used for decrypting encrypted data or logging in to a website. FIG. 6C shows the processing of FIG. 6D with the processing of F111 added. In F111, the executor of the authentication function 3018A determines whether it is the user identifier A, and if it is different, interrupts the process as shown in F117. If the executor of the authentication function 3018A in F111 is the user identifier A, the processing of the authentication function of F112 is continued, and if the input OTP = ArgOTP has no problem, F113, F114, F115, F116, and F116 are displayed. Processing is done. If ArgOTP does not match VeriOTP at F114, the process is interrupted as indicated by F118. FIG. 6E is a flowchart in which the process F115 of FIG. 6C is removed. Examples of connection of terminals using FIGS. 6E and 6C are FIGS. 8A, 8C, and 8D, and FIG. 8B can be used in applications where the terminal 3D can connect to the network 20 and can connect to the terminal 3A.

Since the processing method shown in FIGS. 6C and 6E uses the owner information 3014A in the contract regarding the OTP token of 3A, if the terminal on the blockchain such as 3A and 3D are connected and the information of 3014A is not synchronized and shared, FIG. 6C And the authentication method shown in FIG. 6E cannot be used in the terminal 3D. If the terminal 3D is a processing terminal such as a ticket gate or an entrance of a station and is connected to the terminal 3A via the network 20 or has the same blockchain recording unit and control unit as the terminal 3A, FIGS. 6C and 6C also in 3D. The processes of 6E, 6G and 6H are available.
The terminal 3D is a container such as a safe or a car, and the communication device is restricted due to the limitation of the power supply device such as the battery provided in the terminal and the environment where the mobile body on which the terminal is mounted is out of reach of radio waves. If the connection cannot be made, it is difficult to perform the processes of FIGS. 6C, 6E, 6G, and 6H.
6C and 6E, 6G and 6H may or may not be used depending on the intended use of the terminal 3D. 6C, 6E, 6G, and 6H are examples of usage patterns.

6C and 6E have a process F111 for determining whether the executor (msg.sender) of the authentication function 3018A is the user identifier A. By having this process, it is determined whether the user identifier A calculated by the user's private key 101A at the time of login process to the website sends and executes the message, and the executor of the authentication function having no private key. Suspends function execution by. The difference between FIGS. 6C and 6E is the presence or absence of the process F115 that changes 3017A, 3017AA, and 3017DA when authentication is possible. FIG. 6C has F115 and FIG. 6E does not have F115.

6G and 6H have a process F119 for determining whether the executor of the authentication function 3018A is the holder of the OTP token. This process is the same as the process F101 described in the flowcharts of FIGS. 6A and 6B at the time of the OTP generation function. When a message is sent to the terminal 3A, which is a node of the blockchain, by the private key 101A possessed by the user during the login process to the website by the process F119, it is determined by the F119 whether the user holds the OTP token of the token number TIDA. , Suspends the execution of the authentication function by the executor who does not have the OTP token. The difference between FIGS. 6G and 6H is the presence or absence of the process F115 that changes 3017A, 3017AA, and 3017DA when authentication is possible. FIG. 6G has F115 and FIG. 6H does not have F115.

<Calling a function of another contract from a contract>
The contract used in the present invention may be completed by only one smart contract recorded at a certain block number, or recorded at another contract identifier smart contract or another block number recorded at the same block number. The processing content may be described separately in the smart contract of another contract identifier. For example, a function of contract Y may be called from contract X and used.
For example, in F116 of FIG. 6F, in order to process 3022A and 3023A of FIG. 3AB, the authentication function 3018A is accessed after accessing the contract X having a contract identifier different from the authentication contract of OTP token 3008AA and executing the function Y of the contract X. The return value 3021A of may be output to the terminal 1A.
Alternatively, as another example, a function such as the hash function fh of the contract X that generates or authenticates the OTP may be defined in another contract Y so that it can be selected and called like a library.
Cryptographic hash function fh has a stronger hash function fh in preparation for the situation where multiple message data are calculated for a single hash value due to the improvement of the performance of the computer terminal and hash value collision can occur. The hash function fh of the contract Y may be updated so that it can be used for the calculation of the OTP, and the fh of the contract Y may be used for the contract X.

<Provision of services using authentication result call>
The OTP authentication function is called, OTP, A, and TIDA are input, and the service is provided using the return value CTAU3021A of the authentication result obtained as a result.
Here, 4A. Website login usage, 4B. Use as paper or IC-type admission ticket, ticket, unlocking key to entrance and building equipment, 4C. Decryption and viewing of encrypted data and files, 4T. The use in broadcasting (distribution of encrypted data by broadcasting one-to-one number) will be described in order.

<4A. Website login usage ＞
A TOTP type one-time password token based on the block number Bn is used for logging in to a website or the like, among the variables TB that can be changed at a certain time in the blockchain. If the TB has the latest time stamp 3002A on the blockchain, it can also be used as the TB.

Block hash Bh (3003A) can be used for TB, but when block hash is used, the block hash value of the block number up to the 256th from the latest block number is used in Ethereum and its smart contract programming language Solidity. It can be called, but at that time, it is considered that the block number Bn is used as an argument for calculation. When it is considered that Bh is calculated with Bn as an argument, the method using the block hash Bh is the same as the method using the block number Bn.
When expressed as an expression in the Solidity language, BnTOTP = (A, TIDA, KC, Bh), Bh = Blockhash (Bn), so BnTOTP = (A, TIDA, KC, Bh = Blockhash (Bn)), and block hash Bh. Since the block number Bn is also used when using, it can be said that BnTOTP = (A, TIDA, KC, Bh) and BnTOTP = (A, TIDA, KC, Bn) are similar calculation methods from the viewpoint of arguments. In the present invention, it is considered that the method using the block hash value Bh as described above is also a different form of the method using the block number Bn.
The block hash can also be used as TB. However, note that the block hash can be operated by the administrator of the terminal that configures the node. Further, it is a hash value of block data of a certain block number Bn, which is dynamic with respect to the time but is not a value expressing the time.

When block hash Bh is used for the block number of TOTP, it is necessary to record the block hash on a different server terminal or blockchain and refer to the block hash value from the contract that calculates TOTP. There may be. Further, the block hash is a value that changes every 15 seconds in Ethereum as an example, and when the block hash is used instead of the block number, the calculation when it is desired to extend the time interval for generating and authenticating the OTP becomes complicated.
If the block number is Bn instead of the block hash Bh, the variable n that increases the display interval based on Bn is used, the remainder m divided by n of Bn is obtained as the Bn mod n, and m is subtracted from Bn to obtain Bnr. (As Bn-m = Bnr), instead of Bn, Bnr is used as an argument of the hash function that calculates OTP, and the time that OTP can be generated and authenticated is 15 seconds, 30 seconds, 45 seconds, 60 seconds and n. It can be extended by increasing the number, and in the present invention, the block number Bn is preferably used because of the simplicity of calculation.

In the block hash Bh as well, Bh can obtain the past block hash Bh using Bn as an argument, but as described above, Bn may be required in the calculation. The block hash value Bh itself is a hash value corresponding to the data of a certain block number Bn, the block number is a variable whose numerical value increases with time, and the increase of the block number Bn can indicate the passage of time, but the block Even if the hash value changes or increases, it is not possible to indicate when the hash value was the data.
In the present invention, there may be cases where it is better to use Bn and cases where Bh may be used. If all the seed values used in the calculation of the OTP generation function and the OTP authentication function are recorded, there is room to authenticate the OTP acquired by the generation function with the authentication function.
Since Bn is proportional to the time data, it is preferably used when a time element is required for the service, for example, when a time stamp-like element is used. On the other hand, it is also preferable to use Bh when it is desired to generate an OTP with more randomness in addition to Bn or by using Bh and use it for login of a website or the like.
When the OTP token is used as a pseudo-random number generator, it is possible to give more randomness by using Bh as the seed value of the OTP calculation together with the value V determined by the voting between the node terminals of the DLS described later.

When Bh is used as a time stamp, the block hash Bh at which time cannot be known unless the database of Bh, block data, and block number is in the terminal that provides the service. In addition, it is considered that the frequency of collision of block hash values is extremely low, but when there are two or more block numbers for a certain block hash value Bh, which block number the generated BnTOTP was the time data of which block number? I don't understand. There is also a point that this problem may occur if the hash function used by the base of the blockchain that calculates the block hash value is prone to hash value collision.

An example of logging in to a website using BnTOTP as an OTP using a server terminal 3C and using a contract 3008AG having an OTP generation function and a contract 3008AA having an OTP authentication function as shown in FIG. 3AB is shown. Access the blockchain using the contract identifier CPGT3019A of the token including the OTP generation function and the contract identifier CPAT3020A including the OTP authentication function, and authenticate with the contract CPAT3020A including the authentication function using the BnTOTP obtained from the CPGT3019A, and perform the authentication function. When the return value is used for login or operation of the website, the login process is performed using the server terminal 3C (SVLogin).
Here, BnTOTP = (A, TIDA, KC, Bn) may be used, or BnTOTP = fh (A, TIDA, KC,) in which the value V determined by voting and the value BC that can be changed by the contract administrator are added to the argument of the previous term BnTOTP. It may be Bn, BC, V), or BnTOTP = fh (A, TIDA, KC, Bn, BSZ) with the block size BSZ added. When terminals 1A, 1C, 3A, and 3C are connected via the network 20 as shown in FIG. 8, the value V and the block size BSZ determined between the node groups such as node 3A and node 3B of the blockchain are pseudo. Can be used as a random element. Further, a block hash value Bh or the like can also be used. For example, the formula of BnTOTP used in the embodiment of the present invention is BnTOTP = fh (A, TIDA, KC, Bn, BC, V, Bh).
When BSZ changes according to V, it is regarded as V = BSZ and BnTOTP = fh (A, TIDA, KC, Bn, BC, BSZ, Bh).

A and TIDA, KC, Bn and BC, and V and Bh are used as the arguments of the hash function fh of the present invention. For example, the hash functions are calculated and processed by a hash function based on KC and BC or V and Bh. Then, the calculation method may be adopted so as to make it difficult to guess the calculation method of BnTOTP. The present invention is characterized by having A, TIDA, KC, Bn, A, TIDA, KC, BC as arguments and internal variables necessary for processing a function, and further A, TIDA, KC, Bn, BC, It is characterized in that variables such as V and Bh can be used.

Further, BnTOTP = fh (A, TIDA, KC, Bn, BC, V, VU [TIDA]) including a mapping variable VU (VU [TIDA]) using the token number TIDA held by the user as a key may be used. The argument VU [TIDA], which is a seed value by voting that can be set by the user, will be described separately.

The terminal 1A acquires the return value of the authentication function, and 1A processes the return value according to the program of the website operating on 3C (SVLogin), or passes the return value to 3C, and when the authentication result is correct, the service inside 3C. To browse and operate the content. As an example, assume Internet banking and member sites. If the authentication result is incorrect, login will not be performed.
In addition, after obtaining the user's permission at the time of login, blockchain information such as CPGT3019A, TIDA, Bn, user identifier A, login time information, and
An identifier based on the IP address such as an IP address or a hash value of the IP address, position information, an ID unique to the terminal 1A, and a sensor value such as the sensor 144A of the input device 14A of the terminal 1A are used as an IPV value in a storage device of 3C. The user identifier A or token number TIDA is associated with the IPV value in the form of, and is stored in the database in a form that can be expressed in a table or the like. FIG. 6X is an example, and any ledger data or database that can record that 3C is being accessed by a plurality of IPVs for a token number or a user identifier may be used. Here, the information is collected with the consent of the user, and a part or all of the information is stored in a pseudonym (encryption) or anonymized with the agreement.

As shown in the example shown in FIG. 6X, when a user identifier derived from the same private key 101A has a different IPV value, that is, an access is made from a different environment, the access from the different environment is presumed to be an unauthorized access, and the user UA The private key is leaked and notifies the combination of user identifier A and token number TIDA that there is a suspicion of unauthorized access to the user identifier A or token number TIDA of the database recorded on the terminal 3C and the corresponding contact information. However, the terminal 3C can have a function of prohibiting access according to the permission of the user. The purpose of prohibiting unauthorized access is to access and manipulate information that is important to the user, such as Internet banking.

Depending on the service application, the server terminal 3C may also have a terminal 3C as an embodiment in which a database as shown in FIG. 6X is constructed and a function of notifying an unauthorized access to a user is not provided. For example, when it is a simple member site or a simple online game site, the server terminal 3C equipped with a processing unit and a storage unit for providing services creates a database for monitoring access from users as shown in FIG. 6X. It is assumed that this may increase the computational resources of the terminal 3C and the capacity of the storage device. Further, the usage cost of the server terminal 3C may increase.
In addition, the cost of protecting and managing personal information on the server terminal 3C is high, and by not collecting the personal information of the accessor on the terminal 3C, the OTP of the present invention can be reduced while reducing the cost for management. There may also be a desire to provide a login service using an authentication system. In order to meet these demands, there is also a terminal 3C as an embodiment in which a database as shown in FIG. 6X is constructed and a function of notifying unauthorized access to a user is not provided.

Recording access information and monitoring unauthorized access in the format shown in FIG. 6X in 3C is not an essential function for an OTP authentication system, and the service provider of server 3C and the user UA of terminal 1A record access in the form of FIG. 6X. It is a function that can be used after agreeing whether or not it will be done. The present invention can be carried out without recording access information and monitoring unauthorized access in the format of FIG. 6X. However, in the OTP authentication system, when the private key 101A is recorded and used in a plurality of terminals, it is preferable in terms of security to have a function of detecting access from a plurality of different environments as shown in FIG. 6X.

Internet banking is an example of the use of FIG. 8A. At that time, both the terminal 3C that manages the website and customer data and the contract data on the blockchain of the terminal 3A can be operated.
In the OTP generation contract (30008AG in FIG. 3AB), the customer generates an OTP, and the authentication function 3018A is argued using the OTP (mainly BnTOTP, and OWP if it can be updated regularly), the user identifier, and the token number TIDA. The number of authentications executed can be held as a variable inside the contract. Furthermore, after the execution of 3018A, a mapping variable 3023A using the identifier A or the token number TIDA as a key is provided, and numerical values such as assets and points corresponding to the user identifier A and the token number TIDA in 3023A, evaluation values, and voting result values are used as contracts. It may have a function 3022A for writing and saving. Then, 3023A and 3022A may be included in the authentication contracts 3008AA and 3008A, and may be programmed to be operated when the authentication function 3018A can be authenticated and provided in the 300AA and 3008A.
Specifically, in Internet banking, member sites, etc., it has a value 3023A such as an asset balance and points for the token number TIDA of the user identifier A and the OTP token held by the identifier A, and a function 3022A for writing and saving 3023A in a contract. May be.

<Process to record the number of times the authentication function is executed when logging in to the website>
The number of executions of the OTP generation function and the authentication function can be recorded in the internal variables 3017A or 3017AG or 3017AA in the contract at the time of generation or authentication of the OTP (BnTOTP and OWP) of the present invention. Here, the internal variables 3017A or 3017AG or 3017AA are variables having a value corresponding to the token number. As an example, the variable 3017A is a mapping type variable using a token number as a key, and is used in the present invention as long as it is a variable associated with the token number by a data type such as a structure or a class in addition to the mapping type. can.
(The mapping type is one of the types that can be used in Ethereum's smart contract programming language Solidity used in the examples.)

By recording the number of OTP authentications or generations in the internal variables 3017A or 3017AG or 3017AA of the blockchain contract, the private key 101A of the terminal 1A of the user UA is leaked, and the attacker blocks without the user UA knowing. When the chain is accessed using the private key 101A and the OTP generation function is executed to generate the OTP, the fact obtained by illegally executing the OTP generation function is recorded in 3017A or 3017AG.
The number of executions of the OTP generation function that the user UA should not have executed to acquire the OTP has increased (if 3017A is a point such as the charge required to generate the OTP, the balance will decrease. ) The user UA can detect whether the private key 101A has been illegally used. Alternatively, the transaction at the time of unauthorized use is added to the transaction history of the transaction of the user identifier corresponding to the private key of 101A.
To detect the above-mentioned unauthorized use, server 3C that provides OTP token service, server 3D, 3F with a search function such as blockchain transactions, 3E that sells OTP tokens as tickets, advertisement distribution server 5A, and encrypted data. The distribution server 5B or the like monitors changes in the blockchain portion of terminals 3A and 3B that are blockchain nodes, and detects changes in transactions that belong to the user identifier A calculated from the private key 101 and the contract identifier of the OTP token. A function to notify the contact information of the user UA is required.
Not only when the OTP generation function is executed, but also when the OTP authentication function is executed and executed, the user UA's notification destination e-mail address, telephone number, and SMS (SMS) can be executed from the above 3C, 3D, 3E, and 3F. , Short Message Service), a transaction on the blockchain that sends a contact to the user identifier A, etc.

In Example 1, although the number of executions of the OTP generation function is not recorded, a method of recording the number of executions of the OTP authentication function was examined. This is because when considering sending a transaction that changes the number of generations and authentications to the blockchain, it is better to be able to generate passwords as many times as necessary without counting, and it is better if the transaction can record the number of times only at the time of authentication. This is because it is thought that the load on the blockchain resources and the storage devices and communication devices of the server that stores and controls them can be reduced. However, considering security, it is preferable to record the number of executions of the one-time password generation function.
As shown in FIGS. 6A and 6F, the OTP generation function and the authentication function that perform less important operations do not record the number of executions of the OTP generation function / OTP authentication function, and the OTP generation function and OTP that perform high-importance operations. It is better to record the number of executions of the authentication function as shown in FIGS. 6B and 6D, and they may be used properly.
F115 in FIGS. 6C, 6D, and 6G is a process for executing the OTP authentication function and performing when the authentication result is correct, and F108 in FIG. 6B is a function for recording the number of executions of the OTP generation function.
Although not shown in the figure, OTP is a process of recording only the number of times the OTP authentication function similar to F108 in FIG. 6B is executed separately from F115 in FIGS. 6C, 6D, and 6G in correspondence with FIG. 6B. It may be included in the authentication function, and when the OTP authentication function is executed and the argument is passed in F110 instead of changing the number of executions in F115 at the time of authentication, the process of F115 is inserted between F110 and F111. It may be installed.
It is desirable to be able to immutably record the number of executions of the OTP generation function and the OTP authentication function on the blockchain.

In the present invention, it is preferable that the number of times the function is executed can be recorded in both the OTP generation function and the authentication function. Unauthorized access can be detected in advance if the number of executions of the generated function can be recorded. The OTP generation function is executed, a password such as BnTOTP or OWP is generated, and the authentication function is executed using the password. When the above procedure is followed, if the private key 101A of the user UA is leaked and an attacker attempts to gain unauthorized access, it is presumed that the generated function is operated first.
Server terminal 3F, etc. that can access the blockchain and monitor transactions on the blockchain (for example, terminal 3C or terminal 3D, terminal 3E, terminal 3F, terminal 5A that can connect to the network 20 and access the blockchain portion of the server terminal 3A. The change in the number of times the generated function on the blockchain of the user identifier A is executed, the change in the transaction of the user identifier A, or the change in the internal token used in Ethereum, etc. It is necessary to notify by using and notify unauthorized access before executing the authentication function. When there is an unauthorized access, the user UA notifies the service provider of the terminal 3C or the terminal 3D and stops using the service.

The terminal 3D may not be able to access the network 20. In that case, the 3017A and 3017AG executed when the attacker's terminal accesses the terminal 3A and generates the OWP with the OTP generation function changes, so the OTP attacks by notifying the user UA of the change in the variable. It can be seen that there is a possibility that it was acquired by a person and recorded on paper or an NFC tag. In this case as well, you can consult with the service provider.
The authentication count recording part stored in the terminal 3D is also immutable because it can detect falsification by assigning a hash value to each transaction and concatenating and saving the user's access to the terminal 3D and the authentication history like a blockchain. It may be preferable to use it as a recording part. Even if it is not a blockchain type, it may be preferable as a means to counter falsification that a MAC value can be assigned and recorded by HMAC periodically or every specified authentication number as a message with a certain key and authentication data of the terminal 3D.
By providing a variable that records the number of executions in either or both of the OTP authentication function and the OTP generation function in this way, an attacker makes it difficult to manipulate the user's token without the user's UA knowing, and is fraudulent. Prevent access.

<When a function including an authentication function manipulates variables inside the contract at the time of authentication>
In relation to the process of recording the number of times the authentication function is executed, the present invention can include a process in which a function including the authentication function operates a variable inside the contract at the time of authentication.
Specifically, it is possible to set the process 3022A that includes the authentication function internally or that follows the authentication function in the contract, and rewrite the internal variable 3023A of the contract when the authentication function is executed by 3022A and authentication is possible with a one-time password. can. Here, the internal variable 3023A is a variable 3023A having a value corresponding to the user identifier or the token number. As an example of the variable 3023A, it is a mapping type variable using a user identifier or a token number as a key, and if it is a variable associated with a user identifier or a token number by a data type such as a structure or a class in addition to the mapping type. It can be used in the present invention.

<Processing example in Internet banking>
As an example of the case where a function including an authentication function manipulates variables inside a contract at the time of authentication, it can be used for simple Internet banking or a point utilization system within a contract. In this case, the authentication contract 3008AA can record the OTP authentication function and the bank account balance information after the authentication. An example is shown below for reference.

In 1 to 4 shown below, the variables of the customer used inside the contract of the point use system in the Internet banking or the authentication contract are set.
1. 1. Bank account number GKBA (or point account number GKBA. GKBA may be a token number or user identifier) which is an identifier of a bank account (point account).
2. 2. Anonymized value of the account GKBA MIGA (It is not preferable to describe it on a non-confidential blockchain platform without anonymizing the name).
3. 3. GKBA's asset balance ASTA. GKBA is a variable described in 3023A and is a mapping variable ASTA [token number] using a token number (or user identifier) as a key.
4. Database GKDB associated with token number TIDA or user identifier A corresponding to GKBA.
GKBA, MIGA, and ASTA are represented by mapping variables using user identifiers and token numbers as keys. The variables of items 1 to 4 above are installed in the contract 3008AA (or 3008A) having the OTP authentication function, and can perform the process of transferring the asset to another bank account number GKBA, including the OTP authentication function or the authentication process. You may.
(In addition, the type of account, transfer limit, account opening date or its block number, and anonymized value of identity verification information may also be required.)

There is a balance ASTA [TIDA] (3023A with TIDA as a key) deposited in the OTP token of the token number TIDA possessed by the user identifier A.
When the user identifier B also has a TIDA OTP token and also has a balance ASTA [TIDB], and A wants to move the numerical trs from A's ASTA to B's TIDB token.
The user UA specifies a part of the balance ASTA [TIDA] (3023A with TIDA as the key) deposited in the OTP token of the token number TIDA possessed by the user identifier A.
There is a function or process 3022A to transfer to the balance ASTA [TIDB] (3023A with TRIDB as the key) deposited in the OTP token of the token number TIDB possessed by the user identifier B.
The user of the user identifier A performs OTP authentication using the OTP token of the token number TIDA, executes the processing of the processing 3022A and the authentication function 3018A (the processing in which 3018 is incorporated in 3022A, or the processing of 3022A is continued after 3018A), and OTP is executed. When the authentication result of the function is correct, the process 3022A subtracts trs from the mapping variable 3023A using TIDA as a key to obtain ASTA [TIDA] -trs, and then transfers the user identifier of the owner of TIDA to the mapping variable 3023A using TIDB as a key. By changing to the numerical value ASTA [TIDB] + trs which is the sum of the numerical values trs specified by, the numerical value can be changed and the numerical value trs can be transferred.
As described above, using the OTP authentication system of the present invention, a contract for conducting financial business including an OTP authentication function or a contract for exchanging points at a member site can be implemented.

It is also assumed that the function 3022A and the asset balance 3023A are viewed and the function is executed by the customer directly accessing the contract.

It is also conceivable that the bank will access the customer to the server 3C and then the bank will operate the asset balance of the contract customer. In that case, the bank, not the user, receives the transaction instruction according to the instruction after authentication on the web application website when the customer logs in, and performs the transfer procedure using the function to rewrite the balance.

Asset balances in Internet banking can be recorded on server 3C and / or authentication contracts. Regarding the above, not only Internet banking but also member sites, voting sites by members, online game sites, etc. can operate numerical quantity data in the same way.

<Means for determining the validity / invalidity of the OTP token for logging in to the member site>
Membership sites, financial transactions such as Internet banking, web mail, online storage, e-commerce sites (EC sites), social networking service SNS, audio and video distribution sites, online games, online conference sites, etc. Can be mentioned. As in the case of a bank, the customer can be accessed by the server terminal 3C. It is possible that the right to log in here is limited by the period and number of times. The following three are shown as embodiments of the present invention.

1. 1. How to set a deadline for displaying a one-time password using a block number It is also possible to disable OTP generation of OTP tokens when the customer exceeds the specified block number after the token is issued. This is set because it may be necessary to set an expiration date in the OTP generation part when the token expiration date is to be set within a certain period.
A specific example is shown below. The block number BnMint at the time of token issuance of a certain token number is recorded in the contract that generates OTP as a mapping type variable using the token number as a key, and the latest block number Bn at the time of execution is displayed as a numerical value in the function that generates OTP. OTP can be generated if it is within the block number BnValid + BnMint corresponding to the desired period.
For example, when executing a function that generates an OTP, it is determined whether the current block number Bn is the formula Bn <BnMint + BnValid, and if the block number Bn corresponds to the period in which the numerical value is to be displayed, the OTP generation function can be generated. By programming the part, OTP generation of OTP token cannot be performed when the specified block number is exceeded.

2. 2. When the contract administrator can rewrite the variables that can be used to determine whether the user's token number is valid or invalid.
For the token number TIDA of a certain customer UA, the administrator of the contract sets a mapping type variable VALUE [TIDA] indicating the invalidity / validity of the token associated with the TIDA when the expiration date or the provision of the service is terminated according to the terms and conditions. It can be changed and invalidated as token data when the token is switched from valid to beyond. This process corresponds to the operation of cutting a ticket such as paper at a ticket gate. Alternatively, it corresponds to the operation of stamping an admission ticket or cutting a ticket into a stub. The validity / invalidity of the OTP token may be indicated by a true / false value, or may be an electronic money-like numerical value charged in the token. In the electronic money usage method, a numerical value can be added or subtracted from the balance.
Here, the token on the blockchain of the present invention is a substitute for books and contents, paper securities and metal keys in the real world, and legal disputes will occur if the user and the service provider do not agree. The possibilities remain. In order to avoid concentration of authority, the contract administrator and the service provider are separate organizations, and the contract administrator who manages the terminal 1C rewrites VALUE [TIDA] according to the request of the service provider who manages the terminal 3C and 3D. It is also possible to invalidate or enable the OTP token. If VALUE [TIDA] is an integer, the size of the numerical value can be changed, and if VALUE [TIDA] is a character string, the size can be changed in the form of characters.

3. 3. When the user can indicate the intention to use the token When the customer UA who owns the token wants to waive the usage right or temporarily stop using the token, the user identifier A is used by using the user's private key 101A. The intention display field corresponding to the token number TIDA of the OTP token of the contract identifier belonging to can be displayed by setting the intention in the mapping type variable NOTE [TIDA].
Regarding the variable NOTE [TIDA], NOTE [TIDA] is changed by a setter function that records the private key 101A and can be accessed and changed only by the user of the user identifier A to which the OTP token of the token number TIDA is assigned to 101A.
It is assumed that the intention display is performed by a truth type variable, a numerical value, or a character string variable. In addition, if NOTE [TIDA] is a character string type, it can record a free character string, but there is a risk that the amount of transaction data will increase and that sentences with typographical errors will be mistakenly written. In distributed ledgers such as blockchains and DAGs, transaction data inside block data of blocks that have been concatenated once cannot be rewritten or tampered with. May be preferable.

<Use as a voting right for member sites, etc.>
For example, when voting, the token of the present invention is used, a website or web application is logged in using the token of the present invention and a one-time password authentication system, and the identifier of the candidate who wants to vote is voted on the computer screen. The content of the vote can be recorded in the variable of the token contract that generates and authenticates the one-time password on the blockchain. However, in order to implement the voting function, the setter function that confirms that the user identifier A possesses the token with the token number TIDA in the contract with the built-in authentication function and inputs the value to the variable to be voted only if it possesses it. is necessary.
The intention display field corresponding to the token number TIDA of the OTP token of the contract identifier belonging to the private key 101A and the user identifier A is set as the mapping type variable VOTE [TIDA], and the variable VOTE [TIDA] has 101A as the user identifier A. It is accessed only by accessible users, and users can cast voting values.
If you want to make a majority vote while keeping the content of the vote secret, make VOTE [TIDA] a private variable and let the vote be held on a blockchain platform that can be concealed. All you have to do is aggregate the results. For example, if there are only 0 to 3 choices, program the VOTE [TIDA] setter function to accept integers from 0 to 3 of those numbers, and the OTP tokens of the choices whose numbers correspond to 0, 1, 2, and 3. By summing up how many votes there are (that is, how many votes the OTP token has), it is possible to find out which of the integer options from 0 to 3 is indicated. A program that aggregates VOTE [TIDA] data by reading the blockchain part of node 3A or 3B using ECMAScript using terminal 3C or terminal 3F without totaling VOTE [TIDA] in the contract of OTP token. May be used.

<Seed value VU [TIDA] by voting that can be set by the user>
As a method of using BnTOTP generated by the OTP token for pseudo-random number generation in the login destination service, a seed value VU [TIDA] by voting that can be set by the user can also be used.
For example, in the terminal 1A, an OTP token called the token number TIDA is issued to the user identifier A, and the seed value VU [TIDA] by voting that can be set by the user side is added to the seed value of BnTOTP as an argument, for example, BnTOTP = fh (A). , TIMA, KC, Bn, BC, V, Bh, VU [TIDA]), which can be used as an OTP token for OTP generation, authentication, and website login, and can be used as an OTP token at the login destination of the website. BnTOTP = fh (A, TIDA, KC, Bn, BC, V, Bh, VU [TIDA]) can be used as a simple pseudo-random number generator. Here, V is a value V determined by voting (in Ethereum, the BlockGasLimit value is used as V), and Bh is a block hash Bh.

The authentication system and pseudo random number generator using OTP tokens using the seed value VU [TIDA] by voting that can be set by the user are online games (online computer games) that require login to websites, web applications, etc. May be available for. By applying the randomness of the OTP of the OTP token using VU [TIDA], the OTP generated by the OTP token can be further hashed or processed and used as a variable for determining the randomness in the game. It can also be used for purposes other than games.

For example, the seed value KC value (and BC value) can be rewritten if the game administrator of the terminal 3C can operate the terminal 1C as the administrator of the contract, but the OTP of the OTP token that gives randomness to the user in the game. When using as a pseudo-random number, the contract administrator may attempt to rewrite the KC or BC in an attempt to maliciously control the future appearance of the OTP data generated by the user's OTP token.
Therefore, by preparing the contract with a setter function that causes the user with the token number TRIDA to rewrite the variable VU [TIDA] that cannot be controlled by the contract administrator, it is possible to set the variable VU [TIDA] whose value can be freely rewritten by the user. ..
By setting the seed value VU [TIDA] that can be set by an external user here, it becomes an OTP calculation method such as BnTOTP = fh (A, TIDA, KC, Bn, BC, V, Bh, VU [TIDA]). Since VU [TIDA] exists as well as the KC value of the contract administrator, and variables that can be controlled only by the user and cannot be controlled by the contract administrator are included in OTP (BnTOTP), VU [TIDA] specified by the user is included. ] Values are respected (respecting the intention of the transaction sent by the user based on the voting value), and OTP or pseudo-random numbers can be generated, which can be used for OTP authentication systems and services using pseudo-random numbers.
In order to use VU [TIDA], a function that is a setter that only the user having the token with the token number TRIDA can change VU [TIDA] is required.
(The voting variable VOTE [TIDA] and the VU [TIDA] used on the member site are treated the same as variables that can be set by the user.)

When specifically implemented, as an example, the hash value set to BnTOTPrnv by using SHA256 of SHA-2 as the hash function is expressed by the following formula.
BnTOTPrnv = SHA256 (EncodePacked (A, TIDA, KC, Bn, V, VU [TIDA])).
Here, the user identifier A, the token number TIDA, the secret variable KC, the latest block number Bn at the time of password generation and authentication,
The value V determined by voting between blockchain nodes, and the seed value VU [TIDA] at which the token of the number TIDA owned and used by the user can be voted.
BnTOTPrnv can be used as a one-time password for logging in to an online game or a numerical value that determines pseudo randomness in the online game after login.

The one-time password BnTOTP having VU [TIDA] as an argument is a variable that is beyond the control of the online game administrator, and the administrator illegally rewrites it to set a value that is disadvantageous to the game player. Can't.

As a side note, this assumption breaks if the administrator can deceive the player and set the function when deploying the contract so that the administrator can also change the VU [TIDA]. It is preferable to separate the administrator of the game from the one that manages the tokens for login and pseudo-random number generation. Further, it is preferable that the contract is concealed, and more preferably, it is preferable that the processing contents of the contract can be disclosed except for the concealed variable and the transaction that changes the variable. It is preferable that the transaction related to the VU [TIDA] set by the user cannot be viewed by anyone other than the set user (keeping the secret of the voted value and being able to secretly vote).
When the present invention is used for a login right and a pseudo-random number generator of a computer game server of the terminal 3C, or when it is used for a computer game ownership and a pseudo-random number generator which can decrypt and execute encrypted data on the terminal 4A, or an online game. The random number control unit of the terminal 3C that distributes the game may be partially open source.

As a supplement, in Ethereum used in the embodiment of the present invention, all contract internal variables, functions, processing contents, and transactions can be viewed by an external user regardless of the main net or test net, so that the contract administrator can process the contract. It is difficult to hide the contents.
As one of the reasons for setting variables V and VU [TIDA] determined by voting, all transactions and contract variables and processing contents are disclosed like Ethereum, and the seed value of a user's one-time password is calculated. Even if it seems possible, by adopting the BlockGasLimit value as V as the value determined by voting between nodes, and by allowing the user to change VU [TIDA] to any value at any time, the attacker can change it to any value in the future. The aim is to make it difficult to predict the password.
In order to preferably implement the present invention, a blockchain in which contracts and transactions are concealed is preferable.
In the financial field such as banks, it is highly preferable to construct the authentication system and the authentication device of the present invention in a distributed ledger system such as a concealed blockchain.

As a supplement, when using the DAG type instead of the blockchain type for the data connection structure of the distributed ledger recording unit 300A, if Bn is not available, the contract administrator can change BC instead of Bn as the seed value for OTP calculation. The seed value variable inside the smart contract can be changed by periodically incrementing the BC value according to the passage of time.
Further, VU [TIDA] can be used as a seed value for OTP calculation as in BC. Not limited to online games, when the service after login requires randomness, a pseudo random value can be used based on the one-time password generated by the smart contract of the present invention.

<4B. Use as paper or IC-type admission ticket, ticket, unlocking key to entrance and building equipment>
In order to print information in a fixed form on paper or the like and generate a password to be used for admission, there is a risk that it will be difficult to perform authentication with a one-time password synchronized with the block number Bn. Therefore, a semi-fixed password OWP that is not synchronized with the time corresponding to each token number or each user identifier but can be changed to an arbitrary time is used. FIG. 8B shows a connection example of a terminal or a device. Here, for the sake of explanation, FIG. 8B, FIG. 3AA, FIG. 3AB, FIG. 3AC, FIG. 3D, and FIG. 3DA are mainly used for explanation.

Specifically, among the variables TB that can be changed at a certain time in the blockchain, only the user with the user identifier C calculated from the private key 101C of the terminal 1C having the authority to manage the contract instead of the block number Bn. It has a function fscb3012A that is an accessible setter, has a variable BC value 3013A that can be rewritten at any time on the blockchain only by the user who manages the contract, which is the user identifier C, and uses BC instead of the block number Bn. Password OWP is used as a paper or IC-type admission ticket, usage ticket, and unlocking key for entrances and building facilities.
Here, OWP is an administrator-changeable one-time password, and if the administrator does not change it, it is a fixed password. OWP can be a dynamic password that approaches TOTP if the administrator updates it on a regular basis (such as every 60 seconds or every 10 minutes). When BC treats OWP in a TOTP-like manner (BnTOTP-like), it may be rewritten by an administrator, a designated user, or all users.
However, when OWP is used for paper ticket 18A or safe or car key 19A instead of TOTP, if BC is rewritten in a short period of time like TOTP (BnTOTP), OWP authentication cannot be performed, so the contract administrator. Determines whether to change the BC and changes it at a certain time.
When reproducing OWP using BnTOTP, use the remainder r obtained by dividing the block number Bn by the variable M of an unsigned integer, subtract r from Bn, and obtain Bnr as Bnr (as Bn−m = Bnr). When calculating the Bnr as BnTOTP = fh (A, TIDA, KC, Bnr) instead of Bn, the variable M is significantly increased, and by manipulating M, the same over a period of weeks, months, years, etc. It is also possible to generate / display / authenticate the value BnTOTP.
In the above-mentioned BnTOTP, when a certain number of months or years have passed and the set block number is exceeded, Bnr changes and BnTOTP changes automatically. However, even in this case, a function similar to the OWP formula that allows the contract administrator to set the KC in case the KC that sets the BnTOTP leaks is required. If the terminal 3D cannot be connected to the blockchain and the correct block number and time cannot be measured, it is difficult to use the BnTOTP method, and it may be preferable to use the OWP method using the OTP authentication function 3018DA set in the terminal 3D. No.

To calculate the password OWP, at least the following four variables are used as arguments of the hash function fh to generate the password OWP.
Token number TIDA, for one-time password generation
Secret key information recorded in the contract KC,
Be sure to use the three variables BC, which can be changed at a certain time by the contract administrator.
Then, the user identifier A calculated from the private key 101A of the terminal 1A can be added to the fourth variable to make a password unique to the OTP token of the user UA token number TIDA.
The hash value OWP is generated with the password OWP = fh (TIDA, KC, BC, A) using the four arguments TIDA, KC, BC, and A as the arguments of the hash function fh, and the OTP generation function uses it as the return value to generate the terminal 1A. Tell OWP to. Here, OWP can be type-converted as an unsigned integer, and for example, a 7-digit password divided by 10 to the 7th power can be transmitted as a 7-digit number password OWP-n7. Here, in the case of n digits instead of 7 digits, it is expressed as OWP-n. The hash function is SHA256 or SHA-3 in the examples.
In the embodiment, the variables are encoded and combined in the order of the arguments, and the hash value of the data is obtained by the SHA256 function or the like. Since the message information changes depending on the encoding order, the hash value also changes depending on the order in which the arguments are encoded.
In the present invention, it is sufficient that the variables that generate the hash value that becomes the password OWP are derived from four variables, TIDA, KC, BC, and A. That is, TIDA, KC, BC, and A may be calculated, a part of the variable data may be omitted, or the data hashed and processed by a hash function and anonymized may be used as an argument.

The important point is that when the user identifier A is added to the variable, a different password OWP is generated because the user identifier part of the seed value (argument of the hash function that calculates OTP) that calculates the hash value changes when the token is transferred. To.
For example, since the user identifiers A, B, and C have different identifiers, when the OTP token that generates the OWP using the user identifier as an argument can be transferred from A to B, the user identifier B generates the OTP and A by the OTP generation function. However, the OTP generated by the OTP generation function has a different value.
On the other hand, when the user identifier is not used as the argument of the hash function fh, the same password value is shared because the contents of the semi-fixed password OWP do not change when the token is transmitted and transferred to a user with a different user identifier.
It is the same as transferring a paper with a fixed secret code or a metal key that is easy to duplicate, and it is the same as copying the information written on the paper or the shape of the metal key. The key is created based on the above, and if the token is distributed, innumerable unlockable keys can be duplicated in the middle of the distribution. To prevent duplication of the key information, the user identifier A is included in the argument of the hash function fh that calculates the OTP, or even if the user identifier is not included, the contract administrator uses the function fscb3012A to manually perform each time. It is required to rewrite the BC value 3013A.
If the variable BC is accessed and changed manually or at an approximate time interval by the administrator of the contract C using an automated program, the password OWP will be close to TOTP. As an example, the administrator of Contract C can use an automated program that uses pseudo-random numbers to perform periodic updates approximately every day, week, month, or several years, and the specific date at the time of periodic update can be updated. It is assumed that the decision is made using pseudo-random numbers and the seed value is changed (the seed value change time is roughly decided, but the detailed change time is decided by the random value or human will). This makes it possible to provide a pseudo TOTP authentication system with randomness.

<Password OWP authentication and authentication result call>
The password OWP can also be authenticated in the same way as the BnTOTP used for the login process on the website. The user terminal 1A accesses a contract including an OTP generation function of the OWP type OTP token of the terminal 3A, and generates an OWP type OTP by the generation function. Then, the OWP, the user identifier A, and the token number TIDA generated by the generation function are accessed in the 3D (access control terminal 3D) that provides the service, and are input to the argument of the OTP authentication function 3018DA.
Next, TIDA, KC, BC, and A are hashed inside the OTP authentication function 3018A from A and TIDA input in the argument of the OTP authentication function and ArgOWP (or n-digit integer value password ArgOWP-n) input in the argument. The function fh is used to obtain VeriOWP (or n-digit integer value password VeriOWP-n), and it is determined whether ArgOWP (or ArgOWP-n) matches VeriOWP (or VeriOWP-n) by a conditional expression using an IF statement or the like. If they match, you can also perform the processing when authentication is possible. If they do not match, the processing is performed when authentication cannot be performed.
This process is similar to logging in to the website distributed by the terminal 3C using BnTOTP, but when logging in to the website distributed by the terminal 3C connected to the network using BnTOTP, the node terminal 3A Although the OTP authentication functions 3018A and 3018AA are used, there is a difference that the OTP authentication function 3018DA is used when presenting the OWP to the terminal 3D that can be disconnected from the network 20.
(3018A or 3018AA can also be used when the terminal 3D can connect to the network 20 and connect to the node 3A.)

<Manufacturing and use of valuable paper leaves 18A such as paper tickets using OWP, certification by digital devices such as IC tag 19A>
The password OWP is generated from the OTP generation function 3009A from the OTP generation contract on the blockchain using the terminal 1A and the server 3A through the network 20. Then, the generated password OWP, the user identifier A, and the token number TIDA are printed on paper or the like using a character string, a barcode, or both, and a paper ticket or a valuable paper leaf 18A is manufactured. At this time, the printed 18A contains the OTP generation contract identifier, the name of the service corresponding to the OTP generation token, the printing date and time, the expiration date of the valuable paper leaf, the name and contact information of the service provider, the error correction code, the MAC value, etc. The information necessary to provide the service of the above may be printed.
Further, the information included in the barcode of the valuable paper leaf 18A and the data of the character string information included in the IC tag 19A may include a delimiter for separating each variable of OWP, A, and TIDA. Further, only a part or all of the barcode data may be encrypted so that only the service provider who authenticates knows the encryption key.

When each variable of OWP, A, and TIDA contained in the valuable paper sheet 18A is displayed and printed as a bar code, it is preferably a two-dimensional bar code, and may be a plurality of or one one-dimensional bar code, and optical imaging by a camera or the like. It suffices if the element 430D can read the barcode printed or printed on 18A used for authentication and the numerical value or character string information included in the barcode.

Each variable of OWP, A, and TIDA included in the valuable paper sheet 18A may be displayed as a barcode and displayed on the screen 1500A of the display 150A of 1A. The display content of 1500A may be printed and set to 18A.
The 18A printed with the display screen of 1500A and the display screen of 1500A may convey the user identifier A, the token number TIDA, and the password OWP to the terminal 3D by having the terminal 3D 340D read the barcode (or character string).

The information of the user identifier A, the token number TIDA, and the password OWP to be recorded on the valuable paper sheet 18A may be recorded in the recording device of the NFC tag 19A (IC tag / IC card 19A). Then, 19A may communicate with the terminal 3D via the communication device 32D or 341D of the terminal 3D that provides the service, and transmit the user identifier A, the token number TIDA, and the password OWP to the terminal 3D.

To the user UA who presented the valuable paper leaf 18A to the camera / scanner device 340D of the terminal 3D, or presented the NFC tag 19A to the 341D and 32D.
The terminal 3D reads the information of the user identifier A, the token number TIDA and the password OWP described in 18A via 340D, and the argument TIDA and the user identifier A of the authentication function 3018DA (3018DA in FIG. 3DA) of the storage device 30D of the terminal 3D. , Pass the variable as password ArgOWP,
Inside the OTP authentication function 3018DA, according to the process shown in FIG. 6F or FIG. 6D, the seed value of a secret variable such as KC recorded in the terminal 3D for ArgOWP and the user identifier A or token number TIDA as an argument of 3018DA are used for VeriOWP. Is calculated, and it is determined whether the ArgOWP and the VeriOWP input to 3018DA match.
When they match, the return value 3021DA when OTP authentication is successful is returned as the return value CTAU of the function, and when 3022DA is executed before returning 3021DA, it is executed.
Further, it is determined whether ArgOWP and VeriOWP input to 3018DA match, and if they do not match, the return value 3021DA when OTP authentication fails is returned as the return value of the function.

When the terminal 3D obtains 3021DA when OTP authentication is successful according to the return values 3021DA and 3022DA of the function of 3018DA, the valuable paper leaf 18A is presented to the camera 340D or the NFC tag 19A is presented to the user UA presented to 341D and 32D. On the other hand, the access control device, the starting device, the opening / closing device, or the locking / unlocking device 350D for locking and unlocking is operated.
When 3021DA is the value when OTP authentication is successful, the terminal 3D controls the part 350D that controls access such as opening / closing and locking, and at the ticket gate and entrance, a gate device is installed so that the user UA can enter / exit. Open and close. If the part 350D that controls access such as locking is a building door, a car door, a car prime mover, or a starting device for a computer, the lock is unlocked so that the device, facility, or equipment can be used. When the locked part 350D is a container such as a safe, the lock of the safe is unlocked.

When 3021DA is the value when OTP authentication is successful, the terminal 3D can unlock the locked part 350D and unlock around the user UA or the terminal 3D by light or sound using 351D or 352D. I can tell you that.
If the value of 3021DA is the value when OTP authentication fails and you cannot enter, you can use 351D or 352D to notify the surroundings of the existence of the user who failed the authentication by emitting a light, sound or radio beacon when the OTP authentication fails. can.
Further, in the terminal 3D that can use 342D such as a security camera, it is possible to take a picture of the appearance of the user UA that presents 18A or 19A to the terminal 3D. Devices and equipment such as large safes, vaults, computer terminals, and industrial processing equipment, locking devices such as building doors, automobile locking devices, ticket gates and entrances (entrance / exit, entrance / exit) ).
Examples of cases where it is difficult to use 342D and may not be used are lock devices and entrances for buildings and automobiles that take into consideration power supply restrictions and privacy, and there are restrictions on battery power sources and size restrictions for 342D. It is a lock device for containers such as safes (some household safes and hand-held safes) that are difficult to install from, and lock-type lock devices (small locks such as padlock type and wire lock type).
Surveillance by a camera using 342D is not essential in the present invention, but it is preferably used for applications necessary for crime prevention such as ticket gates and entrances.

When the terminal 3D does not have the device 350D for unlocking, for example, when the entrance / exit / ticket gate is guarded by human hands and the entrance / exit is managed, when 3021DA is the value when OTP authentication is successful. Using 351D or 352D, it is possible to notify the user UA, the user around the terminal 3D, or the person performing the security by light or sound that the unlocking has been completed.
Also, even if the value of 3021DA is the value when OTP authentication fails and you cannot enter, the user who failed the authentication by emitting a dedicated light or sound when the OTP authentication fails differently from the case where the OTP authentication succeeded using 351D or 352D. You can inform the surroundings of your existence.
Furthermore, with a terminal 3D that can use 342D such as a security camera, it is possible to take a picture of the appearance of the user UA.

The security camera 342D (342D in Fig. 8B) that records the appearance of the user UA is a necessary function for station ticket gates and entrance processing at the entrance, and when the terminal 3D is installed in a container such as a safe, the security camera 342D is used. It may not be necessary. Similarly, when the terminal 3D is used for locking a car or a building, it may not be installed in consideration of privacy.

The terminal 3D determines the service provision status by the user identifier A, the token number TIDA, the service provision time T, the number of times the service is performed 3017DA (or the number of times the service is performed and the price value of the service, and when the security camera 342D is used, the user's. It is preferable that the terminal 3D is provided with a database or ledger unit 3116D for recording in association with (appearance information).
In order to correctly record the service provision time, it is necessary to receive JJY, GNSS, NITZ, etc., or to correct the time of the terminal 3D by human hands. When the terminal 3D operates on a battery, it is conceivable that the service provision time T is not recorded because the time information cannot be used due to the power limitation. The terminal 3D built in a safe or the like may not be able to use time information.

However, when the database or ledger unit 3116D is used for a household safe, a hand-held safe, or a lock, the 3116D may not be installed in consideration of economic efficiency such as the capacity and price of the control device / storage device of the terminal 3D.
In addition, how many times the unlocking process / starting process was performed, or at what time and how many times the unlocking process was performed, based on the information of the terminal 3D 3116D provided in the lock device of a computer, an automobile or a building, or a container such as a safe. May be known to the user of the terminal 1A by accessing the terminal 3D using the wired communication device (a wireless communication device is also possible) of the terminal 1A. In addition to wired communication, encrypted wireless communication can be performed between the terminal 1A and the terminal 3D to check the 3D status and the history of unlocking processing. From the unlocking history of the terminal 3D such as 3116D, it is possible to know whether or not a user other than the user of 1A has been illegally unlocked by using the NFC tag 19A using OWP.
When the terminal 3D is equipped with a camera that reads the unlocking key 18A made of paper or the like, it can be known whether or not the unlocking key 18A is made of paper or the like.

When the terminal 3D is used as a ticket gate or an entrance terminal, when the terminal 3D is connected to the network 20 and can be connected to the terminal 3A, it monitors unauthorized access and entry like the login monitoring unit for the website of the terminal 3C. It is also possible to provide a function to perform the function inside the 301C or 311C.
Further, 3C and 3D can be a blockchain node like 3A and 3B when equipped with a device as a terminal that becomes a node when connected to the network 20, and in that case, a record about the blockchain. It is also possible to have a unit and a control unit (300D, 300C, 310D, 310C).

When the terminal 3D is used as a ticket gate or entrance, when 3D is connected to the local area network in the facility that has the ticket gate or entrance.
It has blockchain units 300D and 310D that are different from the block data described in 3A and 3B using the same blockchain board as the recording unit and control unit related to the blockchain of the terminal 3A.
Inside the 300D, an authentication contract similar to 300AA having a hash function fh used by the terminal 1A to access the terminal 3A and generate an OWP on the network 20 and an authentication function 3018DA having a seed value KC, BC, etc. is provided. You may be prepared.
Deploy the OTP generation token contract 3008AG to the terminal 3A, deploy the authentication contract with the OTP authentication function 3018DA that calculates and authenticates the OTP in the same way as the 30008AG, and synchronize the seed values of the two contracts. You may perform processing such as admission by authenticating 1500A, 18A, and 19A.

<Authentication by digital devices such as IC tags>
The NFC tag 19A is a contact type IC card, a non-contact type IC tag (RFID tag), and a non-contact type IC card (RFID card) on which a user identifier, a token number, and a password OWP can be written as a short-range wireless communication device (NFC device). ) Is available.

The NFC tag 19A can be used for automobiles and the like. OWP authentication information is transmitted by encrypted wireless communication to the terminal 3D mounted on the vehicle by remote control using 19A for the vehicle, OWP authentication is performed in 3D, and the lock device 350 of the vehicle is unlocked or the prime mover. The 19A is equipped with a battery, an input device such as a push button that can be unlocked and / or locked, and communicates wirelessly when the button is pressed (and the battery). A light emitting element such as a light emitting diode is provided as an output device indicating (whether or not the device is worn out). Here, the car key is an example of 19A and can be used for building doors, safes or equipment.
Taking the case where the terminal 3D is a terminal that manages the locking and starting of the vehicle as an example, the terminal 3D may be a terminal that controls a motor drive circuit that unlocks the door of the electric vehicle and operates the motor of the electric vehicle. It may be a control terminal of a device such as a cell motor that unlocks the door of an engine vehicle (an automobile that uses a heat engine) and starts the engine electrically, or it may be an electronic computer terminal that can control the deceleration or gradual stop of the engine. A terminal 3D that controls a motor or an engine according to a cruising distance and a speed may be able to eliminate restrictions such as a cruising distance and a speed upper limit when authentication can be performed using the authentication system of the present invention.

The NFC tag 19A may not be equipped with a battery or an input / output device. As an example, 19A may be an ISO 14443 type B compliant card-type device or tag-type device.
As a known technique, in the non-contact IC card technique of ISO14443 type B, an antenna coil for communication and power reception is formed in a card type or tag type device. The power is supplied from the NFC tag reader / writer (in the terminal 3D, the 3D communication device 32D or the NFC tag signal receiver 341D) to the NFC tag 19A through the antenna coil of the NFC tag 19A by electromagnetic induction. Do not use.

The NFC19A may include necessary information separately in addition to the OTP certification of the present invention. Specifically, the NFC tag 19A has a private key 101A2, OWP type OTP authentication is performed, and after unlocking the car door, the NFC communicates at the time of starting the prime mover, and the terminal 3D connects to the internetwork 20 using 101A2. At node 3A of the blockchain, authentication by TOTP is performed using the BnTOTP type OTP token assigned to 101A2, and the vehicle is started by logging in to the operating system of the vehicle in the same way as logging in to the website. You may let me. In the above case, it is a condition that the network 20 can be connected at all times. It can be used in automobiles connected to Internetwork 20.
When the car performs BnTOTP type authentication and starts the prime mover, it is necessary to enable the user UA to move the car using the NFC tag 19A even when the network 20 cannot be used (when a communication failure or disaster occurs). be. Therefore, OWP-type OTP authentication is performed using the user identifier A, token number TIDA, and password OWP stored in the NFC tag 19A, and restrictions are given such that the vehicle is driven according to the cruising range set in advance by the vehicle manufacturer. The prime mover may be started.

In addition to the OTP certification of the present invention, the NFC19A may be provided with a separately required device or processing unit. As an example, a device that operates as ISO14443 type B, a wireless communication device for realizing a keyless entry system for an automobile, and processing such as encryption of a wireless signal are separately added and used depending on the application.

The radio frequency used by the short-range wireless communication device in the present invention is not particularly limited in the present invention. According to the known wireless communication technology, the short-range wireless communication device can use the 130 kHz band, 13.56 MHz band, 433 MHz band, 900 MHz band, 2, 4 GHz band and the like. Specifically, the radio frequency is used as a non-contact type IC tag or NFC tag using the 13.56 MHz band, but a radio frequency other than 13.56 MHz may be used. For example, the 2.4 GHz band may be used.
Specific examples of NFC-related standards include ISO / IEC18092, ISO14443 type A, and ISO14443 type B as standards for the 13.56 MHz band. In the 2.4 GHz band, there are known wireless communication standards of IEEE (Institute of Electrical and Electronics Engineers) 802.11 series and 802.15.1 series, which can also be used in the present invention.

In the embodiment of the NFC tag 19A of the present invention, the 13.56 MHZ band and the 2.4 GHz band can be used. The NFC tag 19A can communicate with the 3D communication devices 32D and 341D at a distance of about 10 cm in accordance with ISO14443 type B. However, when the NFC tag 19A uses a wireless personal area network (wireless personal area network), the communication distance may exceed 10 cm.

The NFC tag 19A may be included in the wearable computer terminal. Alternatively, it may be a wearable computer terminal having a function of 19A.
As an example, when there is a computer terminal 1A, a wearable computer terminal 1B, and an NFC tag 19A,
The NFC tag 19A is connected as an external storage device of 16B of the wearable computer terminal 1B, and 19A is connected to 12B instead of 16B.
The terminal 1A accesses the storage device of the NFC tag 19A via the communication device 1B, and the terminal 1A accesses the storage device.
It may be possible to write the user identifier, token number, and password OWP required for authentication using OWP.
Alternatively, after the wearable computer terminal 1B accesses the server terminal 3A via the internetwork 20 and generates an OWP, the wearable computer terminal 1B generates an OWP.
It may be possible to write the password OWP, user identifier, and token number of the previous term.

There is no limitation on the type (use and shape) of the wearable computer terminal used in the present invention, but the function of the NFC tag 19A is mainly provided to the bangle type and the watch type (smart watch which is a bangle or type terminal). (Things), ring type (ring or ring type terminal equipped with NFC tag 19A), belt type (belt equipped with NFC tag 19A), clothing type (NFC tag 19A is attached or woven to clothing) (Sewn, sewn), shoe type (NFC tag 19A on the surface of the footwear, or NFC tag 19A on the insole of the shoe).

Examples of wearable computers related to the human head include hat type / helmet type, eyeglass type / head-mounted display type, hearing aid / earphone type, mask type, and jewelry type (pendant, necklace, pocket watch type, etc.). As an example of jewelry, there is an identification type necklace that combines a card case containing an NFC tag 19A, which serves as an identification such as an employee ID, with a strap that can be worn like a pendant.
As wearable computers related to human hands, there are bracelet type, wristwatch type, and glove / glove type 19A.
As wearable computers related to human feet, there are anklet type, sock type, footwear insole type, and footwear type 19A having an NFC tag 19A on the surface of the footwear.
There is a garment type used for human clothes and a belt type 19A that can be worn by wrapping it around a part of the body. It may be a sticker attached to the bare skin of the body or clothes, or a tape-shaped NFC tag 19A.

From the viewpoint of a device that can be worn, although it is not wearable, it may be a smartphone-type or tablet-type portable computer terminal 4A equipped with an NFC tag 19A, or an NFC tag 19A or a wallet-type NFC that is also an employee ID card. The tag 19A or the bag-type NFC tag 19A may be used. It can be used for authentication by mounting 19A inside a certain device or thing. Alternatively, the NFC tag 19A provided with an adhesive tape or adhesive can be used as the NFC tag 19A attached to the surface of a certain device or object.
(For example, by attaching a sticker type / film type 19A that records the same information as 18A to a paper ticket 18A with adhesive double-sided tape or adhesive, it can be visually checked by the human eye, read by a camera, and NFC. You can make a paper ticket that can be read by

The wearable computer terminal may not use a battery as a power supply device, may use a primary battery, or may use a rechargeable secondary battery. Charging may be performed by wire from the charging source or by wireless power transmission. It may be possible to charge using the energy harvesting function provided in the terminal.

The NFC tag 19A may not use a battery as a power supply device, may use a primary battery, or may use a rechargeable secondary battery. Charging may be performed by wire from the charging source or by wireless power transmission. It may be possible to charge using the energy harvesting function attached to 19A.

The NFC tag 19A can erase the password OWP, the user identifier, and the token number recorded in the storage device. Then, the latest password OWP, user identifier, and token number may be recorded.
However, if the NFC tag 19A is distributed to the service provider, rewriting of the contents of the recording device may be prohibited.

<Manufacturing of valuable paper leaf 18A>
Regarding the manufacture of 18A, when the user identifier A, token number TIDA, and password OWP are used for authentication, the identifier A, token number TIDA, and password OWP are concatenated with delimiters and the like, and a two-dimensional bar code or a plurality of one-dimensional bars are connected. Convert to code and print on paper. At this time, in addition to the barcode, the character string data before being converted into the barcode may be printed together with the barcode in a readable state.
Further, the content of the barcode may be encrypted so that only the service provider knows the key to be decrypted. In the embodiment, a two-dimensional barcode described in Patent 29383338 or the like was used to form a barcode portion of a paper ticket, which was printed by a laser printer or an inkjet printer to manufacture a paper ticket.

Regardless of the printing method of the printer 152A used for printing the 18A or the type of paper as a medium, it is necessary that the barcode can be read as the user identifier A, the token number TIDA, and the password OWP using a camera or a scanner. When the 152A is a thermal printer, the paper used is thermal paper, and the paper ticket of the present invention is printed and printed even in a device using thermal paper such as an automatic teller machine ATM connected to the network. You can also. In addition, even in a copier connected to a network installed in a store or a facsimile connected to a telephone line network, printing is possible if an external recording device for recording ticket print data can be connected and the ticket data can be read.
Ticket data is issued via the Internet through a copier equipped with a function as a computer installed in a store or a network encrypted by facsimile, etc., or data is collected from an external recording device brought into a store device by a user. You may read and print.

<Correspondence to the environment where there is no or cannot be used with digital devices>
In the usage example using OWP (mainly the usage example in FIG. 8B), a corporation that provides a service for issuing tokens to a user who does not have a digital device, a corporation that issues tickets, etc. Manufacture can be done on behalf of the user and 18A can be sent to the user by facsimile or mail. In addition, 19A can be delivered by mail. Customers who have been sent 18A or 19A can use the service provision window or device equipped with the terminal 3D by presenting 18A or 19A.

As an example, if the customer does not have a printer that can connect to the interconnection 20, computer terminal 1A, and terminal 1A, but only has a telephone line and a facsimile machine, the service provider promises confidentiality, and the customer's password OWP, etc. It is also possible to inquire from the customer about the data necessary for creating the paper ticket of the present invention, send the ticket data based on the customer's facsimile number, and output the paper ticket by facsimile.

<Request for production of 18A and 19A when there is no digital device>
In the case of a customer who does not have a digital device and does not have a device 1A or a printer, a service provider who can manage the customer's token makes a contract by mail or telephone. Here, the service provider (or a token storage company independent of the service provider) may send the character string of the user's private key, the user identifier, etc. by correspondence. Then, the service provider sells the ticket and issues the token to the private key, and the service provider (or the token storage company independent of the service provider) prints the token password OWP etc. on the paper. You can create ticket data, send it to your facsimile number, and make a paper ticket with your facsimile. If there is no facsimile and only a telephone number, give a paper ticket (or IC card or IC tag type ticket) in the form of a letter by mail or hand.
(If the token is a ticket, the paper printed with the token and the password OWP generated from it is valuable and may require qualification to manage it. Also, a private key between the service provider and the user Qualifications may be required even if it can be shared with.)

This will be described in detail. When the user UA wants to obtain 18A or 19A presented to the terminal 3D of the service provider, there may be a case where the user UA does not have the terminal 1A or 4A, does not have a telephone line, and cannot connect to the network 20. In the above case, the user UA causes the private key 101A to be issued to a reliable third party UB, the third party UB trusts the private key 101A, requests the storage and operation of the 101A, and further, the token number corresponding to the service. The OTP token of TRIDA is assigned to the user identifier A of 101A and issued.
Then, the third-party UB accesses the blockchain of the server 3A using the OTP token issued to the user identifier A, acquires the OWP from the OTP generation function, manufactures 18A and 19A, and specifies the address specified by the user UA. It may be delivered by mail to the place. A letter recording 101A may be attached together with 19A and 18A at the time of delivery by mail. A third party UB may provide 18A or 19A directly to the user UA at the store. (There is no technical problem with this operation mode, but a third-party UB that can trust the private key 101A may be regulated by law and require qualification.)

Further, even if the third party 101B issues an OTP token with the token number TIDA in the name of the user identifier B, issues 18A or 19A from the OWP of the token, and delivers it by mail to the address or place designated by the user UA. good. A third party UB may provide 18A or 19A directly to the user UA at the store. (There is no technical problem with this operation mode, but a third-party UB that holds the OTP token of the user UA's token number TIDA may be regulated by law and require qualification.)

1A capable of displaying 1500A can be delivered by mail instead of delivering valuable paper leaf 18A or NFC tag 19A by mail. A customer who does not have a device such as terminal 1A purchases terminal 1A from a third-party UB (including a communication company, a computer or a smartphone manufacturing and sales company here) based on a conversation on a telephone or a store. The purchase of the OTP token based on the contract is made at the same time, and the third party UB sells the terminal 1A capable of displaying 1500A to the user UA, and the terminal 1A capable of displaying 1500A is directly sold to the user UA's address, the specified address, or the window of the store. You may hand it over.

<Ticketing device in stores>
Purchase and issue of OTP tokens to users who do not have digital devices at stores (for example, convenience stores) where ATM terminals for automatic teller machines connected to the network and terminals equipped with printing devices are installed. And a valuable paper leaf 18A such as a ticket may be manufactured.
Specifically, after payment of tickets and other charges is made at a store, customer information (user identifier A to which the OTP token is issued) is input, and the private key 101A to the blockchain and the character string information of the user identifier A are entered. , Password OWP, etc. The character string and barcode information required for the paper ticket are printed out on the paper ticket and output to the user.
When making a ticket using the terminal again next time, read the paper on which the information of the user identifier A is recorded on the camera or scanner of the terminal or the display part of the terminal 1A in the form of a barcode or manually enter the token. Issue a new ticket token by specifying the user identifier of the issue destination of.
(If the ATM terminal can identify the user UA and the user identifier A for issuing the OTP token is determined, the OTP token and 18A can be issued by using the biometric authentication means such as face authentication provided in the ATM terminal. However, in that case, since biometric authentication is used, it may be necessary to take care not to know who is using the OTP token corresponding to which service, and to anonymize personal information.)

From the viewpoint of automating and speeding up the processing of the service providing terminal and increasing the number of tickets that can be handled at the entrance / exit and ticket gates, information such as the private key 101A and user identifier A can be stored in the camera / scanner 430D. It may be preferable to record on an IC card and perform non-contact using wireless communication using an NFC tag 19A or the like rather than a method of photographing. The IC card 19A may be provided with a payment-related function such as a credit card, a debit card, or a prepaid card, or may be an IC-type credit card using NFC that can be settled in a non-contact manner. 19A may be an identification card using NFC such as an individual number card.

19A may record the private key 101A. However, when recording the private key 101A in 19A, it is necessary that the private key 101A is not leaked through the store, other customers in the store, or NFC. It is necessary to encrypt and record the private key 101A by encrypting 19A with a PIN so that the 101A cannot be read by others.

Therefore, a method is conceivable in which the private key 101A is not mounted on the IC card 19A or the NFC tag 19A, but only the user identifier A generated from the private key via the public key is mounted. In this case, the secret key 101A and the user identifier A generated according to the format of the blockchain board are recorded on paper or the like, and only the user identifier A is read by the IC card issuing device or the issuing company in the form of a bar code. Includes OTP token issuance that issues 19A such as IC cards with credit card / prepaid card functions that record the identifier A and uses them to generate OWPs at ATMs such as stores or similar terminals, and password OWPs using OTP tokens. Printing and issuing of valuable paper leaf 18A such as a paper ticket can be performed from the input screen after the non-contact IC card is held over the terminal and accessed from the terminal.
Not limited to tickets, it can be applied as long as services and services can be provided using the certification of the present invention in the form of a valuable paper leaf 18A such as a paper ticket.

<Use and use of valuable paper leaf 18A and NFC tag 19A>
The two-dimensional barcode recorded on the valuable paper leaf 18A is scanned using a camera or the like, and the service provider detects three variables of the user identifier A, the token number TIDA, and the password OWP from the barcode using the camera. The above three variables are input to the terminal 3D, and authentication is performed using the authentication function 3018DA built in the terminal 3D.
Alternatively, when the terminal 3D can connect to the node terminal 3A via the network 20, the above three variables are input to the web application or the like, the web application inquires the blockchain contract, and the three arguments are input to the authentication function 3018A. ..
Here, the reason for using the two-dimensional bar code in the process of performing the authentication process by the authentication function of 3018DA or 3018A in the terminal 3D is to recognize the two-dimensional bar code with a camera or the like and input the three authentication variables to the terminal 3D. It is for automating (and speeding up) so that the authentication result can be obtained by doing it.

18A with only the character string is scanned with an A4 paper size image scanner device, the character string is image-recognized from the scanned information, and if the user identifier A, token number TIDA, and password OWP can be identified, a two-dimensional barcode It is possible to input to the terminal 3D even if there is no password.

If the total number of users who have to provide the service is small, even if you are presented with a ticket with no barcode and only a string, if the corresponding service provider has enough labor, it will be human. The user identifier A, the token number TIDA, and the password OWP can be manually assigned to the arguments of the authentication function of the terminal 3A or the terminal 3D for authentication. (Also, if the character string is also written on the paper ticket for which the printed part of the two-dimensional bar code cannot be read, the service provider can perform the authentication work.)

Information such as user identifier A, token number TIDA, and password OWP can be recorded on the valuable paper leaf 18A in print form. In addition, the 18A is equipped with a magnetic stripe, and the magnetic stripe of 18A has the user identifier A, token number TIDA, and so on. The password OWP may be saved. Similarly, the card-type NFC tag 19A or the NFC card 19A may also be provided with a magnetic stripe and may record information such as a user identifier A, a token number TIDA, and a password OWP.

The terminal 3D is a lock device for a container such as a door of a building, a lock device for a car, or a safe, and the user identifier A of the user UA who is the user of the device, and the OTP corresponding to the serial number or serial number of the lock device terminal 3D. The token number TIMA of the token may be recorded in the terminal 3D.

The user identifier A and the token number TIDA of the user UA are recorded in the storage device 30D of the terminal 3D, and the user identifier information and the token number entered before the authentication process is performed using the 3018DA are checked. This makes it possible to accept only the OWP of the user identifier or token number of the user UA recorded in 30D, which should be originally used.

The user UA records the user identifier A and the token number TIDA of the user UA in the storage device 30D of the terminal 3D in the terminal 3D, and the user identifier information and tokens input before the authentication process is performed using the 3018DA. Even if the OTP token is transferred from the user UB to the UA by checking whether it matches the number, it can be unlocked with the user identifier B known by the user UB before the transfer and the NFC tag 19A created from the token number TIDA and OWP. You can also make it disappear.

There is a wired communication terminal of the communication device 32D that can access the terminal 3D when the container such as the door of the building or the safe is unlocked, and the user identifier A and the token number TIDA are sent from the terminal 1A of the user UA by wired communication via the 32D. Is stored in the recording unit 30D of the terminal 3D, and then the NFC tag 19A in which the user identifier A, the token number TIDA, and the password OWP are recorded is held over the terminal 3D, and the user identifier A, the token number TIDA, and the password recorded in the 19A are held over the terminal 3D. The OWP is collated with the user identifier A or token number TIDA recorded in 30D, and if the user identifier A or token number TIDA matches the value recorded in 30D, the authentication function 3018DA is operated to operate the user identifier A and the token. The number UIDA and password OWP are verified using 3018DA to see if the OWP is correct, and if so, the lock is unlocked.
The user identifier and token number can be freely set from the 32D wired communication terminal, and if the user UA transfers an unlocked safe or the like equipped with the terminal 3D equipped with the wired communication terminal to the UB, the token number TIDA will be used. The token is transferred to the terminal 1B of the UB, and the UB sets the user identifier B and the token number TIDA using the wired communication terminal portion of the unlocked safe, so that the user identifier B, the token number TIDA, the B and the TIDA are set. The terminal 3D can be unlocked using the generated OWP. Here, the terminal 3D does not accept the user identifier A of the user UA who is the original owner, and the OWP owned (stored) by the terminal 1A of the user UA cannot be used.

The token number recorded in 30D of the terminal 3D may correspond to the serial number of the locking device for crime prevention in the locking device for operating the authentication function 3018DA.
As an example, in the case of an automobile, the serial number of the automobile is associated with the token number, the token number corresponding to the automobile serial number is recorded in a ROM that can be written only once in the storage device 32D of the terminal 3D, and the token recorded in the ROM is recorded. The number may be read and programmed to always be used as the token number of the argument of the authentication function of 3018DA.
Here, the ROM is integrated as a storage device 32D of the terminal 3D as a terminal for controlling the prime mover and the automobile, and is sealed and sealed with resin so that the ROM information and the ROM itself cannot be replaced by a malicious attacker. Is preferable. It may be useful for vehicle distribution control and crime prevention by always matching the token number of the OTP token with the serial number of the vehicle.

When the terminal 3D is incorporated in a locked device, the terminal 3D is provided with a communication device 32D or an input device or an output device in a portion that can be accessed by unlocking the lock. The user identifier, token number, secret variable KC or BC are recorded in the 3D storage device, and the user identifier, token number, secret variable KC or BC can be accessed from the communication device or input device in the part that can be accessed by unlocking the lock. It is preferable to be able to rewrite.

When the terminal 3D is incorporated in a locked device, the communication device with the NFC tag 19A is located on the part that cannot be accessed by unlocking the lock (in the case of a safe, the installation surface of key input buttons such as a numeric keypad or push-type safe). (Or a reading device by a camera) and an output device may be provided.

The locking device using the NFC tag 19A and the terminal 3D of the present invention may be combined with a known locking method. As a specific example, when the present invention is used for a safe, it is locked by the NFC tag 19A of the present invention and the terminal 3D, a lock method using a dial lock or a key and a cylinder lock, or a lock using a password result by a ten-key push type button. A method or a locking method using biometric authentication using a biometric authentication sensor may be combined with the terminal 3D. It may be combined with a locking method known not only in a safe but also in other embodiments.
As an example, it may be combined with a metal key in an automobile. In that case, the cruising range after starting the prime mover is set for the metal key of the automobile, and the cruising range is not longer when the NFC tag 19A is used than the metal key, or the cruising range is limited. You may take measures such as disappearing.
If you can connect to the network 20, when you can authenticate like logging in to the website by BnTOTP, the cruising range is not limited, and when you unlock it with 19A, you are allowed to travel 100km as an example and it is made of metal. It is also conceivable to allow 50km of travel when unlocked with the key.

As an example of use, it may be used not only for locking automobiles and safes, but also for locking airplanes, ships, agricultural machinery, forestry machinery, and heavy machinery. It may be used for doors of buildings, locks of storages and warehouses, locks of processing equipment, industrial equipment, computer terminals, and starters. It can be used for machines and devices or facilities and equipment and containers that can incorporate terminal 3D for access control.

<IC type tag type unlocking key and buildings and equipment unlocked using it>
For objects equipped with a power source such as buildings, vaults, and automobiles, the user who uses the authentication system by the digital device such as the IC tag of the present invention and unlocks the terminal 3D by using many input / output devices and storage devices such as security cameras. The user can be made to perform the unlocking operation while monitoring. When a battery having a limited capacity is used as a power source for the terminal 3D, for example, when a battery is provided in a household safe, a hand-held safe, or a lock, the operation may be limited depending on the battery capacity.
Taking the case where the terminal 3D is a container such as a safe as an example, when the power supply device 37D of the terminal 3D is driven by a battery, a power storage device such as a primary battery and a secondary battery can be used. When a secondary battery is used, it may be provided with a charging terminal that can unlock the locked portion and charge the portion that can access the terminal 3D, or a portion that can be charged by wireless power transmission. Alternatively, even if the inside of the safe having the locked terminal 3D cannot be accessed, the internal terminal 3D may be charged from the locked surface by wireless power transmission. Then, it may be possible to charge the battery by using a power generation function such as a handle-type hand-cranked power generation connected to the terminal or an energy harvesting function.
Further, the terminal 3D may be provided with a terminal having a function of only charging on the locked surface (access-controlled surface). When the terminal 3D is equipped with a terminal that has a function of only charging, the charging function is a protection circuit that does not affect the operation of the terminal 3D even if AC power or high voltage is applied to the charging terminal. You may have the power supply device 37D which was given together with.

Here, it is preferable that the lock of equipment such as a building or an automobile and the terminal 3D that controls the lock can be connected to the network 20. This is because the KC and BC that perform the OWP calculation of the authentication function 3018DA of the terminal 3D can be changed via the network 20. KC and BC may be changed at the time of periodic inspection of buildings and the like and vehicle inspection of automobiles. It is operated so that the seed value of the computer terminal 3D that controls the lock and the seed value of the one-time password generation token that generates the OWP used for the key 19A match.

<Means for performing OTP authentication in the terminal 3D disconnected from the internetwork 20>
There are ground stations and artificial satellite stations (for example, broadcasting station terminal 5C which is an artificial satellite type terminal) that can broadcast the block number Bn of the blockchain even if it cannot be connected to the network 20, and the block number Bn from the broadcasting station terminal 5C. (Or a block time stamp) or broadcast data such as a BC value or an encrypted KC value may be received by the terminal 3D and the terminal 1A, and BnTOTP type and OWP type authentication may be performed between the terminal 1A and the terminal 3D. In this case, the terminal 1A has software that can use a function corresponding to the OTP generation function 3009A, and the terminal 3D is provided with the OTP authentication function 3018DA. When the block number Bn is broadcast, the computer that controls the lock in the area where the broadcast can be received can authenticate with the block number-based one-time password BnTOTP to unlock and drive the device. Become.

Terminal 1A and terminal 3D use the block number Bn or BC to decode the KC value using the key information recorded in terminal 3D or terminal 1A, and BnTOTP = fh (A, TIDA, KC, Bn) or OWP = fh. (A, TIDA, KC, BC) is generated in the terminal 1A, A or TIDA and OWP or BnTOTP are input to the terminal 3D via the communication device between the terminal 1A and the terminal 3D, and as an argument of the 3D authentication function 3018DA. There is room for OWP verification and authentication by inputting.

It is also expected to obtain block numbers, time information and encrypted KC values from radio stations such as time signals from NITZ, JJY, GNSS, radio stations and television broadcasting stations. Although the user owns a smartphone terminal 1A, it is assumed that a car or the like cannot necessarily be equipped with a communication function equivalent to that of a smartphone, so the car side may be able to obtain time information from GNSS, JJY, etc. It may be transmitted to the terminal 3D by using a communication device. When using time information such as GNSS, it is conceivable to use it as a one-time password based on the time information data Tm of GNSS. In that case, it is necessary to change BnTOTP = fh (A, TIDA, KC, Bn) to TOTP = fh (A, TIDA, KC, Tm) at the time of one-time password generation and authentication.
However, the user identifier A and the token number TIDA are necessary even when the time Tm obtained from a broadcasting station such as GNSS, JJY, or NITZ or a wireless communication station is used.
As a general rule, the original operation method is to connect the OTP token to a node of a blockchain such as a terminal 3A to issue or transfer the OTP token and perform an OTP generation function.

<One-time password locking facility with time information receiver>
Further, even when the one-time password authentication function of the present invention is adopted in the equipment, it is necessary to suppress the consumption of the battery and the like attached to the locking device in the equipment. It is difficult to always connect to the network due to the capacity of the battery. In that case, move the broadcast receiver and computer terminal in the equipment to unlock, time data such as GNSS and data related to TB of the blockchain of the radio station. For example, the block number Bn described above is transmitted to a plurality of terminals including the terminal 1A by data broadcasting, and the terminal 1A receives the block number Bn and transmits the block number Bn to the terminal 3D to perform BnTOTP type one-time password authentication. (However, updating the KC value needs to be updated manually or by broadcasting data).

<When adding the block number Bnp when acquiring a one-time password to the argument of the authentication function>
There is a method of using the one-time password BnTOTP even when the user does not have a time data transmission station such as GNSS or a communication device.
The one-time password authentication function based on the block number Bn requires at least two token numbers, TIDA and one-time password BnTOTP. It is conceivable that the block number Bn and time information from the internetwork 20, GNSS, etc. cannot be received for the locking device such as the building equipment including the processing unit having the authentication function 3018DA and performing the authentication process, and the device such as the entrance window.

The password is generated when the one-time password BnTOTP = fh (TIDA, KC, Bnp) is generated by the one-time password generation function in order to deal with the case where the block number or time information from the Internet or GNSS cannot be received. The block number Bnp, token number TIDA, and one-time password BnTOTP at the time of acquisition are recorded on the valuable paper sheet 18A or the NFC tag 19A as bar code or character string information.
The 18A bar code is read by a 3D camera or other 340D, the NFC tag 19A is read by a 19A 3D communication device 32D or 341D, and the character string is read by a keyboard or other locked equipment. It is provided as an output device, and the input of the argument used for the authentication function is requested on the display of the output device.
Return when the authentication result is correct when Bnp, TIDA, and BnTOTP are input to the authentication function 3018DA, and the arguments are verified by the authentication function and match the BnTOTP input in the argument and the one-time password calculated by the authentication function. As a result of passing the value to the authentication function 3018DA of the program (unlocking program) used for unlocking inside the computer terminal 3D and authenticating with 3018DA, in the case of correct BnTOTP, TIDA and Bnp, the unlocking signal is sent to the locking device to lock. To cancel.

Although the case where the user identifier is generated as BnTOTP = fh (TIDA, KC, Bnp) is described here, the user identifier A is added to the argument of the hash function fh (TIDA, KC, Bnp) and BnTOTP = fh (A, TIDA, KC). , Bnp), output and record as user identifier A, block number Bnp, token number TIDA, one-time password BnTOTP on paper 18A or NFC tag 19A, and use those 18A and 19A for authentication to the terminal 3D. May be good. Authentication may be performed by inputting Bnp, A, TIDA, and BnTOTP to the authentication function 3018DA. Instead of 18A, 1500A may be used to record and display Bnp.

When calculating as BnTOTP = fh (TIDA, KC, Bnp) or BnTOTP = fh (A, TIDA, KC, Bnp), the OTP token is OTP generated by the TIDA of the user identifier A at the block number at the value of Bnp. As you can see, the Bnp number is significantly smaller than the latest block number Bn and is an old block number value, and before the user transfers the OTP token to someone, BnTOTP = fh (TIDA) at the time of the past Bnp. , KC, Bnp) and BnTOTP = fh (A, TIDA, KC, Bnp), user identifier A, block number Bnp, token number TIDA, one-time password BnTOTP are output to produce 18A and 19A, and then transfer restriction It is assumed that the unlocked OTP token has been transferred.
In this case, the user UA after the transfer may be able to unlock the car or the like even though the user UA does not have the OTP token (access right called OTP token or car key or ownership information on the blockchain). Therefore, when the above method is used, the time information Tm such as GNSS and the broadcast block numbers Bn and Bnp compare the estimated time Tp that generated BnTOTP based on a certain threshold value L, and the difference between Tm and Tp is obtained. When it is larger than L, or when the values of Bn and Bnp to be broadcast are larger than the threshold value L, it can be saved as a program in the recording unit of the authentication function 3018DA or the terminal 3D so as not to accept the authentication by the Bnp value and the BnTOTP value.
In addition, a non-volatile memory (non-volatile memory such as flash memory, strong dielectric memory, magnetic resistance memory, phase change memory, resistance change type memory) that records the time information received by GNSS inside the terminal 3D is used as the terminal. A memory portion in which a malicious attacker records the time information of the terminal 3D by using a non-volatile memory such as the resistance change memory and the strong dielectric memory which is built in the 3D storage device and has a large number of reads and writes as the GNSS time information recording device. It is required to access the information in the above and seal it so that it cannot be tampered with.

<When setting a different mapping type secret variable KCA for each user identifier or token>
When updating the secret key variable KC of the terminal 3D built in the equipment not connected to the network 20, the user or the service provider accesses the wireless and wired communication device of the terminal 3D and updates the KC value individually. There is a need to. In the case of a terminal 3D that cannot receive time information and KC values by broadcasting or can not connect to the network 20, it is difficult for the owner of the contract to change to an arbitrary time.
If a single KC value is used for the OTP token included in the contract and all the locking terminals 3D corresponding to the OTP token, and if the KC information is leaked, all the KCs of the offline locking devices are individually used. It may need to be rewritten.
To prevent this, it can be assumed that a plurality of values are set for KC according to the token number and the user identifier. As an example, it is possible to set a secret key variable KCA unique to the token number TIDA. As a specific example, there is a mapping type variable KCA [TIDA] using the token number TIDA as a key. In addition to the mapping type, any type that can set KCA using TIDA as a key may be used.
In OTP generation and authentication, the argument KC of the hash function fh (TIDA, KC, Bn) may be replaced with KCA and used as BnTOTP = fh (TIDA, KCA [TIDA], Bn) for OTP generation and authentication, or BnTOTP. A user identifier may be added such as = fh (A, TIDA, KCA [TIDA], Bn). OWP = fh (A, TIDA, KCA [TIDA], BC) may be used.
As a precaution when setting a different KCA for each token, the secret variable KCA must be recorded according to the number of tokens issued to the blockchain contract. This can generate many transactions on the blockchain and increase the total amount of data in the blockchain.
A user identifier may be added such as BnTOTP = fh (A, TIDA, KCA [TIDA], Bn). The form of OWP = fh (A, TIDA, KCA [TIDA], BC) can be used not only in the usage example in the terminal 3D but also in other embodiments of the present invention. As an example, it can be used for accessing the terminal 3C, and is also used for decrypting the encrypted data in the terminal 4A using the software 403A. Similar to KC, the mapping variable KCA using the token number as a key also changes / updates the KCA value of a certain token number used for calculation of the OTP generation function and OTP authentication function by using the function that the contract administrator serves as the setter. May be good.

<Offline lock device that can update the secret variable KC>
In updating the KC, information for equipping a terminal 3D equipped with the authentication system of the present invention used for locking a building or equipment with a contact type or non-contact type communication device and updating the KC inside the terminal 3D for operating the locking device. It is conceivable to have them enter. It is assumed that the user who purchased the locking device performs the update work here. A method of accessing the locking device and its computer terminal 3D by the user's terminal 1A or the like and updating the KC value distributed by the 3D manufacturer (such as installing the encrypted and distributed KC value) can be considered.

<OWP token without user identifier A>
In the BnTOTP type token, when the user identifier A is not in the argument of the hash function that performs the OTP calculation, BnTOTP = fh (TIDA, KC, Bn), and the BnTOTP = fh (TIDA, KC, Bn) has Bn of 15 seconds. It is possible to use it because it is updated at regular intervals such as. On the other hand, when the user identifier A is not an argument of the hash function in the OWP type token, the OTP token is distributed unless BC in OWP = fh (TIDA, KC, BC) is changed regularly by the contract administrator or the like. It is expected that the OWP value will sometimes be known to many people.
In the present invention, there may be a case where the identifier A is not used at all after recognizing the danger of not using the user identifier when generating the OWP (that is, the one-time password is generated only by the token number without including the user identifier. An embodiment of the present invention for certification). Depending on the wishes of the service provider, the present invention may be provided in the form of leaking OWP while being transferred and distributed by using only the token number TIDA without using the user identifier A for the protection of personal information. No.
In this case, the holder of the paper ticket of the present invention cannot enter unless the possession on the blockchain can be confirmed with the help of the ticket gate and the staff at the entrance window. If you have a contract to provide services to those who know OWP in the middle of the process, you can enter or receive services (at this time, the token is like a ticket or circulation board, a scatter of advertisements, etc. It is assumed that multiple users will look around the coupon code OWPcp and the users will present the OWPcp to the store of the service provider to receive benefits, or it will be used for trial products and trial reading. ).
Since the present invention is intended to be useful for authenticating and agreeing to provide services between a service provider and a user, even under conditions where OWP is likely to be leaked, according to the wishes of the service provider. Provided. It can also be customized.
On the other hand, the service provider needs to disclose and display what kind of information belonging to the user such as token number and user identifier is used among the variables provided to the user when using the contract on the blockchain. There is.

It should be noted that the present invention relates to the terminal 3D as an authentication device, and there remains a risk of unlocking by destroying the mechanism of the locking device itself instead of the authentication device, while the secret necessary for the present invention by using the means remains. There is still room for the user who lost the key 101A and the OTP data for unlocking to ask the contract manager or the contractor to unlock the equipment, safe, building, and the like.

<Ticketing server terminal>
The ticketing server terminal 3E is connected to a terminal such as an ATM of a store, a terminal 1A, a terminal 1B, an administrator terminal 1C, a terminal 4A, a blockchain node terminal 3A, 3B, and a blockchain search server 3F via a network 20. Here, the terminal 3D may also be connected to the network 20, but the terminal 3D does not assume a constant connection.

In the ticketing server 3E, the user UA operates the terminal such as the ATM of the store or the terminal 1A, searches for the OTP token corresponding to the service, purchases the OTP token using the electronic commerce function, and the user identifier A instructed by the user UA. Is asked to issue an OTP token.
Then, the ticketing server 3E describes the OTP token corresponding to the service purchased by the UA to the contract administrator UC and the contract administrator terminal 1C, and the OTP token contract of the contract identifier having a certain blockchain identifier with respect to the user identifier A. Token number Instructs the issuance of an OTP token with UIDA. (The token number TIDA may be decided by the contract administrator.)
The contract administrator terminal 1C accesses the blockchain portion of the node terminal 3A using the secret key 101C of the contract administrator according to the instruction of the ticketing server 3E, and enters the token issuing function of the contract of the OTP token with the user identifier A and the token number TIDA. Enter other OTP token information (OTP token URI information, serial number, valid / invalid truth value, remarks, etc.) as arguments, and send the execution transaction of the OTP token issuance function to the blockchain section of 3A after signing. When the transaction is combined into block data and linked to the blockchain, the OTP token of the token number TIDA is issued to the user identifier A.
Notify the user who issued the OTP token through the contract administrator terminal 1C or the ticketing server 3E that the OTP token with the token number TIDA has been issued by e-mail, telephone number SMS, or mail delivery.

<4C. Decryption and use of encrypted data and files>
As shown in FIG. 1B, in the present invention, the OTP authentication system of the present invention shown in FIGS. 8A and 8B is applied, and the terminal 4A having the encrypted data 4034A distributed from the terminal 5B or the like is connected to the terminal 3A through the network 20. The return value 4031A of the authentication is obtained by using the OTP authentication system using the blockchain of the present invention, and the software 403A (403A and 403A shown in FIG. 4B are software CRHN) uses at least 4031A, preferably 4032A. Based on multiple key information such as 40302A and 40302A, a common key (symmetric key) 4033A that decrypts encrypted data and encrypts plain text data is calculated according to the processing of the program of software 403A, and the encrypted data is decrypted and the plain text data is used. Enables.

The OTP authentication system of the present invention is an access control technique, and the embodiments shown in FIGS. 1B and 8C and 8D are different from those of FIGS. 8A and 8B.
In FIGS. 1A, 8A, and 8B, the terminal 3C and the terminal 3D are the targets to be accessed by performing OTP authentication. However, in FIGS. 1B, 8C, and 8D, the target to be accessed by performing OTP authentication is not the terminal but the encrypted data, the terminal 3C or 3D does not exist, and the terminal 4A and the server terminal which is the node of the blockchain. There is 3A and network 20, and the recording device of terminal 4A encrypts according to the processing of the program of software 403A based on the encrypted data 4034A, the software 403A, the return value 4031A after OTP authentication, and a plurality of key information such as 4032A and 40302A. The key information 4033A for decrypting the data and encrypting the plain text data can be calculated and the encrypted data can be decrypted into the plain text data. The 4034A can be decrypted using the 4033A as a common key (target key) of the common key cryptography (target key cryptography) to obtain the 4035A. The encryption method used in the 403A preferably uses common key encryption.

The encrypted data 4034A is created by using a version (version) of 403A that can encrypt plaintext data 4035A (if the encryption method used in 403A and TTKY4033A can be calculated, it should be encrypted without using 403A. Can be done.).
In response to the access of the user terminal 4A using the network 20 such as the terminal 5B of FIG. 5B, the terminal 4A searches and searches from a plurality of encrypted data stored inside the 5B by the database search function of the terminal 5B. It has a function of distributing encrypted data 4034A to the terminal 4A via the network 20. Further, 4034A can be distributed and distributed by using a known cloud storage or data sharing service without using the terminal 5B.
Furthermore, optical discs (optical discs, optical discs) on which encrypted data 4034A is recorded, semiconductor memories, magnetic discs, magnetic tapes, and external recording devices that can read them are distributed through distribution and the like without using the network 20, and users. The external recording device in which 4034A is recorded can be delivered to the UP and the terminal 4A. Alternatively, an external recording device in which 4034A is recorded may be distributed on the street or in a store. The encrypted data 4034A may be distributed / broadcast to a plurality of terminals including the terminal 4A in the form of broadcasting by the terminal 5C shown in FIG. 8D described later.

If the unlockable key information 4033A is lost, the encrypted data in the form shown in FIGS. 8C and 8D cannot be decrypted and may be lost. When the hardware of the terminal 3D itself or the mechanical mechanism for locking does not operate normally and the lock cannot be unlocked, as in the case of the lock device of the safe as an example shown in FIG. 8B, the lock device itself is destroyed and the lock is unlocked. By doing so, the goods in the safe can be recovered, but such unlocking cannot be performed with the encrypted data, and the plaintext data contained in the encrypted data that has become difficult to decrypt may be lost.

In the embodiment, the right to view and view electronic books and music video information is represented as an OTP generation token, and the contract of FIG. 3AC including an OTP generation function 3009A, an OTP authentication function 3018A, an OTP token possession information 3014A, an OTP token issuance function 3043A, and the like. Called when using 3008A in the OTP authentication system.
The contract of the OTP token using the software 403A includes the contract 30008AG including the OTP generation function as shown in FIG. 3AB and the contract 3008AA including the OTP authentication function or the OTP generation function such as the OTP authentication function 3018DA recorded in the terminal 3D. Even if it is separated into a contract and a contract that includes an OTP authentication function, it does not mean that authentication cannot be performed.
When software 403A is used, it is preferable to describe the OTP generation function 3009A, the OTP authentication function 3018A, the KC value 3011A, the BC value 3013A, and the setter function 3012A in the same contract as shown in FIG. 3AC.
It is desirable that the 403A has a network 20 and a distributed ledger system node terminal 3A, and the OTP generation and authentication can be completed by the contract 3008A of the terminal 3A. It is sufficient to manage variables and functions of contracts such as 3041A and 3042A by changing only one contract 3008A.
By managing changes such as changing only one contract 3008A, it is possible to eliminate the labor of setting setting variables such as KC values to match between contracts that generate and authenticate different OTPs and between OTP authentication functions 3018DA of the terminal 3D.
For synchronization of seed value 3011A, BC value 3013A, block number residual variable 3030A related to OTP calculation method, and integer 3031A for adjusting the number of OTP digits between contracts separated into 3008AG and 3008AA that may be used in the service of terminal 3C. The management work such as change of the terminal 3D and the management work such as the change between the recording unit of the terminal 3D having 3008A or 3008AG and 3018DA used in the service of the terminal 3D may be unnecessary in the use of the software 403A.
If the OTP generation contract used by the user terminal and the function or contract that authenticates the OTP used in the terminal 3C or 3D are separated, the KC value or other numerical value of each contract or function is changed to the same value when the seed value is changed. It needs to be synchronized and requires the effort of contracts and service managers. On the other hand, as shown in FIG. 3AC, by describing the KC value 3011A or BC value 3013A and its setter function 3012A in the same contract, the numerical values such as the KC value 3011A used for the calculation of the OTP generation function and the OTP authentication function are in the same contract. In this case, it is only necessary to operate the setter function 3012A of the contract once, which has an advantage that the labor for updating and synchronizing the seed value is reduced. Therefore, in the embodiment using the software 403A, a contract using the OTP generation function and the authentication function is used as shown in FIG. 3AC.

In the embodiment, when the authentication function 3018A is executed at the time of OTP authentication and the authentication result is received as the return value CTAU (3021A in FIG. 3AC and 4031A in FIG. 4B), there are a plurality of return values 4031A, and the first return value is Authentication when the second return value is the key information CTUkey recorded in the variable built in the authentication contract in the boolean variable CTAUTf (valid value type variable CTAUTf, Boolean type variable CTAUtf, Boolean type variable CTAUtf). Of the results, the boolean value CTautf is used to determine the execution of the next process inside the application software 403A. When defining that the authentication result is correct if the first return value CTAUTf included in 4031A is true, the software 403A determines whether the result of CTAUtf is true, and if it is a false value, the process is interrupted.
Information that receives the second return value CTAUkey included in 4031A when CTUtf is a true value, and generates a key 40302A built in the CTAUkey and software 403A and 4032A externally set as needed. The common key 4033A (TTY4033A, title key 4033A) is calculated according to the program of the software 403A, and the data and files encrypted by the common key encryption such as AES (Advanced Encryption Standard) method are used as the common key. It can be decrypted, viewed, and used.
Here, in the embodiments and embodiments of the present invention, the files that can be viewed / viewed can be text files, audio files, moving image files, and the like. A file with a file extension that can be displayed by a web browser that mainly supports HTML5 and ECMAScript was used.

In carrying out the present invention, the key lengths of the AES method used for the common key cryptography in the software 403A were 128 bits and 192 bits. The AES method used in the examples of the present invention is specifically an AES-CBC cipher, and a cipher block chain (CBC) mode with an explicit Initialization Vector (IV) is used. The key data length, CBC mode and initial vector IV are set in software 403A.

As an example of the software 403A, it corresponds to a file format that can be used by a web browser, such as a PDF format of Adobe Corporation in the United States for text format, an MP3 format for audio, and an MP4 format for video format. In addition to files containing copyright-related content, personal information such as corporate customers who want to prevent leakage to the outside and prevent decryption by encryption, etc. (for example, customer list of a corporation, school) (Corporate student list, etc.), confidential texts that should be viewed inside individuals / corporations / organizations, audio / image / video information during production, product design drawings, product CAD data (3D CAD data that can be used for 3D printers) The present invention is also used when encrypting, decrypting, and transmitting confidential information of various laboratories and factories such as electronic circuit data (including design data that can be used in program logic devices), semiconductor photomask data, etc.). Is available.

In the embodiment of the present invention, the software 403A utilizes at least the key information CTAU4031A when generating the key 4033A for creating or decrypting the file encrypted by the common key encryption of the AES method by using the software 403A. Then, using the key 40302A (CRKY40302A, CRHN software secret key 40302A) built in the software 403A, and further using the key 4032A (AKTB4032A, password 4032A, external password 4032A) not included in the blockchain (distributed ledger system) and the software 403A. Use. Although 4032A decides not to use blockchain, it is recommended and may actually be notified by a transaction from a blockchain infrastructure different from the blockchain infrastructure that uses 403A, and the notification method of 4032A is encryption. It depends on the policy of the user.

1. 1. Return value of authentication function recorded in blockchain contract 4031A
The variable 4031A having the key information is built in the variable used for the authentication function of the OTP authentication contract, but may be built in the OTP generation contract together with the authentication function. 4031A is set as the return value CATU when the authentication result is correct when the authentication function 3018A is executed. Here, it is preferable that the contents of the functions and variables of the contract 3008A that processes the ERC721 standard as a non-fundable token such as issuing an OTP token and generates / authenticates the OTP are concealed.
Further, the key information 4031A may have a setter function that can be changed by the creator / administrator of the contract. The creator / administrator of the contract is assumed to be the individual corporation of the right holder who has the authority such as the copyright of the encrypted file.
When the services targeted by 403A, OTP tokens, and 4031A are subscription-type magazines and newspapers, and subscription-type broadcast data, the key 4033A used for encryption is preferably updated every few months or years, and contracts. 4033A is also updated by the contract manager changing 4031A on a regular basis. Plaintext data is encrypted and distributed with the modified 4033A.
In that case, a user who does not know 4031A cannot calculate 4033A, and it becomes difficult or impossible to decrypt the encrypted data. In this case, it would be useful for 403A to cut and save a part of the newspaper article for personal use in order to record the event, which would be useful for recording culture and current affairs, and it may be necessary to allow copying. Similar to the certificate 4036A described later, the time information, block chain block number, and MAC value of those messages are added to the data cut out for personal use from public information such as newspapers using means such as electronic signatures and HMAC. It may be attached and saved as a record of books such as newspapers that can be detected for tampering (if the right holder of the books such as newspapers does not permit cutting etc., the function of cutting and saving in 403A is stopped).
As another method, 4031A is set as a fixed data value, 4032A is notified in advance by transaction or e-mail to the user identifier at the time of contracting for newspapers and magazines, and 4032A is updated every few months or years to 4033A. While updating, encrypted data is created and the encrypted data is distributed to the user, and the user is notified of the updated 4032A. 4032A may be calculated by using the updated 4032A and the 4032A by e-mail or the like, and the encrypted data encrypted by using the key may be distributed to the user. As a method of transmitting 4032A, AKTB4032A may be automatically acquired by connecting to a website or web application having 403A instead of e-mail.
Although it is optional, 4032A may be changed for each customer / user, and 4033A may also be changed for each customer to create and distribute encrypted data. However, when the data is distributed, the encrypted data has unique data and hash values to the target reader, so it may be tracked who subscribes to which publisher's magazine or newspaper, so it was encrypted. It is preferable to exchange encrypted data between the publisher and the user by means of communication such as e-mail or cloud storage. A recording medium such as an optical disk on which 4033A produced by using 4032A and 4032A is recorded can also be distributed in the form of mail or delivery instead of communication.
When newspapers, magazines, etc. are encrypted with a single 4033A and can be obtained in the form of wireless broadcast data, it may be difficult to track who subscribes to what data.

At the request of the right holder who provides the data and contents corresponding to the OTP token, 3041A for transfer restriction is set in the contract 3008A so that the execution of the token transmission function 3040A is interrupted according to the data value of 3041A. You may.

As an example, when handling confidential information or the like in a group, it is not necessary to transfer the OTP token which is the access right of the data, and when the transfer restriction function is to be used, a variable value prohibiting the transfer is set in 3041A.
On the other hand, when the content corresponding to the OTP token is book data as an example, and the right holder of the content permits the book data to be distributed as an antique as an antique book in accordance with the law, the contract 3008A is restricted from being transferred. Although 3041A is set, the data value of 3041A is in a state where 3041A can be transferred by rewriting the key information 4031A to an arbitrary time by a setter function that can be changed by the creator / administrator of the contract. The OTP token is regarded as a substitute for a paper book and transferred between users having different private keys (for example, a user having a user identifier A having 101A and a user having a user identifier B having 101B) using the transmission function 3040A. Will be possible. Further, if the right holder of the content permits, 3041A that restricts the transfer is not set, and the token can be distributed in accordance with the ERC721 standard.

2. 2. Key 4032A with password or password.
This information is not included in the OTP generation and authentication contracts on the blockchain and the software 403A, and conveys the key 4032A to the user using a communication path unrelated to them. Here, the method of communication is arbitrary, and means such as e-mail, telephone, SMS, the website of the contract creator, and mailing the sealed letter to the user can be used. (Here, it is not recommended to use a public blockchain transaction or software 403A when transmitting the key 4032A to the user holding the OTP generation token. In a concealed private blockchain, record 4032A in the transaction. It may be sent to the user's identifier, but it may be sent in the form of e-mail, telephone, or mail delivery of letters without depending on the blockchain.)

It is also possible to fill in a blank in 4032A. That is, the data value of the encryption key may be only 4031A, but the attacker needs to guess the key transmitted from the source code of 403A and the route other than the blockchain, so the identification of the key is necessary. The aim is to discourage the willingness to work on decryption, which is necessary and makes it difficult to decrypt. 4032A is a variable set by a user who wants to encrypt data according to how much he / she wants to protect the data by encryption. Preferably, the value 4032A is not a blank, but a certain number or character string. The value 4032A can also take the data value of a character string as long as the software 403A allows. It may be a 4-digit PIN. Alternatively, it may be a one-character alphanumerical symbol.

Here, 4032A is transmitted to the e-mail address of the user UA, but it is set to a different value 4032A for each e-mail address (for each destination) (for example, a number of operations, hashing, information clipping, etc. derived from the user identifier A). A file encryption key TTKY4033A that is different for each user identifier is generated based on one return value 4031A built in the contract and a value 4032A that is different for each user identifier, and the content file is encrypted and encrypted. It is also possible to separately transmit the encrypted file to the user by e-mail or web service. At this time, the processing unit and storage that encrypts and transmits the content with the AES encryption key that is different for each e-mail address for each user on the server 5B that distributes the file. I need a part.

On the other hand, when using it for encryption of files of materials that you want to distribute to the company as a simple security without distinguishing between users, 4032A should be a character string decided in the company, and only a single 4032A should be used for in-house mail. It is also conceivable to notify by a paper circulation board, in-house mail, etc., and distribute the encrypted file 4034A having the same digest value (hash value) to the terminal of the user connected in the company.
In this case, the server 5B connected to the network 20 is unnecessary, and not using an external server leads to cost reduction. It can be used not only within the company but also when you want to distribute contents such as sentences and software between individuals or a certain group. It encrypts in-house data and prevents it from being viewed in the form of plaintext data should the encrypted data be leaked.

When distributing an encrypted file containing the same plaintext data content with different hash values to users with each user identifier, the larger the number of users at the distribution destination, the more 4034A will be created by individually encrypting, and the terminal 5B will have more. May consume computational resources and storage space. Furthermore, if there is no transfer restriction on the OTP token, the user can transfer the OTP token to each other, but it is necessary to inherit the key 4032A corresponding to the OTP token and the data 4034A encrypted using the 4032A from the transfer source user at the time of transfer. .. Alternatively, the terminal 5B may be notified that the OTP token has been transferred, and the data 4034A encrypted using the newly generated 4032A and 4032A may be distributed and distributed for the user of the 5B transfer destination.

When distributing an encrypted file 4034A containing the same plain data content having a different hash value to a user with each user identifier, it is illegal to track the distribution of the customized encrypted data 4034A on the network 20. Although it may be possible to monitor the distribution of data, tracking the distribution of encrypted data 4034A on the network 20 makes it easier to supplement what kind of newspaper or book is being read by what kind of user. There is also a fear.
It is desirable to generate and distribute encrypted data 4034A using 4032A so that both privacy protection and content manager protection can be achieved at the same time. It is also preferable to consider the storage stability of computational resources, storage areas, and encrypted data. As an inventor, it is preferable that 4032A distributes an encrypted file 4034A having the same digest value (hash value) as a single character string (external password as a password) determined between individuals, within an organization, or within the company. I think.

In addition, the following 3rd and 4th key information can be added.

3. 3. As an example of the software 403A, the key information 40302A set in the software 403A described in the source code such as ECMAScript of the 403A (CRKY, 40302A in FIG. 4B). Here, it is preferable that the source code of the software 403A is obfuscated. The source code can also be encrypted. If 40302A leaks, it will be used when distributing a new version of software 403A with the value of 40302A changed.
The calculation of 4033A requires 403A including 4031A, 4032A and 40302A. Users of the new version of 403A preferably record and store the version of 403A corresponding to the cryptographic data 4034A of the past book in the same location.

4. Key information 40303A read from a key management contract different from the OTP generation and authentication contract recorded in the node such as the terminal 3A on the blockchain may be used.
40303A is an example introduced for the purpose of making it difficult for an attacker to decipher the calculation method of the key 4033A of the software 403A.
The contract identifier 40301A of the key management contract is described in the software 403A, and the getter function for obtaining the key 40303A from the key management contract is operated according to the process specified by ECMAScript of the software 403A, and the return value of the function is 40303A. To get. 40301A, 40302A, 40303A are determined for each software CRHN. If 40303A leaks, it will be used when distributing software CRHN with the value of 40303A changed. Here, it is preferable that the contents of the contract functions and variables are concealed.

To summarize, in the embodiment of the present invention, four key information was used. In the terminal 4A, the key information obtained from the blockchain node such as the terminal 3A is 4031A and 40303A, the key information obtained from the software 403A is 40302A, and the key information transmitted by a route not belonging to either of them is 4032A. Is. Generates a common key TTKY4033A that encrypts and decrypts files using the key calculation function (key calculation processing unit) of software 403A that uses the four keys of 4031A, 40303A, 40302A, and 4032A and uses the four key information as variables. do.

If the information is not set for the key 4032A, it is considered that a blank is entered. That is, it is interpreted that 4032A is blank, and the program of 403A tries to decrypt the file. If there is a plaintext file and the user selects a process to encrypt it, 4032A is treated as a blank and encrypted.

In the embodiments and embodiments of the present invention, the reason for adopting the method of using such four keys, particularly the reason for using AKTB4032A, is that when an attacker unlocks and decrypts a file, 4031A and 40303A on the blockchain are tentatively used. In Ethereum, the key information can be decrypted, and even if the software 403A obfuscates the source code and encrypts it, an attacker may find out the key.
Therefore, a variable 4032A called AKTB that does not exist in the blockchain and software 403A is set, and the file is encrypted and decrypted. Respond to attackers by setting 4032A. The number of variables of 4032A is not limited to one, and a plurality of variables can be set.

Here, instead of Ethereum, a permission-type (permission-type) blockchain with added functions such as transaction concealment and network access control such as Quorum provided by the Enterprise Ethereum Alliance (EEA). If it is used, 4031A and 40303A recorded in the contract can be concealed, so it is preferable to use a blockchain platform capable of concealing the transaction.
Permission-type (permission-type) blockchains with added functions such as transaction concealment and network access control, such as Quorum, are shown in FIGS. 1, 1A, 1B, 8A, 8B, and Fig. It is preferable that it is also used in the examples of 8C and FIG. 8D. Terminal 3C for logging in to websites for banks' Internet banking, for logging in to web services that handle financial and valuable information, and for locking and unlocking safes and vaults and cars and buildings on Terminal 3D. It is preferable that it is also used for applications and for decrypting encrypted data using software 403A.

<Distributed storage of encrypted data>
When used in combination with 4031A, 40303A, 40302A, and 4032A, the content is encrypted with a single encryption key TTKY4033A calculated based on these four variables, and the encrypted file has only one hash value. It is assumed that the content will be encrypted and distributed. On the other hand, although it is the same as explained above, it is also possible to change 4031A and 4032A for each user and distribute different encrypted files of TTKY4033A.
Here, in order to store information, it is also considered to distribute a file encrypted with a single TTKY4033A. The idea that the lock should be broken even if the unlocking means shown in the example of equipment such as a locked safe is lost cannot be applied to encrypted data including contents. If you want the encrypted data distributed by the content right holder to be stored on multiple computers and continue to be viewed, it may be preferable to distribute a file encrypted with a single TTKY4033A.
In the present invention, if the method for calculating TTKY4033A is lost, it becomes impossible to recover the encrypted data. By changing the value of 4031A or 4032A to a single value, users with OTP tokens can decrypt it with software 403A, and users with OTP tokens can decrypt encrypted files with a single 4031A or 4032A all over the world. It will be possible to distribute and hold the data, and the encrypted data used all over the world may be easily stored in future generations.
The above is the idea of the inventor, and the final encryption method is decided by the right holder of the data. At the request of the data right holder, 4031A, 4032A, 40302A and other key values are set, they are input to 403A, processing is performed, and plaintext data is encrypted and encrypted using the key 4033A used for encryption and decryption. Can be decrypted.
From the idea of saving information like a paper book to posterity while restricting viewing, text data etc. are saved in paper or an external storage device from the system of the present invention using 403A when the right holder permits. You can have a means.
It is necessary for the right holder to store and manage the plaintext or encrypted data of the content data created by the right holder and the key information for decrypting the data.

<System that can display advertisements or monitor unauthorized access>
Here, the URI for displaying the advertisement is recorded in the software 403A and the plain text data 4035A obtained by decrypting the encrypted data, and the software 403A has a program for displaying the advertisement or the like delivered by the server terminal 5A according to the URI information. You may be prepared. In addition to the advertisement, the terminal 5A notifies the instruction manual information of the software 403A and the version information (version information) of the 403A.
The advertisement is delivered from the terminal 5A to the terminal 4A via the network 20 according to the storage unit 505A or 506A of the terminal 5A and the control unit 515A or 516A to the terminal 4A that has accessed the terminal 5A.
The method of displaying advertisements using software 403A and terminal 5A is similar to printing advertisements on paper when reading paper newspapers and magazines, and is similar to book authors, publishers, copyright owners, and app developers. This is so that the reward for displaying the advertisement can be distributed according to the number of times the user has viewed the software 403A or the content.
Also, unlike advertisements on paper media, the advertisement information from the website that the terminal 5A of the linked URI described in the software 403A and the encrypted content delivers to the terminal 4A via the network 20 dynamically is the advertisement content. Can be changed.

It is preferable that the portion related to the advertisement using the terminal 5A and the software 403A is used for the reproduction of electronic books and audio / moving images, and is not used for the encryption and decryption of confidential information. When secretly exchanging confidential data between companies, organizations and individuals, it is preferable to separately prepare a commercial version of software 403A (commercial version of software 403A) that omits the advertisement display function.

It may not be preferable in terms of confidentiality between companies to automatically connect to and link to the advertisement website by the advertisement display function, and the company where the terminal 5A created the advertisement at the display destination of the advertisement. Software 403A that omits the advertisement distribution function that can connect to the terminal 5A is also available because the data obtained from may contain a program that performs harmful operations that are not intended for the user's computer and may reduce security. It is preferable to be able to do it. There may be an OTP token for operating the software 403A depending on the application. There may be an OTP token to log in to the application software of 403A.

Considering that the terminal 5A can be operated by a corporation or the like, and that confidential information between government offices and companies is taken into consideration, an attacker is among all the parties involved in creating and selling software 403A and advertisements in order to steal the user's information. We cannot guarantee that it will not be. Therefore, it may be preferable that the software 403A is used in a virtual machine environment or a sandbox environment under the operating system environment of the terminal 4A. It is preferable to examine the behavior when the encrypted data 4034A is decrypted by the OTP authentication system and the key information and the 4035A is executed as the plaintext information 4035A, or when the 403A is executed.
If the executable file format (file extension) of software 403A is limited to music files, video files, and book files, and if you trust the files, you may be able to omit the virtual machine environment.

In addition, information such as advertisements needs to be based on rating information of software 403A and OTP tokens. The one-time password token contract of the present invention can be provided with a variable KNBN3024A that serves as a signboard for recording ratings and the like, and the software 403A can read the rating information written in 3024A and change the behavior for advertisements. Is. (For example, when the advertisement delivered by the terminal 5A contains information on adult favorite items such as alcoholic beverages, the advertisement is not displayed for the rating token for minors, and the display part of the advertisement is the developer of the software 403A. It is also possible to display only pages and the instruction manual site of software 403A.)

Here, when using the software 403A by using the one-time password authentication system of the present invention,
1. 1. Software 403A,
2. 2. A smartphone terminal 4A or a computer terminal 4A in which software 403A is recorded in a recording device and access information to a blockchain and a contract and a private key 401A are recorded (input).
3. 3. Communication path network 20 that can be encrypted (communication is encrypted by encryption such as TLS),
4. Server 3A that configures a blockchain and generates and authenticates a one-time password (a contract including a one-time password generation function and an authentication function is recorded in the blockchain),
5. Server 5A that receives user access and displays advertisements (a server that develops a website that can perform multiple roles of not only advertising but also information notification to users and monitoring user access),
6. 7. URI information to the server 5A that displays the advertisement built in the program of software 403A. Encrypted data or file 4034A
8. 9. URI information to the server 5A that displays the advertisement contained in the encrypted data 4034A. Server 5B that delivers the encrypted data 4034A to the user's terminal 4A through the communication path network 20.
Is required. The terminal 4A may be any terminal as long as it can view and use plaintext data, and may be a tablet terminal or a computer terminal connected to a head-mounted display.

The URI of the server terminal 5A for displaying the advertisement is set in the software 403A or the 4035A obtained by decrypting the encrypted data, and the software 403A accesses the server 5A according to the URI of the server terminal 5A for displaying the advertisement. At this time, the server 5A can record access information for a plurality of terminals such as the user UP terminal 4A, the user UA terminal 1A, and the user UB terminal 1B that have accessed the 5A, as shown in FIG. 6X.

In FIG. 6X, the contract identifier and the blockchain identifier of the OTP token that provides the service are omitted, but in FIG. 6X, the contract identifier CPGT and the blockchain identifier (identifier of the distributed ledger system) are used as the user identifier and the token number. It may be recorded in association with each other.

The terminal 5A receives the access of the software 403A of the terminal 4A, records the access information of the terminal 4A in 501A, and distributes the advertisement according to the storage unit 505A or 506A and the control unit 515A or 516A.
After recording the access information blockchain identifier of the terminal 4A and the contract identifier CPGT of the OTP token that generates OTP, the user identifier A, the token number TIDA, and the IP address or location information of the terminal 4A shown in FIG. 6X. Alternatively, the ID information unique to the computer device or the value IPV calculated from the sensor value of the input device 42A of the terminal 4A and the login status data such as the browsing time T and the browsing history information Cnt (Cnt is the number of accesses) are stored in the server terminal 5A. Can be recorded in the database 501A of the recording device.

In the recording device 50A and the processing device 51A of the terminal 5A, the correspondence relationship of login status data such as contract identifier CPGT, user identifier A, token number TIDA, value IPV, browsing time T and browsing history information Cnt (Cnt is the number of accesses) Save and save for display in a table format similar to Figure 6X.
Here, the format of the table and the format of the database do not necessarily have to be the format shown in FIG. 6X. FIG. 6X uses a table to show that there are multiple IPV values for a certain user identifier / token number (a case where a 3-axis geomagnetic sensor and a 3-axis magnetic compass sensor have different Z values) and is incorrect. It is explanatory drawing at the time of detecting the case where access is suspected. It suffices if it can detect whether or not the token number of the same private key or OTP token is accessed by a different IPV value. FIG. 6X is an explanatory diagram. As long as it does not deviate from the present invention instead of the format as it is in FIG. 6X, a part of FIG. 6X may be modified to record the data and used for monitoring the accessor.

In the recording device 50A and the processing device 51A of the terminal 5A, the server terminal 5A is provided with a processing unit capable of detecting whether or not the token number TIDA is accessed by a different IPV value to the terminal 5A.
The fact that the token number TIDA assigned to the private key 401A of the same user identifier A was viewed from a device having multiple IP addresses, location information, location information, and combined data IPV of the sensor values of the terminal. It is provided with an unauthorized access monitoring function (511A, 512A, 513A in FIG. 5A) that can detect and contact the user UA corresponding to the user identifier A.
By recording the URI connected to the terminal 5A in the program 403A, it is possible to provide the unauthorized access monitoring function as shown in FIG. 6X together with the advertisement display function. It is also possible to equip the terminal 5A to notify the customer whether the private key has been illegally used by using the unauthorized access monitoring function.
The plaintext data 4035A can also be provided with an advertisement distribution function and an unauthorized access monitoring function as shown in FIG. 6X by recording the URI connected to the terminal 5A and accessing the terminal 5A.
However, the unauthorized access monitoring function and the advertisement distribution function using the terminal 5A in the software 403A are not essential elements, and there may be a 403A that does not use the unauthorized access monitoring function or the advertisement distribution function.
From the viewpoint of privacy protection, there may be a 403A that does not use the unauthorized access prevention function or the advertisement distribution function. On the other hand, the unauthorized access monitoring function and the advertisement distribution function function prevent unauthorized use of the private key, and protect the holder of the OTP token, the content of the encrypted data corresponding to the OTP token, and the right holder thereof.
The unauthorized access monitoring function and advertisement distribution function using the terminal 5A in the plaintext data 4035A are functions that the right holder of the plaintext data decides to use, and it is considered to be useful for the protection of the content and the profit of the content right holder by the advertisement. Will be. Since the URI to the advertisement is a URI (link tag) written and embedded in the plain text data 4035A in HTML language etc., the URI of 4035A (and the advertisement content linked to the URI) may also be a part of the content. No.
The unauthorized access monitoring function and the advertisement distribution function using the terminal 5A in the plaintext data 4035A are used by the content right holder, and the content right holder may not use the above function.

<Registration of user contacts in a system that can monitor unauthorized access>
The terminal 5A records the customer information with the customer information database management unit 514A, which registers the user when using the software 403A, and registers the notification destination / contact information when the unauthorized access monitoring function detects unauthorized access at that time. 504A is provided. When unauthorized access is detected by the unauthorized access monitoring function (511A, 512A, 513A in FIG. 5A) The time and time when the unauthorized access notification unit 513A causes unauthorized access to the contact using the contact recorded in 504A, the user Notify the identifier, token number, OTP token contract identifier and other information necessary for providing services.

<When the encrypted data is viewable data>
The user can decrypt and view the encrypted data 4034A using the software 403A and the OTP authentication system.

<When decrypting encrypted data, editing it, and then encrypting it again>
The user decrypts the encrypted data 4034A using the software 403A and the OTP authentication system, browses and edits the plain text data, and then records the block number and the BnTOTP and time stamp of the OTP token used for browsing to detect tampering. Data with an electronic signature or HMAC can be encrypted again and saved.
For example, after a staff member UP of a certain organization modifies a text file, audio / video file, table calculation file, design drawing file, etc., the block number, BnTOTP, time stamp, etc. are recorded, and an electronic signature for detecting text or video data tampering. Alternatively, after re-encrypting and saving the data with the MAC value of HMAC and distributing it to another employee UA in the organization, the key information such as 4032A for decryption and the software used for encryption are given to the employee UA. By distributing the 403A and the OTP token, the UA receives the encrypted data again, decrypts it, browses the contents added / changed by the UP, and changes the addition by the UA's hand, with the block number and BnTOTP. It is possible to record a time stamp, etc., attach an electronic signature for detecting tampering with text or video data, or attach the MAC value of HMAC, and then encrypt and save it.
In this way, it is possible to exchange sentences between multiple users such as UP, UA, UB, and UC of a certain organization while adding a time stamp, a MAC value of HMAC, or an electronic signature to the data by adding it to a confidential document.

<When the encrypted data is 3D blueprint information>
It is shown in the design drawing by modeling with a 3D printer from the 3D CAD data (three-dimensional design drawing information) obtained by decrypting the encrypted data and processing the base material with a multi-axis processing machine or the like. Create a three-dimensional object. However, it cannot be output depending on the rating of plaintext data and the output settings. The software 403A should prohibit the output of a three-dimensional object that violates laws and regulations such as the Firearm and Sword Law, and the 403A determines whether or not the three-dimensional object can be output from the information described in the rating information of the plaintext data. The 3D CAD data information can also be viewed on the head-mounted display 453A. Even two-dimensional CAD data can be viewed, output, and used in the same manner. As an example, the design drawing data used for a processing machine such as an industrial printing machine or a plotter may be used.
The design drawing data related to the manufacture of a one-dimensional, two-dimensional or three-dimensional object or device is saved as encrypted data by the method of the present invention, and is used for the information used for manufacturing by decrypting it using the OTP authentication system. You may.

<When the encrypted data is a design drawing of a circuit, etc.>
The encrypted data may be a circuit design drawing. For example, it may be design drawing data of a programmable logic device. FPGA (Field Programmable Gate Array) is a kind of programmable logic device, and is a semiconductor IC having a circuit array that can be configured in the field and capable of changing the electronic control function in the device. In the embodiment of the present invention, it is possible to receive, decrypt, and use the data of the circuit for configuring or reconstructing the FPGA as encrypted data. The programmable logic device can be used for industrial equipment and broadcasting communication equipment, and is also expected to be used for user terminal 1A and server terminal 3A.
Circuit information that enables reconfigurable computing may be distributed as encrypted data and decrypted by an OTP token. The encrypted circuit information that enables reconfigurable computing may be stored in a version control and code repository such as GitHub of GitHub, downloaded from a user terminal, and distributed / distributed. It is intended to dynamically construct a circuit according to the design drawing in the programmable logic device by obtaining the usage right by the OTP token and decoding it while performing version control to check whether the circuit information of the programmable logic device has been tampered with.
When deploying design drawing information to FPGA or the like, it is preferable to investigate the behavior of decoded data and malicious programs in a virtual machine environment (sandbox environment). Or, only for the first time, when the encrypted data is decrypted by the OTP authentication system, the data is investigated in the virtual machine environment and it is judged that it is not malicious, then a certificate is issued, and if there is the above certificate, it is sent to the FPGA without using the virtual machine environment. The design drawing data may be expanded to FPGA or the like.
As described in a specific example using an FPGA example, the data decoded by the method of the present invention is stored in the storage portion of a circuit that controls a computer such as a CPU, SoC, or MPU, and the behavior of the control arithmetic unit is changed. May be good. Alternatively, it may be used when a program with a certificate close to hardware such as firmware of a computer terminal or BIOS is encrypted, distributed and installed.
There is a device, circuit, and semiconductor component manufacturing line that manufactures final CPUs, SoCs, and MPUs from semiconductor boards for circuit board information and semiconductors for electrical and electronic equipment for the purpose of distributing them within a certain organization. The data related to the above may be stored as encrypted data by the method of the present invention and decrypted using an OTP authentication system to be used for information used in manufacturing a semiconductor product. Not limited to electronic devices, it may be applied to manufacturing data and confidential information of a certain product.

<4T. Use in broadcasting (distribution of encrypted data that is not bidirectional, live distribution)>
The server terminal 5B that delivers encrypted data and files 4034A to the user terminal 4A via the network 20 is a device capable of bidirectional communication, but instead of the terminal 5B, a broadcasting station terminal 5C capable of one-to-many broadcasting (Fig.) 5C, 5C, SVCRHNroadcaster) can be used. The broadcasting station 5C uses a communication path NTB (communication network 21, radio band for wireless broadcasting, broadcasting cable for wired broadcasting) by one-to-many broadcasting to a user terminal 4A having a receiver 423A that can receive broadcasting. On the other hand, the encrypted data 4034A to which common key encryption such as AES encryption is applied is broadcast by a single encryption key TTKY4033A. The broadcasting station 5C may be installed on the ground, may be a mobile station, or may be installed on a satellite. It may be installed on the ground or in outer space.

<When terminal 5C is a node of the same blockchain as terminal 3A and can broadcast BnTOTP>
Broadcasting station 5C may have the same function as 3A. The broadcasting station 5C is connected to the terminal 5CC that controls the broadcasting station 5C via a communication path 2 (communication network 2). Then, the terminal 5C has a storage device capable of having a blockchain portion like the terminal 3A, is connected to the network 20 via the control terminal 5CC that controls the terminal 5C, and connects the terminal 5C and the terminal 3A to the network 20 and the communication path 3 The terminal 5C can have the same blockchain portion as the terminal 3A when it can be connected with. Then, the terminal 5C can broadcast the block number Bn and block data in the block chain portion of the terminal 3A, the block hash value, the time stamp / time information, and the time information by the clock of the terminal 5C. The terminal 5C may be a ground station or an artificial satellite broadcasting station.

<When the terminal 5C is a satellite terminal for a global positioning satellite system and BnTOTP can be broadcast together with positioning information for signal authentication for the global positioning satellite system>
It is also conceivable that the terminal 5C is an artificial satellite in outer space, equipped with an atomic clock or the like, and is a positioning artificial satellite for a global positioning satellite system (GNSS). The terminal 5C has a blockchain portion and is connected to the node terminal 3A of the blockchain via the wireless network 2.
Then, BnTOTP, which is an OTP based on the block number Bn, is calculated using the OTP token generation contract of the blockchain unit recorded in the terminal 3A and the terminal 5C, and the time information by the atomic clock or the like and Bn and BnTOTP are added to the broadcast signal of the terminal 5C. By attaching the token number and the user identifier, the broadcast signal of the GNSS satellite can be authenticated at the terminal 4A that receives the signal.
Here, the transmitted message and the MAC value of the message by HMAC may be concatenated and broadcast. Falsification of a broadcast message can also be detected by attaching the MAC value of one positioning data and message data including Bn and BnTOTP by HMAC to one positioning data and message data including Bn and BnTOTP.

The terminal 5C concatenates the blockchain section information including the OTP token contract possessed by the 5C, the block number Bn and the time information, the BnTOTP of the OTP token set exclusively for the broadcasting station 5C, and the HMAC MAC value of those messages. Can be broadcast. The terminal 5C broadcasts a signal including time information Bn, BnTOTP, a token number, and a user identifier, and the terminal 4A or the like receives the broadcast. The terminal 4A that has received the broadcast from four or more GNSS satellite terminals 5C performs position positioning by the global positioning satellite system GNSS. Further, the terminal 4A uses the BnTOTP value, the token number, the user identifier, the block number Bn (and the contract identifier of the OTP token and the blockchain ID as necessary) and the MAC value received from the terminal 5C to determine the true time information and its signal. Verify false and authenticity and authenticate broadcast data.
The positioning signal is broadcast from the GNSS satellite 5C to the terminal 1A and the terminal 4A by radio for positioning, and in addition to the time information necessary for positioning known position information, the time of the block number Bn and the block number Bn. A positioning system that performs positioning by multiple broadcasting station satellites 5C, equipped with a means that can confirm the authenticity of GNSS positioning broadcast data by attaching an authentication password BnTOTP that changes dynamically due to changes to the signal. It can be used for positioning devices and positioning methods.

The intention and aim of attaching the OTP by BnTOTP of the present invention to the GNSS satellite is to determine whether the signal of the GNSS satellite is spoofing fake signal information or true GNSS signal information with time information and Bn. It is determined by attaching BnTOTP, a token number, and a user identifier. The OTP authentication system of the present invention can be used to counter spoofing and hacking of GNSS signals. Such a usage pattern of the present invention may be used for improving security in navigation of airplanes, ships, automobiles, unmanned aerial vehicles, unmanned aerial vehicles, and the like.

The artificial satellite 5C used for GNSS has a secret key 501C, a BnTOTP, a block number, an OTP token number dedicated to 5C, and a secret value KC3011A recorded in the recording device of 5C. Among them, BnTOTP, block number Bn, and user identifier. The terminal 5C broadcasts the token number.

The user identifier is calculated from the 5C private key 500. The token number is also set by the GNSS administrator. An artificial satellite identification number, an aircraft number, a serial number, etc. of the terminal 5C are assigned to the token number, and a user identifier calculated from a private key managed by a business operator providing the GNSS service can be used as the user identifier. Each artificial satellite may have a different secret key and user identifier, or a single private key owned by the business operator may be recorded and used in the storage devices of a plurality of artificial satellites. It is necessary to assign OTP tokens with different token numbers to each of the four or more artificial satellites used for positioning in GNSS, generate different BnTOTPs among the satellites, and attach them to the broadcast data.
As an example, when the private key of one positioning artificial satellite terminal 5C is the same as 101A and is the OTP token of the token number TIDA, BnTOTP = fh (user identifier A, aircraft number and token number TIDA, KC value). , Block number Bn). As for the KC value, the administrator of the GNSS satellite terminal 5C sends a transaction instructing the blockchain portion of the terminal 3A to change the KC, and the KC value of the blockchain contract of the terminal 5C connected to the terminal 3A also changes.
The one-time password code BnTOTP using BnTOTP = fh (A, TIDA, KC, Bn) is executed by the blockchain unit (5000C and 5100C) of the broadcasting station terminal 5C to execute the OTP generation function 3009A to generate BnTOTP as OTP, or Obtained by executing the OTP generation function 3009A of the OTP token contract of the blockchain node 3A from network 2 or network 20, and distributed by attaching the main body data, time information, block number, and BnTOTP to the data to be broadcast / distributed. Alternatively, the authenticity and authenticity of the broadcasted information / data can be confirmed.

Here, an embodiment in which BnTOTP is used for GNSS broadcasting is shown, but OWP = fh (A, TIDA, KC, BC) may be attached to the data to be broadcast / distributed instead of BnTOTP (in this case, BC). May be broadcast). However, in the case of BnTOTP, a new data block is connected to the blockchain in 15 seconds or 180 seconds and Bn is automatically updated, but in the case of OWP, the contract administrator can set the KC value or BC value at any time. Need to be changed.
The update time of the block number used for BnTOTP is not limited to 15 seconds, but may be 30 seconds, 60 seconds, or 600 seconds (10 minutes), and Bn may be increased periodically at a certain time (a new transaction on the basis of the blockchain). The concatenation time of block data including can be changed in any number of seconds). Even when using OWP, the contract administrator may change the KC value and BC value on a regular basis. It may be preferable to build a blockchain dedicated to GNSS whose block number changes every 10 minutes.

There are a plurality of GNSS broadcasting stations 5C, specifically, four positioning satellite terminals 5C, each of which is set with a different user identifier / token number or the same user identifier / token number, and the four terminals 5C are known. In addition to the positioning information of the positioning method by GNSS, BnTOTP (the user identifier / token number used when calculating BnTOTP may be attached, or may be recorded in advance in the information using GNSS of the terminal 4A. ), Block number Bn, and if necessary, the MAC value of the broadcast message by HMAC is attached and broadcast. Broadcasting may be performed once or more while the block number changes. For example, when the block number Bn changes in 180 seconds, the GNSS satellite 5C may send one to several times within 180 seconds.
If the length of the GNSS message data is not enough, increase the time for the block number Bn of the blockchain part corresponding to GNSS to change. For example, when the block number Bn changes in 600 seconds instead of 180 seconds, the positioning information After the navigation message data is transmitted, the OTP authentication data (user identifier, token number, block number, BnTOTP, HMAC MAC value) of the present invention is broadcast for 30 seconds, the navigation message data is broadcast again, and the navigation message data is broadcast alternately. By doing so, the authentication information may be attached in the middle of the broadcast.

Assuming that the present invention is used for GPS (Global Positioning System) in the United States as a known example of GNSS, four or more GPS satellite terminals 5C (space segments) for measuring position information are used in space. Arranged in the orbit of each satellite, there is a ground control station 5CC (control segment) and a GPS receiver terminal 4A (user segment), and terminal 5C, terminal 5CC and terminal 4A are blockchain node terminals 3A through network 20. The blockchain unit of the terminal 5C is synchronized with the terminal 3B or the like.
Alternatively, relying on the accurate atomic clock of the terminal 5C, assuming that Bn matches with all GNSS satellite terminals 5C, set the block number Bn to be increased every 300 seconds, and set the ground control station 5CC and the satellite terminal several times a year. Synchronize with 5C, check if the time and Bn can be increased correctly, and if the KC value is changed or updated, share the data with all GNSS satellite stations 5C and synchronize the blockchain section.
At this time, the terminal 4A authenticates the BnTOTP included in the broadcast received from the terminal 5C using the authentication function 3018A of the node terminal 3A of the blockchain, and the terminal 4A uses the broadcast data of the four GPS satellites in which the correct BnTOTP is recorded. The position of can be positioned.

In GPS, for example, navigation message data 1500 bits is 30 seconds, authentication data is 1280 bits when one variable is 256 bits and 5, so within 30 seconds, and 2780 bits when both are connected and broadcast in order is 60 seconds. Broadcast over. When a blockchain with a block number Bn that changes in 600 seconds is constructed for a GNSS satellite, the same BnTOTP data can be sent 10 times, and the user terminal 4A detects any of these 10 times and BnTOTP is detected. By verifying with the authentication function and obtaining the authentication result, it is possible to know whether the received satellite 5C data is correct data or whether it is suspicious data such as spoofing.
Alternatively, it is conceivable that the authentication data is not attached to the navigation message data each time. When using a blockchain that increases Bn by one in 600 seconds, the navigation data that is broadcast for 30 seconds in 600 seconds is broadcast 20 times, but within the broadcasting frame of the 20 navigation data, for example, about 4 times is 1280 bits 30 seconds. It may be broadcast as a broadcast frame of the authentication data of. If navigation message data with authentication data broadcast four times in 600 seconds can be received and OTP authenticated, the authenticated position and time can be measured.

When the satellite terminal 5C and the terminal 4A are disconnected from the network 20, the block numbers Bn and BnTOTP are calculated based on the clock such as the atomic clock mounted on the terminal 5C and the OTP generation function 3009A in the storage unit, and Bn. And BnTOTP, message data, and their MAC values are attached and broadcast to a user segment terminal such as terminal 4A.
Next, in the terminal 4A, the authentication function 3018A capable of calculating BnTOTP = fh (A, TIDA, KC, Bn) and software in which the KC value is recorded, or BnTOTP = fh (A, TIDA, KC, Bn) is calculated in advance. The authentication functions 3018A, 3018A and the function of the terminal 3C in which the KC value is recorded may be provided in the 423A of the communication device 42A for receiving the GNSS signal.
When OWP is used instead of BnTOTP, the authentication function 3018A that can calculate OWP = fh (A, TIDA, KC, BC) and the software in which the KC value is recorded, or OWP = fh (A, TIDA, KC, BC). The authentication function 3018DA capable of calculating the above and the function of the terminal 3D in which the KC value is recorded may be provided in the 423A of the communication device 42A for receiving the GNSS signal.
Software in which the authentication functions 3018A / 3018DA and the KC value are recorded may be provided in the software 403A.

The user terminal 4A receives a positioning signal broadcast by a plurality of (four or more) satellite terminals 5C using 423A or 422A of 42A of the terminal 4A, processes the received signal, and measures the distance between the satellite and the receiver. Then, the position is calculated from this. Then, the current position is temporarily assumed according to the position calculated based on the positioning information of the positioning method by the known GNSS (up to this stage, it is the same as the existing GNSS, and if the OTP authentication system of the present invention cannot be used, The location information at this stage is used). After that, the process shifts to the OTP authentication process of BnTOTP broadcast by the terminal 5C.

In the OTP authentication process of BnTOTP broadcast by the terminal 5C, the block numbers Bn and BnTOTP (or the user identifier used when calculating BnTOTP) attached to the positioning information sent by the artificial satellite terminal 5C received by the terminal 4A are used. -If the token number is also attached, use the OTP authentication function 3018A to authenticate (using the user identifier and token number), and determine the authenticity / authenticity of the data broadcast by the terminal 5C from the return value of the authentication function. do.

The user identifier token used when calculating BnTOTP for the authentication function 3018A set by the administrator of the terminal 5C of the terminal 3A via the network 20 in order to determine whether the positioning information received from the terminal 5C in the terminal 4A is correct. When the number, block number Bn, and BnTOTP are passed as arguments to execute 3018A, and the return value is the return value when the OTP is correct (when the BnTOTP is the true value), the broadcast of the broadcasting station 5C is broadcast. The terminal 4A records what is expected to be correct, and notifies and displays the user.
When the return value of 3018A is an incorrect return value (when BnTOTP is a false value), the user is notified / displayed that the positioning information related to the broadcasting station 5C is false information that cannot be OTP authenticated. Let me.
When the data information broadcast by the terminal 5C cannot be OTP-authenticated and is incorrect, the subsequent processing is entrusted to the service or software using GNSS with the authentication function of the present invention, but it is authenticated in the field of automobiles where location information is important and their driving. It informs that the location information is not available, waits to receive the signal of the new GNSS broadcasting satellite 5C different from the terminal 5C that performs incorrect broadcasting, authenticates the signal received from the new terminal 5C, and authenticates. It is conceivable to increase the number of terminals 5C that have been used and then perform positioning.
Even if the authentication result of the received signal is incorrect (if it is a spoofing signal), it is dangerous to suddenly stop a car running on a public road and switch to another course. It may be necessary to entrust the maneuvering user to perform driving and maneuvering after displaying and informing the user that there is a signal that cannot be authenticated in the positioning signal.

<When attaching the location and time of the location and time of authentication of the broadcast data of broadcasting station 5C>
The user terminal 4A records the position information and time information authenticated by the OTP authentication of the present invention of 4A from four or more terminals 5C and the block numbers Bn and BnTOTP to be broadcast by the four 5Cs in plain text data, and the secret key 401A and the like. An electronic signature or HMAC for tampering detection can be applied to plain text data, an electronic signature or MAC value can be created and attached to the plain text data, and the time and position at which the plain text data was created can be stored in a authenticated state.

The user terminal 4A uses plain text data (plain text content data or manuscript data) for the location information and time information authenticated by the OTP authentication of the present invention of 4A from four or more terminals 5C and the block numbers Bn and BnTOTP to be broadcast by the four 5Cs. ), The digital signature for tampering detection and HMAC are performed on the plain text data using the private key 401A, etc., the electronic signature or MAC value is created and attached to the plain text content data, and the time when the plain text data 4035A is created. It may be created as plain data 4035A that can detect falsification with an electronic signature or MAC value stored with the location authenticated, and the 4035A is encrypted using the software 403A by the OTP token assigned to the private key 401A. It may be possible to change it.
The plaintext data 4035A may be recording / audio data or recording / video data related to coverage. The OTP authentication system of the present invention simply certifies the creation location / creation position information and creation time of the manuscript text / manuscript data (images such as photographs and design drawings, recorded moving images / recorded audio) of the plaintext data 4035A.
The block number Bn to be entered in the above 4035A is Bnp, and Bnp is Bn when BnTOTP is acquired. It can be published by distribution using the network 20 or the like and output to the outside of the terminal.
The OTP authentication function 3018A of the OTP authentication contract and the authentication function 3018DA of the terminal 3D that verifies the authentication are provided with an authentication function for authenticating in the form of BnTOTP = fh (A, TIDA, KC, Bnp), and the 4035A is a user identifier. A and the token number TIMA may be entered.
The published encrypted data 4034A of 4035A is distributed, and when there is an OTP token of token number TIDB to decrypt it and a customer user UB having AKTB and software 403A, plaintext data 4035A is viewed. Then, the customer user uses Bnp, BnTOTP, and the token number TIDA recorded in the plain text data 4035A, and if the user identifier A is entered, it is used, and if it is not entered, the user who created the manuscript is inquired and the user identifier is used. Obtain A, pass A, UIDA, and Bnp to the arguments of the authentication function so that the OTP authentication function can perform calculations in the form of BnTOTP = fh (A, UIDA, KC, Bnp), execute the authentication function, and obtain the authentication result. It is possible to obtain the time and position information created in the above. The created location information may be the one that describes the accurate latitude and longitude using GNSS etc., or prefectures and cities, towns and villages (states, provinces and cities, towns and villages overseas) based on the map information from the latitude and longitude information for privacy protection. It is also possible to describe the approximate position instead of the detailed position so that it can be understood.

<Broadcasting of data files from broadcasting station 5C>
Broadcasting station 5C is a terrestrial station or an artificial satellite station, which is an amateur station and a commercial broadcasting station, and is a data broadcasting station that broadcasts text and software data such as newspapers and magazines, and a radio broadcasting station that broadcasts audio. , It may be a television broadcasting station that broadcasts audio and video. It may be a broadcasting station 5C capable of broadcasting data that can be broadcast as mass media.

Here, the aim of using broadcasting station 5C for distribution of text, audio, and video files is to encrypt video data (audio / video data that tends to have a larger data capacity than book data) for users who have viewing rights with OTP tokens. When the data 4034A is delivered live (live), the load on the communication capacity of the public bidirectional network 20 is not applied.
However, in the event of an emergency such as a disaster, the public broadcasting station 5C will send a signal to decrypt the audio radio broadcast viewing software such as software 403A and audio / video television vision viewing software and the broadcast data of plain text data 4035A. It is necessary to be able to broadcast.
Also, rather than transmitting duplicate content information (information such as popular songs and video works) to users via a two-way network 20, it is better to transmit data in a one-to-many format by broadcasting to reduce the load on the network 20. Communication capacity can be allocated to services such as communication between blockchain nodes that require connection and two-way communication, e-mail, Internet banking services (financial services), and membership services using websites.

Specifically, a case where the present invention is assumed to be used for broadcasting audio and video files such as radio broadcasting and television broadcasting will be described. The radio and radio station 5C used for broadcasting may be for business use or for amateur use. When broadcasting to many areas over a wide area, the range that the electromagnetic wave of one broadcasting station radio can reach is finite, and it is installed in the form of a broadcasting station 5C, a transmitting station 5C, etc., which are different for each area. The user terminal 4A acquires an OTP generation token for viewing the encrypted data broadcasting of the nearest radio station 5C.

The broadcasting station 5C encrypts the data of the radio or television program with the common key TTKY4033A unique to the broadcasting station 5C and transmits the encrypted data 4034A to the nearest user terminal 4A to which the radio wave reaches. Then, the server terminal 3A and the terminal 4A are connected via the network 20 by the software 403A that decrypts and browses the broadcast encrypted data 4034A, BnTOTP is generated and authenticated, and the return value CTAU4031A of the authentication function is obtained.
Here, the software 403A may generate and authenticate the OWP using the OTP token that can acquire the OWP instead of the BnTOTP, and obtain the return value CTAU4031A. The TTKY4033A can be generated using the 4031A and, if necessary, the 4032A and the key information 40302A inside the 403A, and the broadcast data encrypted by the TTKY4033A can be decrypted and viewed.

When using OWP, the contract administrator informs the broadcast recipient that the KC value and BC value that produce OWP will be updated at a certain time such as every year according to the instructions of the broadcasting station, and the reception contract is renewed. It is possible to notify the user who can perform the OWP after updating the KC value and the BC value by mail without using the network 20. The OWP notified by mail is input to the software 403A of the terminal 4A such as a television type, and if the authentication result is correct, the broadcast data can be decoded. The updated KC value and BC value at this time are included in the broadcast data, and may be automatically updated when 4A receives the broadcast data. When using OWP, the target is a user who cannot connect the terminal 4A to the network.
Since the user terminal 4A connected to the network 20 can connect to the blockchain terminal 3A using the software 403A to generate and authenticate the OWP, the notification of the OWP by mail is unnecessary. Further, when the network 20 is always connected, both OWP and BnTOTP can be used.
The TTKY4033A that encrypts or decrypts the content can be changed by rewriting the CTAU4031A of the OTP token contract, which is the viewing right of the broadcast, by the contract administrator terminal 1C according to the instruction of the broadcaster. For example, by updating the BC value of OWP and CTAU4031A every year, a user who has a viewing right of a broadcast can continue browsing, and a user who does not have a viewing right can prevent the browsing.

In order to prevent users who do not have viewing rights from viewing, the OTP generation function of the OTP token has a mapping variable that determines the validity / invalidity of the OTP token as a key, and if the mapping variable is valid, OWP It is preferable that the administrator of the contract can rewrite the OWP through the terminal 1C so that the display is displayed and the OWP is not displayed if it is invalid.
Alternatively, a method of constructing a blockchain section dedicated to broadcasting and deploying a new OTP token contract every year is also conceivable. By changing the KC value when a new OTP token contract is deployed every year, the TTKY4033A that encrypts using the software 403A is changed. The OTP token is distributed to the user identifier with which the contract is made (to the corresponding private key 401A) so that the OTP token can be viewed.

The reason for using the password OWP is that if the network 20 is disconnected due to a communication failure or disaster, the user terminal 4A may not be able to connect to the server 3A temporarily. In such a case, the contract is renewed every year. If it is a method, even at the moment when a disaster occurs, the password does not change depending on the block number Bn like BnTOTP, and OWP can notify by mail etc. and it can be obtained even by people who can not use the network. There is a possibility that it can be handled (things that can be handled in about one week to one month).

When there is a terminal 5CC that can be synchronized with the blockchain node 3A via the network 20 and an artificial satellite broadcasting station 5C such as GNSS, the broadcast data of the terminal 5C includes the block number Bn, and the KC value or CTAU4031A is included in the software 403A. If the part that generates and authenticates the OTP is obfuscated, encrypted, concealed, recorded, and installed, the software 403A may be able to calculate the TTKY4033A from the block number Bn and CTAU4031A and receive the encrypted data broadcast. No.

A specific example is shown. An amateur station applies for opening, and a membership-type token that allows viewing of encrypted data broadcasts broadcast by amateur stations is issued on the blockchain of server 3A as an OTP token and its generation authentication contract in the system of the present invention. OTP tokens can be distributed among users. If there is an OWP that can be viewed by a person holding a token and the software CRHN403A that uses it for authentication, data decryption, and viewing, data can be decrypted and viewed.
It can also broadcast audio and video data, and is used in the form of publications such as newspapers and magazines, statutory books, textbooks, and computer software (educational software, operating software, office software, game software). Can also be sent. The user can receive encrypted data, record or record it, record a book or software data, decrypt it with the authentication system of the present invention, view it, view it, install software, and so on. Encrypted content data can be downloaded and used in the form of receiving broadcasts.

As a concern in this usage pattern, it is conceivable that a communication failure occurs due to unseasonable weather or the like, and the radio signal from the broadcasting station 5C does not reach the terminal 4A. In addition, there is a risk that noise will be mixed in the broadcast data due to defective broadcasting equipment. In the case of video or audio data, it may be established as a broadcast program even if it contains noise (it may have to be established). However, in the case of magazines, newspapers, or computer program data, there is a risk that they will not be viewable due to noise or that software will not work. As a countermeasure, broadcast the same content multiple times on different dates and times (rebroadcast), and in the case of satellite broadcasting, use high-throughput satellites that increase the communication speed (communication capacity, capacity) of satellite broadcasting. It is preferable to take measures such as using error correction technology.

In the previous example, the case where one TTKY4033A is used for the encrypted broadcast data 4034A of one amateur station is described. Even if the data is the same plaintext data or content data 4035A, tokens and OWP are assigned corresponding to the number of different amateur stations, and the data is encrypted by TTKY4033A and transmitted.
When sending encrypted data using satellite broadcasting using satellite broadcasting in one country or on a global scale, for example, it is encrypted using a common OTP token, OWP, and TTKY4033A and sent to the user only if the right holder of the content permits. You can also do it. (However, when encrypting using the same TTKY4033A on a global scale, there is a risk that the encrypted data stored all over the world will be viewable when the TTKY4033A leaks. Therefore, by station, by broadcasting network, by region, It may be preferable to use OTP tokens, software 403 versions, OWP / BnTOTP, and TTKY4033A for each country.)

<Distribution and live distribution of two-way communication encrypted data>
It is possible to encrypt content that has a live distribution element (live broadcast distribution element) such as web meeting software and online games. The software 403A may be used to record and encrypt live distribution data such as meetings, distribute it via the network 20, transmit the encrypted data to the distribution destination, decrypt it, and view it, or the terminal as a distribution site. You may log in to the website / web application using 3C (server terminal SVLogin).

When distributing the encrypted data using the software 403A or the terminal 3C, the block cipher method and the stream cipher method may be used as the encryption method of the encrypted data. Both the block cipher method and the stream cipher method perform encryption by common key cryptography on plaintext data to generate encrypted data. Patent 2760799 is a known block cipher used for broadcasting television. The AES method can also be used. Similarly, for live distribution by broadcasting from the terminal 5C, a block cipher method and a stream cipher method may be used as the encryption method.

<Encryption of data exchanged over the Internet communication network, in unencrypted communication paths>
A case where the OTP authentication code of the present invention is used as a data encryption key for website communication instead of SSL encrypted communication (SSL / SSL encrypted communication) will be described. Software 403A showed that encrypted data is distributed from user UC to user UA, for example, but it is done from user UA to UC, and UA and UC mutually perform encrypted data to use for encrypted communication. Connect.
Here, TLS is an abbreviation for Transport Layer Security of Transport Layer Security Protocol and is the RFC8446 standard. SSL is an abbreviation for Secure Socket Layer.

As a specific example, there is a smart contract of the present invention in browsing a web page, and in that contract, a function is provided so that the user UA and the contract administrator UC can generate and authenticate the one-time password BnTOTP for the token number TIDA of the OTP token. Is set and the UC can obtain the BnTOTP of the UA token number TIDA (the UC can call the UA's OTP generation function to see and share the BnTOTP).

Normally, the OTP generation function is designed so that it can be called from the user identifier of the owner of the OTP token and its private key as described in the flowcharts of FIGS. 6A and 6B, but depending on the application, the service that is the administrator of the contract. The provider may also be able to call the OTP generation function using the private key 101C of the administrator terminal 1C. However, if the OTP generation function of the customer's OTP token can be called by the contract administrator, it is necessary to specify it in the service agreement when making a contract to issue the OTP token, and the KNBN variable of the OTP token. It is also necessary to explicitly describe in 3024A.
The OTP token of the present invention has the right to log in to the website of the terminal 3C, the admission ticket 18A presented on the terminal 3D, the unlocking key 19A for locking, and the viewing / use / ownership right to decrypt the encrypted data using the software 403A. It is intended to be owned by a user, and the basic and principle is that only one user who has a private key to which an OTP token is assigned calls the OTP generation function.
It is not a normal embodiment that the OTP generation function can be called from two or more private keys, but it can also be implemented.

Next, on the website operated by UC, the web page is encrypted by using BnTOTP as the key of the common key encryption such as the AES method for UA, and the encrypted data CRYPTWEBPAGE is generated. Then, the encrypted data CRYPTWEBPAGE is sent to the computer terminal 1A of the user UA through the network 22 having an unencrypted route. Here, it is assumed that the UC can browse the BnTOTP value (OWP value) generated by the token number TIDA of the UA communication encryption OTP token by the OTP generation function 3009A.
The user UA can also decrypt the encrypted data CRYPTWEBPAGE using the BnTOTP (OWP value) of the token number TIDA and browse the plaintext web page. Similarly, when sending a message to the UC, the user UA acquires the BnTOTP of the token number TIDA from the OTP generation function, uses it for encryption, and sends the encrypted data CRYPTWEBPAGE to the server terminal of the UC website through the network 22.
The UC uses the sent encrypted data CRYPTWEBPAGE as the key to decrypt the BnTOTP by calling the BnTOTP value (OWP value) generated by the token number TIDA of the OTP token for communication encryption of UA by the OTP generation function 3009A. By decrypting the CRYPTWEBPAGE and obtaining the plain message of the UA, the UA and the UC perform encrypted communication on the network 22. As described above, the present invention can be applied to the field of encrypted communication.
(However, even in this case, the communication in the process of UA and UC obtaining BnTOTP from the blockchain must be separately encrypted and concealed. In the process of UA and UC first obtaining BnTOTP from the blockchain. Communication may require encryption based on public key encryption using the private key of UA and UC. A concealed blockchain infrastructure is also required.)

<Unauthorized access information monitoring function>
In the authentication system of the present invention, when the secret key 101A of the terminal 1A (the secret key 401A of the terminal 4A) is leaked and it is investigated whether the server terminal 3C, the terminal 5A, or the like is illegally accessed, the terminal 3C or the terminal that provides the service is used. In the function of storing and monitoring the IP address and location information of the terminal 1A accessing 5A and the ID information unique to the terminal 1A in the server 3C, 5A, etc.
The ID information unique to the terminal 1A is provided with an accelerometer, a gyro sensor, a magnetic sensor, a pressure sensor, a temperature sensor, and an illuminance sensor that can be included in the sensor 144A in the input device 14A included in the 1A.
It is conceivable to store the measured values derived from the physical quantities measured by one or more of the sensors in the server.

Information on sound sensors such as microphones and input devices such as cameras, pointing devices, and keyboards may also be included in 144A, but using these may lead to invasion of privacy and excessive collection of personal information. The inventor does not recommend it. Reading and collecting keyboard and pointing device information is not recommended as it can lead to reading input data.

IP address and location information may lead to individual identification, but pressure sensor information, temperature sensor information, magnetic sensor (magnetic compass) information, etc. are physical information derived from the location and environment of each user and terminal. Yes, this is used for fraudulent detection of the private key. (IP addresses, device IDs of terminals, operating systems, and software information of terminals such as web browsers are collected when recording data such as Fig. 6X in order to protect customer assets when conducting important transactions such as for financial purposes. You may need to use it.)

An attacker who attempts to illegally use the leaked private key 101A can see in FIG. 6X and the processing unit that checks whether the private key such as the server 3C (SVLogin) or server 5A (SVCRHNcm) mentioned above has been leaked and illegally accessed. If you do not check what sensor value the user is accessing to the server that has the database of the described access information, unauthorized access by spoofing is performed by imitating the sensor value and the physical quantity detected by the sensor. Can't.
By using the measured value derived from the sensor of the input device of the device 1A as the variable for detecting unauthorized access of the authentication system of the present invention as described above, personal information such as IP address and location information can be prevented while preventing unauthorized access. Detect fraudulent use in a way that is not based on.

In this usage method, the server that provides the service records the sensor value of the computer terminal such as the user's smartphone, and detects whether or not the sensor value does not match the same time, so the measured value of the sensor and the measured value Hashed values and anonymized values can be used for monitoring. When using the sensor value, a part of personal information is collected, but the server administrator can easily monitor the user's condition. It is useful for protecting personal information when using numerical values that have been hashed or processed by various operations based on the sensor values.

If there is only one user, a list of the combined value IPV of the user identifier of the server (3C, 5A, etc.) that provides the service, the token number and IP address of the user's OTP token, the location information, the terminal ID, and the value of the terminal sensor. It is considered normal access that the access information of the user identifier having one sensor value or IPV value and the user's OTP token is recorded for a certain time T. Then, when the user and the unauthorized accessor access at the same time, access information of different sensor values and IPV values is recorded for the information of the user identifier and the user's OTP token as shown in * 2 of FIG. 6X.
The server that provides the service can detect the access information and notify the user who owns the token of the abnormality, even if it has a control unit that blocks access if access of different sensor values continues at the same time. good. It may also have a recording unit for storing access data.

For example, at the same time, the temperature and pressure is 25 ° C, 987 hPa, the terminal 1A with a legitimate access right with the secret key 101A indicating the value of the geomagnetic sensor facing north, and the value of 30 ° C, 1010 hPa, the value of the geomagnetic sensor facing east. When there is an access from the terminal 1B that illegally obtained the private key 101A that attempts an unauthorized access, the server can determine that the access was made from a different environment. In addition to changes in the values of the temperature sensor and barometric pressure sensor, the orientation of the smartphone terminal that browses data or services from the accelerometer and gyro sensor after login, changes in gravitational acceleration, motion changes, illuminance, temperature, barometric pressure, humidity, etc. You can track changes in the environment.
In addition to the sensors, information on image pickup elements such as cameras, input data and measured values of sound sensors (microphones, microphones) can also be used, but this is not recommended because privacy is an issue for users. However, technically, the information of an image sensor such as a camera and a sound sensor can also be used as a sensor for the IPV value of the present invention. If there is no choice but to use it, the information of the image sensor, sound sensor, and microphone with the consent of the user is also used. When using the measured values of the camera or microphone for unauthorized access detection, it is particularly preferable to perform hashing or the like.
In the present invention, information on the camera, microphone, keyboard, and pointing among the input devices of the device 1A can be used. However, based on this patent, the input information of the camera, microphone, keyboard, and pointing device of the user's terminal 1A is information such as personal information and the PIN number output by the user for the purpose of monitoring the user's unauthorized access to the server in actual business. It is preferable not to use it because it may be used for unauthorized acquisition of private key information.

In the input device provided in the terminal 1A, the following sensors can be considered as a method of storing the measured values derived from the physical quantities measured by one or a plurality of sensors in the sensor group in the server 3C or the terminal 5A. The sensor includes a motion sensor, a position sensor, and an environment sensor, and an acceleration sensor (accelerometer) and a gyro sensor (angle velocity sensor) can be used as the motion sensor. A geomagnetic sensor or an accelerometer can be used as the position sensor. As the environment sensor, a humidity sensor, an optical sensor, an illuminance sensor, a pressure sensor, a pressure sensor, and a temperature sensor can be used.
Then, for a server having a processing unit for monitoring unauthorized use of a private key such as a server terminal 3C (SVLogin) and a terminal 5A (SVCRHNcm) at the time of authentication, a user's identifier A, a token number TIDA, a browsing time T, and browsing It is a system as a server that records the value IPV calculated from the historical information Cnt and the value detected by the sensor installed in the computer device in the recording device of the server and monitors the access from different IPVs. In the case of the terminal 3C for financial use, the browsing history information Cnt is preferably recorded even after the user terminal logs out because it records whether the access is from a different environment. When the user terminal logs in again, the terminal 3C is the user terminal. Determines whether you are logged in under conditions similar to the browsing history information Cnt recorded in the past, and if you log in from a significantly different environment, notify the user's contact information and perform OTP authentication or a preset second private key (eg) The OTP authentication may be performed by the OTP token derived from the first secret key 101A and the second secret key 101A2) for the multisig technology.

<Management of contracts on the blockchain>
The contract administrator UC of the OTP token issues a token to the identifier of the user who is qualified to access the blockchain node 3A and provide the service by the private key 101C of the terminal 1C.
Further, the KC value 3011A and BC value 3013A of the secret key information K value used for the OTP calculation of the OTP generation function 3009A, OTP authentication function 3018A and 3018DA of the contracts 3008A, 3008AG, 3008AA and 3008DA are rewritten by means such as the functions 3012A and 3012DA. Can also be updated. In addition, the variable 3024A that becomes a signboard (KNBN) can be changed.
It should be noted that authentication cannot be performed unless the same key values K and T are used in the one-time password generation function and the authentication function of the present invention.
In the service of the terminal 1A accessing the server terminal 3C or the purpose of decrypting encrypted data using the software 403A, the terminal 1A accesses the blockchain node terminal 3A via the network 20 according to the program of the 403A and OTP (OWP, BnTOTP). Can be obtained.
The terminal 3A accepts the access of the administrator terminal 1C, the terminal 3A receives the transaction of the change of the KC value 3011A, and the KC value can be changed by connecting to the blockchain. Authentication by OTP that reflects the rewritten KC value can be performed. On the other hand, in the service using the terminal 3D, the contract manager UC provides a means for rewriting and updating the K value KC value 3011DA and BC value 3013DA.

As an example, for the OTP generation function and OTP authentication function that the user UA accesses using the private key 101A, the seed values of the one-time password used by the OTP generation function and the OTP authentication function are KC in the case of TIDA, KC, Bn, and A. The value 3011A must be set and synchronized so that both the OTP generation function and the OTP authentication function have the same value or the same data. If they are not synchronized, the generated password and the password calculated inside the authentication function do not match, and one-time password authentication cannot be performed.

The KC value 3011A can also be programmed so that it is written when the contract is recorded in a block with a blockchain and then no rewriting is performed. Further, the KC value 3011A can be changed only by the contract administrator. The handling of the KC value 3011A is by the contract administrator. When the KC value 3011A is changed to an arbitrary time by the contract administrator, it can be regarded as a variable having the same role as the BC value 3013A used in the calculation of the password OWP.

In order to make it difficult for the KC value 3011A to collide with the OTP value of the OTP token with other smart contracts using the present invention, for example, the identifier or service name of the OTP generation contract, or in the case of content such as a book, the name of the content ISBN or the like. It is preferable to use the KC value 3011A calculated based on this.
It is troublesome to set a large value for a KC value having a similar KC value, for example, a capacity of 256 bits (an unsigned integer value can express an unsigned integer value including 0 of 2 to the 256th power). For reasons such as 0 to 255 (2 to the 8th power), and even recording KC values in the range of small integers such as 0 to 10, if operations such as recording KC values are performed with multiple OTP token contracts, the OTP value May collide.
A specific example will be described. In the OTP token of the token number 9876 of the user identifier A of the login service of a certain member site, when the number of the OTP token for login of different Internet banking is 9876, the KC value of the contract of the OTP tokens of both services is set to 123 or the like. When the hash function was also deployed to the blockchain with the same blockchain identifier using SHA-1, the OTP was calculated as BnTOTP = fh (common A, TIDA = 9876, KC = 123, common Bn), and the result. As a result, a matching OTP is calculated between two OTP tokens for different services.
The same thing can happen not only with BnTOTP for website login but also with OWP for locking. Therefore, it is necessary to make the KC value a unique value in order to avoid matching / collision of OTP values of OTP tokens with different services. As one of the means, include contract identifier information or process contract identifier information to anonymize it. It is desirable to use it as a part of the KC value.
A plurality of KC values may be set in order to complicate the KC values and prevent the OTP values of the OTP tokens from matching. There may be multiple KC values instead of one. For example, the first KC value may be an arbitrary value by the contract administrator (a value generated by a pseudo-random number generator or a processed version thereof, or the administrator can think of it. The second KC value is set by the contract administrator to set the contract identifier of the OTP token (or the value obtained by processing and anonymizing it), and the third KC value is used to update the key value. It may be a value of the same variable type as the BC value.

KC and BC values do not limit the data type. It may be an unsigned integer type or a character string type, and variables corresponding to KC values and BC values may be included in a plurality of contracts and used for OTP calculation.

In the present invention, the hash function fh uses a hash function called SHA256 of SHA-2. The SHA256 hash function obtains a 32-byte hash value BnTOTP or OWP for a message created based on the user identifier A, the token number TIDA, the secret variable KC, the block number Bn, and the BC changed by the contract administrator, and obtains the BnTOTP or OWP. Is used for OTP. The hash value BnTOTP or OWP may be used as it is for OTP, or the hash value may be further calculated and processed by any method to obtain OTP.

The use of hash functions such as SHA-1 for which hash function collisions have been found (or are suspected) in OTP calculations is not recommended. And if a known hash function fh vulnerability is discovered at some point in the future, it may be necessary to take measures against the hash function vulnerability in the OTP token contract or the base of the blockchain.
If there is a problem with the hash function used to calculate the block hash Bh on the blockchain infrastructure (for example, Ethereum uses Keccak-256 as the hash function), it may be necessary to switch the blockchain infrastructure. It cannot be said that there is no such thing.
When the above problem occurs, the method of generating and authenticating OTP using the contract of OTP token and the holder information of OTP token can be obtained by using a blockchain or directional non-circular graph using a non-vulnerable hash function. It may be necessary to post the OTP token contract and OTP token holder information to the new distributed ledger system used.

The hash function fh that generates and authenticates the OTP token may be changed to any type by the contract administrator. For example, the hash function fh may be changed from SHA2-256 of SHA-2 to SHA3-256 of SHA-3 after deploying the contract. At this time as well, OTP authentication cannot be performed unless the types of the hash function fh used for the OTP generation function and the OTP authentication function are matched, as in the case of the KC value.

<Comparison of processing contents related to one-time password calculation between RFC6238 standard and the present invention>
In the RFC6238 standard, the key value K and the T value that changes depending on the time are used as arguments of the hash function to calculate the one-time password, and the hash value is obtained and used for the generation and authentication of the one-time password. According to the RFC6238 standard, the counter C is replaced with the counter based on the time T in the one-time password standard of the HOTP method based on HMAC. Next, the formula for calculating TOTP is shown.
TOTP = HOTP (K, T)
= Truncate (HMAC-SHA-1 (KT))
Here, Truncate is rounding. The present invention is not limited to the hash function combined with HMAC in RFC6238. In the present invention, either a hash function or a hash function combined with HMAC can be used.
Specifically, in addition to the hash function used in the base of the blockchain (Keccak-256 used in Ethereum), SHA-3, HMAC-SHA3, SHA-2 (SHA2566, SHA384, SHA512), RIPEMD-128 / 168, MD5, SHA-1, etc., HMAC-SHA-3, HMAC-SHA-2 (HMAC-SHA256, HMAC-SHA-384, HMAC-SHA-512), HMAC-RIPEMD-128 / 168, HMAC-MD5, HMAC-SHA -1 and so on. The above-mentioned specific function group is based on the hash function even when HMAC is used, and uses the property of a one-way function of the hash function. There is no change in the function of calculating a digest value that can be regarded as a thing and using it as a password.

In the present invention, the RFC6238 standard is referred to, and the K value and the T value used in the standard are changed with the variable TB (preferably the block number Bn or BC that can be changed by the contract administrator at a certain time) that changes at the time on the blockchain. Use the K value (secret key KC value, token number TIDA, user identifier A, etc.), access the blockchain contract using the hash function fh, and use the OTP token of the token number TIDA held by the user identifier associated with the contract. It is characterized by being used in a blockchain-based time-based OTP authentication system that generates and authenticates OTPs.
The formula for calculating the one-time password BnTOTP of the present invention is as follows. The password BnTOTP-N, which is an n-digit integer, is also shown below.
BnTOTP = fh (K, T)
= Fh (KC, TIDA, A, Bn) * Specific example.
BnTOTP-N = Truncate (fh (KT))
= Unit (fh (KC, TIDA, A, Bn)) mod 10n * Specific example, when BnTOTP is converted to an unsigned integer, divided by 10 to the nth power, and the remainder is used as a password.
Here, Unit (X) is a function that converts the argument X to an unsigned integer.

<Comparison of processing contents related to calculation of BnTOTP and password OWP>
One example of the calculation formula of the one-time password BnTOTP using the T value that changes with time as the Tm value and the block number Bn of the present invention as the Tm is as follows. Tm is the same as TB.
BnTOTP = fh (K, Tm)
= Fh (KC, TIDA, A, Bn) * Example: On the other hand, use a BC value that can be changed by the contract administrator at a certain time (or a BC value that can be rewritten by a user who has the authority to change BC). An example of the calculation formula of the password OWP of the present invention is as follows.
OWP = fh (K, Tm)
= Fh (KC, TIDA, A, BC) * Example

The passwords OWP-N and BnTOTP-N, which are n-digit integers, are shown below.
BnTOTP-N = Unit (fh (KC, TIDA, A, Bn)) modding 10n
OWP-N = Unit (fh (KC, TIDA, A, BC)) modding 10n
Since OWP-N and BnTOTP-N use a remainder r, they can be paraphrased as OWPr, BnTOTPr, or OTPr which is a generic term for them.
Here, an example of dividing by 10 to the nth root is shown, but consider a case where the remainder is obtained by dividing by the Nth root of Y instead of 10 to the nth root. The value m obtained by type-converting OTP such as OWP or BnTOTP into an unsigned integer is defined as the divisor m, and in addition to 10, an integer obtained by multiplying 2 or more unsigned integers Y such as 2 or 3 or 11 by 1 or more unsigned integer N to the Nth power. Is a divisor n, the remainder r when the divisor m is divided by the divisor n is calculated, and a processing unit and a storage unit using the r as an integer value OTPr can be provided in the contract. When the integer value r when OTP is converted to an unsigned integer and the remainder is obtained is OTPr, the following equation is obtained.
OTPr = m-qn
However, n = YN, preferably Y is an unsigned integer of 2 or more, N is an unsigned integer of 1 or more, q is a quotient, n is a divisor, m is a divisor, and r is a remainder.
For practical use as OTP, Y is preferably 10 or more and N is preferably 6 to 7 or more. However, depending on the application, Y may be 10 and N may be 2 or 4.
As a clear note, when Y is 2 and N is 1, OTPr outputs a value of 0 or 1 indicating whether it is an odd number or an even number as a pseudo-random number, and can be used as a pseudo-random number generator of 0 and 1. It may be, but it is not practical because if you apply either 0 or 1 to the one-time password OTP for website login, you will be able to log in.
Therefore, considering the case where the PIN number of a 4-digit integer is expressed by OTPr as an example, it is necessary to set Y to be 2 or more and N to be 14 or more and the divisor n = 214 = 16384.
If Y is 10 and N is 7 or 6, 7-digit or 6-digit OTP can be generated, and it is easy for the contract administrator to imagine the calculation of the integer OTP and the change in the number of digits. Therefore, in the embodiment of the present invention, 10 The remainder of the Nth power was used as the N-digit OTP (OTPr).

<About the blockchain platform>
During the operation of the present invention, it is conceivable that the blockchain portion may be updated or newly recreated every number of years due to technical or limitation of storage capacity. It may be necessary to update the blockchain part by changing the hash function that calculates the block hash of the blockchain part.
Therefore, in the OTP authentication system using the blockchain of the present invention, the administrator periodically records the OTP generation token contract, the program information of the OTP authentication contract, and the seed value KC and BC information recorded in the contract. Is particularly preferable.
Then, the user identifier A that is the owner of the OTP token, the token number of the OTP token, and the status information of the OTP token such as the URI attached to the OTP token are recorded, and the status information of the OTP token is also stored in the OTP token holder list. It is particularly preferable to create the information and store it in the storage device of the terminal 3C, the terminal 3E, the terminal 3F, the terminal 5A, the terminal 5B, the terminal 1C, and the user terminal 1A. It is preferable that the user terminal also retains the list information possessed by the possessed OTP token.

In the present invention, a smart contract is used as a mode for implementing a program having a function or a variable that is difficult to tamper with using a blockchain, a password is generated using a value Tm that changes at a certain time on the blockchain, and the previous period password is used as the terminal 3C. And the terminal 3D is used for authentication.
However, if the blockchain is maintained for a long time, for example, over 100 years, transactions accumulated for 100 years for contract data recorded in the blockchain 50 or 100 years ago for the latest block number. It may be necessary to execute the function of the contract including.

Not only the problem of the present invention but also the problem of the distributed ledger technology is that there is a transaction, and the response when the transaction is accumulated over a period of more than a person's life is unknown. Computational resources, terminal material resources, network resources, and power sources that drive systems must also be sustainable.
The operation record of Ethereum used in the examples as a blockchain platform is about 5 years at the time of writing this text, and it is a medium that can be used for more than 100 years like paper and can record information for 100 years. There is an unknown point. Ethereum has no track record of operating while accumulating transactions in a contract that has been in operation for over 100 years, and it is unclear whether smart contracts will work without delay in a distributed ledger database that has accumulated transactions for over 100 years.
However, unlike paper, it is difficult to tamper with existing server terminals, and it is characterized by being able to build a database system with a built-in contract that records time stamps related to time and block numbers corresponding to time stamps every moment.
As shown in the example of attaching authentication information to broadcast data in the GNSS satellite terminal 5C, objects and data can be tagged by the authentication system of the present invention to judge the authenticity of the data itself or the data, both digitally and in reality. OTP tokens that can be used for valuable specifications and tags used for admission tickets and locking / unlocking keys by displaying available OWP-type passwords, and for logging in to websites and decrypting encrypted data. BnTOTP type OTP tokens that can be used can be implemented.

The inventor is concerned about Markle Patricia on the blockchain platform when blockchains (or systems that can execute smart contracts while being tamper-resistant using directional non-circular graphs, etc.) have been in operation for over 100 years. There is a data structure represented by a tree, and the key / value pair is searched for and deleted by the calculation amount O (log (n)), but the amount of data in the blockchain increases with the passage of time, and the terminal 3A And 3B may consume the storage area of the node. There is a risk that the data search time and data search time for the Merkle Patricia tree database will take longer. Older contracts deployed with smaller block numbers (and the OTP generation and OTP authentication functions included in them) are harder to read from the blockchain, or take longer than expected to read and execute the function. I'm afraid it might be.
It may be possible to solve the problem when there are high-speed electronic computer terminals and computer terminals for data search based on quantum mechanics, and there are storage devices such as high-speed and large-capacity RAM and ROM, but that is not the case. When the blockchain platform is updated, the distributed ledger of the past distributed ledger system is archived, and the contracts in demand in the past distributed ledger are posted to the new distributed ledger platform to update the blockchain platform. May be required.

It is unclear what the complexity O (log (n)) will be when the state tree is 100 years or more instead of 5 years in the blockchain containing the contracts in which transactions are accumulated. (Ethereum uses a state tree of the Markle Patricia tree pattern.)
As the number of transactions contained in the database that composes the blockchain increases, the length of the block in the state tree or blockchain increases, and the amount of calculation required to search for the OTP generation function or OTP authentication function increases. , There is a risk that the amount of calculation required for the data search time will increase. In the present invention, the time required to execute the OTP generation function and the OTP authentication function of the contract that generates the OTP may increase.

Therefore, if the blockchain unit can detect a contract with many users and place it in a storage device capable of performing the fastest reading and rewriting in a computer terminal such as RAM of the main storage device in the storage unit of the server 3A, the contract can be used. Users who access the can speed up OTP generation and authentication processing.

Further, in the present invention, even if the time required for executing the OTP generation function or the OTP authentication function is unintentionally increased, the contract administrator can display the BnTOTP and authenticate the BnTOTP by 3030A (OTP authentication is possible). (Standby time) can be increased, and when the contract administrator changes the seed value KC of OWP when using OWP, BnTOTP and OWP are blocked even if processing delay occurs by changing the update time interval. It can be acquired from the chain and authenticated.

<Update of blockchain infrastructure and OTP contract>
Over the years, it may be necessary to change the specifications such as the data length of the private key 101A for public key cryptography and expand the data length due to technical issues and new computers. There may be problems with the security of encryption formats and hash functions such as public key cryptography used for blockchain infrastructure. As a result, it may be necessary to update the blockchain infrastructure every few decades due to blockchain infrastructure issues or data volume issues.

When updating the blockchain unit including the blockchain unit and blockchain board, the data of the blockchain unit held by the terminal 3A is saved, and the read / write speed is slower than that of semiconductor memory type RAM such as magnetic tape and magnetic disk. It is also preferable that the data can be recorded and stored in an inexpensive, non-volatile, large-capacity external storage device.
By recording the full node data of the blockchain before the update recorded by the node 3A, the transaction can be duplicated and recorded in the external recording device. The unupdated blockchain data recorded on the external recording device is useful when an individual, a corporation, or an investigative agency conducts an investigation when it is found that there is a problem with the transaction at some point in the future.

Even if the service is operated for more than 100 years, the size of the block number of the blockchain and the length of the block of the blockchain are 25 years instead of 100 years due to the problems in the distributed ledger technology and the unpredictable problems. It is also expected that it will be necessary to save while dividing into such periods. Assuming that situation, the terminal 3A, terminal 3E, and terminal 3F collect information on OTP token contracts for each contract identifier and user identifier, and port the latest information corresponding to the contract identifier and user identifier to a new blockchain. Or it may be necessary to be able to update.

In connection with the update of the blockchain and the update of the blockchain contract, 3C, 3E, 3F, 5A and 5B access 3A, and each OTP token information such as the asset balance of OTP token of user UA and URI of OTP token is obtained. Recorded in the customer database of the terminal, 3C, 3E, 3F, 5A, and 5B collect asset balance information of user UAs from database information and digitally sign or HMAC the balance passbook, balance statement, or balance. It is preferable that the data can be issued to the terminals of users UA and others.

Even if there is no blockchain update, 3C, 3E, 3F, 5A, or 5B can access 3A depending on the request of the service provider or OTP token user, and OTP such as the asset balance of OTP tokens of users UA and URI of OTP tokens. It is preferable that the token information can be recorded in a database and the balance passbook or balance statement or OTP token balance / remaining number data that has been digitally signed or HMACed to the user UA can be issued to the terminal of the user UA or the like.

When recreating the OTP token contract according to the service provider's will, a new OTP token contract is created with a contract identifier different from the original OTP token using the customer's user identifier, token number, and data contained in the token. Deploy and update the contract by reissuing the OTP token according to the customer's user identifier and token number included in the original OTP token contract and the data contained in the token.

<Embodiment of Implementing the OTP Authentication System of the Present Invention>
In the present invention, a contract for generating an OTP token and an OTP is deployed on a server terminal 3A which is a node of a distributed ledger system DLS such as a blockchain connected to the network 20 by a transaction using the private key 101C of the administrator terminal 1C. The user terminals 1A and 4A call the function 3009A to generate the OTP of the OTP token by using the private key 101A or 401A to the server terminal 3A having the contract to generate the OTP token, and generate the OTP. Enter the OTP according to the program of 3C or 3D or software 403A, and if the authentication destination is 3C or 403A, authenticate the OTP using the OTP authentication function 3018A of the server terminal 3A. If the authentication destination is 3D, it is built in 3D. The OTP is authenticated using the authenticated authentication function 3018DA, and when the return value 3021A of the authentication result is the value at the time when the authentication result is correct, it is determined that the OTP authentication has been performed and the service is provided.
By using a difficult-to-tamper program called a smart contract that operates on the distributed ledger system DLS such as a blockchain, the execution results can be saved in a difficult-to-tamper state when the OTP token generation function 3009A, authentication functions 3018A, and 3018DA are executed. In addition, internal variables of contracts such as OTP authentication function, OTP generation function, owner information of OTP token, KC value 3011A which is a seed value for calculating OTP, etc. are recorded as a distributed ledger that is difficult to tamper with, so they are difficult to tamper with and distributed. We have realized a blockchain-based OTP token that can be recorded, an authentication system using it, and devices and terminals used in the system. An authentication system that can change the key values K and KC used when calculating OTP by a transaction using the secret key 101C of the administrator terminal of the contract administrator, and change and update the key values of the OTP tokens of all users belonging to the contract. And realized the equipment and terminals used for the authentication system.
In addition to updating the key values K and KC, the number of OTP digits used for OTP authentication and the time interval during which OTP authentication can be performed can be changed by a transaction using the secret key 101C of the administrator terminal of the contract administrator.
In order to detect unauthorized use of the private key, the environment value of the user terminal and the information that anonymized the environment value are associated with the value of the user identifier or token number or the anonymized value, and the leaked private key or the reused secret is used. It is also possible to provide a means for detecting access to the same time by a key.

FIG. 8A is a basic authentication system diagram for logging in to a website in the one-time password authentication system (OTP authentication system) of the present invention.
In FIG. 8A, a user terminal 1A (1A in FIG. 2A), a server terminal 3A (3A in FIG. 3A), a contract administrator terminal 1C (1C in FIG. 2C), and a server terminal 3C (FIG. 3C) that manages a website to be logged in. ) Is connected (via) through the network 20. Although omitted from FIG. 8A, there can be a server terminal 3B having the same blockchain unit as the server terminal 3A shown in FIG. 1A and a user terminal 3B different from the terminal 1A.
FIG. 7D is an explanatory diagram of a sequence when logging in to a website using an OTP authentication system. FIG. 7D is similar to FIG. 7A.
6A, 6B, 6C, 6D, 6E, and 6F are block chains using a blockchain type data structure as the distributed ledger recording unit 300A recorded in the storage unit 30A of the server terminal 3A of FIG. 8A. The one-time password generation and authentication smart contracts (contracts) 3008A, 3008AG, and 3008AA used in the present invention recorded and expanded (deployed) in the entire blockchain part 3006A of the unit 300A will be described with respect to the OTP generation process and the OTP authentication process. It is explanatory drawing of the flowchart.
For reference, FIG. 9A illustrates an outline of the OTP token authentication system when the distributed ledger recording unit 300A using the blockchain type data structure is used for the distributed ledger system DLS, and FIG. 9B shows the distributed ledger system. It is a figure explaining the outline of the authentication system by OTP token when the distributed ledger recording unit 300A using the directed non-circular graph type (DAG type) data structure is used for DLS.
In FIG. 7A, the terminal 1C deploys a contract to the DLS of the terminal 3A from S110 to S113 and sets the contract in the service. In S114 and S115, when the service (mainly for the purpose of decrypting encrypted data by the terminal 3C or software 403A which is supposed to be always connected to the network, and the terminal 3D which may be disconnected from the network 20 can also be connected to the network 20). (Can be programmed to authenticate in the form of FIG. 7A)) the terminal 1C issues an OTP token to the user identifier A as the token number TRIDA, and the 1C or service issues the token number or token to the user terminal 1A. You can inform the issue result.
In S116, the user terminal 1A accesses the service, and as shown in FIG. 6X, the service side may or may not record the access information. Next, the service asks 1A for OTP authentication, and the terminal 1A accesses the terminal 3A and acquires the OTP from the OTP generation function 3009A by the sequence from S117 to S119. When SHA256 is used as the hash function, OTP is calculated and output as 32 bytes (unsigned integer of 2 to the 256th power-1) data.
(Data using SHA256 for 3009A and 3018A may be type-converted to an unsigned integer value, and the remainder when divided by a certain integer n may be used as an OTP of an integer value having a certain number of digits. As an example, 32-byte data may be coded. The type may be converted to a none integer and the remainder OTPr of the Nth power of 10 may be used as the OTP of an N-digit unsigned integer. As described above, not only in Example 1 but also in Example 1 and Example 3 from the hash function. When constructing the authentication system of the present invention by converting the output data into an unsigned integer or the like with the number of digits or characters, the OTP generation function 3009A and the OTP authentication function 3018A and the 3018DA mounted on the terminal 3D are also paired. If the OTP can be calculated in the same way as the OTP generation function and the password OTPr due to the remainder cannot be calculated, authentication cannot be performed.)
Then, in S120, it is possible to collect and record the access status and behavior of 1A while the service is connected, or it is possible not to collect or record. In S120, OTP authentication is requested from the terminal 1A. The terminal 1A inputs the value acquired in S117 to S119, the user identifier and the token number of the OTP token into the OTP authentication function 3018A from S121 to S123, executes the authentication function 3018A, and causes the S123 to execute the return value CTAU such as the authentication result 3018A. Obtained from 3A and input / output the return value CTAU of the authentication function to the service. If the return value CTAU of the authentication function output by the terminal 1A is the value when the OTP authentication result is correct, the user is made to log in to the website, operate the website, and operate the web service.
In S125, the service side collects the access information of the terminal 1A even after login to check whether there is any unauthorized access, and the same OTP token number TIDA and the user identifier A due to the multiple use of the private key have different IP addresses, location information, and terminals. As shown in FIG. 6X, it is possible to monitor whether the ID value and the sensor value of the terminal are recorded, and notify the user of unauthorized access when the ID value and the sensor value of the terminal are recorded. However, at the time of implementation, recording as shown in Fig. 6X may not be necessary because it may invade privacy and use the computational resources of the terminal unnecessarily, which may not be worth the cost of the economy.
In the present invention, for example, to a distributed ledger system to which OTP tokens dealing with monetary value and important things such as content browsing and use by decrypting encrypted data, login for Internet banking, and operation of bank account balance are assigned. We would like to collect and monitor the data shown in Fig. 6X as a means to detect the leakage and reuse of the private key for access. When a terminal with low computing power is used as a server, the data collection and monitoring shown in FIG. 6X are not performed. Monitoring of unauthorized access to the service according to FIG. 6X is used according to the usage pattern of the present invention.

In the first embodiment (Embodiment 1), the hash function fh and the argument of the hash function fh are used to calculate the OTP for performing the OTP generation and the OTP authentication described in FIGS. 6A, 6B, 6C, 6D, 6E, and 6F. To,
User identifier A to the blockchain part and
Token number TIDA corresponding to A,
Using the secret variable KC inside the contract and the block number Bn,
In addition, a secret variable BC that can be changed by the contract administrator,
Let V be the value GasLimit value determined by the voting value of the nodes that make up the blockchain system.
By calculating fh (A, TIDA, KC, Bn, BC, V) and calculating OTP,
Generate a dedicated OTP that differs depending on the user identifier and token number,
We constructed an OTP authentication system that can update the BC value of the secret variables KC and BC by providing pseudo randomness with the V value.

In the first embodiment, the contracts 3008A, 3008AG and 3008AA on the blockchain of the server terminal 3A of FIG. 8A are the variables KC (3011A in FIG. 3AC) or BC (3013A in FIG. 3AC) and the internal variables KC or BC or the same thereof. It is equipped with a setter function fscb (3012A in FIG. 3AC) that can rewrite and update both.
The setter function fscb (3012A in FIG. 3AC) is a variable KC (3011A in FIG. 3AC) or BC (FIG. 3AC 3011A) only when the blockchain is accessed by the secret key PRVC (101C in FIG. 2C) included in the contract administrator terminal 1C. The function fscb (3012A) is programmed so that the 3AC 3013A) and the internal variables KC and / or both can be rewritten and updated.
It is preferable that the value of the internal variable of the contract is concealed.
In 3008A, the internal variable KC value and BC value are recorded in the same contract, but when two contracts of 3008AG and 30008AA are used, the variables KC (3011A) and BC (3013A) used for OTP calculation are used as functions. It is necessary to rewrite and update with fscb (3012A) to match and synchronize the KC and BC values of 3008AG and 3008AA, and maintain the synchronized state. The number and data types of KC and BC variables are not limited, but the numerical values to be matched increase according to the number and amount of data corresponding to the set KC and BC. In addition to the above KC and BC, the function for changing the standby time for OTP authentication and the function for changing the number of OTPr digits and the variable 3031A for obtaining the variable 3030A and OTPr must also be synchronized and matched between 3008AG and 3008AA. In addition, the types of functions of the hash function fh required to calculate OTP in addition to variables must be matched.
Here, the terminal 3C uses 3008AG and 3008AA, but the terminal 3D uses the authentication function 3018DA of 3008A or 3008AG and the terminal 3D. The storage part of the variable / function and the storage part of the variable / function of the terminal 3D must be matched and synchronized.

In addition, the administrator of the contract gives the contract a sign variable and its variables that show information necessary for providing the service such as the name of the OTP token, the name of the service, the address and contact information of the service provider, and the rating information from the terminal 1C. The function KNBN (3024A) that can be rewritten can be recorded in the contract and set. Here, the number of variables recorded as a signboard, an array, a structure, a mapping type, and other types do not matter. The variable 3024A can only be read by all users accessing the blockchain (KNBN rewriting is performed using the private key PRVC (101C) of the terminal 1C).

As a problem that may occur not only in Example 1 but also in Examples 2 and 3, the private key PRVC (private key 101C) of the administrator terminal 1C leaks from the user's hand to be managed, and another user leaks the secret key 101C information. It may be possible to obtain, duplicate the information, illegally access the contract 3008A or the like from the terminal, and issue the OTP token of the present invention, which is the authority to receive the service, to the user identifier desired by the unauthorized accessor without limitation. .. Then, there is a possibility of accessing the signboard information 3024A and the internal variables 3011A and 3013A.
To prevent such a situation from occurring, it is derived from a secret key different from the secret key 101C when executing the setter function included in the token issuing function (FIG. 3043A), the function fscb (3012A), 3024A, etc. inside the contract. A contract administrator secret key leakage countermeasure portion 3042A that prevents the function from being executed without the consent of the user identifier can be provided.

<Example of measures to prepare for leakage of the contract administrator's private key>
The contract administrator secret key leakage countermeasure portion 3042A will be described.
When executing the internal variables and token issuance of the contract that manages OTP as a function, one or more user identifiers other than the contract administrator of the user identifier C of the private key PRVC are individually set to execute the function. There are mapping variables or arrays, structures, and multiple variables equivalent to them that can be used to record whether the variable value of the Bourian type (true / false type) corresponding to the user identifier is true or false.
Then, it can be executed when the truth value corresponding to the user identifier is true, and it is not executed when it is false. Here, when the truth value corresponding to the user identifier is true for all user identifiers, the OTP token is issued or the contract internal variable is operated, and the truth value is false even for one of all user identifiers. If so, the execution of the function may be stopped. As an application of this, the number of true or false values corresponding to the user identifiers is counted for all user identifiers, and the function is executed when the majority (or set ratio) of the total number of user identifiers is exceeded. can.
The 3042A has a mapping variable having a truth value corresponding to the user identifier and a processing unit for determining whether to execute or stop the processing from the truth value of the variable. The 3042A is a contract such as a token issuing function 3043A or a function 3012A. It can be described (set) in the processing unit of a function that reads or rewrites to an accessor whose state is limited.

<Simple measures to prepare for the leakage of the contract administrator's private key>
For example, you may access as a contract administrator using two different private keys. A secret key PRVB for stopping the issuance of OTP tokens when the contract administrator's private key PRVC and PRVC are leaked is prepared, and a function execution stop variable and its setter variable that can be accessed only by PRVC2 are provided, and the function is executed. OTP token issuance functions and contract internal variables (3043A, 3024A, 3030A, 3031A, 3011A, 3031A, 3011A in FIG. 3AC, which execute the function when the stop variable is true and do not execute the function when it is false. 3013A) can be set.
In addition to the method described in the present invention, a plurality of private keys may be set by using what is generally called a multisig technique to cope with the leakage of the secret keys.

The service provider has leaked the private key, has been attacked, and posted the time of the attack on the company's web page together with the contract identifier 3019A, and made it known to the user, which is different from the leaked private key. It is also possible to deploy the contract with a private key and reissue the OTP token. A technical problem arises in the distributed ledger system including the blockchain, and it is conceivable to reissue the token in order to transfer it to a new blockchain or the like.
The present invention distributes OTP on a blockchain that is difficult to tamper with, and uses OTP tokens to automate and record the provision of services. Whether or not to provide services is ultimately determined when the service is purchased. It depends on the contract details, legal restrictions, and the agreement between the service provider and the user.
When it is difficult to provide the service and you want to give the contact information to the user, or when you want to contact the service provider, it is necessary to post the contact information on the signboard information KNBN (3024A). The rating of the service (restricted information such as whether the service has an age limit or whether a driver's license is required if the service is the key to the car) is also entered in 3024.
In the present invention, the token is intended to be issued in the form of purchase using electronic commerce. Information such as credit cards is used in e-commerce, but in that case, adults are the target. When this service is used for logging in to a computer game site or web application for a minor and decrypting encrypted book data, a terminal with a private key recorded is purchased for the family, and the terminal is bought for the minor. Thinking may be necessary.
If a user UA who does not have a terminal 1A wants to obtain an OWP type 18A or 19A, he / she can use an OTP token and an OWP-equipped 18A or 19A for the service on behalf of a service provider, ticket issuer, convenience store, etc. It can also be issued.
The UA possesses the NFC tags 19A and 16A that record the private key 101A, and it may be possible to log in by having the terminal 1A without a private key installed in a store such as a convenience store read the private key information of 19A or 16A. .. It can also be used at terminals 1A and stores such as Internet cafes, hotels, and guest houses that provide internet access.

<Issuance of tokens>
In FIG. 8A, according to the sequence diagram shown in FIG. 7D, the contract 3008A or 3008AG issues an OTP token having the token number TIDA to the secret key PRVA (101A in FIG. 2AA) and the user identifier A calculated from the secret key 101A.
In all the embodiments of the present invention, a secret variable (seed value) KC, BC and OTP generation function (FIGS. 6A, 6B) and an authentication function for calculating OTP on an Ethereum ERC721 standard token in the blockchain portion are used. (FIG. 6C, FIG. 6D, FIG. 6E, FIG. 6F) was added to construct a contract for one-time password generation and authentication on the blockchain. The ownership relationship of the token (correspondence relationship between the token number and the user identifier) is recorded inside the contract on the blockchain with respect to the private key PRVA (101A) of the user identifier A. The ERC721 standard has functions such as issuing tokens, transmitting (transferring) tokens, and removing tokens, but the description thereof will be omitted. In the present invention, the transfer restriction function for restricting the transmission of tokens in the ERC721 standard can be installed.
This is because the present invention is intended to be a non-transferable ticket, membership, or an OTP token for login purposes for online games and online banking.
The contract administrator can control the execution of the token transmission function 3040A using variables that restrict the transmission of tokens and the setter function 3041A. The 3040A can be programmed to continue execution of the token transmission function 3040A when the variable of 3041A is true and stop execution of the token transmission function 3040A when the variable of 3041A is false.
A setter that can fix the variable of 3041A to false and change the variable of 3041 on the premise that the token is issued after informing the contractor of the token that the transfer is prohibited for the purpose of prohibiting the transfer instead of the transfer restriction. Except for the function, the OTP token contracts 3008A and 3008AG may be programmed so that the token transmission function 3040A cannot be executed at all times. Alternatively, the OTP token contracts 3008A and 3008AG excluding the token transmission function 3040A itself may be used.
Next, the issuance of the OTP token and the provision of the service using the token will be described from the deployment of the contract using the sequence diagram of FIG. 7D.

In FIG. 7D, deploying and managing contracts related to user terminal 1A, server 3A with blockchain system DLS (actually Ethereum test net), website login service server 3C, OTP token, and OTP authentication system, and issuing tokens. There is an administrator terminal 1C equipped with a secret key 101C that can be used in the storage device 10C.

A block that changes the time (number of blocks) to change the secret variable KC (3011A in FIG. 3AC) or BC (3013A in FIG. 3AC), the signboard information 3024A, and the OTP to be deployed in the blockchain at the terminal 1C in the sequence S210. The number remainder variable 3030A, the OTP digit number adjusting unit 3031A, and the like are set. Then, a contract 3008A that generates and authenticates the OTP, a contract 3008AG that generates the OTP, and a contract 3008AA that authenticates the OTP are set.
In Example 3, a contract 3008A capable of generating and authenticating an OTP is used.
In the second embodiment, the OTP authentication function 3018DA of the contract 3008A or 30008AG capable of generating the OTP and the terminal 3D capable of authenticating the OTP, and the variable or function recording unit of the function are used. When 3D can connect to the node 3A through the network 20 and communicate with it, the authentication function 3018A of 3008AA or 3008A can be used.
In Example 1, a contract 3008A or 3008AG capable of generating an OTP and a contract 3008AA capable of authenticating an OTP are used in combination.

Deploy the contract to the blockchain with sequence S211. The contract code (byte code for executing the Ethereum virtual machine, byte code) is sent to the blockchain as a transaction and recorded in the block data. For login use, authentication is performed, and after login, the value associated with the token by the user in the authentication contract 3008AA (mapping variable of the bank account balance corresponding to the token and the user identifier, remittance processing from the balance, points and voting on the member site). You may want to perform a value) operation.
Therefore, here, 300AA in FIG. 3AC (which can also be implemented in 2008AG in FIG. 3AB) is used as an OTP generation contract in which an OTP generation token is recorded, and 300AA in FIG. 3AB is used as an OTP authentication contract and deployed separately on the blockchain. (As shown in FIG. 9A, the block data Bd0 to Bd7 of the blockchain are deployed to Bd1, Bd3, and Bd4. The terminal 1A accesses the deployed data to generate and authenticate the OTP.)

In sequence S212, the contract identifier (contract address) determined when the contract is incorporated into the blockchain is acquired from the blockchain unit to the recording device (10C) of the terminal 1C and logged in to the website, such as ECMAScript of the website of the server 3C. Record and set in the program that operates the web page of. At the same time, set the program that runs the web page (including the front end, server side, database, and blockchain part if necessary).

Sequence S213 issues an OTP token that generates an OTP. The administrator terminal 1C accesses the deployed OTP generation token to the user identifier A who has made a contract or purchase of the service, and issues an OTP token having the token number TIDA. The issued OTP token is a contract shown in 3008A or 3008AG, and has the function of the ERC721 standard in Example 1. OTP tokens are purchased as login rights using payment methods in electronic commerce, etc., or are services in the financial field such as banks represented by Internet banking, login services for member sites, login services for social networking services SNS, online games, etc. Issued with the login service of.

When providing the OTP authentication system of the present invention, it is assumed that the settlement is performed outside the blockchain. However, in Ethereum, OTP tokens are given using payment according to the payment of crypto assets Ether on the main net (that is, like a vending machine, a user inserts Ether into a contract like a coin and OTP to that user. Sending tokens) is also possible. However, depending on the service, it may be necessary for personnel outside the blockchain to confirm the existence of contracts and payments, the existence of users who grant OTP tokens, identity verification, and KYC (Know Your Customer), so inside the blockchain. Settlement using currency is not mandatory. In particular, in the financial field such as banks and securities, it is considered that identity verification is necessary, so the contract or issuance of the OTP token of the present invention requires personnel and devices for verifying the user outside the blockchain.

Sequence S214 logs in to a web page. The user to which the OTP token is given accesses the server 3C and the blockchain system DLS by using the terminal 1A in which the secret key 101A (secret key PRVA) is recorded in the storage device 10A or the external recording device 16A. The server terminal 3C that has received the access of the terminal 1A distributes the data of the website or the web application to the terminal 1A according to the access of the terminal 1A.
In sequence S214, as an example, 3C distributes web page data requesting the input of a user name and password at the time of login to the terminal 1A, and requests the first-stage authentication.
Here, there may be wallet software in the extension function of the web browser, and a program for determining whether the wallet software has the private key may be provided in the web page data, and the wallet software recorded in the extension function of the web browser etc. OTP may be generated using the private key stored in the wallet software so that OTP authentication can be performed. Further, software for entering and recording a private key, accessing the blockchain, and displaying OTP may be installed in 102A of the storage device 10A of the terminal 1A. Continues to the next sequence if the username and password match. (User name and password are used as one element of authentication. OTP authentication and existing user name / password authentication are combined into two-factor or two-step authentication. In addition to user name / password authentication, PIN or Biometric authentication is also acceptable.)

In the sequence S215, the server terminal 3C receives the access of the user terminal 1A for performing OTP authentication, distributes a web page for generating the OTP from the terminal 3C to the terminal 1A, and illegally accesses the user terminal 1A. Monitor for access. To generate an OTP on a web page, you are required to enter a user identifier and token number, and the input values such as the user identifier and token number of the user, and the IP address and location information of the user terminal and the sensor value of the input device of the terminal are used. The IPV value including the above, the login time, the number of logins, and the login status are recorded as shown in FIG. 6X. In normal terminal 3C use, if one individual accesses one private key from one terminal to the server terminal 3C at the same time, the different IPV values shown in FIG. 6X should not be recorded. ..
If the terminal 3C can collect information unique to the terminal such as the version of the web browser and a value such as an IP address, the information should be stored in the storage device of the terminal 3C until the next login of the terminal 1A of the user UA. You can also. Changes in the access environment may be detected by comparing the access information stored at the next login.

In the sequences S216 and S217, it is one of the nodes of the blockchain using the user identifier A, the token number TIDA, and the private key 101A recorded in the user terminal 1A according to the program such as ECMAscript of the web page delivered in S215. Access the terminal 3A and execute the OTP generation contract 3008A or 3008AG OTP generation function (3009A in FIG. 3AC) deployed in the terminal 3A.
When the token number TIDA is associated with the user identifier A calculated from the private key 101A and the owner of the TIDA is the executor of the OTP generation function 3009A, the OTP is calculated and generated, and the OTP is returned to the terminal 1A as the return value. return. In S218, the user terminal 1A acquires the OTP generated according to the OTP generation contract 3008A or 3008AG of the terminal 3A as the return value of the OTP function 3009A.
The operating flowchart of the 3009A is as shown in FIG. 6A or FIG. 6B, and as shown in FIG. 6B, the variable OTPCT (3017A in FIG. 3AC) or OTPCTG (FIG. 3AB) that records the number of executions when the OTP generation function 3009A is executed. The variables on the blockchain contract can be changed by increasing or decreasing (3017AG), and the number of times the calculation to generate OTP is executed on the blockchain is recorded without being tampered with. In addition, the 3114C of the server terminal 3C detects the variable change of the variable 3017A or 3017AG, and a non-fangible token (illegal notification token) different from the OTP token for notifying that there has been unauthorized use is given to the user identifier. Unauthorized access can be notified to contacts such as e-mail addresses and mobile numbers corresponding to the user identifiers described in the customer information database 3016C.
Whether it is a true user terminal of an OTP token or a user terminal that illegally obtained a private key, changes such as an increase or decrease in the values of 3017A and 3017AG occur when OTP is generated, and the server terminal 3C is that. Can be detected and notified to the user, and if 3017A or 3017AG is a public variable, anyone accessing the blockchain can examine the numerical change. Since the number of OTP generations is recorded on the blockchain, which is difficult to tamper with at the stage of generating OTPs for OTP authentication for users who make unauthorized access, the authentication system of the present invention can be used without leaving evidence of unauthorized access. It is difficult to get through.

Here, in S216 and S217, if the user terminal records the private key in the extended function of the web browser or is linked with another website that manages the private key, the private key information is stored. Using this, the user terminal 1A is made to execute the OTP generation function 3009A and the authentication function 3018A. At this time, the terminal 1A needs information such as a web browser extension function equipped with a private key and the token number TIDA issued to the terminal 1A.
The token number used to access the server terminal 3C from the terminal 1A, the user identifier, the IPV information such as the IP address, location information, and sensor information of the terminal 1A, and the login time, the number of logins, and the login status are the terminal 3C. Data as shown in FIG. 6X is recorded in the access detection and monitoring database 3011C of the storage unit 30C.
If the software for entering and recording the private key, accessing the blockchain, and displaying the OTP is installed in 102A of the storage device 10A of the terminal 1A, it is necessary to enter the private key information in the login token number TIDA. (It is also necessary to enter the contract identifier and blockchain identifier.)

In sequence S219, the server 3C requests the terminal 1A to input the token number, the user identifier, and the OTP of the OTP token, and at that time, the token number, the user identifier, the IP address, the location information, and the sensor information used for logging in to the server 3C. IPV information such as, login time, number of logins, login status are recorded, a web page that authenticates OTP from terminal 3C to terminal 1A is distributed, and whether the access of user terminal 1A is unauthorized access. To monitor. When authenticating OTP on a web page, the input values such as the user identifier and token number of the user, the IPV value including the IP address and location information of the user terminal, the sensor value of the terminal, etc., the login time, the number of logins, and the login. The state is recorded as shown in FIG. 6X.
Also in this case, in normal use, if one individual accesses one private key from one terminal to the server terminal 3C at the same time, the different IPV values shown in FIG. 6X should not be recorded.

The sequences S220 and S221 are one of the blockchain nodes using the user identifier A, the token number TIDA, and the private key 101A recorded in the user terminal 1A according to the program such as ECMAscript of the web page delivered in S219. Access 3A and execute the OTP authentication function of the OTP generation contract 3008A or 3008AA deployed in 3A (3018A in FIG. 3AC).
The OTP authentication function 3018A uses the user identifier A, token number TIDA, and OTP as arguments, and uses the argument OTP as ArgOTP, and passes the KC value and BC value recorded in the authentication contract in the authentication function and the latest block number and argument. Data is created based on the user identifier A and the token number TIDA, which are the values obtained, and the data is hashed with the hash function fh to calculate VeriOTP. It verifies whether VeriOTP and ArgOTP match, and if they match, it is judged that authentication was successful, processing is performed when authentication is possible, and the authentication result is returned to terminal 1A as a return value CTAU (3021A in FIG. 3AB) and matches. If not, the processing is performed when the authentication cannot be performed (the authentication function 3018A operates according to the flowchart explanatory diagram of FIG. 6C or FIG. 6D or FIG. 6E or FIG. 6F or FIG. 6G or FIG. 6H).
When the OTP authentication function 3018A is executed as shown in FIG. 6C or FIG. 6D, the variable OTPCT (3017A in FIG. 3AC) or OTPCTA (3017AA in FIG. 3AB) that records the number of executions is increased or decreased inside the processing of 3018A. It may be provided with a process of recording the number of times the calculation for generating the OTP is performed on the blockchain without being tampered with. Moreover, the 3114C of the server terminal 3C detects the change of the variable 3017A or the variable of 3017AA, and the non-fangible token (illegal notification token) different from the OTP token for notifying that there is unauthorized use is used as the user identifier. Unauthorized access can be notified to a contact such as an e-mail address or a mobile number corresponding to a user identifier described in the customer information database 3016C.
As in the case of the OTP generation function, in the case of the OTP authentication function, regardless of the distinction between the true user terminal of the OTP token and the user terminal that illegally obtained the private key, the numerical values of 3017A and 3017AG are used when generating the OTP. A change such as an increase or decrease occurs, and the server terminal 3C can detect it and notify the user, and if 3017A or 3017AG is a public variable, everyone who accesses the blockchain examines the numerical change. be able to. Since the number of times OTP is generated is recorded on the blockchain, which is difficult for an unauthorized access user to tamper with when performing OTP authentication, it is difficult to pass through the authentication system of the present invention without leaving evidence of unauthorized access. .. (Also, if the number of BnTOTP generations does not change and the number of OTP authentications changes and the authentication function is executed even though BnTOTP has not been generated and acquired, unauthorized use is possible, so the service provider should take countermeasures. And the user can also claim that the OTP generation function is unused and that it has been abused.)

In sequence S222, one or more return values CTAU after authentication are defined such as 3021A, 3022A, 3023A, and the processing content after authentication, the database corresponding to the token number operated by the processing content (for example, bank account balance and , Processing such as transferring the account balance to another function) can be executed. 3022A and 3023A can be set to record valuable variables such as a customer's account balance, points, and voting results on a member site on the blockchain so as not to be tampered with. Even if 3022A and 3023A are not set, the customer's bank account information can be managed inside the server terminal 3C (service provider's internal network) such as a bank in the same way as the Internet banking of existing banks, so the service is provided. It is conceivable that 3022A and 3023A will not be used depending on the individual cases.

In the sequence S223, the terminal 1A acquires the authentication result CTAU (3021A) of the authentication function 3018A.

In the sequence S224, it is verified whether the CTAU acquired by the terminal 1A is the value at the time when the authentication result is correct, and if it is correct, the website information after login is distributed and the service is provided.
For the processing from sequence S215 to S224, if the web browser environment has a token number and a private key and care is taken not to leak the user's private key, just enter the token number (OTP generation and authentication by ECMAscript etc.). You can log in (without the manual input of OTP), which is done automatically by the program. However, even if you can log in automatically on the program, whether the OTP obtained by the terminal 1A in sequence 218 is displayed on the display 150A of 1A and the OTP is manually input to see if a human exists as a user. It may be a sequence of confirmation.

In the sequence S225, as with S215 and S219, the unauthorized access detection control unit obtains access information including IPV such as the user identifier, token number, IP address, location information, and terminal sensor value of the user terminal 1A that accesses the service after login of the terminal 3C. Monitored by 3112C, if there is unauthorized access shown in Fig. 6X, send an unauthorized access notification token to the user identifier on the blockchain, or suspect unauthorized use by e-mail etc. to the contact registered in advance. Contact me that there is.
The sequence S226 provides a service according to the user's access. For example, in online banking, processing such as confirmation of account balance and transaction history of account (display of web passbook) is performed. Then, in a process that requires password authentication or OTP authentication such as transfer, the service is provided by inputting the password of S214 and performing OTP authentication from S215 to S224. Sequence S227 is the same process as sequence 225.
When the user logs out or there is no access from the terminal 1A to the terminal 3C for a certain period of time, the user is automatically logged out.

The server 3C can record a value such as an IP address when the terminal 1A is accessed. In the present invention, in services that need to handle important transactions such as banking transactions, personal information is protected, and the information, IP address, and location information of the terminal that the user normally accesses are obtained with the consent of the user. A database that collects (or seeks and collects hash values such as IP addresses and anonymized values) and adds bank account numbers and names and contact information such as phone numbers or email addresses to the data table in Figure 6X. May be recorded in the recording unit of 3C. Then, when the access history of the terminal 1A is accessed from an environment such as a different IP address by using the private key 101A of the terminal 1A at a certain time, the customer is contacted by telephone or e-mail from an environment different from the usual environment to the secret key 101. You may notify that the access was made by the user identifier A from which the access was made.

FIG. 8B shows an entrance, a ticket gate, and a locked building / vehicle using the valuable paper leaf display screen 1500A, the valuable paper leaf 18A such as a paper ticket, and the NFC tag 19A in the one-time password authentication system (OTP authentication system) of the present invention. -It is a basic authentication system diagram when unlocking equipment / containers. FIG. 8B is a document illustrating Example 2 (Embodiment 2).
The basic operations of Example 1 and Example 2 (Embodiment 2) are similar. When performing admission processing using a ticket, a terminal 3D that has the same functions as 3C may be used (the terminal used when logging in to the website and entering is 3C, and the terminal used when entering the actual entrance. Is 3D. 3D is intended to be used for entrance processing at entrances and ticket gates, but in addition to using terminal 3D as entrance ticket gates, locked buildings, vehicles, equipment, and containers are unlocked. It can also be applied to applications.)
In the second embodiment, the contract administrator has room to change the numerical value of the variable KC (3011A in FIG. 3AC) or BC (3013A in FIG. 3AC) at an arbitrary time without using the time information of the block chain such as the block number Bn. Use password OWP. The OWP used in the embodiment is OWP = fh (A, TIDA, KC, BC), and the argument of the function fh does not have a variable such as a block number Bn that changes with time. However, the OWP may change when the contract administrator changes BC or KC at a certain time using the setter function fscb.

In FIG. 8B, the user terminal 1A (1A in FIG. 2A), the server terminal 3A (3A in FIG. 3A), the contract manager terminal 1C (1C in FIG. 2C), and the entrance / ticket gate or locked building / vehicle / equipment / container. A terminal 3D (terminal 3D in FIG. 3D) capable of controlling locking and authentication by the OTP authentication system of the present invention and a server terminal 3E that issues valuable paper leaves such as tickets as OTP tokens are provided through network 20. It is connected.

The terminal 3D may or may not be connected to the network. Here, the blockchain recording unit 300D or 3010A of the storage device 30D of the terminal 3D may record the authentication functions 3018A and 3018DA capable of authenticating the OWP type OTP generated by the OTP generation contract of the terminal 3A. Variable information necessary for OTP calculation, such as KC values 3011A, BC values 3013A, 3030A, and 3031A used for the authentication functions 3018A and 3018DA, may be recorded in the terminal 3D.
Although the terminal 3D is not connected to the network 20, an authentication function capable of authenticating the OTP (OWP type OTP, OWP) generated by the contract 3008A or 3008AG regarding the OTP generation token of the server terminal 3A is stored in the 3D storage unit 30D 300D. In preparation for 3010D, even if the terminal is not connected to 3A, which has a blockchain unit, through network 20, authentication is performed using valuable paper leaves such as paper tickets or NFC tags that record authentication information such as OWP. You may be able to enter, ticket gate, and unlock locked buildings, vehicles, equipment, and containers.
In particular, containers such as automobiles, buildings, and safes are not always online so that they can connect to the internet, and in the event of a disaster, they may go offline and cannot connect to a network that can access the blockchain. It may be required to be able to authenticate even in the disconnected state.
Therefore, in the present invention, the issuance / distribution / OWP type OTP of the OTP token is performed by the terminal 1A, the terminal 3A, the terminal 3E, and the terminal 1C issuing a token in the blockchain unit via the network 20 online, and the terminal 1A and the terminal. The OWP type is generated between 3A, and the generated OWP and the token number and the user identifier used for OWP generation are printed and printed on paper by the printer 152A of the terminal 1A, and the printed matter 18A (18A in FIG. 2A or FIG. 8B). Is manufactured, and the camera 340D of the terminal 3D is made to read the image information of 18A or 1500A and authenticate.
Further, the communication device 12A and the NFC tag 19A (19A in FIG. 2A or FIG. 8B) are communicated with each other, the NFC tag 19A is made to record the token number and the user identifier used for OWP and OWP generation, and the NFC tag 19A is electronically entered. It communicates with the terminal 3D as a ticket or a key for unlocking, authenticates, and enters or unlocks.
Here, the tag 19A is mainly assumed to be a non-contact type NFC tag, but may be an external recording terminal 19A equipped with a contact type IC tag, an IC card, and a communication terminal, or may be 19A using a magnetic stripe, and 19A is non-contact type. Contact-type or contact-type communication can be performed with the terminal 3D.
When the terminal 3D is connected to the network, not only the authentication function 3018DA recorded in 3D but also the authentication function 3018A of the blockchain part existing in the terminal 3A is accessed and recorded on a paper ticket or an NFC tag. Authentication is performed using authentication information including OWP, and it is possible to perform entrance processing at the entrance and ticket gates, and to lock and unlock containers such as buildings, vehicles, equipment, devices, computer terminals, storage, and safes.

<Manufacturing and use of valuable paper leaves 18A or NFC tag 19A such as paper tickets>
The token number and user identifier information used to generate the OWP and OWP on the printed surface of the valuable paper leaf 18A of the paper leaf 18A are read by the camera 340D of the terminal 3D in the offline state, or the inside of the NFC tag 19A is read by the 3D NFC communication device 341D. Read the token number and user identifier information recorded in OWP and OWP generation, and perform the same processing as the authentication function 3018DA or 3018A recorded in 300D or 3010D of the 3D recording unit 30D (see also the flowchart in FIG. 6F). According to this, the OWP type OTP of paper or NFC tag is set as ArgOTP, and if VeriOTP and ArgOTP are equal or matched, the opening / closing / gate / locking / starting device 350A is operated to enter and lock the entrance or ticket gate. If it is a device, it is unlocked, and if it is a starting device, it is started. At the same time, the operation corresponding to the case where the 351D and the 352D can be authenticated and the case where the authentication cannot be performed may be performed.
Authentication may be performed by presenting and reading the OWP or the like authentication information display screen 1500A of the display 150A of the terminal 1A instead of the paper information 18A to the camera 340D of the terminal 3D.

<Manufacturing of 18A by printer>
A printer that manufactures valuable paper sheets 18A such as paper tickets should be able to print character information and bar code information on paper, plastic film, board materials, and the like. Inkjet printers, laser printers (electrophotographic method), and thermal printers (thermal paper) can be used. In addition, when the ticket can be a plate or three-dimensional instead of paper, there are also 2D processing machines that can attach cutting equipment to plotters and plotters to cut and engrave information on the base material, 3D processing machines, and 3D printers. May be available. Here, the printer is a device that can perform processing on the base material so that the camera or scanner 340D of the terminal 3D to be the authentication destination can read the character string or the one-dimensional and two-dimensional barcode information. It is also possible to use an inkjet printer, a laser printer, or a plotter to create a pattern for etching / patterning, and then process the base material based on the pattern (sandblasting, etching, sublimation transfer, etc.).
Not only paper and film materials, but also textile products such as metal plates, ceramics, and cloth can be printed, patterned, printed, and transferred with certification information such as OWP to produce valuable paper leaves 18A.
Inkjet printers can use water-based pigment inks and dye inks that can be visually read, as well as invisible inks for security, film materials for solvent inks and solvent inks, and UV curable inks and films compatible with those inks. Ink can be used. When a ticket seller prints on behalf of a user and sends it to the user's address in the field of cash tickets and tickets, it is expected that the ticket will be added value using special ink. Further, if the user has an inkjet printer and can print by connecting to the terminal 1A, it becomes easy to express a ticket pattern or the like in the case of color printing. When printing a ticket, it will be easier to determine what kind of ticket it is because the pattern is printed in multiple colors. (For example, banknotes and gold tickets are colored and have colors and patterns according to the ticket type, making it easy for the human eye to distinguish the ticket type.)
In Example 2, a household inkjet printer using a water-based dye ink or a laser printer using toner was used for the production of 18A. The reason for using toner and a laser printer is that the printed matter has high weather resistance, the printing speed is high, and it is widely distributed in business establishments and CVS, and the laser printer can express black and white colors.
Thermal printers and thermal paper are widely distributed in commercial equipment such as automated teller machines, ATMs, CVS, and cash registers in stores. In the present invention, even in these thermal printers, the information necessary for authentication including OWP can be printed on the thermal paper as a character string or one-dimensional and two-dimensional barcode information, and can be used as a valuable paper leaf such as a ticket. However, the durability of the printed surface / printed surface tends to be lower than that of toner, and it can be used for fixed-term tickets and gift certificates that are valid only for a short period of time.

<Manufacturing of NFC tag 19A>
When the NFC tag 19A is used, it suffices if the communication devices 12A and 19A of the terminal 1A can communicate with each other. It may be an NFC tag or an NFC card. The 19A may be a device having a shape having the same function as the shape and shape of the NFC tag. Products such as glasses / head-mounted displays or hearing aids / earphones / headphones or clothes or bangles / watches / watch-type terminals or rings or belts / belt-type terminals or shoes / shoe parts / shoe-type terminals equipped with the functions of NFC tag 19A. It may be a wearable computer terminal with the function of the NFC tag 19A or the NFC tag 19A incorporated in the NFC tag 19A.
Further, the NFC tag may be incorporated in a known product such as a mobile phone type terminal such as a smartphone, a wallet, a key chain, or the like, which has been used for payment of money or management of metal keys. The NFC tag 19A may be incorporated in the product or may be attached or the like.
Further, the terminal 1A may have an NFC function and the terminal 1A itself may be a portable NFC tag 19A. In that case, the NFC tag portion 19A is connected to the control device 11A and the storage device 10A by a wired method by the communication device 12A (including the electronic circuit of the terminal) of the terminal 1A.
The tag 19A may be provided with contacts and terminals for wired communication. The contact or terminal provided in the 19A may be used to read the authentication information into the terminal 3D, and a locking device controlled by the 3D, an opening / closing device for admission, or the like may be operated.
Like the terminal 1A, both 19A and 16A using ICs are card or tag type small electronic computer terminals equipped with a control arithmetic unit, a storage device, an input device / an output device, and are also equipped with a power supply device and a communication device as the five major devices of a computer. The power supply may include a wireless power supply system, a primary battery, a secondary battery, a circuit that uses the battery, and a system for charging the battery.

The flowchart of the OTP generation function in the second embodiment is shown in FIGS. 6A and 6B, and the OTP authentication flowchart is shown in FIGS. 6D and 6F. In FIGS. 6D and 6F, when the user identifier A and the token numbers TIDA and OWP as arguments are input as information printed on paper or transmitted from the storage device of the NFC tag, the authentication function 3018A (or 3018DA) is performed. According to the information of the input argument, from the internal secret variables KC and BC of the contract 3008AA to which the authentication function 3018A belongs, the user identifier A and the token number TIDA and OWP (as OWP = ArgOTP) input as the argument, in the verification OTP. A certain VeriOTP = fh (A, TIMA, KC, BC) is calculated, it is determined whether the VeriOTP matches the ArgOTP (that is, whether the VeriOTP = ArgOTP or the VeriOTP = OWP), and if it matches, the authentication is performed. Performs correct processing, and if they do not match, performs processing when authentication is not possible. As the authentication function, the authentication function 3018DA recorded in the terminal 3D can also be used.

FIG. 7E is an explanatory diagram of a sequence when authenticating the terminal 3D using the apparatus shown in FIG. 8B and the OTP authentication system. In FIG. 7E, the use of a ticket, a membership, a key for a car, or a key for a container is assumed as an example. It is assumed that tickets and memberships have an expiration date and have expired, and in the field of automobile keys, objects that are locked regularly at vehicle inspections are connected to the internet and can be maintained and maintained.
FIG. 7E is similar to FIG. 7B.
FIG. 7B is a general sequence diagram at the time of issuance of an OTP token using a password OWP. The OTP token is registered in the service in a series of flows from S130 to S135, and a node of the blockchain (or distributed ledger system DLS). A transaction including a byte code of an OTP token contract (generation contract, OTP generation contract) including an OTP generation function with a KC value of k1 and a BC value of c1 is transmitted to the terminal 3A and deployed so that authentication by OWP can be performed. After the preparation, the token of the token number TIDA is issued to the user identifier A of the private key 101A of the user terminal 1A. At the same time, the OTP authentication function must be set in the terminals 3D and 3C that provide the service, with the KC value set to k1 and the BC value set to c1 in the OTP authentication functions 3018DA, 3019AA, and 3018A. At this point, the user of the terminal 1A can generate and acquire a password OWP with OWP = fh (A, TIDA, k1, c1) and use it for authentication.
After a certain period of time has elapsed in S144, the OTP generated by the user's OTP token is changed by rewriting the KC value of the contract including the OTP generation function of the OTP token and the authentication function 3018DA to k2 and the BC value to c2 in S145. Can be done.
The user of terminal 1A uses OWP generation software or a dedicated website using software that accesses the blockchain, and OTP is performed from the OTP type OTP token contract of the blockchain part of terminal 3A in a series of flows from S137 to S139. Call the generation function to get the OWP type OTP. The OWP at that time is calculated by OWP = fh (A, TIDA, k2, c2).
When the terminal 3C or the terminal 3D is connected to 3A via the network 20, the OTP authentication function 3018A is called from S141 to S143, or the same process as S141 to S143 is called the 3D OTP authentication function 3018DA instead of 3A. When the return value CTAU of the authentication result is obtained and the return value CTAU of the authentication is the value (data) at the time of authentication, the opening / closing device or the locking device or the start is performed according to the internal program for service provision of the terminal 3D in S144. The device 350D is operated to open a gate device, a ticket gate, etc. in the case of an opening / closing device, unlock the lock in the case of a locking device, and start a prime mover or a computer in the case of a starting device.
In order to monitor the unauthorized use of the user's private key by the OWP generation software or the dedicated website, even if the process of S136 or S140 detects the presence or absence of unauthorized access and notifies the user as shown in the data structure shown in FIG. 6X. Good, when it is necessary to protect personal information with devices such as doors, vehicles and containers that lock using NFC tag 19A using OWP, or server 3C (and 3D that can connect to the network) that collects personal information ), 3E, 3F, or 5A, and when there is a risk of endangering the equipment of the terminal 3D purchased by the customer or its owner, use the function to collect access information from users such as S136 and S140. It doesn't have to be.
In S146, as in S144, after an arbitrary time has elapsed, the terminal 1C updates and matches the KC value and BC value with 3A on the OTP generation side and OTP authentication, and 3D or 3C on the service side, and the OTP calculation is performed. It can be set so that it can be done. The KC value can be rewritten to k3, the BC value can be rewritten to c3, and the KC value BC value can be similarly rewritten at arbitrary time intervals thereafter. When the car key is realized by the NFC tag 19A as a usage pattern, even if there is a forged NFC tag 19 by rewriting the OWP that is the key of the car for each vehicle inspection, it can be regarded as a past one (invalid one). .. In addition, it is possible to forcibly prevent the voucher or ticket 18A having an expiration date from being authenticated after the expiration date.

The OWP of Example 2 was calculated as OWP = fh (A, TIDA, KC, BC), and three NFC tags 19A (and A, TIDA, OWP) in which A, TIDA, and OWP were recorded were printed. The valuable paper sheet 18A) can be authenticated as long as the KC value or BC value is not changed. It is also possible to operate a service in which the KC value and BC value are not changed after the same KC value and BC value are set for the authentication function in the generation function of the contracts 3008A and 3008AG and the authentication function.

However, if the KC value BC value is not changed for a long time (here, several years, several decades), the three information A, TIDA, and OWP in the NFC tag will leak, and the OWP information will be duplicated to illegally unlock the car. There is a risk of locking and starting the car. Therefore, there may be times when you want to update your OWP on a regular basis every few months or years as the key to your car. In that case, the administrator of the OTP token contract that generates the OWP rewrites the secret variable of the OTP token by rewriting the KC value and BC value with the setter function fscb every few months or years, and the OWP is changed at arbitrary time intervals. Can be changed. The updated and acquired OWP is different from the OWP that may have been duplicated before the update.
Although the NFC tag is described here, the OWP is updated even with a paper ticket, and the paper ticket printed before the OWP update becomes invalid. By updating the KC value and BC value, it is possible to invalidate the data value of the paper ticket or NFC manufactured in the past. It is up to the service provider to respond to invalidated paper tickets. A service provider who knows the history of changes in KC and BC values may be able to verify whether a paper ticket once existed and respond to those who have the paper ticket 18A. In 18A, in addition to A, TIDA, and OWP, it is preferable to record the block number Bn at the time of printing, the printing time, the name and contact information of the service provider, and the contract identifier of the OTP token in a readable character string. ..

Since automobiles are regularly maintained during vehicle inspections (at the time of vehicle inspections), the terminal 3D that controls the locking and starting of the automobiles built into the automobiles should be connected to the Internet to synchronize the seed value of the authentication function. It is also possible, and it is necessary to record the OWP, TIDA, and A corresponding to the authentication function 3018DA provided in the terminal 3D on the NFC tag 19A again. The administrator of the OTP token of the car sends a transaction to change KC and BC to the blockchain system including the terminal 3A aiming at the holiday when the car inspection is not performed such as the end of the year, so that the NFC tag of all the cars belonging to the contract OWP information can be changed, and after the holidays at the end of the year, the car will be inspected based on the KC and BC values of the new year, and the latest OWP will be used for the terminal 3D inside the car and the key of the customer's NFC tag. Can be updated.

In the case of terminal 3D mounted on a building or container instead of a car key, there is a risk that KC and BC cannot be updated because it does not have a communication terminal or wireless communication device, so when 3D does not have communication means The manager of the contract does not change the KC value BC value. However, if the terminal 3D mounted on the building or container has a communication device and can update the KC value and BC value, the contract manager can change the KC value and BC value.
In order to update the KC value and BC value of the terminal 3D, the owner of the 3D will perform the update work, or the manufacturer of the 3D will perform the update work, which requires human hands. Wired to the part that can be seen when the lock is unlocked (the lever or switch located behind the locked door and the surface to which the locking terminal 3D or locking device is attached or the surface inside the safe) It is preferable that the communication terminal of the formula is provided and the KC value and BC value can be updated through the update program.
It is possible to access 3D wirelessly, but in that case, the access right to the terminal 3D is required. It is conceivable to access using some password or private key mounted on the terminal 1A of the user identifier A holding the OTP token.
Regarding the shape and form of the locking device including the terminal 3A, in addition to the locking device of the safe, a padlock type terminal 3D and a wire lock type or belt type terminal 3D can be considered. For locking bicycles and the like, wire lock type and terminal 3D, which is a key for bicycles, can be considered.

In the case of a terminal 3D installed in a facility that provides services such as an entrance or a ticket gate, it is easy to connect to an internetwork or a local area network LAN. The KC value BC value used for the authentication function 3018DA of the terminal 3D used for ticket authentication at the entrance or the ticket gate using wired or wireless can be updated from the remote terminal 1C. Further, the 3D may be connected to the terminal 3A which is a node of the blockchain through the network 20 and authenticated by using the authentication function 3018A recorded in the blockchain unit of the 3A.

FIG. 7E describes an explanatory diagram of a sequence when authenticating the terminal 3D using the apparatus shown in FIG. 8B and the OTP authentication system. There are similarities between FIG. 7E illustrating Example 2 and FIG. 7D illustrating Example 1. The sequences S230 and S231 are the same as those in the first embodiment. In S230, the variable KC and the variable BC that can be changed by the contract administrator can be rewritten instead of using the block number Bn such as fh (A, TIDA, KC, BC) when calculating the OTP. In the second embodiment, the password OWP that adopts the secret variables BC and KC that can be changed by the contract administrator is calculated as OWP = fh (A, TIDA, KC, BC). Here, A is the user identifier A, and TIDA is the token number TIDA.

In S232, the contract identifier is registered or set in the server terminal 3E and the server terminal 3D used for issuing a valuable paper leaf such as a ticket. When 3D is used without being connected to the network 20, the blockchain unit 300D and the basic program unit 3010D of the 3D recording unit 30D store the authentication contract 3008A including the authentication functions 3018A and 3018A, and the control unit 31D stores the authentication function. Allow 3018A to run.

After confirming that the terminal 1A and the terminal 3E have contracted to issue a token corresponding to a certain service, the terminal 3E requests the administrator terminal 1C to issue a token. In sequence S233, 1C issues a token with the token number TIDA to the user identifier A of 1A.

<Manufacturing of valuable paper leaves>
In a series of sequences from S234 to S240, the ticketing software recorded in the ticketing site 3E or the storage device of the terminal 1A is used based on the token number TIDA issued to the terminal 1A and the private key 101A recorded in the terminal 1A. 1A is accessed to the OTP generation contract 3008A of the blockchain system, and the process of generating OWP = fh (A, TIDA, KC, BC) set in 3008A in S230 is started.
Then, OWP is 3E, the ticket design information recorded in the ticketing software, the contact information and address of the service provider, the expiration date of valuable paper leaves such as tickets, etc., along with the information necessary for the service, as well as the OWP authentication information for printing. The display screen 1500A is displayed as 1A, and if necessary, the screen information of 1500A is printed using the printer 152A of the terminal 1A, and a valuable paper sheet 18A on which OWP, A, and TIDA are written is produced.
In addition, the NFC tag 19A in which OWP, A and TIDA are entered is manufactured. Similar to the valuable paper leaf 18A, the NFC tag 19A is a recording device for 19A that records necessary information according to the service, such as the contact information and address of OWP, A, TIDA, and the service provider, and the expiration date of the valuable paper leaf such as tickets. Can be recorded in.

In the sequence S235, when accessing the ticketing server 3E and issuing a ticket to 1500A or 18A, it is possible to acquire the information of the accessor as shown in FIG. 6X and monitor whether unauthorized access is performed. However, it is not an essential function.
Regarding the monitoring of unauthorized access, it is preferable to have a system for monitoring visitors such as the security camera of FIG. 8B when 1500A, 18A or 19A is presented to the service providing terminal 3D in S242 or S244. (It is preferable to have a 342D, but for physical or economic reasons, there is little advantage in having a security camera, for example, a small safe or a padlock-type locking device may not be equipped with a surveillance camera. Although it is possible to mount a security camera for the purpose of locking, it is also conceivable in the present invention that the 342D is not mounted in consideration of the privacy of the passenger.)

In the sequences S236, S237, and S238, the terminal 1A calls and executes the function that generates the OTP in the OTP generation contract of the terminal 3A, and acquires the function. When a ticket is issued on the website of the server terminal 3E, the valuable paper leaf information 1500A is displayed on S239, the printing of 1500A is permitted, the valuable paper leaf 18A is printed, and the NFC tag 19A is used to print the valuable paper leaf. Have the information recorded. If the ticket is issued from the ticketing software that is recorded and executed in 1A, the valuable paper leaf information 1500A is displayed through the software in S240, the printing of 1500A is permitted, and the valuable paper leaf 18A is printed, and the NFC tag 19A. To record information on valuable paper leaves.

<Use of valuable paper leaves>
In the sequence S241, the paper ticket 18A or NFC tag 19 manufactured by the terminal 1A or S240 capable of displaying 1500A is brought to the service provision place and presented to the ticket gate, the entrance, or the terminal 3D of the locked building / vehicle / container. Try to enter or unlock. At this time, the 1500A or the paper ticket 18A is read by the camera 340D of the terminal 3D. Further, the NFC tag 19A required for OWP authentication is read through the entrance or the communication device 32D of the terminal 3D of the locking equipment.

In sequence S242, the printed surface of the presented paper or display surface is read, or the data of the NFC tag ticket is read.
When the terminal 3D is not connected to the network 20 (offline), the OWP is verified and authenticated by the authentication function 3018DA recorded in 300D or 3010D inside the terminal device 3D of the service unit in S242, and the authentication function is performed. The return value CTAU of the authentication result is obtained from.
When the terminal 3D is connected to the network 20 (when online), the authentication function 3018A on the DLS is accessed in S243 to authenticate the OWP, and the return value CTAU of the authentication result is obtained from the authentication function. In S243, it is possible to set an increase / decrease in the number of authentications and a process of marking the ticket as used at the time of authentication.
Here, as an example when the terminal 3D is offline, a small safe, a padlock type locking device, a vehicle such as an automobile, an agricultural machine, a forestry machine, a ship, a heavy machine, or a locked part of a building where wireless communication is assumed are assumed. is assumed. The terminal 3D, which is supposed to be used offline, is equipped with a communication terminal, wireless communication device, and NFC device that can change the variables KC and BC used for the authentication function 3018DA recorded in the 3D 300D and 3010D for maintenance and inspection. It is preferable to have.
Examples of cases where the terminal 3D is online include entrances to commercial facilities such as station ticket gates and movie theaters. However, since the network may be disconnected in the event of a disaster, it is preferable to enable authentication whether online or offline, and on the internetwork via the local area network of the company that provides the service. It is preferable that the blockchain unit 300D can be constructed on the terminal 3D even when the blockchain unit of 3A is duplicated and synchronized with the terminal 3D even when the blockchain unit is cut off from the internetwork.

In the sequence S244, the terminal 3D determines from the authentication function whether the return value CTAU of the authentication result is correct, and if it is correct, determines that the authentication has been completed, and operates the 350D to unlock the entrance process and the lock. If the return value CTAU of the authentication result is not correct, it waits until authentication is performed again. At the same time as operating the 350D in S244, the operation corresponding to the case where the 351D and the 352D can be authenticated and the case where the authentication cannot be performed may be performed.
Further, in S244, when the opening / closing device 350D is not provided at the entrance or the terminal 3D of the ticket gate of the station and the visitors are stopped by the personnel, the 350D may not be provided, and the personnel may use sound or light instead of the 350D. In order to help distinguish the users to be entered, the operation corresponding to the case where the 351D and the 352D can be authenticated and the case where the authentication cannot be performed may be performed.

In sequence S245, the contract administrator terminal 1C accesses the node terminal 3A of the blockchain, changes the secret variable KC value and BC value of the OTP generation contract, and further, the authentication function recorded in the storage device 300D or 3010D of the terminal 3D. By changing the KC value BC value of, the seed value of OWP = fh (A, TIDA, KC, BC) is changed and the password OWP is changed. The terminal 3D that is not connected to the network needs a terminal capable of communicating between the terminal 3D and the user terminal, a wireless communication device, and an NFC device. If the terminal 3D is a safe or an automobile, the owner or the person who performs maintenance or maintenance needs to change the secret variable KC value or BC value.

If the KC or BC of the terminal 3A and the terminal 3D is changed in the sequence S245, valuable paper leaves such as NFC tags and printed matter tickets manufactured by the user cannot be authenticated and can be invalidated. For example, for gift certificates that have an expiration date set by a certain date (valid from November 30th to December 30th, etc.), gift certificates (paper, display) that were in circulation when the KC value or BC value was changed after the expiration date. Display information (NFC tag) cannot be authenticated and cannot be used.

A token number that can be unlocked using the terminal 3D may be determined in advance in relation to the sequences S232 and S233, and the token number may be recorded in a storage device that is a ROM of the terminal 3D. The authentication function of the terminal 3D reads A, TIDA, and OWP from the NFC tag and authenticates them. The token number corresponding to (individual identification number of the product) can be incorporated into the terminal 3D at the time of manufacturing the product.

<Car key>
As an example, if the OTP token and the OWP type password generated by the token are recorded in the NFC tag, the contract identifier of the OTP token corresponding to a certain vehicle type is set and the serial number of the vehicle type is set. The terminal 3D recording the corresponding token number may be mounted on the terminal 3D of the lock device of the automobile corresponding to the serial number, the start control device terminal 3D, or the main computer terminal 3D of the automobile.
Owning a car is recorded on the DLS, and if the car is transferred to another person (another user identifier B), the argument that generates the OWP is changed from A to B and has the user identifier B. The user can generate an OWP different from the user of the user identifier A, mount it on the NFC tag, and use it. Here, the user A has an NFC tag having A, TIDA, and OWP before the update, and there are two users, A and B, who can unlock the car. Therefore, in the sequence S245, the blockchain system including 3A and the KC and BC of the terminal 3D of the automobile are changed and updated periodically.
Further, the terminal 3D may be able to record the user identifiers A and B. When the user identifier A is transferred to the user of the user identifier B, the user of the user identifier B may write the user identifier B to the terminal 3D via the communication terminal accessible from the inside of the unlocked automobile door. In the above example, if the user identifier B is internally written to the terminal 3D and fixed to the argument of the OTP authentication function 3018DA, the terminal 3D can authenticate only the OWP derived from the user identifier B at the time of unlocking. (This work is similar to rewriting the name.)
If the terminal 3D of the car can be connected to the internet, it is easy to update and synchronize the KC and BC between the terminal 3D and the server terminal 3A, but if it is difficult to connect to the internet 20, the factory or car that can maintain the car. It is possible to deal with the renewal of KC and BC under the antique dealer who corresponds to the transfer sale of. It is also possible to update the authentication function of the terminal 3D of the automobile and the NFC tag 19A that operates the authentication function at the stage of periodic automobile inspection. In addition, the terminal 3D mounted on agricultural machinery, heavy machinery, ships, etc. can also update the state of the NFC tag and the terminal 3D by rewriting the KC to the BC at the time of maintenance and inspection or transfer at the request of the user. Industrial equipment and devices such as machine tools can also be locked.
Corresponds to the serial number of the product by recording it in the recording device of the terminal 3D in the form of a ROM that can write the token number only once (in the form of a ROM that is not rewritten by the attacker once the product manufacturer such as an automobile writes the token number). By attaching it, it may be useful for recording the history information, distribution information and maintenance history of the owners of products such as automobiles. It can be used not only for automobiles but also for checking the distribution status of vehicles, equipment, and products.

<Keys for building doors, keys for containers such as safes>
For the keys of buildings, safes, and other container keys, token numbers are assigned to each product of safes and doors with locking functions at the time of manufacture, as in the case of automobile manufacturing, and the token number unique to the terminal 3D built into the product is assigned to the terminal. It is possible to record in the ROM of the 3D storage device 30D and distribute the product including the terminal 3D to the user. On the other hand, assigning a token number corresponding to a product serial number to a 30D ROM may require time and labor in the product manufacturing process. (As an example, assigning a token number individually to a mass-produced small lock-type terminal 3D may lead to an increase in the manufacturing cost of the small lock.)
Therefore, when recording the token number in 30D, a non-volatile RAM is used instead of ROM, and when the customer purchases a container such as a door with a locking function or a safe, the token number used by the user for NFC tag authentication is used. A recording method is conceivable. As an example, a user purchases a safe equipped with a terminal 3D, requests issuance of a token, and a token with a token number TIDA is issued. The purchased safe is not locked, and the storage device 30D is accessed from the user terminal 1A or the like using the terminal for connecting to the terminal 3D installed behind the door of the safe or the communication unit such as NFC, and the token of the safe is used. The number is set to the token number TIDA held by the user identifier A. Then, an OWP is generated from the server 3A using the private key 101A possessed by the terminal 1A, the OWP and the user identifier A (and the token number TIDA) are recorded in the NFC tag 19, and the NFC tag 19 in which the authentication information is recorded is used. Then, OTP authentication is performed by OWP on the terminal 3D, and when the authentication results match, the safe is unlocked (locked or unlocked).
In the terminal 3D mounted on a safe or the like, the user identifier may be recorded in the terminal 3D as in the case of a car. (You may write the user's name on the device in the form of a user identifier.)

<NFC tag power supply and input / output device>
The NFC tag 19A may include a primary battery or a secondary battery in the power supply device. The 19A may be provided with one or more pushbutton switches (or touch sensors) as an input device. For the use of car keys, there are two buttons, a push button that unlocks the car door from a remote location by wireless communication such as NFC, and a lock button that locks the unlocked door again. In addition, a primary battery or a secondary battery is required as a power source for operating a storage device for recording an OWP of 19A, a control calculation device, an input / output device, and a computer including wireless communication.
Here, when the input device of 19A is an IC card or tag with an NFC function, the input device may be only by wireless communication as an NFC tag.
As the input device, a push button type or a touch sensor is described as a specific example, but the method is not particularly specified. (This is because various input forms can be considered depending on the type of sensor, such as voice input by a sound sensor). The 19A is equipped with a wireless input device including an NFC function and an input device using other sensors.
Further, if possible, the NFC tag 19A may be provided with an output device for notifying by light or sound that the input device has been operated when the input device is operated (when the input device is operating). .. The 19A may be provided with a light emitting device such as a light emitting diode or a buzzer.

<Use for decrypting encrypted data>
8C and 8D are connection diagrams of devices for decrypting and viewing encrypted data in the one-time password authentication system (OTP authentication system) of the present invention. In FIG. 8C, the terminal 4A, the terminal 1C, the terminal 3A, the terminal 5A, and the terminal 5B are connected so as to be able to communicate in both directions via the network 20. FIG. 8D is a connection diagram of a device in which the terminal 4A (and a plurality of terminals equivalent to 4A) receives the encrypted data broadcast from the broadcasting station terminal 5C and decodes the received encrypted data.
The software CRHN information 403A is recorded in the recording unit of the terminal 4A, the program of the software CRHN is executed, the software CRHN is operated, and the encrypted data EncData (4034A in FIG. 4B) is obtained from the authentication system of the present invention. The key information TTKY4033A used for decryption is created using the information CTAU4031A and the external key information AKTB4032A, the 4034A is decoded using the 4033A, and the decoded data DecData (4035A in FIG. 4B) is obtained to view or view the 4035A. If 4035A is a program, execute it. 8C and 8D are materials for explaining Example 3 (Embodiment 3).

The operation of the third embodiment (three embodiments) is similar to that of the first embodiment. In the first embodiment, it is used for logging in to a website and accessing a service, but in the third embodiment, the logged-in target substitutes for decrypting and accessing encrypted data. In the third embodiment, BnTOTP using the time information of the block chain such as the block number Bn is used. The BnTOTP used in the examples is BnTOTP = fh (A, TIDA, KC, Bn) or BnTOTP = fh (A, TIDA, KC, Bn, V) or BnTOTP = fh (A, TIDA, KC, BC, Bn, V). ), And the variables KC and BC may be modified and updated by the function fscb by the contract administrator.

FIG. 7 CA shows a sequence for decrypting encrypted data obtained by receiving distribution or distribution or broadcasting of a recording medium. FIG. 7CB shows a sequence of distributing, distributing, or broadcasting encrypted data created by encrypting plaintext data. FIG. 7CC shows an example of decrypting and browsing an encrypted file using the browsed certificate OFBKMK in an offline state in which the communication of the user terminal is disconnected from the network.

<Creation of encrypted data>
First, the procedure for creating an encrypted file using the software CRHN403A will be described.
FIG. 7 CB sequence S180 prepares plaintext data (content data, content file). In S181, the digital certificate DecCert or the like attached to the plaintext data (including the information in which the digital certificate and the content data are digitally signed with a certain private key) is acquired. This is not essential, but when the encrypted data is decrypted, the creator of the plaintext file is known, and the issuer of the electronic certificate is the issuer registered on the server that posts advertisements etc. on the software CRHN. If you know it, you can judge that it is not a malicious program and execute the data.
Normally, when software CRHN is only used as playback software for e-books and music videos, if it is a music / video / book file, the file name has an extension, and the file is processed according to the extension and the document file is displayed. And music video files can be played, so it may be unlikely that a malicious file will be executed. However, when programming the software CRHN so that the file name does not have an extension and all data can be executed, countermeasures against malicious program data are required, and one of the means is a plain file or after encryption. It is desirable to give the electronic certificate and electronic signature registered in the file.

In S181, it is assumed that the plaintext data is a magazine, a newspaper, a weekly magazine, or the like. Just as advertisements are printed on paper newspapers and magazines, advertisement distribution for linking to an advertisement distribution server terminal 5A (CRHNcm) that has a site that distributes advertisement data and advertisements in plain text files. You can embed the URI of the site.
Whether or not to use the function by embedding the URI to the advertisement distribution site of the terminal 5A in the plaintext data is determined by the right holder of the plaintext data, but the server 5A can be equipped with an unauthorized access prevention function. It may be desirable to install it because it can be expected to display the advertisement and return the advertising revenue to the right holder of the plaintext data due to the display of the advertisement derived from the plaintext data. The function is a monetization function that leads to profits from advertising revenue each time the right holder of the content decrypts the encrypted data of the right holder by the user terminal using the software 403A and browses it.
It is also possible to set a different URI of the advertisement distribution site for each token number (for example, set a value derived from the user identifier or token number in the basic URI and set the advertisement data corresponding to the URI).
For the advertisement to be delivered from the URI set here, it is necessary to deliver the advertisement according to the rating information described in the plaintext data and the corresponding OTP token. The URI described in the plaintext data included in the encrypted file once encrypted and distributed all over the world through the network 20 cannot be changed.

The URI for connecting to the advertisement distribution site distributed by the terminal 5A can also be set in the software CRHN403A, and the advertisement can be displayed when the terminal 4A executes the 403A. At the same time as displaying the advertisement, the 403A can check for unauthorized access. In addition to advertising, it is also possible to guide the update of software information of software CRHN403A. However, the 403A, which is designed for personal or corporate business rather than content viewing only, may not have a URI to connect to the advertisement.

In S182, a contract of an OTP token created in S181 and embedded with a URI for registration or advertisement is programmed to encrypt and decrypt plaintext data. The process is the same as that of the first and second embodiments. Information such as the name of the content, the name of the right holder, the contact information of the right holder, and the rating is recorded in the variable 3024A which is a signboard. Further, variables such as the return value of the OTP authentication function or the data CTAU (FIG. 3AA, AB, AC 3021A) or the information database 3023A operated by the processing contents 3022A or 3022A at the time of OTP processing are set as necessary.
Here, the variable required when carrying out Example 3 is the return value CTAU of the authentication function, and the CTAU returns the information CTAU recorded on the blockchain at the time of authentication to the accessor whose authentication result is correct, and is not. In the case, information that is not CTAU (information when authentication cannot be performed) is returned. Since the common key TTKY of the common key encryption for decrypting the encrypted data in the third embodiment is calculated based on the CTAU, the creator and the administrator of the contract need to set the CTAU.
The information about the CTAU of 3021A may include a setter function that changes the CTAU upon access from a user identifier authorized to change the CTAU. It is also possible to set a different CTAU (CTAU [TIDA] when expressed as a mapping variable) for the token number. However, even in that case, it is necessary to set CTAU [TIDA] for each user. Furthermore, it is necessary to encrypt and distribute the content for each user's CTAU [TIDA] (and the number of transactions on the blockchain increases).
The CTAU of 3021A is a value in the terminal 3A and is recorded as 4031A in the terminal 4A after OTP authentication. 3021A and 4031A have the same value.

In Example 3, a single CTAU was recorded in the contract as a key that can be easily obtained from the blockchain, and used as the return value of the authentication function. In the present invention, it is preferable to use a blockchain base (or a base of the distributed ledger system DLS) in which the information of CTAU data 3021A can be concealed. It is preferable that the CTAU data 3021A is concealed or allowed to be viewed only by a limited accessor, along with a transaction at the time of contract deployment, a secret variable such as a KC value and a BC value, and a seed value.

In carrying out Example 3 of the present invention, since Ethereum whose contracts and transaction contents are disclosed all over the world is used, CTAU (3021A) has no choice but to be disclosed on the blockchain. Therefore, it is necessary to encrypt using a key other than 3021A. Then, encryption was performed by using a key AKTB (4032A in FIG. 4B) obtained by a route different from that of the blockchain and a common key TTKY for encrypting data using the contract CTAU (3021A).

In addition, an obfuscated or encrypted source code inside the software CRHN (403A) -adding the secret key CRKY for the software (40302A in FIG. 4B) inside, CTAU (3021A or 4031A), AKTB (4032A), and CRKY (40302). A key TTKY (4033A) used for more common key cryptography to encrypt and decrypt plaintext files was generated.
In addition to this, in addition to this, multiple 4032A are used so that TTKY is not deciphered, and a dedicated smart contract on the blockchain that manages key information related to software CRHN in the source code of obfuscated software CRHN (contract identifier APKY, We devised a method to generate TTKY (4033A) by accessing 40301) in FIG. 4B, acquiring the key information CAPKY (FIG. 4B40303A), and using the four variables of CAPKY added to CTAU, AKTB, and CRKY. In Example 3, three variables, CTAU, AKTB, and CRKY, were used to calculate TTKY (4033A) used for symmetric key cryptography. It should be noted that the above three variables are not combined as they are to form a common key, but hashing or cutting out a part of the variable values is performed to calculate 4033A. A program including a calculation method and a processing method for calculating 4033A is recorded in software 403A.

In Example 3, TTKY (4033A) is calculated using CRKY (40302A) and CAPKY (40303A) based on CTAU (3021A) and AKTB (4032A), but the present invention is used by the content right holder for encryption. When used for distribution of the content, at least the shared key 4033A of the shared key cryptosystem derived from CTAU (3021) including the OTP authentication result when the authentication function is executed in the contract on the blockchain is used.

AKTB (4032A) is available in addition to CTAU (3021A or 4031A). Specifically, the 4032A sends the password value corresponding to the token number as AKTB to a person who purchased a certain book or audio / video data as an OTP token by means such as e-mail or mail, and also sends the AKTB by e-mail. Common key encryption (or symmetric key encryption) is performed on plain text with TTKY (4033A) calculated from CTAU common to the contract, and the encrypted data is used for cloud storage, e-mail, magnetic tape, magnetic disk, and optical disk. -About the encrypted data distributed by the user who purchased the OTP token by distributing it in semiconductor memory etc. using 4033A
The user uses the software CRHN403A stored in the storage device 40A of the terminal 4A, the user's private key 401A to which the OTP token is assigned, the OTP token contract identifier and the OTP token number TIDA, and the 403A 401A and the token number TIDA. The encrypted data can be decrypted using the CTAU (3021A or 4031A) obtained by OTP authentication and the key AKTB (4032A) notified by e-mail or the like.

The administrator terminal 1C sets a certain value of CTAU (3021A) that can be used for decrypting encrypted data to be used as the return value of the authentication function of the contract, sets the KC value and BC value used for OTP calculation, and sets the OTP. Programmed to calculate with BnTOTP = fh (A, TIDA, KC, Bn) or BnTOTP = fh (A, TIDA, KC, Bn, V) or BnTOTP = fh (A, TIDA, KC, BC, Bn, V) A contract including an OTP generation function and an authentication function is created, and the contract created in S182 in S183 is accessed to the server terminal 3A which is a node of the blockchain system DLS and deployed to the DLS.

In S184, the terminal 1C acquires the identifier 3019A of the contract deployed in the DLS in S183.
In S185, the contract identifier, the name of the contract, the creator name, the creation date, the rating, etc. are set in the storage unit of the server 5A or the server 5B, and the database or control unit of the storage unit. In addition, encrypted data can be registered.
The server terminal 5B receives access from the terminal 4A, and when the server 5B also serves as a server for selling contents such as electronic books and audio / video computer software, and a server for electronic commerce, the right holder name rating information of the product purchased by the 4A, etc. And the contract identifier of the OTP token for decrypting the product name and the corresponding encrypted data and the software CRHN can be associated with each other. If the server 5B is used to encrypt the confidential data of a certain organization and share it within the organization, associate the name of the data, or the file name, data creator name, data right holder name with the contract identifier of the OTP token. Can be done.

In addition, the terminal 5B possesses (or has) a user identifier A used for accessing the blockchain, such as a customer's name, date of birth, e-mail address, login password, address information, telephone number, etc. required for electronic commerce. It has the customer's personal data such as the contract identifier of the OTP token (with the purchase history) and the token number of the token held accordingly. Based on the customer's personal data, the terminal 5B can purchase and settle a product in cooperation with a payment operator such as an external credit card and a terminal such as its server with the support of the customer.
Then, the terminal 5B can transmit the key AKTB (4032A) notified by e-mail, telephone, mail of correspondence, etc. to the customer's e-mail address, telephone number, and address. It is also possible to send AKTB (4032A) using a transaction that can conceal the contents of 4032A to the user identifier A, which should not be transmitted on the blockchain. Alternatively, another blockchain platform is constructed based on the secret key 401A of the terminal 4A capable of calculating the user identifier A, and when the user identifier AA is calculated from the secret key 401AA instead of the user identifier A, 4032A is directed toward the user identifier AA. It is also possible to send it.

In S185, the contract identifier and content information can also be registered in the server 5A (SVCRHNcm) having an advertising function.

In S186, before the contract administrator terminal 1C distributes the token or encrypted data to the customer, the OTP token is issued to the user identifier C corresponding to the private key 101C of the terminal 1C for testing and encryption. S186 is a sequence for issuing an OTP token to the terminal 1C, creating encrypted data in which plaintext contents are encrypted, recording the encrypted data in the terminal 1C, and distributing the recorded encrypted data.
As will be described later, in S155, the OTP token is issued to the user identifier A of the user who has obtained the purchase of the OTP token, the viewing right of the encrypted data, and the ownership of the data that can be viewed by making a payment by the electronic commerce function of the terminal 5B. .. Here, the OTP token does not necessarily have to be purchased at the terminal 5B, and can be issued if the terminal 1C receives an order or a request. For example, it is conceivable that the terminal 1C has a contract with an EC site, an EC-type bookstore site, or the like, and a token number is assigned to a user identifier specified by the EC site for issuance.
What is important here is that the present invention cannot send an OTP token to the correct recipient unless the user identifier to which the token is sent is correctly notified. The correct destination user identifier is required to issue the token.

In S187, the software CRHN (403A) is mainly acquired from the terminal 5B. It can be obtained from a reliable storage destination of 403A other than the terminal 5B. Distributors of encrypted data must notify the user by specifying a version (version) of 403A that can decrypt the data. For specific operation, the version of software CRHN (403A) used to create the encrypted data may be distributed together with the encrypted data.

In S188, setting reading / input and the like are performed. The private key is directly input to the 403A, or the private key information is input to the 403A in cooperation with software other than the 403A that manages the private key.

In S199, the user identifier is calculated and generated when the 403A is activated or when the information of the private key (the private key 101C of the terminal 1C in FIG. 7CB) is input to the 403A, and the user identifier is calculated and generated to the URI for advertisement distribution of the terminal 5A embedded in the 403. It can be linked, and at this time, unauthorized access can be monitored for the contract administrator 1C as shown in FIG. 6X.

In S189, AKTB (4032A) is set. Alternatively, the predetermined AKTB (4032A) is stored in the recording device of the terminal 1C. S189 may be performed at the same time as S188. AKTB (4032A) is set according to the user who wants to distribute the token.
Specifically, a certain group sets different AKTB (4032A) for each year, month, week, and day, and users belonging to the group know AKTB (4032A) and encrypt only to users who can own OTP tokens. The data may be decrypted.
Alternatively, the right holder sets the unique AKTB (4032A) corresponding to a certain user identifier as the plaintext data of the e-book type publication, and notifies the AKTB (4032A) by an e-mail address or the like, and then the right holder sends the plaintext data to A. AKTB (4032A) corresponding to the above may be used for encryption.

Regarding encryption, AKTB (4032A), which is arbitrarily set as CTAU (3021A or 4031A) and notified to the distribution destination, AKTB known only to user identifier A using the software CRHN (403A) and the private key CRKY (40302A) of 403A. Create encrypted data that can be decrypted using (4032A), attach it as an attachment to A's email address and distribute it, or distribute it with a cloud storage service, or a server used in the present invention such as terminal 5B. It can be distributed using a terminal. Further, it can be distributed by delivering an external storage device such as a magnetic tape, a magnetic disk, an optical disk, or a semiconductor memory to the user's address by mail or delivery without using the network 20 at the time of distribution.
When different AKTB (4032A) is set and distributed for each customer for magazines and books, it helps to protect the plaintext data of the content right holder, while the plaintext data is encrypted according to the number of users and AKTB (4032A). It is necessary to distribute the corresponding encrypted data to the user.
In the case of books such as newspapers and magazines that distribute one-to-many mass media similar to broadcasting, plaintext is encrypted for each percentage of users in Japan for a certain period (daily / weekly) according to the total number of users. There is a risk of consuming computer and network resources (resources).
In that case, AKTB (4032A), which changes depending on the period (weekly, monthly, yearly, etc.) or region (Nagano, Osaka, Tokyo, etc.), is distributed in the form of user's e-mail or correspondence by mail / delivery, and AKTB (4032A). By distributing the encrypted data of the newspaper according to the above, the user who owns the OTP token which is the right to purchase the newspaper reading right in the blockchain, knows AKTB (4032A), and has the software CRHN (403A) can use it. If you can get the data, you can make it possible to read the newspaper.

The distributed encrypted data is recorded in the user's terminal, and the encrypted data (4034A) is stored in the user terminal as an OTP token (CTAU (3021A) obtained when the OTP token is authenticated), AKTB (4032A), and software CRHN (403A). And CRKY (40302A) and the private key 401A, they can be decrypted and viewed as decrypted data / plain text data (4035A).
A key TTKY (4033A) capable of decrypting encrypted data at the time of browsing is calculated, encrypted with the private key 401A to be used as CTTKY (40361A), and CTTKY (40361A) is encrypted with CRKY (4032A) recorded in the software CRHN (403A). ACTTKY (40360A) is obtained and recorded inside the OTP-certified certificate 4036A or the viewed certificate OFBKMMK (4036A) data. OFBKMK records the secret key of the software CRHN and the common key TTKY (4033A) for decrypting the content encrypted by the private key of the user. (OFBKMK is an offline book mark)
OFBKMMK4036A allows offline access to users in a form that controls browsing time and the like.
If the OTP token has the transfer restriction function removed and the token is sent to another person, the OFBKMK4036A may be able to read the book even if it does not have the right to read or own the book. ..
Therefore, the content right holder has the OFBKMK function 4036A, the time value of the viewing time limit becomes the maximum every time OTP authentication is performed, and the time stamp at that time is recorded in OFBKMMK in the form of HMAC or electronic signature. The software 403A can be programmed so that the later the time stamp at the time of authentication described in is, the less time can be viewed when the user is disconnected from the network 20 and goes offline. In Example 3, the viewing time was set to 10 minutes, 30 minutes, or several hours.
As an example, if the viewing time limit is 300 minutes immediately after OTP authentication, in the present invention, it is possible to view only the time divided by the number of years every y years from the time stamp time of OFBKMK. For example, when y = 10 years, 10 years have passed since the time stamp, and 300 minutes is divided by 10 of 10 years, and only between 300 [minutes] ÷ 10 = 30 [minutes] is the software CRHN (403A). It can be viewed. Here, if the user has an OTP token, the blockchain can be accessed and authenticated when online, a new OFBKMK can be created, and the browsing time can be reset to 300 minutes.
In the process of comparing the time stamp and the current time, the current time is based on the time of the user terminal 4A. It is preferable that there is a time data transmitting station such as GNSS, JJY, or NITZ, the correct time data can be received by the terminal, and the time data of the terminal is set correctly. If the right holder of the plaintext data permits, the browsing time by OFBKMK may not be set.
The function of OFBKMAK4036A is a function that allows you to cultivate encrypted data that can be viewed with a time limit and access the plaintext. It is a concept like that. Alternatively, it is based on a situation in which a person remembers an image of a book once viewed and forgets the image of a book viewed over time, making it difficult to remember. The 403A may perform processing such that the plaintext data is blurred and displayed on the display of the terminal 4A at the time of decoding using the 4036A due to the passage of time.

Even if it is a paper book, there are cases where it is copied as a material, and there is a risk that it will be copied unless the content is protected from shooting on the display. On the other hand, if the content is useful even in the event of a disaster that can be offline, it is preferable that the content can be read by the user. Therefore, in the present invention, the viewed certificate OFBKMK (4036A) is adopted.
When it is desired to distribute the content without leaving it on the user terminal, it is preferable to use the login method to the website of the first embodiment. However, in that case, if the login destination server terminates the service and loses the data, the books and music video works subscribed to by the user cannot be viewed.
Paper books, ancient documents, ukiyo-e prints, etc. have been preserved for hundreds of years and convey the culture. In the present invention, even if it is digital data, the ownership, viewing right, and usage right of the data that should be left to posterity after many years are recorded in the form of OTP token, and the data that can be viewed with the token is encrypted data. And the encrypted data can be viewed by the data at the user's hand even when the network is disconnected such as in the event of a disaster. Although the OTP token, which is the right to browse and own the book, is managed by the blockchain, the blockchain is not always accessible, and in the present invention, consideration is given so that the book purchased by the user can be browsed offline.

When the content is a newspaper or the like, it may be necessary to periodically update the CTAU (3021A) value for the OTP token contract because it is a subscription type service. Alternatively, it may be necessary to periodically update AKTB (4032A) instead of CTAU.
Prepare a valid / invalid variable corresponding to the user's OTP token number (mapping variable representing the valid / invalid of the truth type token using the token number as a key), and that variable is true at the time of authentication of the authentication function (3018A). It is also possible to add a process of determining whether it is false or not, and if it is true, the return value CTAU (3021A) of the authentication is returned, and if it is false, the CTAU (3021A) is not returned.
Here, the valid / invalid variable corresponding to the user's OTP token number (mapping variable indicating the validity / invalidity of the true / false value type token using the token number as a key) Is the terminal 1C of the contract administrator true for all token numbers? It is necessary to set a setter function that can set whether it is false or not.
(In Examples 1 and 2, for the admission and login viewing rights and tickets, the mapping variable indicating the validity / invalidity of the true / false value type token using the token number as the key is rewritten from true to false from the terminal 1C after the expiration date. By doing so, it may be possible to stop the generation and authentication of OTP.
Also, if a certain OTP token is an OTP token that decrypts encrypted data related to a certain book, book, music record, or video, and the expiration date is indefinite and it is valid as long as you have the OTP token, the token is valid or invalid. There is no need for a mapping function that represents OTP or a function that stops OTP generation authentication. )
If the newspaper or magazine can connect to the Internet, use the OTP token as the login right to the right holder site of the newspaper or magazine as in Example 1, and while appropriately encrypting the content while restricting viewing to the accessing user. It may be preferable to deliver. However, as in the case of paper newspapers, it is possible in the present invention to adopt the method of Example 3 when the encrypted data is stored in the hand of the user's terminal 4A and it is desired to view the encrypted data even when it is not connected to the network. .. Newspapers report on past events, and a method that remains in the hands of the user may be more suitable for recording events.

In the series of sequences from S190 to S192, the terminal 4A accesses the blockchain system DLS (terminal 3A) and acquires OTP from the OTP generation function provided in the contract of the OTP token of the DLS to the storage device of the terminal 4A. Here, the OTP may be a BnTOTP type OTP or an OWP type OTP. In Example 3, BnTOTP = fh (A, TIDA, KC, Bn, V) or BnTOTP = fh (A, TIDA, KC, BC, Bn, V) was used. The sequence of OTP generation is the same as in Example 1 and Example 2.

In the series of sequences from S193 to S195, the token numbers and user identifiers of the OTP and OTP tokens acquired as in the first and second embodiments are input to the OTP authentication function as arguments (S193, S194 part), and the authentication function is used. The return value CTAU (3021A or 4031A) of is obtained (S195 portion).

In S196, the key TTKY (4033A) for encrypting plaintext data from CTAU (3021A or 4031A), AKTB (4032A), and CRKY (40302A) is processed and generated according to the program of software CRHN (403A). Here, the process of generating and calculating 4033A in the program of 403A may include processing such as hashing and cutting of a numerical character string, and the program of 403A is also a key element for decrypting the encryption.

In S197, the common key encryption is performed using the TTKY (4033A) calculated in S196 as the common key for plain data (4035A, but 4035A can also exist in the storage device of the terminal 1C and can also exist in the storage device of the terminal 4A. ), And the encrypted data EncData (4034A, however, 4034A can also exist in the storage device of the terminal 1C and can also exist in the storage device of the terminal 4A). AES (Advanced Encryption Standard) was used for common key encryption. Actually, the data length of the AES key was 128 Bit, 192 Bit, and 256 Bit.

In S198, the encrypted data 4034A is stored in a server terminal 5B (SVCRHNdrive), a cloud storage other than the terminal 5B, a file storage / file sharing server different from the terminal 5B, and the user who distributes the OTP token distributes the encrypted data 4034A. do. In this process, the server terminal 5C, which is a broadcasting station, may record the encrypted data 4034A and broadcast it by wire or wirelessly. Encrypted data 4034A may be recorded and distributed on an optical medium such as an optical disk, a magnetic medium such as a magnetic tape or a magnetic disk, or a semiconductor memory.
In addition, a recording medium that does not use magnetism or a semiconductor may be used. The encrypted data may be converted into a character string on microfilm, recorded, stored, and delivered by mail or the like for distribution. Encrypted data can be distributed and distributed in various ways. Similar to microfilm, it is also possible to print a character string of encrypted data on paper. There are no restrictions on the data distribution method.

When storing data in the broadcasting station server terminal 5C instead of the server terminal 5B in the sequence S198, if the terminal 5C is a space artificial satellite station, the server terminal 5CC that communicates with the terminal 5C is required. The terminal 5CC is also required when the terminal 5C is connected to the terminal 5CC by a dedicated line. The encrypted data 4034A is processed into a form suitable for data broadcasting (processed for digital broadcasting from a broadcasting station) and transmitted to the user. Processing for digital broadcasting includes addition of error correction code and packetization.
In the use of live broadcasting of wireless data, when 4035A to 4034A are created using 4033A as a key, radio waves may not reach the user's receiver due to weather or the like, and the data may be interrupted. In order to deal with this, the video and audio recorded by shooting are distributed as small data packets with 4033A as the key at any time using block encryption, an error correction code is attached, and stream encryption is used. Sometimes.
In the existing example, block cipher is used for terrestrial digital broadcasting, but in the present invention, software CRHN (403A) can perform stream cipher in addition to block cipher for plaintext data. Then, the stream-encrypted encrypted data can be broadcast sequentially. Further, not only broadcasting but also bidirectional stream encrypted data may be exchanged via the network 20 to enable conferences and audio / video distribution on the Web.

<Decryption of encrypted data>
Next, a sequence in which the user terminal 4A that receives the encrypted data decrypts the encrypted data and browses the data will be described. FIG. 7CA shows a sequence for decrypting encrypted data distributed to the user terminal 4A. The series of sequences from S150 to S153 is the same as the series of sequences from S182 to S185 in FIG. 7CB.

In S154, the terminal 1C receives an instruction to issue an OTP token. At this time, the user of the terminal 4A presents the user identifier A to the server terminal 5B where the encrypted data to be purchased can be purchased, the electronic trading site where the purchase is possible in addition to the terminal 5B, and orders the payment process. The terminal 1C presents the contract identifier corresponding to the OTP token from which the encrypted data can be decrypted from the server terminal 5B or the electronic commerce site to the user identifier A, and the OTP of the contract identifier in the specified user identifier. The terminal 1C receives an instruction to issue a token.
Here, there is an expression of purchasing OTP tokens, which means that the encrypted data is content such as magazines, books, audio-video software broadcasting, etc., and there is a right holder of the content, and the right to view, own, or use the encrypted data. It is assumed that the product will be sold. For group or personal use such as a company, for example, when encrypting information that you want to keep secret and sharing the encrypted data among people of a limited group, OTP token is not the purchase of OTP token but the purchase of OTP token. It is necessary to give permission to the user identifier that wants to use the usage permission.

In S155, the terminal 1C uses the private key 101C of the terminal 1C to access the contract of the OTP token of the blockchain system DLS (terminal 3A or the like) and issues the token of the token number TIDA to the user identifier A. The user identifier A can be calculated from the private key 401A on the terminal 4A. The terminal 4A does not have the data of the OTP token, but has the ownership to access and operate the OTP token on the DLS by having the private key 401A.

In S156, the terminal 4A obtains the password AKTB (4032A) from the outside of the blockchain in the form of a transaction from the DLS different from the DLS in which the OTP token is deployed, an e-mail, a telephone, a facsimile, or a mail delivery of a letter, and the terminal 4A. It is recorded in the recording device 40A of. (AKTB is an abbreviation for secret word.)
By using this password AKTB, it is possible to avoid setting the password individually in the smart contract on the blockchain and arbitrarily set and send the password to a certain user identifier A, or the user identifier A, the user identifier B, etc. It is also possible to notify the e-mail address of each employee in the company of the password value AKTB specified as a secret word in an organization such as the company to which the company belongs.
The process of setting AKTB is unavoidable because the contract variables are open to the public and the attacker can analyze the CTAU value in the blockchain platform called Ethereum used in Example 1, Example 2, and Example 3. AKTB was used as a solution. By using two of AKTB and CTAU, and CRKY of software CRHN whose source code is obfuscated and encrypted, it is encrypted if you do not know the blockchain, browsing software and other external passwords. The encrypted data cannot be decrypted.
The CTAU value (3021A) of the contract is preferably concealed.

In S157, the encrypted data EncData (4034A) and the software CRHN (403A) capable of viewing the encrypted data 4034A are obtained from the server terminal 5B for which the OTP token is purchased and the data distributed from the electronic commerce site. The 4034A or 403A stored in an external recording device such as a magnetic disk, a magnetic tape, an optical disk, or a semiconductor memory may be duplicated in the storage device of the terminal 4A.

The software CRHN (403A) is executed and started in S158, and the information about the private key 401A of the OTP token required for decrypting the encrypted data is input, the contract identifier of the OTP token, and the token number TRIDA of the OTP token are input. In the third embodiment, the URI that specifies the server terminal 3A that is the node to be connected to generate and authenticate the OTP is further set. (The secret key may be saved and input using wallet software, and the URI of the connection destination node may be set.) The user identifier A is calculated by the input of the private key 401A and the subsequent program execution, and the private key 401A and the user identifier are used. A and the token number URIDA are recorded in software 403A. Software 403A includes a blockchain identifier to be used and a program to access the blockchain.

In S159, the advertisement distribution service server terminal 5A is accessed according to the URI to the distribution site such as the advertisement set in the program of the software CRHN (403A) from the information input in S158 using the user identifier and the token number. At this time, the user identifier A, the token number TIDA, the IP address and location information of the user terminal 4A, the terminal ID and the sensor value of the terminal are recorded in the server 5A for the information agreed by the user, and access monitoring as shown in FIG. 6X is performed. It can be used to prevent unauthorized access.
It is presumed that in S159, the user identifier and the information obtained by anonymizing the user identifier are often used.

S160 to S165 are a series of sequences for OTP generation and authentication, and are the same as those described in the series of sequences from S190 to S195. The sequence from S160 to S165, such as OTP generation, OTP acquisition, and authentication by the acquired OTP, may be automatically performed inside the software CRHN (403A). It can be automated by setting the program of 403A so that the input and execution of the OTP acquired from the generation function to the authentication function can be automatically performed in the sequence from S162 to S163. In the embodiment, the content is automatically authenticated in the program in order to reduce the labor for OTP authentication for viewing the content and the time until browsing.
In the sequence from S162 to S163, the program of 403A can be set to manually input and execute the OTP acquired from the generation function to the authentication function when the user wants the manual input of the OTP and does not want to automate it.

S166 generates key information TTKY (4033A) for decoding EncData (4034A) from CTAU (4031A), AKTB (4032A) and CRKY (4030A) at 403A.

S167 decodes the encrypted data EncData (4034A) using the key information TTKY (4033A) generated in S166, and obtains the plaintext data DecData (4035A).

With respect to the plain text data 4035A obtained in the storage device of the terminal 4A by decoding 4034A in S167 in S168, the plain text data 4035A can be viewed, the audio / video can be viewed, the software, and the output device 45A and the input device 44A of the terminal 4A can be used. Run and operate the program and let the user use the content. In the third embodiment, the plaintext data 4035A obtained by decrypting the encrypted data is temporary data and is deleted from the storage device when the use of the content such as viewing or viewing of the plaintext data is completed.
In Example 3, a PDF format file (extension is .pdf) that manages text data of Adobe Corporation in the United States that can be processed by HTML5 and ECMAscript supported by web browser software, and an MP3 file that handles audio data invented by Fraunhofer IIS et al. Example 3 of the present invention using an MP4 file (extension: .mp4) that handles multimedia data such as video and audio according to ISO MPEG-4 Part 14 (ISO / IEC 14496-14: 2003) with an extension of .mp3). Using the method, encryption and decryption were performed using the OTP token and software CRHN, and the data in the file was viewed and viewed. Here, for the PDF format file, an access-controlled file can be set.
It is also possible to create a PDF format plaintext file with access control, and set access control, print prohibition, or print permission for the plaintext file obtained by decrypting the encryption of the present invention. Further, as in the example of the PDF file, plaintext data incorporating an access control program of an arbitrary file format and file extension is encrypted and distributed by the method of the present invention, and the encrypted data is encrypted by the method of the present invention. When decrypted, viewed or executed, the data may be programmed so that access control can be performed when using a plaintext file. The plaintext file may include a program that controls access by a method unique to the file (a method corresponding to each content file). )
Access control includes whether to print content, copy plaintext files to external recording terminals, change plaintext file contents, and limit devices that can play music videos.

The software CRHN (403A) reads the contents of the plain text data 4035A according to the file format, etc., and prints the browsing information on paper or the like using the printer 452A on the user's terminal 4A according to the program set by the right holder 4035A. Whether or not to output to the display 450A or the speaker 451A head mount display 453A is determined according to the output setting written in the plain text data, and the plain text data is output from the output device 45A. In addition, it is browsed according to the content input from the input device 44A. For example, text files, audio / video data, and in the case of software, use input / output devices such as keys and input buttons to operate the software, pointing devices, audio input, various sensors, and controllers to view, view, and execute plain text data. ..
It may be output to the display 450A used for a smartphone terminal or a mobile phone terminal, or may be a display 450A having a size such as 22 inches used for a desktop personal computer terminal. The display 450A of a portable laptop-type or notebook-type personal computer terminal or tablet-type terminal may be used.
In the practice of the present invention, the encrypted data may be decrypted and viewed by the OTP authentication system using the software 403A and the distributed ledger system DLS using only the normal display 450A without using the head-mounted display 453A.
The main invention of the present invention is OTP authentication and login by DLS, entry / exit, unlocking of locks, and decryption of encrypted data (login to encrypted data). Biometric authentication using a head-mounted display and prevention of content copying are used from the viewpoint of content protection.
When the head-mounted display 453A is used, it may be a spectacle type, or a binocular type, a monocular type, a non-transmissive type, a transmissive type spectacle type or a goggle type device. It may be used as an OTP authentication system when realizing virtual reality VR and augmented reality AR.
Further, when it is desired to use a pseudo-random number for the content when the user uses the content, the OTP calculated from the OTP token of the present invention may be used as a value for realizing the pseudo-random number. For example, the BnTOTP type OTP authentication code of the present invention is used when it is desired to use a pseudo-random number when an event occurs in a game in an online game or a game with an offline tendency (only the blockchain is online but the game is offline). You may. When OTP is used for pseudo-random use, a value with a smaller number of digits than that used for OTP authentication, for example, when it is originally a 10-digit OTP, the last 5 digits are used to generate a pseudo-random value. Is preferable.

Further, in S168, there may be a case where the data is not the content such as a book or magazine in which the right holder exists, but the encrypted confidential text is to be shared among the users of a certain group. The encrypted data showing a certain document may be rewritten between users and digitally signed to be changed.
Therefore, the plain text data is rewritten using the input device 44A, the hash value of the data before and after the change of the plain text data is obtained by the private key 401A of the terminal 4A, and the data is changed / added / altered at a certain time or a certain block number Bn. -Record the correction by electronically signing using MAC such as time stamp or HMAC or electronic certificate (The private key for electronic signature may be 401A or may be recorded on the employee ID card or personal number card. ), Using the OTP token of the user terminal 4A as the plain text data with the electronic signature added after the data change, the key information is the plain text data with the electronic signature added after the data change from CTAU (4031A), AKTB (4032A) and CRKY (4030A). As encrypted data encrypted by TTKY (4033A), it can also be sent to a user who wants to send confidential text (the user has an OTP token that can be encrypted and decrypted like the sender user). Then, every time a document file between two or more users is added or changed, the HMAC MAC value and electronic signature of the user who added or changed the data are added and encrypted repeatedly among the users. When you make changes to the data while storing it as encrypted data, you can enter a signature or time stamp.
The sequence of the above procedure is a combination of FIG. 7CB and FIG. 7CC. User UA and User UC belong to a certain organization and can create and view confidential sentences by repeating encryption, data change, decryption and encryption using HMAC MAC value and electronic signature. It may be preferable that the commercial software CRHN (403A) that performs this processing is a version different from the version that can only read and decode the work in which the right holder exists, such as a book or a music movie.

In ordinary paper magazines, newspapers, books, and textbooks, the user may write notes on those purchased with a writing instrument. When the present invention is used in the field of education, it may be preferable to be able to write on a textbook or the like with a touch sensor, an electronic touch pen or a marker. Audio music is sold in the form of record boards and optical discs, and movies are sold in the form of movie films, magnetic tapes and optical discs, and users rarely write on them with writing tools, but for books, users write notes on writing tools. There are cases where it is used for learning.
Therefore, in the present invention, in S168, a pen-type pointing device such as a touch pen or a pen tablet and a pointing device in the form of tracing with a touch-type finger are supported for book data, and when browsing data such as textbooks with 403A. The plain text data may be processed with a pen, and the difference data processed with the private key 401A may be digitally signed and saved. Or, if the textbook itself is entirely composed of image data, the pointing device is used to add arbitrary color information and image effect information to the image data of the corresponding page, and new plaintext data formed as a result. Can be encrypted and saved. This procedure can also be realized by combining FIG. 7CB and FIG. 7CC.
Compared to paper textbooks, OTP tokenized textbook data requires less storage space (you do not have to forget the terminal 4A and private key), and you can use the handwritten writing and saving function of the textbook at the same time as the OTP token. Realize with. If the encrypted data of the textbook in which the user wrote a memo etc. is lost or the number of writings increases so that it cannot be viewed, the encrypted data of the original textbook can be obtained and used again. It may be preferable that the software CRHN (403) for which it is possible to write in a book is different from the version (version or software name) in which the copyrighted work such as music or video can be decoded, viewed or viewed.

In S169, it can be connected to the advertisement server 5A (SVCRHNcm) corresponding to the URI built in the content. This is because there is a control statement in which the program built in the software CRHN (403A) can decode 4034A in S167 in S168 and display an advertisement in the plain text data 4035A obtained in the storage device of the terminal 4A. According to the control statement, when the URI that can be connected to the server 5A is described, the 403A receives the advertisement from the connection destination of the URI. Here, the URI needs to be suitable for rating the content.
It is not necessary to have an advertising function, and textbooks and the like may not record such an advertising URI or a program that guides an advertisement.
In S169, access can be monitored from the user identifier of the terminal 4A, the token number held, the IP address and the location information, the ID and the sensor value of the terminal, and the like as shown in FIG. 6X, and the presence or absence of unauthorized access can be checked. It is also possible to access the advertisement display server without displaying the advertisement and record only the access information on the server 5A. For privacy protection, it is possible to prevent access to the advertisement distribution server terminal equivalent to 5A or 5A.
In S169, the advertisement can be delivered by connecting to the server 5A, the advertiser only controls the access on the server 5A, and the original advertisement is in the form of words, pictures, videos and sounds inside the plaintext data. It may be recorded in. Further, for privacy protection, the advertisement may be recorded in the plaintext data as text or image data without distributing the advertisement and controlling the access to the server 5A. (In this case, it can be expected that fixed advertising information, like paper magazines, will remain in posterity.)

In S170, the viewed certificate data OFBKMK (4036A) is created. This is done in software 403A when the user decrypts the encrypted data. In S170A, the certificate data (4036A) encrypts or obfuscates TTKY (4033A), and the date and time when OTP authentication is performed and browsing is started are recorded as time stamp information, and the obfuscated or encrypted 4033A and time stamp are recorded. The consolidated data is digitally signed so that the presence or absence of falsification can be detected.
The 4033A is obfuscated / encrypted in some way, and the key information 40360A is not decrypted (difficult to decrypt) by the user of the terminal 4A. HMAC (Hash) that concatenates the time data at the time of OTP authentication, information such as user identifier (40362A), and data of 40360A into one message, and uses the secret key 401A or secret key CRKY (40302A) of the terminal 4A as a key for the message. -Based Message Authentication Code, code message authentication using hash function, message code authentication) is used to calculate the HMAC value and use it as authentication information (40363A). Then, 40360A, 40362A, and 40363A are concatenated to obtain the viewed certificate data OFBKMK (4036A).

In S170, the viewed certificate data OFBKMK (4036A) is a function that enables authentication when the terminal 4A is disconnected from the network and the blockchain cannot be used when offline, that is, when the CTAU value (4031A) cannot be obtained. The viewed certificate data OFBKMK (4036A) contains information of TTKY (4033A) that decrypts the encrypted data.
It is possible to describe 4033A in 4036A, but in that case, if 4033A leaks, the encrypted data distributed will be encrypted, so it is necessary to encrypt and obfuscate it in some way. be. It is also possible to encrypt 4033A using only the private key CRKY (40302A) built into the program of software CRHN (403A), but in that case, after browsing by a user who uses the same 403A. If the certificate data is distributed and read by a different user into the terminal and read by the 403A together with the encrypted data, it may be possible to view it. (However, in this case, when the secret key (here, 101B) that generates a user identifier different from the user identifier described in 4036A output by 403A is used, 403A may detect it and prevent browsing.)
Therefore, 4033A is encrypted using the secret key 401A of the terminal 4A (the 401A is assigned various valuable OTP tokens of the terminal 4A) to be CTTKY (40361A). Subsequently, CTTKY (40361A) was encrypted using the secret key (40302A) of soft air CRHN (403A) to obtain ACTTKY (40360A).
When the private key 401A is leaked or the private key is illegally reused, it is detected by an unauthorized access detection mechanism as shown in FIG. 6X when a user terminal such as the terminal 4A accesses the advertisement server 5A.

Here, it is an embodiment, and in the present invention, 4036A is data including the information of 4033A, the user identifier viewed, the time viewed by the user, and the MAC value obtained by calculating the message thereof using HMAC. The 4036A has a MAC value calculated from HMAC that can detect falsification of internal information. The information (40363A) for detecting tampering may be an electronic signature (digital signature) using public key cryptography instead of HMAC based on a common key or a hash function. However, in the embodiment of the present invention, HMAC is used because it is sufficient if the tampering of 4036A can be detected.

In the third embodiment, as a method of obfuscating or encrypting the TTKY (4033A) to obtain the key information 40360A, the 4033A is encrypted with the private key 401A of the terminal 4A and then encrypted with the secret key CRKY (40302A) of the software CRHN (403A). Unless the private key 401A of the terminal 4A and the private key 40302A of the software CRHN (403A) are available, TTKY (4033A) is obtained so that the encrypted data cannot be decrypted.
As a processing method, TTKY (4033A) is encrypted with a common key using the private key 401A as a key to obtain CTTKY (40361A). (It seems that public key encryption can be used in addition to common key encryption here, but the certificate data OFBKMK (4036A) is data for viewing when offline and is sent, notified, shared, and transferred to others. Since it is not a thing, common key cryptography was used. The means of encryption is not limited to common key cryptography and public key cryptography, but encryption / plain culture key TTKY (4033A) is encrypted or obfuscated and decrypted. Any method can be obtained as TTKY (4033A) again.)
Then, CTTKY (40361A) is encrypted using the secret key CRKY (40302A) built in the program of the software CRHN (403A) as a key, and is used as ACTTKY (40360A). Number and token As data that summarizes the contract identifier, cryptographic data, and OTP token name, the data is digitally signed using the private key 401A and HMAC to create certificate data OFBKMK (4036A). For example, SHA256 of SHA-2 can be used as the hash function of HMAC.

<Countermeasures against unauthorized use>
Common to Examples 1, 2, and 3 of the present invention is that the private key 401A is distributed to other malicious user terminals when it is duplicated and leaked by an attacker. There is a fear. If the 401A that has been maliciously distributed is used on another terminal, and if an advertisement is installed in the content of plain text data and it is connected to the interconnection, the IP address or terminal device of the server SVCRHNcm If the serial number and the information of the input sensor 444A of the input device 44A of the terminal are agreed by the agreement, the server 5A is notified, and the user identifier shown in FIG. 6X, the token number of the OTP token, and the IPV are collected and stored in the server 5A. Monitors and notifies the presence of unauthorized access. The user identifier shown in FIG. 6X, the token number of the OTP token, and the IPV are collected and stored for the terminal accessing the terminal 3C in the first embodiment, the terminal 3D in the second embodiment, and the terminal 5A in the third embodiment.
If the time information such as GNSS, JJY, or NITZ can be received in the case of offline, the time that can be viewed is set and displayed by comparing with the time information described in 4036A.
Also, if you are reading a book that is not decrypted by 4036A, maliciously shares 401A with other users on the network, and many people have unauthorized access to the same private key, software CRHN (403A) Many unauthorized accesses as shown in Fig. 6X were recorded on the terminal 5A via the URI to the advertising site embedded in the data of the software and books (with an apparently abnormal number of 10 people, 100 people, etc. instead of 2 people at the same time). Can be done.
Although it depends on the judgment of the service provider, the OTP token clearly states that the terminal 5A will monitor the access as shown in Fig. 6X by setting the rules so as not to hash the IP address etc. It may help prevent these unauthorized access if you try to sell. (The inventor determines that the use of the 403A and its decrypted data by accessing the 403A and its decrypted data at the same time on different terminals using the same private key is an unauthorized access.)
Depending on whether the service provider allows unauthorized access in the form of sharing such 401A, sharing or buying and selling of the private key should be prohibited in the terms of use if the content is to be sold. Also, when the private key is viewed as a service account, it can be lent under the name, so it is usually not allowed to reuse the private key. It is conceivable that the private key of the present invention can also be used for the OTP token of the bank's Internet banking, and when it is used for that purpose, sharing, buying and selling, and lending the secret key of the OTP token are money laundering together with the violation of the terms of use. There is a risk that it will be used for such purposes, and the law may limit the unauthorized use of private keys.
From the viewpoint of managing the private key, the private key such as the personal number card cannot be extracted. It is recorded on the IC card 46A (NFC tag 46A), and the terminal 4A is wirelessly connected via a terminal or NFC, and then via the IC card. It may be preferable to have access to the contract on the blockchain. In that case, an organization that manages the private key in the IC card is required. It is necessary to keep the private key information inside the IC card in a database of the IC card manufacturing and issuing organization, and then change the settings of the device so that the private key of the IC card cannot be accessed.

<Removal of tokens and storage transfer of tokens>
In the present invention, the contract of the OTP token having the OTP generation authentication function shown in Examples 1 to 3 is used in the ERC721 standard. According to the ERC721 standard, a contract administrator's terminal 1C can provide a removal function for accessing the contract and removing the token number. By combining this token removal function, the issuance function, and the transfer restriction function, the OTP token storage transfer operation can be performed from the contract administrator 1C. In this case as well, the user can use the OTP token by using the private key 401A of the user terminal 4A.
If the user loses the private key or illegally shares the private key with others by the transfer restriction function and removal function, and unauthorized access occurs, the OTP token is used as the private key 401A (and its private key) of the terminal 4A. It is possible to transfer the key by removing it from the user identifier calculated from) and issuing it to the user identifier of another private key separately specified by the terminal 4A. If unauthorized access still does not stop, it is possible to remove the token. It is necessary to specify in the terms of use of OTP tokens that the existence of the token removal function and that it can be stored and transferred.
When the storage transfer operation becomes possible, the contract administrator can transfer the OTP token to a different private key when the user loses or leaks the private key. Then, when the user transfers or inherits the OTP token to someone, the transfer can be requested from the contract administrator. If there is no transfer function, the OTP token cannot be sent if the private key is unknown, and inheritance between family members and relatives will not be possible.
On the other hand, the contract administrator of the OTP token will be able to issue, remove, and transfer the tokens of all token numbers belonging to the contract. At the request of the user's family, the contract administrator can perform storage transfer on the terminal 1C and inherit the inheritance, but since the authority is concentrated on the terminal 1C, the responsibility of the contract administrator increases. When performing the customer's token removal function, it may be necessary to state in the terms of use etc. to propose the purchase of the token and to comply with the law and be audited from the outside so that the customer's OTP token can be custody. In addition, it may be preferable to manage it by a company that has acquired qualifications related to the warehousing industry, trust, banking industry, finance industry, information and communication industry, and so on.

I mentioned inheritance here when OTP tokens are, for example, expensive or irreplaceable text, books, or music video data that you want to inherit to your family or someone in your family wants to inherit. On the other hand, in order to transfer tokens, it may be appropriate for an organization such as a corporation to operate the terminal 1C and perform storage transfer. Paper documents can exist for more than 100 years, but the distributed ledger system such as OTP tokens and blockchains of the present invention, the software CRHN that decrypts encrypted data, private keys and encrypted data, and the digital that operates them. This is because when operating for 100 years or more using the terminal of the device, it was necessary to touch on the inheritance of the OTP token when considering the OTP token as a digital asset possessed by an individual or a corporation in consideration of the life span of a human being.

In S171, the contract administrator can update the secret value (seed value) for calculating the OTP such as the KC value and the BC value of the contract by using the terminal 1C. In the third embodiment, the terminal 4A is connected to the internetwork at the time of OTP authentication of the present invention, and BnTOTP or OWP can always be authenticated using the latest seed value. In addition, the signboard information KNBN (3024A) that describes the name and contact information of the OTP token can be rewritten. As an example of its use, an OTP token is a token of a book, and when the publishers that publish the book merge, the contact information of the surviving company can be described in the token contract.
In Example 3, OWP may be used in addition to BnTOTP.

<Decryption of encrypted data when disconnected from the network>
Paper books can be read without relying on the existence of the network 20. For book data stored in the terminal of a computer such as a computer or server, if there is a power source to operate the device, information is output to the input / output device according to the data recorded in the storage device of the built-in device, and that is the book information. You can read it. When viewing book data via the network 20 on the premise of the existence of the network 20, the data cannot be read unless the data is stored in the terminal and can be read.
In the present invention, in the terminal 4A disconnected from the network 20 due to a disaster or the like, the certificate data OFBKMK (4036A) created when the encrypted data is browsed by performing the OTP authentication recorded in the terminal 4A (at the time of sequence S170). ) Is used to allow viewing and use of books, videos, audio, and software using a method that allows viewing within the time limit for viewing. FIG. 7CC shows a sequence diagram for browsing encrypted contents when the terminal 4A is disconnected from the network 20 and is offline.
In the present invention, as shown in FIG. 7CC in Example 3, the encrypted data can be decrypted and viewed / viewed / used by the terminal 4A not connected to the network 20, but the encrypted data can be stored in the certificate data 4036A. TTKY (4033A) used for decryption is included in plain text or in an obfuscated / encrypted state, and information such as the browsing time and browsing user identifier in which the block number, time information and user identifier at the time of OTP authentication are recorded. When 4036A was included and 4036A and 40362A were concatenated as message data, the MAC value (40363A) was calculated by HMAC for the message data, and 4036A, 40362A and 40363A were concatenated to obtain 4036A.
The information required for 4036A is the information related to the calculation of TTKY (4033A) used for decrypting the encrypted data, and when connected to the network 20, OTP authentication is performed from S156 to S170 of FIG. 7CA to calculate TTKY (4033A). Combines the time stamp information 40362A such as the time when the encrypted data can be viewed, and based on the secret key 401A of the terminal 4A, the secret key (40302A) built in the software CRHN (403A), or software internal variables other than 40302A. If there is a MAC value (40363A) calculated by HMAC, the certificate data of the present invention can be constructed.

<When the plaintext data is stored inside the obfuscated / encrypted software 403A instead of using the encrypted data 4034A>
As another embodiment of 4036A of the third embodiment, an embodiment in which the plaintext data 4035A is built in 4030A inside the software 403A in which the source code of the terminal 4A shown in FIG. 4C is obfuscated / encrypted can be implemented. (In the case where the plaintext data 4035A is incorporated together with the software secret key 40302A in the source code 4030A of the encrypted or obfuscated program of 403A).
In this case, when the private key 40302A of the software 403A and the private key 401A for the user are present, the information of the user identifier A that can be calculated from the 401A using the secret variable K403 (40303KA) in the 4030A of the software 403A and the time at the time of OTP authentication. The hash value HT403 of the information obtained by concatenating the information T403 and K403 is obtained, and the hash value HTK403 is concatenated with the information constituting the certificate including the readable user identifier A and the time stamp information T403 at the time of authentication, and the text of the certificate is concatenated. The MAC value 40363KA may be obtained by HMAC using 40362KA as a message as the data CHT403 (40362KA) and the user private key 401A as a key, and 40362KA and the MAC value 40363A may be concatenated to obtain the certificate data OFBKMMK (4036A).

When the MAC value 40363KA is obtained by HMAC using the above 40362KA as a message and the user secret key 401A is used as a key, and the 40362KA and the MAC value 40363A are concatenated to obtain the certificate data OFBKMK (4036A), the return value CTAU of the OTP authentication function is simple. It may be a return value of only one truth value, or it may have two or more return values and a variable used in the conditional statement of the judgment expression that 403A allows the user to browse. The reason why the CTAU may have only a single boolean value is whether the internal data of the software 403 is encrypted or obfuscated including the plain text data and OTP authentication can be performed in the contract on the blockchain at the time of program execution. This is because the 403A confirms the true / false value of false or false, and if the true value can be returned and authenticated, the certificate data 4036A of S170 can be calculated using 40303KA and the user's private key 401A.

The user private key 401A and the certificate data 4036A are read offline by the 403A, and the MAC values 40363A to 4036A described in the 4036A are checked by the 401A to see if they have been tampered with, and if the 4036A has not been tampered with. The software 403 reads the value of HTK403 of CHT403, and calculates whether it matches the hash value HT403 of the information of the user identifier A that can be calculated from 401A calculated inside the software, the time information at the time of OTP authentication, and the information that concatenates K403. If the information of 4036A and the information calculated by 403A match, the plain text data built in the program is viewed and viewed through the input / output device of the user terminal 4A. If they do not match, the plaintext data will not be used.

Here, a method using HMAC with the private key 401A as a common key has been described, but a method of creating a certificate by digital signature using 401A as a public key cryptographic key is also conceivable. However, since 4036A is data that is not intended to be sent to others, HMAC is preferably used. Using the private key 401A to which the OTP token is assigned when online, the authentication certification data is created using HMAC, the secret variable (K403) inside the software, and the authentication time, and it is read when offline so that the files in the software can be viewed. ..

Software 403A calculates the time that the user can continuously view from the authentication time data of the certificate that can be detected by HMAC and the current time of the terminal 4A, and during that time, the data is viewed by the user of the terminal 4A through the input / output device.・ Watch and use. The authentication time is a past time, and the older the certificate data (4036A), the shorter the continuous viewing time. Then, since the browsing time is shortened, the user must start the 403A again, detect that the 403A has exceeded the time limit, terminate the process, and re-execute the software 403 frequently. To solve this, access 3A constituting the blockchain system when online, and perform OTP authentication again using the private key 401A to which the OTP token corresponding to the plaintext data to be viewed of the present invention is assigned to obtain the plaintext data. It is only necessary to be able to browse and issue new certificate data (4036A).

The right holder of the data has the authority to set the time when the plaintext data can be viewed continuously on the software. The data right holder can set the viewing time in consideration of the rating of the content and how the data is used in an emergency such as a disaster.
Further, if the data right holder permits, it is possible not to set a time limit when using the content offline using the 4036A.

In the application of the third embodiment, the time is calculated based on the time information of the terminal 4A when offline. According to the function of the real-time clock (RTC) included in the control processing device 41A of the terminal 4A, the time information is continuously retained even in the offline 4A using the power supply device 47A (including the battery capable of operating the RTC unit) of the 4A. However, there is a risk that it will be rewritten by BIOS. (Here, the RTC is a component that can provide a clock function composed of ICs such as a crystal oscillator and a transmission circuit.)
In the present invention, it is preferable that the software for controlling the terminal 4A such as BIOS prevents the time of the terminal from being rewritten, and the terminal 4A has a device for receiving time information, which is considered to be correct from information sources such as GNSS, JJY, and NITZ. It is preferable that the time information can be acquired and the time of the terminal 4A can be set to a value close to the International Atomic Time (TAI) or Coordinated Universal Time (UTC). When the hardware-like time information of the terminal 4A can be tampered with, the software 403A has no choice but to follow the wrong time or the time set maliciously, and the mechanism to limit the viewing time using the 4036A is It doesn't hold.

The requirements of the certificate data OFBKMK (4036A) are the time information 40362A when the data is browsed by the OTP authentication system of the present invention and the MAC value 40363A for verifying whether the information has been tampered with. When the encrypted data 4034A is outside the software 403A, information 40360A, 40361A, etc. for calculating the key TTKY (4033A) for decrypting the encrypted data are required. OFBKMMK (4036A) is issued according to the user private key 401A. If the private key is different even for the same content, different 4036A will be issued. Further, if the token number is different, a different 4036A will be issued.
When the encrypted data 4034A is inside the software 403A and is encrypted, that is, when it is obfuscated or encrypted like the software private key CRKY (40302A) inside the 4030A, the plain data is the program's. Since it is encrypted together with the source code and does not require TTKY (4033A), information 40360A, 40361A, etc. for calculating the key TTKY (4033A) for decrypting the encrypted data are unnecessary. The software 403A is executed, the user can read the private key 401A and the certificate data OFBKMK (4036A) into the 403A, and if the user wishes to view the software 403A, the 403A can view the plaintext data inside the software even if it is offline.
In the present invention, both the version of the software 403A that reads the encrypted data 4034A and the software 403A that incorporates the plaintext data can create the 4036A, and can authenticate and decrypt the encrypted data using the corresponding OTP token.

FIG. 7C shows a case where the encrypted data is decrypted by the terminal 4A having the configuration of FIG. 4B using the private key 401A, the encrypted data 4034A, the software CRHN403A, and the certificate data 4036A when the terminal 4A is not connected to the network. In the sequence S200, the private key 401A, the encrypted data 4034A, the software CRHN403A, and the certificate data 4036A are prepared by the terminal 4A having the configuration shown in FIG. 4B.

In S201, the software 403A is executed and started, and at least the private key 401A and the encrypted data 4034A are read (or the directory and file name of the file containing 401A and 4034A are specified, or the URI indicating the file is specified), and the like. If you need to enter the settings in, enter them.

In S202, the certificate data 4036A is read. At this time, in order to check whether the 4036A has been tampered with, the MAC value of the 4036A is verified using the private key.

In S203, ACTTKY40360A of 4036A is decoded by CRKY40302A or the like to obtain CTTKY40361A.
CTTKY40361A is decrypted using the private key of terminal 4A to generate TTKY4033A.

In S204, the encrypted data 4034A is decrypted by the TTKY4033A to obtain the plaintext data 4035A.

In S205, according to the program of the software CRHN403A, it is confirmed that the certificate has not been tampered with from 40363A included in the certificate data 4036, and the time information of the OTP authentication time and plain text browsing time information 40362A included in 4036A is used. The time that can be viewed is calculated from the time information of the terminal 4A and the time information of 40362A.

The S206 is equipped with a GNSS receiver of the terminal DA and a time receiver such as NITZ or JJY to allow the user to view or use the data until the time obtained by adding the viewable time to the current time. It is preferable to have it). The method of calculating and controlling the time that can be viewed here is changed at the request of the right holder of the plaintext data, and the program of the software CRHN403A and the method of processing and the variables used for the processing are described in the plaintext data 4035A. Time calculation method and variable values are not limited. S206 includes a process that can calculate and set a time that can be viewed by the user based on the time information of 40362A and the current time, and can stop the execution of 403A when the time has elapsed. If there is no limit on the viewing time, operate according to it.

In S207, a time longer than the value calculated by the user based on the time information of 40362A and the current time in S206 has elapsed on the user terminal 4A. In S208, when the time indicated in S207 is reached, the software 403A stops viewing and viewing the plaintext data, gives a warning, and then forcibly terminates the software 403A regardless of the user's intention.

Further, when the terminal 4A is not connected to the network of FIG. 7CC, the sequence of S203 or S204 is performed in the configuration shown in FIG. 4C (when the plaintext data 4035 is built in the software 403A 4030A and is encrypted or obfuscated). It is a sequence diagram excluding.

In the software CRHN (403A) of Example 3,
1. 1. CRHNReader, which can only convert from EncData to DecData,
2. 2. CRHNWriter, which converts DecData to EncData,
3. 3. CRHNReaderWriter that can perform mutual conversion between DecData and EncData
There are three possible types.
CRHNReaderWriter encrypts and decrypts the text every time the data such as documents is changed in order to encrypt and decrypt the text of a certain group (here, it is held as EncData, and when the user decrypts and changes EncData). DecData is built in the storage device). When changing the decrypted data, encrypting and saving it, it is possible to time stamp or digitally sign the document, enter the block chain block number and BnTOTP in a unique secret, hash the book data and block the book. It can also be stored in a form that is difficult to tamper with, such as a chain. (Software for managing confidential texts.)
In addition, as another form of CRHNReaderWriter, only when the right holder of the primary creation permits, the encrypted data of the content that becomes the primary creation is decrypted and then changed according to a part of the content. 2 It can also be used to distribute to the next OTP token holder as content that will be the next creation. In this case, as the right to use the content, it may be issued and distributed with a contract different from the OTP token of the content that is the primary creation. By programming the 403A, which is the CRHN Reader Writer, so that the part of the URI connected to the advertising server 5A cannot be changed even after the encrypted data has been rewritten, the primary creator can become a secondary or n-time creation. It is also possible to make a profit by advertising the server 5A connected / linked to the embedded URI information.
The CRHN Reader browses, plays back, and activates the plaintext data DecData obtained by decrypting the encrypted book, audio / video, software, and other data EncData. It may be provided with a function of recording annotations and the like separately from the plaintext data of the original, such as sticky notes in books.
CRHNWriter is for creating encrypted data EncData to be decrypted by CRHNReader from plaintext data DecData, and encrypts plaintext data DecData such as books, audio / video, and software.
Depending on the type and version of the software 403A, the identifier APKY40301A of the contract that manages the key dedicated to the software application, the private key 40302A of the software 403A, the return value CAPKY40303A of the key management contract acquired from the blockchain, and the like are set. By setting APKY, CRKY, and CAPKY as unique values for each version and type of software 403A, it can be used as information for switching whether to operate CRHN as CRHNWriter or CRHNReaderWriter. In addition, the software version of 403A can be changed every few years as an example, and APKY, CRKY, and CAPKY can be changed.

<Addition to the original and nth creation by a special version of CRHN Reader Writer>
As a form of CRHNReaderWriter, after decrypting the encrypted data of the content that will be the primary creation, it will be changed according to a part of the content of the content and distributed to the holders of the next OTP token as the content that will be the secondary creation. This is largely related to copyright, which is one of the intellectual property rights.
If the copyright holder permits the nth use of the content, it may be possible to sell the original and encrypted data of the content with the permitted advertisement, the OTP token that decrypts it, and the CRHN Reader Writer for that purpose. Content is assumed to be text books, images and videos, audio, game software and program source code.
As an example, even if the source code of a free software program is distributed as open source code with a license close to free, the secondary creator who collaborated and improved the distributed program said above. Attach the free OTP token corresponding to the data of the primary creator of the above and the advertisement URI attached to it to the program of the secondary creation, and when the attached program is used by the end user, the primary creator and 2 If the advertising expenses are paid to both the primary creator and the secondary creator by calling the advertisement to the advertisement distribution site of the terminal 5A according to the tag of the advertisement incorporated by the next creator, it may be possible to contribute to the improvement of the program's profit. No.
<Problems when using rights tokens protected by the rights of laws around the world>
In connection with intellectual property rights such as the copyright of the nth creation mentioned above, the OTP token of the present invention may be used as the ownership of stocks, real estate ownership, intellectual property rights, patent rights, trademark rights and copyrights. Although it is conceivable, the present invention is merely a means for making it difficult to tamper with information processing and for facilitating the exercise of rights by performing OTP certification (a method for automating certification), and its stock or real estate ownership or intellectual property. It should be noted that property rights are governed by the laws of the country, such as the administration of each country, audits of issuers and issuers of OTP tokens, specialists such as certified accountants for companies, and real estate for real estate. The intermediary of professionals and professional groups with legal qualifications such as transaction legal specialists, patent attorneys and lawyers is required outside the distributed ledger system.
In the present invention, regarding the use of the OTP token corresponding to the right, the OTP token relating to the legal right is the source of the dispute or does not exist in the absence of expert witness, audit, monitoring, judgment, approval, and witness ( There is a risk that it will be a record that is not supported by the law), so detailed explanations have not been given in the usage examples of the present invention. However, securities such as stocks can be OTP tokens for logging in to general meetings of shareholders, logging in to websites for shareholder voting, and expressing intentions, and for shareholders to use the services of the corporation corresponding to the stocks. Therefore, a usage example is described.
In addition, since the distributed ledger system can issue OTP tokens across national borders, it is preferable to issue and transfer the OTP tokens to KYC users when converting the rights protected by law into OTP tokens. When intellectual property rights such as patent rights and copyrights are acquired, the above rights are not always owned by the general public. There is a risk that an unexpected group (terrorists, etc.) will be forced to seize the majority of the rights and distribute the profits from the token rights. Therefore, in this case, it is preferable to give the OTP token a transfer restriction function and a storage transfer function using a token removal function.
In addition, it records the exchange of money or crypto assets between users by buying and selling OTP tokens, suppresses the provision of funds to unexpected organizations, and processes related to taxes generated by exchanges on distributed ledger systems such as OTP tokens. It is preferable that there is a server terminal (an extension of the terminal 3E or 3F) that automatically performs the above.
The distribution of OTP tokens is preferably traded between KYC users.
Also, if the user identifier is entered incorrectly, the token cannot be sent to the user who originally wants to send it, so in order to facilitate identifier search, the user identifier is associated with the domain name and IP address in the same way as the domain name system. It may be preferable to associate an address such as a user identifier or contract identifier in a distributed ledger system with a URL / URI such as a domain name and record it on a server 3F, 3E, 5A, 5B, or the like.
<Remarks for copying>
Although the prevention of copying of 450A by a silver halide camera, a digital camera, etc. by the head-mounted display 453A has been described, it can be recorded if it can be written down by hand with the human eye. Any information that remains in human memory can be used as a derivative work. It is difficult to completely limit copying and imitation. N-th creation and n-th use can occur in a way that the records of the secondary creator spread.
However, it is not assumed that children and students are prohibited from copying using what they have memorized within the scope of personal use in the form of learning from the content for fun and study.
Examples of using OTP tokens follow the content right holders and the law.

Only the version of CRHN software that can reproduce the encrypted data can reproduce the encrypted data. This is because continued encryption inside the fixed software can lead to decryption of the data encrypted by the software if the attacker breaks the key inside the software, so the software CRHN and it on a regular basis. This is to prevent the same APKY, CRKY, and CAPKY from being used by changing the keys APKY, CRKY, and CAPKY included in.
In addition, as an embodiment of the software CRHN (403A), software in which the plaintext data EncData is included in 4030A and the plaintext data EncData and 4030A are encrypted or obfuscated can be considered.

<Caution when decrypting encrypted files>
It is assumed that the plaintext file DecData contains a malicious program when the encrypted file is decrypted.
When creating a plaintext file, the plaintext file is given or digitally signed with an electronic certificate DecCert issued by a third party other than the file creator so that the publisher can be confirmed through the electronic certificate. In addition, books, audio and video computer software, etc. are given an audit certificate AuditRat indicating that an external third party audits the plaintext and that there is no program such as a malicious computer virus and that the content of the plaintext file is rated. Is preferable.
It is not necessary to add AuditRat for business purposes that encrypt confidential texts of individuals or groups. Further, if the customer allows a malicious program to be operated and uses it, DecCert is not used either.
EncCert that guarantees the hash value and contents of the data can also be attached to the encrypted file.

<Environment when decrypting encrypted files>
There is a virtual computer (virtual machine) technology method that virtually constructs multiple computer environments on a real terminal. There is also an environment called a sandbox that builds a virtual environment on the operating system and monitors the execution of software whose operation is unknown. It may be preferable that the software CRHN403A of the present invention be constructed in a system of such a virtual environment.
This is one of the means to minimize the damage when a computer virus or the like is embedded in the plaintext data of an encrypted file. There is a possibility that the capacity and processing amount of a third-party organization that audits plaintext may be limited, and in the present invention, if various data are issued by innumerable individual corporations with the software CRHN403A, the audit will not be completed. Audit certificates may be issued despite the inclusion of malicious software. In addition, there is a risk that the audit will not reach unknown virus programs, so it is preferable that they can be executed in a virtual environment. It is desirable not to store more personal information and private files than necessary in the virtual environment in which the 403A operates. It may be preferable to divide the private key into a hobby 403 key, a business 403 key, and an important financial key.
In order to realize a virtual environment, the software CRHN403A may be web browser software that can build a virtual environment or operating software that includes a web browser, or CRHN has a basic software part corresponding to the BIOS of a computer. May be good.

In carrying out the present invention, the test net of Ethereum, in which the block size is variable in the form of voting for the block gas limit value in Example 1, Example 2, and Example 3, was performed. The smart contract was written in the programming language Solidity, recorded in the blockchain, and deployed.
In the first embodiment, the computer terminal 1C (terminal 1C in FIG. 8A or FIG. 1) and the server P (terminal 3A in FIG. 8A or FIG. 1), which are the creators and administrators of the smart contract, are connected to the network 20 (FIG. 8A or FIG. 1). Using 1-20), set the secret value KC or BC value that can be changed only by the contract administrator by accessing the blockchain control processing unit 310A and blockchain recording unit 300A of the terminal 3A and performing one-time password generation and authentication. Then, it was compiled, converted into a byte code, recorded in the block data of the block number, and expanded.
In the Ethereum test network of the embodiment, new blocks are concatenated every 15 seconds and the block number Bn is incremented by one. The block number Bn is a variable proportional to time, which is a physical quantity, which fluctuates every 15 seconds.
In Example 1 of the present invention, the block number was used as a variable expressing time on the blockchain. To find out how many seconds have passed since the blockchain having a block number of zero was created at a certain block number Bn, it is obtained as Bn × 15 [sec]. In Ethereum, it is not necessary to be 15 seconds, and an arbitrary time interval t [sec] may be set, but this time, the present invention was carried out using 15 seconds determined by the test net.

The private key PRVA (101A) is recorded in the recording devices 10A and 101A of the user UA. However, in some cases, it may be recorded in the recording device DWALT1603A of the external storage device 16A connected to the terminal 1A wirelessly or by wire. The DWALT1603A may be a contact type IC card type, a non-contact type IC card type, a contact type storage device type (hardware wallet), or a non-contact type tag type (NFC tag type). Further, the recorded secret key PRVA1608A such as paper or board may be used.

The contract can look up the user identifier associated with the token number of the generated token. Using the function to check and display the user identifier that holds the token of that number from the token number, in addition to all transaction data of the contract on the blockchain, the user UA or UC like the so-called shareholder list is the owner of the token. A list of user identifiers can be created and saved, printed on paper or the like in a form including a block number, user's BnTOTP, or the like, or saved in a recording device. If the token is a service that allows you to browse the book data, the identifier of the holder of the book and the token number of the book (serial number of the book) (this is the possession of the token even if the blockchain cannot be used all over the world). It becomes a list of papers, etc. used to find out who is).
The ownership ratio of all issued tokens can also be calculated from the list data. Transaction data is collected from the server P or the like by the server terminal 3F, aggregated, and used on a daily basis. As a representative of the server terminal 3F, the terminal 3E, the terminal 5B, etc. will be a terminal having a role of calculating and recording the possession ratio of all issued tokens from the list data and notifying the user as a passbook or an asset balance ledger of the token. You can also.

<Blockchain search function, search result database construction function>
In the 301F of the storage unit 30F of the server terminal 3F, the search history for the blockchain and the correspondence relationship of the data on the blockchain corresponding to the search history are recorded on the 3rd floor, and the key information and the search of the search on the blockchain are recorded. A database may be constructed by recording a part of the resulting blockchain information on the 3rd floor.
As an example, by recording the OTP token contract identifier and service name information that many users are interested in and their transactions, search access is accepted on the 3rd floor without concentrating access to the blockchain node 3A, etc. Information can be delivered. The memory of 311F is written in 301F, and 301F is controlled by 311F.
The terminal 3F is one of the blocks of the blockchain like the server terminals 3A and 3B, and after recording all the information of the blockchain, the contract identifier, user identifier and transaction recorded in the blockchain data can be obtained. It is possible to analyze what kind of search is being accessed from the user terminal and save the search results so that the information can be provided to the user faster. Frequent OTP token search results and data on the blockchain are recorded and placed in the storage device, which has a high data capacity such as a hard disk drive or magnetic tape, but has a slower access speed than the main storage device or SSD. By storing a cache of low-searched data, it is possible to receive access information from users' searches from all over the world to the blockchain at high speed using a storage device and store the information of the search destination.

<Example of searching data on the blockchain and using it for distribution of OTP tokens>
There is an OTP token of the present invention corresponding to the viewing right of the content related to the book of the publisher in demand on the blockchain, and people are the name of the OTP token, the issuer of the OTP token (such as the publisher name), and the OTP token. Total number of issues (total number of books sold), total number of user identifiers owned (total number of purchased user accounts), existence of multiple OTP tokens (how many were purchased for each user identifier), OTP tokens transferred The user searches for the rating information, publisher contact information, OTP token purchase destination, encrypted data distribution destination, etc. described in the OTP token sign information KNBN to see if there are any restrictions, and the user can check the distribution status of the OTP token. The search information can be used as a material for determining whether or not to purchase the OTP token by examining the information of the purchase destination of the OTP token.

<Transaction monitoring function on the blockchain>
In addition, the user contracted to use the service provided by the 3rd floor, registered as a user, and registered the contact information such as the e-mail address, which is personal information, in the notification destination database 3013F using the notification destination registration unit 3113F. In this case, if a transaction occurs for the contract identifier or user identifier specified by the user, 3010F and 3110F monitor it, and the 3F blockschain status change notification destination database 3013F indicates that a new transaction has occurred and the status has changed. It is necessary to notify the user's e-mail address or phone number or user identifier registered in the database with the time when the status change occurred and the content of the status change.
When the number of executions of the OTP generation function or OTP authentication function can be recorded in the contract internal variables 3017A, 3017AG, or 3017AA, the user should monitor the changes in 3017A, 3017AG, or 3017AA recorded in the contract on the server terminal 3F. The contract identifier requested to be monitored, the token number of the OTP token of the contract corresponding to the contract identifier, the user identifier, etc. are associated and recorded on the 3rd floor 3010F.
The state change detection unit 3111F operated by the state change detection program 3011F detects the change in the transaction of the specified contract identifier or user identifier, and the transaction of the OTP token belonging to the contract specified by the user or the transaction of the user identifier is newly added. When the state of the blockchain changes due to the occurrence, the state change detection unit 3111F detects the state change of the blockchain, and the notification unit 3112F makes a transaction by SMS (Short Message Service) using an e-mail address or a telephone number or a telephone number. Notifies the user through the user terminal that a new transaction has occurred, and notifies the user whether the transaction is familiar to the user.
If the transaction is occurring even though the user is not operating it, tell the service provider corresponding to the contract identifier of the OTP token that there was an unauthorized use, and the user and the service provider It is expected that both parties will consult and solve the problem.
3017A, 3017AG, and 3017AA are information recorded on the blockchain and are difficult to falsify. If a transaction that newly changes the information is sent to the blockchain and linked to the blockchain, it is difficult to change or tamper with it. If a person's private key 401A or 101A is illegally obtained and the OTP generation function or OTP authentication function in which a variable such as 3017A is set in the OTP token of the present invention is operated, the record cannot be canceled. In the present invention, a server constituting a blockchain system such as 3A is provided with a function of detecting and recording access information such as an IP address, location information, and device ID for crime prevention, and a user like the server 3F. By combining the function of detecting and notifying unintended unauthorized use, it may be possible to discourage those who try to make unauthorized use.
For that purpose, the blockchain unit such as the server 3A records the information of the accessor to the server 3A, and the service providing server unit such as the server 3C and the advertisement server 5A is also equipped with the access information monitoring function as shown in FIG. 6X. Moreover, it may be possible to create a 3A blockchain-type access database or a 3C blockchain-type access database and store them on each server so that the access data cannot be tampered with.

<Function to distribute asset balances such as OTP tokens from the blockchain system DLS in the form of a certificate that can detect falsification>
In addition, the user organizes the transactions of the user identifier and contract identifier on the blockchain on the 3rd floor, and the transaction statement (passbook) with personal information such as the user's name and address, the asset balance certificate on the DLS such as the OTP token, etc. Search the transaction report using the user identifier or contract identifier as the search key, collect the search results, and use the time stamp, electronic signature, HMAC, etc. to detect the tampering as the balance or transaction statement at the time of a certain time stamp. It may be distributed to users in a form that can be done.

<A function that promises to deposit tokens in the contract up to a certain block number in the future>
Book the fixed token deposit function (TimeDeposit function of OTP token, fixed deposit in currency is in the form of OTP token of the present invention) that prevents the OTP token from moving to the future block number in the OTP token (until a certain future period). It may be used by incorporating it into the token of the OTP token of the invention, and the block number for which the TimeDeposit function of the OTP token is canceled by that function is specified in the remarks column associated with the OTP token that deposits the block number, such as an electronic signature or HMAC. You may use to create an asset balance certificate that is difficult to tamper with.
The TimeDeposit function is used, for example, when storing OTP tokens that decrypt encrypted data of books that users do not intend to transfer until a certain period (years or decades) even if the transfer restriction of OTP tokens is lifted. It is supposed to be used for. Even if an unauthorized access is made due to the leakage of the private key, it can be prevented from being transferred by the token transmission function by the TimeDeposit function.

<Service to search for contracts on the blockchain and services corresponding to the contracts>
Blockchain search monitoring that allows users to access information from the blockchain unit data recorded by the server terminal 3A from the contract identifier and the signboard information KNBN of the contract of that identifier in response to the user's request, and to provide the information desired by the user. There is a server terminal 3F equipped with a storage unit 301F and a blockchain search monitoring unit 311F for accessing the 3rd floor from the terminal 1A or the terminal 4A, and the contract identifier of the desired OTP token, the service name of the OTP token, and the OTP. You can search for the user identifier that issued the token, information on OTP tokens with a large number of searches, information on OTP tokens with a large number of issues, and information on OTP tokens with a large number of issues. Here, since the 3rd floor already has an existing service example, the explanation can be omitted, but if the 3rd floor does not exist, the distribution of OTP tokens and the transaction monitoring using the blockchain cannot be performed, so the description is described here.
The server terminal 3F and the search and monitoring service provided by it are blockchain explorers (systems that investigate, browse, and search information on the blockchain), and Etherscan, an information search site by an organization called Etherscan, is an existing example. (Reference source, https://etherscan.io/ Retrieved December 8, 2020). In the present invention, the existence of the terminal 3F receives access from a terminal having no private key or a terminal 1A having a private key, and makes it possible to search, search, and browse data on the blockchain according to the setting of the terminal 3F.
If there is no terminal 3F, the terminal 1A must access the terminal 3A and find the desired information from the blockchain on its own. Also, in order for a user who does not have a private key to access the blockchain (terminal 1A 101A, terminal 1B 101B, terminal 1C 101C, terminal 4A 401A, etc.) to see the data exchange occurring on the blockchain. Also, such a blockchain search service site and the terminal 3F that bears it are required.

An existing example of a service that searches for blockchain is Etherscan. In the present invention, searching for and collecting information on the blockchain is not the content of the invention and is omitted. However, in addition to the server 3F of the present invention, the server P (3A in FIG. 1), the terminal 1A, the terminal 1B, the terminal 1C, and the terminal The 4A, the server terminal 3C, the terminal 3D, the terminal 5A, etc. may access the blockchain, record the transaction data of any contract, build a database, and search the data related to the contract. When searching from Etherscan, transactions with user identifiers or contract identifiers specified by URI can be searched.

It is important to conceal the transaction when deploying the contract on the blockchain in the authentication system of the present invention and the code inside the contract, and conceal the transaction when changing the secret variable KC value or BC value of the contract. There is a need for a system that allows the concealed data to be searched, or does not disclose it to users other than the user identifier that allows the transaction data to be viewed. In the authentication system of the present invention, it is preferable to use a blockchain platform that can be concealed.
Using a concealed blockchain platform, generate a contract that generates and authenticates a one-time password, issues a token with a token number that has the authority to display the one-time password to the user, and provides the user with a means of one-time password authentication. In addition to providing it, the contract administrator etc. conceals and blocks the transaction that describes the command to rewrite the variable KC or BC that is the secret key used for the calculation of the one-time password in the contract and the value of the new variable by encryption etc. It is preferable to send it to the chain for recording.
It may be a blockchain platform that uses a plurality of blockchains for concealment of contracts and cooperates with each other. Further, the node of the blockchain may be equipped with a transaction manager or the like to conceal transactions on the blockchain.
Since the present invention is not an invention relating to the construction of a concealed blockchain infrastructure, concealment will be omitted. The method of concealing the contract program data, secret variables KC, BC, etc. is not limited.

<Application of TOTP to directed acyclic graph systems and other data structure systems equipped with smart contracts>
In the present invention, a blockchain in which blocks are connected as a single chain to a data structure is used as an example. Since the blockchain is resistant to tampering and the blocks are formed by connecting the blocks from the past to the future in a one-dimensional chain, the time variables of the one-time password and the one-time password in the block at a certain time It is easy to implement the present invention in that the smart contract that tokenizes the password and authenticates it is not easily tampered with. In the present invention, the blockchain uses Ethereum, which can be equipped with a tamper-resistant program that operates based on a transaction on the blockchain called a smart contract (Non-Patent Document 1).
On the other hand, there is also a system that uses a directed acyclic graph (DAG) for a system that has a data structure different from that of the blockchain (Non-Patent Document 2). In DAG, a transaction is one data block. When the present invention is used for DAG or the like, it may be difficult to express the time using a block number.

If the data block (chunk) is time stamped in the DAG type, it may be possible to construct a contract for the TOTP token that operates in the system. In the DAG type distributed ledger system, the time data Tm described in the latest block (chunk) forming the DAG as a function representing a certain time T can be used for the generation and authentication of the one-time password. Tm has a data block that constitutes DAG, and the smart contract of one-time password authentication described in the present invention is recorded in a certain data block, and the latest data that can indicate the same time in the entire DAG system for the smart contract. When it can be obtained from a DAG block or a DAG system, a smart contract can be executed in the same manner as the blockchain, and the authentication system of the present invention can be obtained.

When DAG is used here, since there are a plurality of transaction data blocks (chunks) at the latest time, it may be necessary that the latest time information is recorded in all the latest transaction data. In the present invention, it was possible to use the latest block number of the blockchain, the time data or time stamp of the latest block, and the block hash of the latest block data as the seed value for calculating TOTP. However, if it has a DAG type data structure instead of a blockchain, or if there are a plurality of current latest data blocks or transaction data as in DAG, TOTP cannot be generated using block hash. Further, if the block of the latest transaction data does not include time information or numerical information representing the time corresponding to the block number, it may be difficult to generate TOTP. TOTP such as BnTOTP can be used if numerical information representing the time is included.
In the distributed ledger using the blockchain type data structure, the hash value of the block data is only one because there is only one latest block. In addition, the past block hash refers to each block data of the block chain, and can be listed from the present to the past corresponding to the block number. On the other hand, if there is block data of multiple latest transactions such as DAG blockchain, different block hash is calculated for each, so there is no unique block value depending on the time, so block hash is used as the seed value of TOTP. It is difficult.

In order to apply the present invention when using a DAG, a distributed ledger control unit that can use a variable corresponding to the latest block number or time stamp in the blockchain type for executing a smart contract is required. In the case of the blockchain of the embodiment, the blockchain unit includes a processing unit for obtaining a block number and a time stamp.
The present invention is a distributed ledger equipped with tamper resistance such as blockchain and DAG, and is a platform on which a smart contract operates. When data such as transactions are connected as a block (lump) from the past to the future, the data block is used. The processing unit related to one-time password authentication is built into a program called smart contract that is hard to be tampered with inside the connected body, and it is made tamper resistant, and the time data Tm obtained in the latest block or system state of the data block connected body is stored. It is characterized by being used to generate a one-time password. Tm may be time information, or the contract administrator may rewrite BC to an arbitrary time by using BC instead of Tm.

<Application of OWP to systems equipped with smart contracts in directed acyclic graph systems>
In a directed acyclic graph (DAG) system or a system running a smart contract with a data structure that is not included in it, the user of the contract administrator can access the contract to generate and authenticate one-time passwords at any time. It is possible to describe a transaction that rewrites the secret variables KC and BC in the distributed ledger, generate a password OWP by changing KC or BC, and use it for authentication. In the case of password OWP, the variable KC or BC can be changed at any time by the contract administrator regardless of the time information of the blockchain or DAG, so that it can be applied to a data structure such as DAG.
In the present invention, the password OWP, which allows the user of the contract administrator to rewrite and change the seed value at an arbitrary time T, is also effective and applicable to a platform for operating a smart contract with a data structure different from that of the blockchain. Will be done. In DAG, by rewriting the variables of KC and BC, which are the seed values of OWP, at each time from the terminal of the contract administrator, it is possible to generate a dynamic password that changes every time like TOTP. In this case, the storage device and the processing device are provided with a program for changing the KC value and BC value of the contract at the specified date and time on the terminal of the contract administrator, thereby automating the update work of the KC value and BC value. You can also do it. (A DAG equipped with a smart contract can build a pseudo TOTP authentication system by an automated program that changes the seed values of OWP and OWP even if it is difficult to implement the TOTP type.)

In the present invention, Ethereum is used in the examples, and the present invention was made while verifying that it can be operated by a blockchain based on Ethereum and a smart contract execution system using the blockchain. The invention was made in 2020 AD, using the latest version of Ethereum at that time and the programming language Solidity.

In the present invention, a system that uses smart contracts to use information that changes at a certain time in the blockchain as a seed value for a dynamic one-time password, and a system that decrypts encrypted data using the authentication system, and We explained the login system for websites, and the authentication system used for tickets and unlocking keys using media such as NFC tag 19A using digital devices, valuable paper leaf 18A such as paper, and display 1500A.
At the time of authentication, the block number Bn and block hash value of the latest block data in the blockchain, the time stamp value, the token number of the token belonging to the contract, the user identifier of the blockchain, the IP address, the location information, the device information of the computer, and the computer. It is characterized by using the physical quantity measured by the environment sensor 4440 or the position sensor 4441 or the motion sensor 4442A or the biometric authentication sensor 4443A of the sensor 444A of the built-in input device 44A, and the user's private key used in the blockchain is fraudulent. An authentication system that can monitor and detect usage and notify users. The above-mentioned authentication system of the present invention has been described with reference to examples, reference numerals, and figures.

However, since the present invention is not a blockchain-based invention, the details of Ethereum are omitted. As a premise of the embodiment, the present invention operates in an environment in which Ethereum and Ethereum smart contracts operate. In addition, web apps that use smart contracts running on Ethereum and its blockchain, dApps (decentralized application software), web browser software, ECMAscript, Solidityy, computer operating software, blockchain nodes, networks, servers that become nodes, etc. For computers, use an environment where Ethereum can operate. For implementation, a blockchain platform that can utilize concealed transactions and contracts is preferable.

<Definition of network>
The encrypted network 20 (network NT) and the unencrypted network 22 (network NTP) included in the communication network 2 shown in the present invention use a wired cable such as an optical fiber or an electric wire and wireless equipment. , It may be an internetwork, which is a global communication network.
The network may be a local area network LAN with restricted connections.

<Collaboration of contracts on the internetwork and local area network>
Here, a network that cannot be physically connected to an internetwork is a network that is used only in a group building or a network that is formed by connecting a building and a building far away with a dedicated line. As an example, it is a computer network constructed with a dedicated line used by companies, public institutions, universities, research institutions, financial institutions, and the like.
In the present invention, authentication is possible if the content of processing such as a hash function for calculating a password when performing one-time password authentication and its argument can be matched. For example, when generating a password OWP with a paper ticket, the OWP is generated by accessing the blockchain via the Internet and printed on paper, and the paper ticket authentication is to read the ticket at the entrance of the building that provides the service. The terminal 3D is connected to a local area network (LAN) in the building, and accesses and authenticates a blockchain contract dedicated to the building operating on the LAN.
What is important here is that the blockchain contract between the Internet and the LAN of the building must match the processing content such as the hash function fh that calculates OWP with the seed value KC. If OWP can be authenticated on the LAN blockchain, the user can enter the building.

<Collaboration of contracts on the local area network>
If the seed value matches the function that generates and authenticates the one-time password, the one-time password can be generated and authenticated by a contract on the same LAN or a blockchain constructed on a different LAN. Specifically, when a research institution encrypts experimental data in a laboratory with an encryption system using the software 403A of the present invention, or locks research facilities and equipment, a LAN that is not connected to the interconnection network. A blockchain is formed in Japan, and a one-time password with an access level according to the staff of the research institute is given to the employee's IC card type employee ID card, etc., and the encrypted data can be viewed and the plain text data obtained in the experiment is encrypted. , Used for unlocking research facilities and equipment.

<Storage device>
In the present invention, a storage device such as a user terminal 1A or a server terminal 3A has a read-only memory ROM (Read Only Memory) and a random access memory RAM (Random Access Memory). In addition, SSDs (Solid State Drives) composed of flash memories, which are one of semiconductor memories, HDDs (Hard Disk Drives) using magnetic disks, and magnetic tapes can also be used as storage devices. Optical discs are also used.

<Management of personal information used in the authentication system of the present invention>
European Union EU General Data Protection Regulation GDPR (Reference source, Japan External Trade Organization Special Feature EU General Data Protection Regulation (GDPR) https://www.jetro.go.jp/world/europe/eu/gdpr/ Browsing date 2020 According to (December 8, 2014), it is expected that personal information will need to be protected.
Personal name and address, e-mail address, telephone number, IP address, location information, ID (device ID) unique to the device such as terminals 1A and 4A, value of sensor 444A of terminal input device 44A, user identifier and OTP. In the present invention, when collecting the token number of a token and holding it in a terminal such as server 3C or server 5A as shown in FIG. 6X, the consent of the terminal owner is requested, what kind of information is collected, and unauthorized access is detected. The function of explaining whether to use or requesting consent can be used in the services described in Example 1, Example 2, and Example 3 having the data structure of FIG. 6X. In the present invention, when monitoring and detecting the unauthorized use of the private key of the user terminal, the user identifier, token number and IP address, the sensor value of the terminal, etc., which are personal information of the user, are collected.
In the present invention, in order to detect unauthorized access while protecting personal information, the user identifier, token number, IP address, location information, and ID (device ID) unique to the device such as terminals 1A and 4A shown in FIG. 6X are used. The value of the sensor of the terminal is anonymized (irreversibly prevents identification. Processing such as hashing and cutting off a part of the hash value after hashing) or pseudonymization (reversibly pseudonymized data and it) When a key for decrypting the information is used. When personal information is encrypted and stored), the information can be recorded and used in the data format of FIG. 6X on a terminal such as a server terminal 3C or a terminal 5A.

Although some embodiments of the present invention have been described, these embodiments are presented as examples, and for each service, encrypted data, device, container, vehicle, and building in which the authentication system of the present invention is used. It is used in compliance with laws and regulations, and computer terminals, networks, server terminals, recording devices, and input / output devices can be added accordingly. While protecting the personal information of the user who uses the authentication system of the present invention, the system to which the present invention is applied is operated on the premise of access control to data and services. In addition to the processing content described in the description of the present invention, variables, functions, and processing necessary for providing services of various industries and types to users are added to the smart contract in the form actually used. Is possible.
Although some embodiments of the present invention have been described, these embodiments are presented as examples and are not intended to limit the scope of the invention. These novel embodiments can be implemented not only in Ethereum and the like but also in various other embodiments, and various omissions, replacements, and changes can be made without departing from the gist of the invention. ..

<Symbols / Terms>
Next, symbols and terms will be explained.
DLT (Distributed Ledger Technology) A distributed ledger technology.
DLS (Distributed Ledger System) Distributed ledger system. DLS is used as an abbreviation for a blockchain system or a DAG type system to which the present invention is applied.
URI (Uniform Resource Identifier) A generic term for URLs, URNs, etc. that specify the location of information on the Internet.
Wallet software Manages the private key used in the DLS. As an example, it is used as a web browser extension with a password. You can access the web page / DLS with the recorded private key.
Hardware wallet An external storage device for a private key that allows a digital device to record the private key. Some devices can work with wallet software. It is similar to an Individual Number Card in terms of a private key storage device.
Private key PRVA, etc. Private key used on DLS. Without the private key and DLS, authentication and services using OTP tokens cannot be performed. Same as 101A of terminal 1A.
User identifier A Calculated from the private key 101A according to the processing of DLS. In the embodiment, the private key, the public key, the hash value of the public key, and a part of the hash value data are cut out and used as the user identifier.
User of UA terminal 1A.
User of UA terminal 1B.
User of UA terminal 1C.
User of UP terminal 4A.
An abbreviation for a one-time password based on time on the blockchain, which is calculated based on the block number Bn and the seed value KC inside the contract on a DLS such as the BnTOTP blockchain.
An abbreviation for a password when an OWP contract administrator (Owner) rewrites the contract internal variables KC and BC of the distributed ledger system DLS to arbitrary numerical values for an arbitrary time to generate a pseudo OTP.
Abbreviation for BIOS Basic Input Output System. Performs basic control such as reading operating system software and recording time information from the storage device or external recording device of the terminal.
Abbreviation for EFI Extensible Firmware Interface. The latest BIOS standard used at the time of patent filing.
ROM Read Only Memory. A storage device that can only read after writing data.
RAM Random Access Memory. A storage device that can erase and rewrite data.
CPU Central Processing Unit. It is a central processing unit of a computer, and is an integrated control unit and arithmetic unit.
SoC System on Chip. A chip that integrates multiple functions such as a CPU, graphic processing device, wireless signal receiving modem such as GNSS, and wireless communication modem. Configure communication devices and control arithmetic units.
Abbreviation for MCU Micro Control Unit. Micro control unit.
Abbreviation for NFC Near Field Communication. Near field communication.
NITZ network id and time zone.
GNSS Global Navigation Satellite System / Global Positioning Satellite System.
JJY The name of the broadcasting station that transmits Japan Standard Time.

In the distributed ledger system DLS such as blockchain, among the information TB (or Tm) that changes at the latest time T on the DLS, the variable that changes in the latest block on the blockchain depending on the time such as the block number Bn is used. We have realized a one-time password authentication system in which the password BnTOTP changes dynamically based on the time.
In addition, the information TB that changes at the latest time T on the DLS is changed to the seed value BC or KC of the contract involved in the one-time password authentication system by the contract administrator at any time and at any numerical value. We have realized a one-time password that can be changed by the contract administrator using the password OWP of the token number TIDA, which is valid until the contract administrator changes the value.
Then, we have realized a one-time password authentication system based on the time that allows the contract administrator to change and update the seed values KC and BC for the password BnTOTP at any time and at any value.
Furthermore, in a public blockchain, it is considered necessary for security to use a random seed value for BnTOTP calculation, and the value V determined by the votes of the nodes constituting the blockchain and the block data size value BSZ connected to the blockchain are pseudo-random numbers. We have realized a one-time password authentication system that is used to calculate BnTOTP as the original value of. Then, using BnTOTP as an example, it is possible to log in to a website, decrypt encrypted data, and enter by logging in to a website or the like at an online service providing venue in the real world.

<Use by BnTOTP>
Website logins can be used for multi-factor authentication in banks, securities, insurance and payment businesses. It can also be applied to membership sites, e-commerce, online data storage, e-mail, commercial online software, and login to online computer games. When decrypting the encrypted data, authentication is performed by the authentication system, and the encrypted data can be decrypted using the return value as one of the keys.
<Use by OWP>
It is used for valuable paper leaves 18A such as tickets and NFC tag 19A for unlocking locks.
Have the user display and print the password OWP, and have the user print the user identifier A, token number TIDA, and password OWP as a character string or bar code on paper to make it 18A, or record it on a non-contact digital device such as NFC tag 19A. In the real world where paper and electronic tickets are manufactured and services are provided, an authentication system that provides services can be constructed by reading the password OWP, user identifier A, and token number TIDA from the previous term ticket and performing authentication. As for paper, it is sufficient that information can be printed and printed, and digital printing devices such as laser printers, inkjet printers and thermal printers and corresponding paper, thermal paper, ink, toner and the like are used. The printing method uses a plateless method, and it suffices if the character strings and barcodes can be recorded on media such as paper, plastic, and metal plates according to the instructions output from the computer.
If the authentication information can be read by a camera or the like, the information can be recorded not only on paper but also on a metal plate or stone plate. Even without using a camera, it is possible to manually authenticate a character string. Even without a printer, the user can manually write the character string required for authentication on a piece of paper or metal plate in a legible state, bring it as a ticket to the place where the service is provided, and present or convey the character string to the service provider. , The service provider can also manually enter the string into the authentication function to authenticate. However, this cannot save labor and automate, so a character string or a barcode indicating it is printed on paper, and the service provider reads the character string barcode with a camera or scanner to authenticate.
When the OWP, the user identifier A, and the token number TIDA are recorded in the NFC tag 19A, the terminal 3D that manages the lock that can read the NFC tag 19A is made to read A, the TIDA, and the OWP, and the terminal 3D performs the authentication process. The lock can be unlocked when the authentication result is correct.

<NFC tag that records authentication information such as OWP>
Authentication by digital devices such as NFC tag 19A can be expected to be faster than paper. The NFC tag 19A may be a portable terminal or a terminal that is easy to wear, and may be a terminal built into a mobile phone terminal such as a smartphone, a wallet type, an IC card type, a tag type such as a key holder, a glasses type, a hearing aid / headphone / earphone. Mold, clothes type with NFC tag 19A, watch type, bangle type, belt type, shoe type, etc. (Unauthorized access detection is also possible when the terminal that can connect to the network 20 such as a smartphone and the NFC terminal 19A communicate with each other and cooperate with each other, except for exceptions such as disasters). Even if it is not an NFC tag, it can be used in the form of a tag such as cloth, plastic film, or paper on which OWP or the like is printed on clothing such as wallets, clothes, and shoes.

<Product authenticity verification using tags using OWP>
In the present invention, as a ticket using OWP, a membership card, an ID card, a gift certificate, and a service ticket (valuable paper leaf) are assumed. In addition to that, when performing authenticity verification and certification when distributing trademark rights (including three-dimensional trademark rights), the model number of the clothing and the contract identifier of the OTP token, the serial number and the OTP token number, It can be used for authentication by using the user identifier and OWP code of the product manufacturer having the trademark right. In this case, the product is certified as a regular distribution product in the form of an NFC tag built into the product protected by trademark rights, or a barcode such as cloth or paper that is visibly attached to the surface of the product. can.
When an NFC tag is attached to clothing, it is possible to determine the authenticity of the genuine clothing product certified by what kind of NFC tag. However, at the same time, the data of the NFC tag built in the clothing may be read by wireless communication, which may infringe on the privacy of the user who has the tag.
On the other hand, compared to NFC tags, the method in which OWP or the like is printed, printed or woven on cloth or the like is not read wirelessly, which is useful for protecting personal information. If the authentication information is written on paper or cloth, the OWP authentication information tag as the product serial number should be placed next to the laundry display, size information, and manufacturer information on the tag part that describes the size of clothes that are not normally visible. Can be attached.
Although clothing is shown as an example, labels for agricultural, forestry and fishery products protected by the right holder, labels for daily necessities such as food, labels for alcoholic beverages such as wine and sake, labels for clothes, labels for leather products, labels and stamps for jewelry. , Labels for electrical and electronic equipment, labels for residences, labels for parts such as automobiles and machinery, models / toys, paper books, labels for products with copyright holders such as music / video discs (and tags) ) Also, the present invention can be applied, and product certification and authenticity verification can be performed.
Even for small products such as semiconductors and electronic components, OWP that can be discriminated with the naked eye and can be discriminated with a microscope by patterning, engraving, and printing fine character strings or barcodes on semiconductor packages and built-in silicon and elements. It is possible to confirm whether the product is genuine or not by recording the authentication information, reading the OWP information, and substituting the read information into the authentication function. When OWP is used, even if the printed content or the engraved content is so small that it cannot be visually discriminated, it can be authenticated if it can be enlarged and read as character information or image information.
When applying the present invention to small precious metals such as wearable computers, watches, rings, jewelry and semiconductor chips (IC silicon pieces before packaging), semiconductors, stones, etc., information such as minute OWP is displayed on the surface of the base material of the product. It is also conceivable to record it with a carved seal and use it for authenticity verification. For accessories such as rings, the base material of the ring body, which holds jewels, is engraved. It may be possible to manage product distribution by recording multiple minute information such as OWP in products such as precious metal jewelery and ingots. It may be possible to produce valuable paper leaves by printing minute information such as OWP so that they cannot be easily read even when the valuable paper leaves made of plastic film or paper are distributed.

<Logistics management using tags using OWP>
A DLS that generates and authenticates an OWP for physical distribution is constructed, an OTP token is issued to the DLS for physical distribution, and the corresponding OWP generation function and the position information and sensor information of the terminal that has been authenticated at the time of authentication are displayed on the DLS. By using the authentication function to be recorded, it is possible to record the delivery status of the distribution container labeled with OWP. When the container is sealed with OWP, the OWP certification information of the present invention is printed on the sealing label, and the distribution of the package sealed with the sealing label 18A is recorded and tracked on a blockchain resistant to tampering. can.

For food distribution, the information of 18A of the present invention is printed on the food packaging, and the product information such as the taste / expiration date information and the manufacturing factory information printed on the food packaging is recorded and managed in the distribution process. By reading the two-dimensional bar code at the store when making a purchase and associating it with the consumer's payment information and the terminal, it is possible to record information on when the food was purchased at a certain store until the expiration date. And from the above information, it may be possible to reduce the food waste loss due to the expiration of the consumption of the purchased food. The distribution information of 18A and the taste / expiration date information of the product purchased at the time of purchase at the store are used for payment on the terminal 1A, etc., or the payment result is recorded and displayed on a terminal that can be viewed, and the terminal 1A is notified when the expiration date is approaching. By doing so, food disposal due to the unintended expiration date is prevented. The information of 18A may be linked with a terminal that controls a food storage such as a refrigerator.

Not limited to food products, home appliances, housing equipment, automobile parts and automobiles, pharmaceuticals, and other products are manufactured and sold by the manufacturer and distributor with the consent of the consumer sold by the store when the manufacturer and distributor of the product collects from the consumer. When information can be disclosed to, it may be useful for investigating which products are purchased by which consumers.

<OWP certification>
Here, when authenticating with 1500A, 18A, or 19A using the password OWP, there is an authentication server (authentication terminal 3D) that determines whether the paper and electronic tickets brought to the place where the service is provided are valid. In some cases, ticket authentication is possible, and even if the network goes offline due to a disaster or the like, ticket authentication can be performed. From the viewpoint of ticket issuance and possession, token data is recorded on servers all over the world due to the characteristics of DLS such as blockchain resistance to tampering and distribution, and it is possible to record that the user possessed it. It can also be used as another key for tickets.
In the present invention, in order to prohibit or permit the transfer of the ticket 18A using the OWP in order to enhance the industrial applicability, and to enable the admission ticket with paper, NFC tag, etc. Introduced the concept of an owner-type one-time password OWP that the owner, who is the administrator of the contract, can arbitrarily change using arbitrary variables to connect the DLS and the paper ticket.

<Relationship between BnTOTP and OWP>
OWP changes the password generated by the token of the token number belonging to the contract by rewriting the seed value for one-time password calculation in the contract by the contract administrator. On the other hand, in BnTOTP, the block number is automatically increased and the seed value is changed. A pseudo BnTOTP can also be realized by the OWP method by sending a transaction to the DLS so that the contract administrator changes the seed value BC or the like every time the block number changes like the block number Bn and rewrites the seed value. Therefore, in the present invention, it is preferable that the contract manager can change the seed value used for calculating BnTOTP as in OWP.
In the smart contract on the DLS, as the concept of the OWP method and the BnTOTP method, it is possible to imagine the case where the second hand of the watch moves automatically (BnTOTP) and the case where it moves manually (OWP). If the second hand of the clock, which is a counter, can be moved, the password will change and a dynamic password can be generated by the DLS smart contract (variables that are changed by changes in time derived from DLS-derived block numbers, etc. are adopted as counter variables. The difference is whether to change it by sending a transaction that rewrites the variable of the counter via the smart contract).
Here, as compared with BnTOTP, OWP also includes updating the seed value, and is therefore a necessary element in the present invention.
In the present invention, by using OWP, the provision of services by valuable paper leaves such as tickets in the real world and the provision of services in the digital world such as websites, software for decrypting encrypted data and advertisement distribution service to the software, An unauthorized use monitoring service for private keys is possible.
In addition to OWP, focus on data such as block numbers used for DLS such as block chains that do not need to manually update the counter, and add block number Bn to the argument of the hash function that calculates the OWP password to make it BnTOTP. By doing so, it is claimed that the seed value of the one-time password can be changed manually and the seed value can be updated automatically by DLS.

<Availability of OTP tokens on smart contracts>
FIG. 9A shows a blockchain type distributed ledger system, and FIG. 9B shows a mode in which the smart contract of the present invention and the unauthorized use monitoring function of the private key in FIG. 6X are used by using the directional non-circulating DAG type distributed ledger system. .. The present invention can provide an OTP authentication system by using an OTP generation function and an OTP authentication function recorded as a smart contract program on a distributed ledger system that is difficult to tamper with in the form of FIG. 9A as well as the form of FIG. 9B. ..

<Availability of OTP tokens>
The OTP generation token that generates the BnTOTP or OWP of the present invention can be issued to users by a contract on the blockchain like a key in the real world, or can be transferred to each other by a limited community or users all over the world. It will be possible.
The one-time password token of the present invention can be used for keys or login rights, ownership rights, viewing rights, usage rights, voting rights, etc. in the real and digital fields, and encrypted data can be used by the present invention. It will also be possible to decrypt using a one-time password token. The present invention can be applied to paper tickets, electronic tickets, website login tickets, and can be applied to services deployed in both the real domain (physical domain) and the digital domain (data domain).

<Use of OTP token as a security token>
He mentioned that it can be used as a ticket for logging in to websites in a digital space, decrypting encrypted data, and using services in the real world with paper or NFC tags. Here, the OTP token is assumed to be used as a utility token, but it may be possible to give the OTP token the role of securities regulated by law. That is, the OTP token of the present invention is a security-token (electronic record transfer right, source: Japan Securities Dealers Association https://www.jsda.or.jp/about/jishukisei/words/0326.html, December 12, 2020. It may be possible to use it as a browsing ,).
As one of the specific forms of use of the security token, the OTP token used in the OTP authentication system of the present invention is linked to the stock of the corresponding corporation, and the contract manager of the OTP token restricts the transfer and transfers the storage. , Of the profits of the corporation, the dividend will be distributed by transferring it to the securities account of the owner of the OTP token in cooperation with securities companies and trust banks.
Then, the OTP authentication system may be used to log in to the website where the general meeting of shareholders is held, and the voting rights may be exercised by an electromagnetic method at the general meeting of shareholders through voting or the like using the OTP authentication system of the present invention. One OTP token is given voting rights and is used for logging in and voting by exercising voting rights on the website where the general meeting of shareholders is held. In addition, when using the rights that shareholders can receive when they have stock-type OTP tokens (rights to use their own services, shareholder benefit tickets, etc.), the BnTOTP-type OTP is displayed on the display of terminal 1A, etc. It may be possible to receive the service when the OTP authentication result is correct by presenting it to the provider or the service providing terminal.
In this way, it may be used as a voucher or securities in the financial field such as banks and securities. It is also expected to be used in connection with the locking of buildings and for ownership and usage rights of real estate in buildings.

<Use of OTP of OTP token as pseudo-random number and used for pseudo-random number generator>
Something may be decided based on the probability such as lottery or playing with dice. For example, there is a lottery that can be drawn after purchasing a product that is used for attracting customers, and the present invention may be used for that purpose. For amusement applications, OTP may be used in computer games, including online games, to determine the processing of things that occur in the game. Even in the real world, the OTP of the OTP token used as a dice may be displayed instead of the actual dice, and the displayed number may enable playing with play equipment such as a card game.
Alternatively, there are cases where people visit religious facilities such as temples and shrines, throw money, or pay money and donate to religious facilities to draw fortunes. In this case as well, the OTP authentication system and OTP token of the present invention are used. And its pseudo-random number generation function may be available.
The present invention has a function of generating an OTP, but while using this as a pseudo random number, it can be used as an OTP token for logging in to a website equipped with OTP authentication, and even after logging in to the website, the OTP token can be used as an OTP. Can be generated and used as described above. Then, when you make a donation to a religious corporation such as a temple or shrine or make an Omikuji on its website and settle it with currency etc., the OTP value of the OTP token will be the OTP value of the OTP token. May be used as an argument to calculate, and the result of the fortune telling may be calculated and displayed on the user's terminal 1A. Then, the data of the pamphlet that introduces the luck of the luck may be distributed to the users who visit the temple or shrine in the form of encrypted data so that the users can view it.

When using OTP for pseudo-random number generation, the mapping type variable KCU [TIDA] (or VU [TIDA]) corresponding to the user's token number TIDA in the OTP generation and authentication contract is used as the user identifier of the owner of the TIDA token. Equipped with a setter function that can be changed by A, only the user identifier A can rewrite the KCU [TIDA], and the contract administrator 1C cannot rewrite it, but only the user can access and rewrite the OTP token owned by the user. It is also possible to construct a pseudo-random number generator that can change the seed value used for calculating the pseudo-random number.
This sets a secret variable KCU [TIDA] that can be set by the OTP token holder according to the OTP token number, in addition to the secret variable KC value set by the contract administrator, and is set by the user for each token. The KCU [TIDA] is added to the argument of the hash function fh to generate an OTP. In the case of the BnTOTP type, the calculation example of OTP is BnTOTP = fh (A, TIDA, KC, Bn, KCU [TIDA]).
Pseudo-random numbers for mapping type variables such as KCU [TIDA], KCU [TIDB], and KCU [token number] (or variables such as structure type and array type are also possible, and if the token number can be used as a key to express the KCU data array). Since the user can set it, it is possible to obtain the lottery result by adding the KCU [token number] specified by the user, not the lottery result of only the KC value specified by the contract administrator. May help prevent.
As an example of the fraudulent activity of the contract administrator, if the side that manages the game, for example, an online game, knows all the seed values including the KC value, the OTP of a specific token number of a specific user identifier will be at a certain time in the future. It is possible to know what kind of OTP value can be obtained, predict it, and incorporate malicious processing into the online game providing program of the server 3C, aiming at the user identifier A or the like.
Therefore, when the seed value KCU [token number] of the OTP token held by the user is set and can be changed (and the transaction transmitted when the user identifier A changes KCU [TIDA] can be concealed. (When) makes it difficult for the contract administrator to estimate the user's future OTP value. If the user does not know the KC value determined by the contract administrator, the OTP value generated by the OTP token of the token number TIDA possessed by the user is not known, so that the user can use it as a pseudo random number generator. The contract administrator may be discouraged from guessing because the user does not know when to change the OTP seed value KCU [TIDA].
Here, we have described the industrial applicability of online games when the present invention is used as a pseudo-random number generator, but in addition to online games and lottery, there is a probability that something will be done by individuals, groups, companies, and public organizations. It may be available when deciding.

<Possibility of distributing data by regarding OTP tokens as content>
It enables the distribution of encrypted data using a distributed ledger system that is different from electronic books and paper books. It is possible to transfer the OTP token, the encrypted data, and the software CRHN403A for decrypting the OTP token to another user in a state where the transfer is not restricted. It will be possible to facilitate the distribution of data derived from copyrighted works created in Japan overseas.
The data includes novels, cartoons, music, videos, computer game software, business software, 3D CAD data (and 3D objects such as models output from 3D printers using the 3D CAD data) and a wide range of content. May be treated in the secondary secondary market as an OTP token, which is a viewing right / data decryption key. In addition, since it has a function of restricting the transfer of tokens at any time during secondary distribution or releasing the restriction, distribution can be performed according to the request of the right holder.
By providing an advertisement and access monitoring server when the data is decrypted when the OTP token and the encrypted data are distributed, it is intended to distribute the advertisement revenue to the right holder of the content being viewed. The advertisement display function also has a function of preventing unauthorized access, and can detect unauthorized use of the private key of the owner of the OTP token. The software CRHN403A also has an advertisement display function, which prevents unauthorized access, displays advertisements, and notifies software updates.

<Possibility of distributing OTP tokens as content access rights, ownership rights, and content itself>
In the application of decrypting encrypted data in the present invention, for example, for books, distribution of encrypted data using a distributed ledger system different from electronic books and paper books, and distribution of OTP tokens as their ownership and access rights. enable. In computer software, business software and game software are also distributed as OTP tokens representing ownership and access rights.
Unless the OTP token contract has a built-in removal function, the OTP token will continue to be recorded and stored in the hard-to-tamper blockchain in association with the user's private key and the corresponding user identifier. If a user also has a terminal having the same function as the node terminal 3A like Ethereum and can become a node of the blockchain, the ownership information of the OTP token can be stored as long as there is a user who wants to hold the blockchain. If the software distributed by the computer software seller has encrypted data or unencrypted plain text data built into the software CRHN and distributed, the software is recorded and held in the user's terminal to operate the software. You can continue.

<When using an OTP token as a viewing right for broadcast encrypted data>
By writing the contract identifier information of the OTP token that the viewer views inside the broadcast encrypted data or in the software 403A together with the data in FIG. 6X, the user identifier is which broadcaster (or broadcast service provider) contract identifier. It is possible to know which token number of the user identifier the user is accessing and viewing. This function applies the advertisement server function and the unauthorized access prevention function of the terminal 5A. In consideration of user privacy, it may be particularly required to anonymize the user identifier and token number and record them on the terminal 5A as shown in FIG. 6X.
By totaling the access data shown in FIG. 6X and totaling the number of accounts of the user identifier corresponding to the number of viewers of the broadcast, the total number of viewers can be obtained, which can be applied when it is desired to obtain the audience rating at the time of broadcasting. However, when the number of broadcast receivers is comparable to the number of receivers for terrestrial digital broadcasts, etc., the terminal 5A must be a group of multiple distributed servers, or the computational resources and network 20 will be used when performing access control in the format shown in FIG. 6X. Since it may consume the communicable band, the information on whether or not the access reception time in FIG. 6X is being viewed at a different time for each last digit of the token number is sent from the terminal 4A to the server of the terminal 5A via the network 20. It may be preferable to be able to communicate to the group.

<When determining the authenticity of GNSS signal data using an OTP token>
The BnTOTP signal of the present invention is attached to the GNSS positioning signal broadcast from the positioning artificial satellite terminal 5C such as GNSS that can be connected to the node terminal 3A of the blockchain, and the positioning signal received by the ground station terminal 1A or the terminal 4A is used. By authenticating the data with the authentication function 3018A of the node terminal 3A of the blockchain via the network 20, it is possible to determine whether the positioning signal of the broadcasting station 5C is correct, and it is possible to determine whether or not the positioning signal of the GNSS is spoofed.
The GNSS signal is information for a car, an aircraft, a ship, a mobile phone / smartphone terminal, and an unmanned machine to determine their own position, and makes it possible to determine the authenticity of the GNSS signal and determine the spoofing signal. The position information and time information are linked to the data on the blockchain by using authentication by BnTOTP, and the terminal 1A uses the position information, time information and blockchain information of the terminal 1A that has received the positioning information including the BnTOTP. It may be possible to authenticate that you were in a certain place at a certain time.
Then, by using the position information, time information, and blockchain information of the terminal 1A that has received the positioning information including BnTOTP, BnTOTP and time can be added to the information such as text image information, moving image, and voice recorded by the terminal 1A through the input / output device. By recording information and location information, it is possible to add reliable time stamps with location information to input / output information and printed matter. (The MAC value of HMAC may be added to the data.)
In addition, it may be possible to move those machines more safely with location information certified for navigation applications in automobiles, ships, aircraft and unmanned aerial vehicles.

The idea of attaching BnTOTP to this GNSS signal is the idea of attaching OWP to an object in the form of 18A or 19A in the distribution management by the tag using OWP, and the data broadcast from the terminal 5C. It is applied to the distribution of broadcast data, and BnTOTP is attached to the broadcast data to manage the distribution of the broadcast data. Not limited to the GNSS signal, BnTOTP or OWP may be attached to broadcast data or distribution data for authentication and authenticity may be determined.

<Relationship with download sales platform>
Ebooks, audio-video data, computer software, and computer game software are increasingly being sold by download sales platforms. However, the download sales platform may need to install different application software for each company that operates it, or the service may be terminated if the company that maintains the software cannot survive.
For example, e-books and computer games may have purchased viewing and playing rights, and ownership of semiconductor memory ROM cassettes and optical discs that store paper books and game software to be read by computer game terminals. It is different from the form of selling.
In the present invention, the ownership is distributed as an OTP token only when the right holder permits, and the content is in the form of encrypted data that can be decrypted by the blockchain system, the OTP token, the private key 401A to which the token is assigned, and the software CRHN403A. The aim is to make it possible to possess.

<Operation in a virtual machine environment>
It is also conceivable that the blockchain of the present invention is processed by a virtual server network. Computer terminals such as personal computers and servers are subject to drastic changes in hardware and software. For example, in the present invention, the OTP token and the data and its rights distribution system in which the encrypted data is decrypted by the OTP token for 100 years or more. However, there is a risk that the software itself that starts operating software such as BIOS and EFI will be changed and existing operating software, web browsers, and blockchain client software will not be able to operate. The possibility of updating the blockchain-based public key cryptosystem, cryptographic hash function, and common key cryptosystem is also conceivable.
Therefore, not only the server 3A but also the node terminal and the web service terminal of the distributed ledger system such as the server 3C may be operated in the virtual machine environment. In case the blockchain client software cannot run on the server terminal operating software due to compatibility issues, it is possible to run it on a virtual computer, server, or multiple servers. May be preferable. (Examples of compatibility issues are changes in the Internet protocol for browsing websites, changes in programming languages such as ECMAScript)

<Long-term operation>
Considering that it will be used in a real or virtual machine environment for a long period of time, it is preferable that the blockchain system consumes less power, and it should have lower power consumption than Proof of Work such as Proof of Authority and Proof of Stake. It is preferable to use the expected blockchain system consensus formation algorithm. Sustainable energy should be used for power supplies that power terminals and networks.
It is preferable that the service provider has a list of owners of OTP tokens corresponding to the service from the blockchain using the server 3F or the like, and can store the owner's information like a list without depending only on the blockchain.

<If the user can change the seed value>
There are some seed variables in the contract, some can be accessed only by the contract administrator, others can be rewritten by users who are completely unrelated to the contract, and by the owner of the token. By preparing a variable and allowing the user to change it to an arbitrary numerical value at any time, it can be a pseudo random value. It is also possible to set a one-time password generation seed value corresponding to the user's token number and use it as a pseudo-random number generation element in online games and the like. It can also be used for lottery as a service that uses randomness.

<Possibility of distributing OTP tokens as a key to decrypt the encryption of confidential information>
It is possible to encrypt plaintext data that only users who have been granted OTP tokens in a certain organization want to view, and distribute and view it as encrypted data. In the present invention, in addition to decrypting only with the distributed ledger, an external password AKTB that can be used inside the organization is set. As an example, in a company, the parts and models of the prototype vehicle are distributed as 3D CAD data as encrypted data, and the software CRHN403A that can decrypt it and the OTP token (and the return when authenticated with the OTP token). An employee who can have a value CTAU) and an external password AKTB can decrypt and view the data, and can create parts and models based on the 3D CAD data.
The OTP token of the confidential information is associated with the private key of the user terminal 1A (terminal DA). Here, as the external recording device 16A of the terminal 1A (or 4A), an IC card recording the private key assigned to the personal number card, IC card type employee ID card, student ID card, etc. is connected and communicated, and the private key in the IC card is communicated. It is also intended to encrypt important information, personal information, personal records, and confidential information. (In this case, if the IC card on which the private key is recorded is damaged or lost, the private key may be lost, and the IC card issuer copies the private key to the storage device, and the storage device cannot be accessed from the Internet. It may be necessary to store and manage it in a data center or safe.)

<Sale as a viewing right to decrypt encrypted data broadcasting>
It may be possible to exchange viewing rights of radios and televisions encrypted using the token of the present invention as OTP tokens when broadcasting or communicating by amateur radio or commercial radio. It may be possible to provide an OTP authentication system that enables decryption and viewing of encrypted broadcasting in fields including terrestrial broadcasting, satellite broadcasting, wired broadcasting, and Internet broadcasting. As an example, it may be possible to contract or buy and sell viewing rights of programs broadcast in one country A and another country B. In addition, radio information can be encrypted and broadcast at individual stations and corporate stations of amateur radio. It can also be used when communicating inside a factory or company for business use.

<Sale as a scrambled broadcast viewing right to decrypt encrypted data broadcasts in satellite broadcasts>
It may be necessary to secure a radio band for the use of wireless communication devices such as mobile phones and smartphones on the ground. Since satellite broadcasting broadcasts from outer space to the ground, if artificial satellites can be deployed in outer space, data can be broadcast from outer space without consuming ground radio resources, and it may be used as a viewing right for broadcasting during data broadcasting. ..

<Relationship between OTP tokens as viewing rights for satellite broadcasting and radio resources>
When there are many communication and broadcasting networks by artificial satellites in space and the terminal 4A can acquire the encrypted data from the artificial satellite type broadcasting station 5C by wireless broadcasting on the ground, the encrypted data (data such as magazines and newspapers). , Information on software data, etc.) is broadcast, and if the private key 401A of the terminal 4A that has received the data has an OTP token capable of decrypting the data, it can be decrypted and used. The encryption key TTKY (4033A) at this time is set for each OTP token corresponding to each broadcast content.
Specifically, there is an OTP token corresponding to a service that broadcasts encrypted data of a certain newspaper or television, and the person who possesses it has a receiver installed in the terminal 4A in the band (channel) corresponding to the encrypted data broadcasting. The received encrypted data is decrypted with the OTP token for viewing and viewing. OTP tokens are subscribed or subscribed to by the subscription service. The OTP token is set so that it cannot be used after the end of the fixed-term contract. It may be considered to carry out terrestrial broadcasting, including broadcasting in the event of a disaster, while broadcasting and communicating with higher added value or larger capacity for new purposes on an artificial satellite network in outer space.

<When distributing the distribution right of the program frame of the satellite broadcasting network or the content to be distributed as an OTP token>
Data that an individual wants to distribute to a private satellite to a radio station for uplink is transmitted, uplinked to an artificial satellite and transmitted, and then downlinked from the artificial satellite and broadcast to a terminal on the ground. (Also, the right may be converted into an OTP token). For example, video data with a large amount of data is distributed all over the world on video viewing sites, but the data traffic may not be negligible. The wireless network 20 consumes radio wave resources, and the wired network 20 requires the addition of optical fibers and the like in order to cope with the increasing traffic. If the data required for watching a video is content that is consumed by many people, it is better to receive and record the data as encrypted data for satellite broadcasting rather than communicating it on a video site via a two-way communication network. The load on 20 may be reduced.
Alternatively, even in the video distribution data during two-way communication, the same data is distributed as encrypted data rather than being transmitted to different people many times, and it is connected to the advertisement distribution and fraud monitoring server 5A on the software 403A. While watching it, the burden on the network 20 may be less. The OTP token may be distributed as a live distribution viewing right for video, and may be used for live distribution of video that is resistant to communication failures by combining broadcasting from artificial satellites and broadcasting from network 20.
There may be scrambled broadcasting that broadcasts encrypted data after selling and distributing OTP tokens to users living in the area (including multiple nations as symmetry) within the reception range of satellite broadcasting such as a private sector. No.

In the present invention, the head-mounted display 453A is provided with a biometric authentication function 4530A, and when the encrypted data is decrypted and viewed, the biometric data of the person who is viewing the encrypted data can be directly or hashed. It can be indirectly acquired, easily authenticated, and viewed.
Here, the head-mounted display 453A has a smaller screen than a mobile terminal, a tablet personal computer, or a television viewing display, and a mobile terminal or a digital camera captures content (video, image, text) based on the decoded data displayed on the 453A. Makes it difficult. The software CRHN403A can be programmed to operate only when the software CRHN403A is connected to the terminal 4A, and can be an authentication system and an encrypted data decryption viewing system that prevent shooting of the content obtained by decrypting the encrypted data. ..
The biometric authentication device 4530A may measure the body temperature using a temperature sensor. It detects that there is a person who wears point-shaped, one-dimensional, and two-dimensional thermography from the head and eyes of the wearer of 453A, and the characteristics of the person who wears it. Further, authentication regarding the shape of the face of the head, biometric authentication regarding the eyes, biometric authentication derived from the structure of the ears, biometric authentication derived from the shape of the head, and biometric authentication regarding blinking may be used.

<When encrypting communication on the network using encrypted data software>
It is also possible to encrypt the communication between the terminals connected to the network 20 by using the plaintext data encryption function and the encrypted data decryption function using the blockchain of the software CRHN403A.

<When using BnTOTP as a time stamp>
According to BnTOTP, the place where the block number Bn, the user identifier A, and the token number TIDA were recorded when the OTP was generated by using the authentication function that requests the input of the KC value and the seed value excluding the BC value when the BnTOTP was generated. It can be verified whether or not the OTP unique to the block number is actually functioning as a time stamp. The location to be recorded here may be the data in the terminal 1A storage device for authentication, or may be added and printed when the terminal 1A prints the text data on paper or the like. At this time, the OTP generation contract and the OTP authentication contract existing in the blockchain portion of the server terminal 3A function as a simple time stamp server.

As one example of the time stamp, consider the case where the following BnTOTP is calculated to generate and authenticate the OTP.
BnTOTP = fh (A, TIDA, KC, Bn)
The argument of the corresponding authentication function is (A, TIDA, Bn) except for the secret variable KC which is concealed as an example.
At this time, the KC of the BnTOTP is concealed, and the OTP generation function is executed on the user terminal 1A, and the block number Bn at the time of OTP acquisition, the user identifier A, the token number TIDA, and the secret KC are used. Get the calculated BnTOTP. Then, the terminal 1A records A, TIDA, Bn, and BnTOTP in the plaintext data and digitally signs the file so that the falsification of the data can be detected. Alternatively, A, TIDA, Bn, and BnTOTP are added to the print data to make a time stamp that is easy to write at the bottom of the page, and printing is executed to create a printed matter that is presumed to have been printed when it is close to the time of the block number Bn. can. The private key used for the electronic signature may be 101A for accessing the blockchain, or may be a private key issued by a public institution or a private organization. It may not be desirable to change the KC value in this application.

Next, as an example of another time stamp, consider the case where the following BnTOTP is calculated to generate and authenticate the OTP.
BnTOTP = fh (A, TIDA, KC, Bn, V)
The argument of the corresponding authentication function is (A, TIDA, Bn, V) except for the secret variable KC which is concealed as an example.
At this time, the KC of the BnTOTP is concealed, the OTP generation function is executed on the user terminal 1A, the block number Bn at the time of OTP acquisition, the value V determined by voting, the user identifier A, the token number TIDA, and the secret. Get the BnTOTP calculated from the KC that is set to. Then, the terminal 1A records A, TIDA, Bn, V, and BnTOTP in the plaintext data and digitally signs the file so that the falsification of the data can be detected.
Alternatively, five of A, TIDA, Bn, V, and BnTOTP are added to the print data as time stamp data and written at the bottom of the page as a simple time stamp. Printing is executed and printing is performed when the time is close to the time of the block number Bn. You can create printed matter that is presumed to have been printed. By using the V value as one of the pseudo-random value and the time stamp value, it can be seen that the data or text exists at the time when the terminal 1A acquires BnTOTP and the electronic signature is performed. When a printer is connected to the terminal 1A, the time at the time of printing can be authenticated by printing five of A, TIDA, Bn, and V as time stamps at the time of printing.
When the terminal 1A is a computer built in the printer, the printer itself has a function of accessing the OTP generation contract of the blockchain portion of the server terminal 3A through the network 20 and printing five of A, TIDA, Bn, and V. It is also possible to record five of A, TIDA, Bn, V, and BnTOTP at the bottom of the printed matter page each time printing is performed inside the printer according to the user's request. You can use the printer terminal 1A with a time stamp function that can print while adding a simple time stamp to the printed matter in cooperation with the OTP contract of the blockchain. It may not be desirable to change the KC value in this application.

<When using BnTOTP as a time stamp of valuable paper sheets and OTP authentication information>
I mentioned that you can use BnTOTP to load a simple time stamp on the data and record it, or print it on paper together with the text. , Bn, V, BnTOTP information is written on a paper ticket using OWP. Block numbers Bn and V are added to the three information A, TIDA, and OWP so that they can be read as arguments of the authentication function in the authentication function. It was done.
Therefore, in addition to the OWP type, BnTOTP type paper tickets and valuable paper leaves can be created. In Example 2, authentication is performed using OWP. When this is changed and the calculation formula of OTP is BnTOTP = fh (A, TIDA, KC, Bn), the OTP, the block number Bn, the user identifier A, and the token number TIDA obtained from the generation function are stored in the storage device 10A of the terminal 1A. It is also possible to print and record the four information of A, UIDA, Bn, and BnTOTP stored in 10A on paper as a character string or a barcode using a printer and use it as a valuable paper leaf 18A. Alternatively, four pieces of information A, TIDA, Bn, and BnTOTP may be written to the NFC tag 19A via the communication device 12A.

1A Terminal DA, terminal 1A (computer DA, computer 1A) that is the terminal of user UA.
Storage unit of 10A terminal 1A (including recording device, recording unit, ROM and RAM)
101A User's private key PRVA recorded in terminal 1A
101A2 User's private key PRVA2 recorded in terminal 1A
102A A blockchain program for terminal 1A to access a blockchain unit such as a server P via a network using the secret key PRVA of 101A.
Here, the program of 102A is a blockchain identifier (blockchain identification information, including network ID, chain ID, etc.) and
It can also include URI information indicating the server terminal 3A that is the access destination node.
11A Terminal 1A control unit
110A Control processing unit to access the blockchain of terminal 1A
Communication device of 12A terminal 1A (can be considered as one of the input / output devices)
Near field communication (NFC device) of 120A terminal 1A
121A Terminal 1A wireless communication device
122A Terminal 1A wired communication device (if necessary)
123A Terminal 1A broadcast receiver (if necessary, including GNSS and data broadcast receivers; wireless broadcast receivers may be included in the wireless communication device)
13A Terminal 1A control and arithmetic unit
14A Terminal 1A input device
140A terminal 1A keyboard
141A Pointing device of terminal 1A (input device such as mouse and touch panel)
142A Terminal 1A camera or scanner (solid-state image sensor that detects photons, image sensor)
143A Terminal 1A microphone (sound sensor)
Sensors for 144A terminal 1A (accelerometers, gyro sensors, magnetic sensors may be capable of measuring three-dimensional physical quantities; one or more of the sensors may be used).
1440A Terminal 1A environment sensor (temperature sensor or humidity sensor or barometric pressure sensor or pressure sensor or illuminance sensor or optical sensor, chemical sensor, odor sensor)
1441A Terminal 1A end position sensor (magnetic sensor or geomagnetic sensor / magnetic compass or accelerometer)
1442A Motion sensor of terminal 1A (accelerometer or gyro sensor)
1443A Biometric sensor of terminal 1A (Used when necessary. Sensor that can read patterns such as face information, body temperature or thermography, voice, ear structure, hand structure, fingerprint, vein, etc.)
15A Terminal 1A output device
Display of 150A terminal 1A
1500A Ticket displayed on the display of terminal 1A, image of valuable paper leaf 18A, information for OTP authentication
151A Terminal 1A speaker
152A Terminal 1A printer (printer)
16A Terminal 1A external storage device, external input / output device, external computer terminal
1600A Terminal 1A IC card reader (contact IC card reader, contactless IC card reader)
1601A Contact type or non-contact type IC card of terminal 1A, non-contact type IC tag
1602A Private key 101A, etc. built into the IC of terminal 1A
1603A Recording device DWALT connected to DA by wireless or wired of terminal 1A (including external connection type hardware wallet DWALT, IC card type, dongle type, etc.)
1604A Software containing the private key 101A or the private key 101A recorded in the DWALT1603A of the terminal 1A.
1605A Private key processing software recorded in DWALT1603A of terminal 1A
1606A Terminal 1A DWALT1603A control arithmetic unit, processing unit (IC chip group that controls DWALT, MCU, etc.)
1607A Input / output device and communication device of DWALT1603A of terminal 1A
1608A Private key 101A printed or printed / engraved / recorded on paper or metal plate by a printer or human hand. (It may be recorded on paper, metal plate, stone plate, etc. in the form of a character string or barcode.)
17A Terminal 1A power supply (* For the device of the present invention, the computer, server terminal, input / output device, external storage device, and network have a power supply device and are driven by electric power.)
Tickets and valuable paper leaves printed on paper etc. with the printer of 18A terminal 1A
180A 18A Print information of the barcode and / or character string required for the one-time password authentication of the present invention.
181A Information on the token number TIDA contained in the barcode and / or character string described in 18A.
182A Information on the password OWP contained in the barcode and / or character string described in 18A.
183A Information on the user identifier A contained in the barcode and / or character string described in 18A.
184A Information, patterns, etc. necessary for use as the ticket or valuable paper leaf described in 18A.
19A Wired communication type or short-range wireless communication type IC card, IC tag type ticket, etc. Valuable paper leaf or key for locking and unlocking (mainly NFT tag, NFC card type ticket)
190A 19A The storage device according to
191A The control processing apparatus according to 19A.
192A The communication device according to 19A.
193A The control arithmetic unit according to 19A.
194A The input device according to 19A.
195A The output device according to 19A.
197A The power supply unit according to 19A.
1B User UB terminal DB, terminal 1B. 1B may be a portable terminal such as a smartphone. The terminal DB has the same function as DA, and is a user terminal that holds and uses the token used for the authentication of the present invention.
Storage device of 10B terminal 1B
101B User's private key PRVB recorded in terminal 1B
102B A program for terminal 1B to access a blockchain unit such as a server P via a network using the secret key PRVB of 101A.
Here, the program of 102B is a blockchain identifier (blockchain identification information, including network ID, chain ID, etc.) and
It can also include URI information indicating the server terminal 3A that is the access destination node.
11B Terminal 1B control unit
110B Control processing unit to access the blockchain of terminal 1B
Communication device of 12B terminal 1B
13B Terminal 1B control and arithmetic unit
14B Terminal 1B input device (The input device is equipped with an environment sensor, a motion sensor, and a position sensor. For example, a temperature sensor, a geomagnetic sensor, a magnetic compass, and a digital azimuth needle device are provided.)
Output device of 15B terminal 1B
16B Terminal 1B external storage device, external input / output device, external computer
17B terminal 1B power supply
1C Computer terminal DC, terminal 1C of user UC that manages the contract related to the one-time password of the present invention.
10C terminal 1C storage device
101C User's private key PRVC recorded in terminal 1C
101C2 Any second private key PRVC2 of the user UC recorded in terminal 1C
A program for the 102C terminal 1C to access a blockchain unit such as a server P via the network 20 using the secret key PRVC of the 101C.
Here, the 102C program has a blockchain identifier (blockchain identification information, including network ID, chain ID, etc.) and
It can also include URI information indicating the server terminal 3A that is the access destination node.
11C Terminal 1C control unit
110C Terminal 1C Control processing unit to access the blockchain
12C terminal 1C communication device
13C Terminal 1C control and arithmetic unit
14C Terminal 1C input device
15C terminal 1C output device
16C Terminal 1C external storage device or external computer (IC card, IC tag, NFC card, NFC tag that can store the private key may be used)
17C terminal 1C power supply
2 Communication network, network
20 Communication path that can perform encrypted communication, network NT (Wired or wireless two-way communication path, in which servers and terminals are connected via a communication network. Communication with encryption and communication without encryption can be performed. )
21 Broadcast communication path NTB (A transmission path for wired or wireless broadcast information, which enables one-to-many one-way communication.)
22 Unencrypted network NTP (wired or wireless bidirectional communication path. Since encryption is not performed, plaintext message data must be encrypted as necessary.)
3A Server P, Server terminal 3A (Terminal that becomes a node of the distributed ledger system to which the user connects. The distributed ledger unit is shared with other nodes. It may be a virtual server built in a certain terminal.)
Server storage unit of 30A server terminal 3A (storage device of server P)
300A server terminal 3A distributed ledger recording unit (300A is a blockchain type or DAG type distributed ledger or distributed ledger recording unit)
The latest block data recorded in 3000A 300A
3001A Block number Bn in the latest block recorded in 300A
3002A Timestamp value in the latest block or system recorded on the 300A
3003A Hash value Bh in the latest block recorded in 300A
3004A Value V recorded by voting between the nodes that make up the blockchain recorded in 300A
3005A Block size value BSZ of the blockchain recorded in 300A (BlockGasLimit value in the example)
3006A Blockchain data part recorded in 300A (Data part of distributed ledger recorded in 300A. Part where contract data such as 3008A, 30008AG, 3008AA is recorded)
3007A Basic information of blockchain recorded in 300A (including data recording how many seconds the blockchain is connected)
OTP generation contract with authentication function recorded in 3008A 300A (one-time password: OTP)
OTP generation contract recorded on 300AG 300A
OTP authentication contract recorded on 300AA 300A
3009A OTP generation function recorded in 300A
3010A Hash function fh used for OTP generation and authentication recorded in 300A
Secret key variable KC recorded in 3011A 300A
3012A A function fscb that can use either or both of the variable KC and the variable BC recorded in 300A at any block number.
Variable BC that can be changed only by the user identifier C, which is the contract administrator recorded in 3013A 300A.
A database that associates the token number of the token issued in 3008 recorded in 3014A 300A with the user identifier of the owner.
3015A Information associated with the user identifier A calculated from the private key PRVA101A of the user UA and the token number TIDA in the 3014A.
3016A In the 3014A, the information associated with the user identifier B calculated from the private key PRVB101B of the user UB and the token number TIDB.
3017A OTPCT recorded in 300A (a part that records the number of times OTP is generated and the number of executions of the authentication function, etc. In the example, the mapping variable OTPCT with the token number as the key and the number of executions as the value was used).
OTPCTG recorded in 3017AG 300A (OTP generation function execution count storage / recording section. In the embodiment, a mapping variable with a token number as a key and an execution count as a value was used).
OTPCTA recorded in 3017AA 300A (OTP authentication function execution count storage / recording section. In the embodiment, a mapping variable with a token number as a key and an execution count as a value was used).
3018A OTP authentication function recorded in 300A
3019A 300A OTP generation contract identifier CPGT recorded
OTP authentication contract identifier CPAT recorded on 3020A 300A
3021A Return value or data of OTP authentication function recorded in 300A
3022A 300A The processing contents at the time of executing the OTP authentication function, processing functions, etc. (for example, remittance processing between bank accounts, voting processing on member sites, etc.)
3023A Variable or database to be rewritten according to the processing when authentication is possible with the OTP authentication function recorded in 300A (for example, the balance of a bank account and the balance of the account rewritten by the remittance processing in the bank)
3024A 300A Contract signboard information KNBN (including contract name, creator information, administrator information and contacts, rating, etc., with setter function to change them)
3030A Block number residual variable m recorded in 300A and its setter function (variables and functions for extending the OTP authentication period)
3031A Integer n for adjusting the number of OTP digits recorded in 300A and its setter function (variables and functions for increasing / decreasing the number of OTP characters / digits)
Token transmission function recorded in 3040A 300A (function for token transfer)
The transfer restriction variables tf, af and their setter functions recorded in 3041A 300A.
3042A 300A Contract administrator private key leakage countermeasure part
301A Server Basic control program recording unit of the server of the server terminal 3A
31A Server control unit of server terminal 3A (control device of server P)
Distributed ledger system control unit (blockchain control processing unit or DAG type distributed ledger control processing unit) of 310A server terminal 3A
311A server Terminal 3A server basic control unit
32A Server terminal 3A communication device, communication control device (server P communication device)
33A Processing and control arithmetic unit of server terminal 3A (control unit, processing unit, arithmetic unit device of server P)
34A Server terminal 3A input device (server P input device)
35A Server terminal 3A output device (server P output device)
37A Power supply device for server terminal 3A (power supply device for server P, power source for operating server P)
3B Server terminal 3B (server terminal B), and a group of servers that can be blockchain nodes like server terminal 3B and server terminal 3A.
30B Server Storage part of the server of the server terminal 3B (The storage part has the same 300A as the server 3A)
31B Server Control unit of server of server terminal 3B (Control unit has the same 310A as server 3A)
32B server terminal 3B communication device
33B Server terminal 3B control and arithmetic unit
34B Server terminal 3B input device
Output device of 35B server terminal 3B
37B Server terminal 3B power supply
3C server SVLogin, server terminal 3C (terminal mainly used for website login. Terminal that provides web services such as website. It may be a virtual server terminal in a certain actual terminal.)
Recording unit of 30C server terminal 3C
Blockchain recording unit of 300C terminal 3C (if necessary. 300A and 300C are the same)
301C Terminal 3C service program and recording unit
3010C Terminal 3C SVLogin basic program (including a program to connect to a blockchain on a website etc. It may have functions unique to services such as banks and electronic commerce)
3011C Terminal 3C access detection and monitoring database (See Fig. 6X for data structure. Log-in time, user token information, IPV value, and current service status are stored and monitored at any time.)
3012C Unauthorized access detection program for terminal 3C
3013C Unauthorized access notification program of terminal 3C (contacts the registered e-mail address, sends a dedicated notification token to the user identifier, sends a transaction to notify the abnormality)
3014C Terminal 3C OTPCT change detection unit (if necessary, the part that detects changes in the number of times OTP is generated or the authentication contract is executed)
3015C Terminal 3C OTPCT change notification unit (if necessary, the part that notifies the change in the number of times OTP is generated or the authentication contract is executed)
3016C Terminal 3C customer information database (if necessary. Record user identifiers and token numbers that are eligible to use, such as service purchase history.)
31C Terminal 3C server control unit
Blockchain control unit of 310C terminal 3C (not required. 310A and 310C are the same)
311C Terminal 3C login and service control unit
3110C Terminal 3C SVLogin basic program control unit (including a program that connects to a blockchain on a website or web application)
3111C Terminal 3C access detection and monitoring database (See Fig. 6X for data structure. Log-in time, user token information, IPV value, and current service status are stored and monitored at any time.)
3112C Unauthorized access detection program for terminal 3C (detects whether the same user identifier or token number information is accessed by an IPV value such as a different IP address or sensor value)
3113C Terminal 3C unauthorized access notification program (contacts the registered e-mail address, sends a dedicated notification token to the user identifier, sends a transaction to notify the abnormality)
3114C OTPCT change detection unit of terminal 3C (if necessary, the part that detects the change in the number of times OTP is generated or the authentication contract is executed)
3115C Terminal 3C OTPCT change notification unit (if necessary, the part that notifies the change in the number of times OTP is generated or the authentication contract is executed)
3116C Terminal 3C customer information database (if necessary. Records information such as service purchase history, qualified user identifiers and token numbers.)
32C terminal 3C communication device, communication control device
33C Terminal 3C control and arithmetic unit
34C terminal 3C input device
35C terminal 3C output device
37C terminal 3C power supply
3D server SVLog, terminal 3D (terminal that authenticates 19A, 18A and 1500A. Access control terminal 3D. 3D is a server terminal or computer terminal or embedded system type terminal)
Server storage unit of 30D terminal 3D (variables and functions used for OTP authentication function and OTP authentication function calculation are recorded in 30D)
Blockchain recording unit of 300D terminal 3D (if necessary. 300A and 300D are the same)
301D terminal 3D service program and recording unit
3010D Terminal 3D SVLog basic program (including a program to connect to a blockchain on a website or web application)
3011D Terminal 3D access detection and monitoring database (stores time or number of accesses or user token information or current service status at any time)
3012D Terminal 3D unauthorized access detection program (if necessary. When 3011D contains information such as the appearance of the visitor and the device ID number unique to the NFC tag of the unlocker, it is determined whether it is different from the past information)
3013D Terminal 3D unauthorized access notification program (if necessary. Notifies the person who manages 3D of the abnormality, and sends a notification transaction to the registered e-mail address / user identifier to notify the abnormality)
3014D OTPCT change detection unit of the terminal 3D (if necessary. The part that detects the change in the number of times the OTP is generated or the authentication contract is executed. For example, the number of unlocks is recorded in a safe or a car equipped with the terminal 3D).
3015D Terminal 3D OTPCT change notification unit (if necessary, the part that notifies the change in the number of OTP generation or authentication contract executions. When 3D is online, it notifies the change in the number of unlocks via the network)
3016D Terminal 3D customer information database (if necessary, record user identifiers and token numbers that are eligible to use, such as service purchase history)
3010DA Hash function fh recorded in 30D
Secret variable KC recorded in 3011DA 30D
3012DA Setter function fscb that modifies and updates variable KC and / or both of variables BC recorded in 30D (accessed by the administrator of the terminal 3D)
Variable BC modified by the contract administrator recorded in 3013DA 30D
3017DA The number of executions of the OTP authentication function recorded in the 30D or the numerical recording unit (expressed by a mapping variable or the like using the number of the OTP token at the time of authentication as a key).
3018DA OTP authentication function recorded in 30D of terminal 3D (equipped with variables, functions and processing methods that can calculate OTP equal to OTP generated by node terminal 3A)
3021DA OTP authentication function return value or data CTAU
3022DA Processing contents at the time of OTP authentication recorded in 30D
Variables or databases recorded in 3023DA 30D that are rewritten during OTP authentication processing,
31D terminal 3D server control unit
Blockchain control unit of 310D terminal 3D (not required. 310A and 310D are the same)
311D terminal 3D login and service control unit
3110D Terminal 3D SVLog basic program (including a program to connect to a blockchain on a website or web application)
3111D Terminal 3D access detection and monitoring database (See Fig. 6X for data structure. Log-in time, user information, token number, IPV value, and current service status are stored and monitored at any time.)
3112D Terminal 3D unauthorized access detection program (if necessary)
3113D Terminal 3D unauthorized access notification program (If necessary, contact the registered e-mail address and send a transaction to the user identifier to notify the abnormality.)
3114D Terminal 3D OTPCT change detection unit (if necessary, the part that detects changes in the number of times OTP is generated or the authentication contract is executed)
3115D Terminal 3D OTPCT change notification unit (if necessary, the part that notifies the change in the number of times OTP is generated or the authentication contract is executed)
3116D terminal 3D customer information database (if necessary. Record user identifiers and token numbers that are eligible to use, such as service purchase history.)
32D terminal 3D communication device, communication control device
33D terminal 3D control and arithmetic unit
34D terminal 3D input device
Character string barcode reader for 340D terminal 3D cameras, etc. (Camera or scanner installed at the entrance, ticket gate, etc. to read barcodes or character strings on valuable paper sheets such as tickets. Optical image pickup element)
Signal receiver of NFC tag of 341D terminal 3D (shared with 32D)
A visitor recording device or a visitor recording means of the 342D terminal 3D (recording the entry or unlocker with a security camera or the like. Personnel may be assigned instead of the device to observe and record the visitors).
35D terminal 3D output device
350D terminal 3D opening / closing device / gate device / locking device / starting device, locking / unlocking device, access control device (the objects to be locked are building doors, vehicles such as automobiles, machine tools, containers such as safes, and devices such as computers. include)
Light emitting elements such as lamps of 351D terminals and light emitting devices (after authentication, the colors and characters indicating that entry is possible are transmitted to users who can enter, and the colors and characters indicating that entry is not possible are transmitted by light).
Sounding element such as buzzer of 352D terminal 3D, sounding device (After authentication, the user who can enter is sounded when the authentication is successful. The user who cannot enter is sounded a warning sound to inform the surroundings.)
37D terminal 3D power supply
3E server SVtk, terminal 3E (Ticket agency 18A used by terminal 1A, ticket agency and key NFC tag 19A play guide. Tokens of encrypted data for 403A used by terminal 4A can also be sold.)
30E Terminal 3E server storage
Blockchain recording unit of 300E terminal 3E (if necessary. 300A and 300E are the same)
Ticketing information such as token-type tickets for 301E terminal 3E (including information on websites or applications that display tickets to customers and databases of tokens and services using 300A / 300E)
31E Terminal 3E server control unit
Blockchain control unit of 310E terminal 3E (if necessary. 300A and 310E are the same)
311E Terminal 3E ticketing processing control unit (A part that sells tokens according to the user's instructions and displays and prints ticket information such as tickets from the blockchain. Includes 312E, 313E, and 314E.)
312E A part to acquire information such as the expiration date of the ticket set in the blockchain unit 300E of the terminal 3E and the server 3E, the design, the display and the print time, the block number at the time of printing, and the time stamp.
313E Processing unit that draws the information processed by 311E and 312E of the terminal 3E on the display of the user with the accessed user identifier A and converts it into an image or text data of a valuable paper leaf such as a ticket.
314E Terminal A processing unit that sends information to print and record the image or text data of 313E on paper 18A, tag 19A, etc. to the user terminal accessing the terminal 3E, or permits printing to a web browser or the like and executes it.
32E terminal 3E communication device
33E Terminal 3E control and arithmetic unit
34E Terminal 3E input device
Output device of 35E terminal 3E
37E Terminal 3E power supply
3F Server SVfind, Terminal 3F (A device that can search transactions, contracts, and user identifiers in the blockchain section, monitor usage, and notify them)
(A blockchain search engine that can search and confirm and issue the holding balance of user OTP tokens, and can also search and notify the usage status.)
30F Terminal 3F server storage
Blockchain storage unit on the 3rd floor of the 300F terminal (if necessary. 300A and 300F are the same)
301F Basic program such as blockchain search monitoring on the 3rd floor of the terminal (basic part for providing services such as monitoring of searches and transactions, calculation of user balance and output)
(Including programs that connect blockchains to websites, etc.)
3010F Terminal 3F blockchain monitoring unit program
3011F Terminal 3F state change detector program
3012F Terminal 3F status change notification unit program
3013F Terminal 3F status change notification destination database
3014F Terminal 3F blockchain search program
3015F Terminal 3F blockchain search information display program
3016F Terminal 3F blockchain search information database
31F Terminal 3F server control unit
Blockchain control unit of 310F terminal 3F (if necessary. 300A and 310F are the same)
311F Basic processing unit / control unit such as blockchain search monitoring of terminal 3F
3110F Terminal 3F monitoring unit
3111F Terminal 3F state change detector
3112F Terminal 3F status change notification unit
3113F Terminal 3F status change notification destination registration unit
3114F Blockchain information retrieval unit on the 3rd floor of the terminal
3115F Terminal 3F blockchain search information display unit
3116F Terminal 3F blockchain search information database processing unit
Communication device on the 32nd floor terminal 3F
33F Terminal 3F control and arithmetic unit
34F Terminal 3F input device
Output device on the 35th floor terminal 3F
37F terminal 3F power supply
Computer DP, terminal 4A (P: user terminal equipped with player and player) that serves as a terminal for 4A user UP
Recording unit of 40A terminal 4A (computer DP storage device)
401A User's private key PRVP recorded in terminal 4A (Here, PRVP is a secret key indicating user identifier A like PRVA)
402A A program for terminal 4A to access the blockchain (URIs that access the node terminal 3A of the blockchain may be recorded).
403A Software CRHN information, software CRHN program and related data recorded in the recording unit 40A of the terminal 4A to decrypt and view an encrypted file using the present invention.
4030A Terminal 4A 403A software CRHN program information (source code is obfuscated or encrypted. Variables contained in 4030A are also obfuscated or encrypted)
(The URI that accesses the node terminal 3A of the blockchain may be recorded in 4030A)
(It may have a function to directly enter the private key, or it may have a wallet software function).
40301A 403A The identifier of the contract that manages the key dedicated to the software application APKY
40302A Built-in private key CRKY described in 403A (A private key of public key cryptography that can access the blockchain unit DLS may be used. 40302A is built in 4030A and obfuscated or encrypted).
40303A Return value of the key management contract obtained from the blockchain described in 403A CAPKY (Not required, but can be set for further security measures)
40303KA 403A Software internal secret variable K403 (K403 is obfuscated or encrypted)
4031A Return value of OTP authentication function acquired from blockchain Storage unit in terminal 4A of CTAU (CTAU can be changed by the administrator of the return value of authentication function)
4032A Storage unit in terminal 4A of password AKTB set outside of blockchain and software CRHN403A (AKTB can be changed by plaintext data administrator)
4033A 403A Key information used for encryption and decryption TTKY storage (including at least CTAU, and key information calculated using AKTB and further CRKY).
4034A Encrypted data or file EncData decrypted by the software CRHN used for 403A (4034A may be included in 40A).
40340A 4034A encrypted data body EtData
40341A Electronic certificate EncCert given to the encrypted data 4034A of the plaintext data issuer of 4034A (The electronic signature may be included. The MAC value may or may not be included.)
4035A Plaintext data or file DecData to be encrypted with the software CRHN used for 403A (4035A may be included in 40A. DecData is access controlled.)
40350A 4035A plaintext data body CtData
40351A 4035A plaintext data issuer's digital certificate DecCert (electronic signature may be included or may not be included)
40352A 4035A Plaintext Data Audit Certificate AuditRat (Audit certificate showing that plaintext data is not a malicious program, or rating with third party review results, preferably)
4036A Viewed certificate data recorded in 40A OFBKMMK (OTP-authenticated access certificate data. Data for offline access such as disasters. 4036A may be included in 40A.)
40360A CTTKY recorded in 4036A is encrypted with the secret key CRKY built into the CRHN program.
40361A Data in which TTKY recorded in 4036A is encrypted with the private key PRVA CTTKY (Information contained in 4036A. The encryption method can be either public key encryption or common key encryption.)
Information such as browsing time and browsing user identifier recorded in 40362A 4036A
40363A Authentication information such as HMAC recorded in 4036A
40362KA Body data of certificate recorded in 40A CHT403
40363KA Authentication information such as HMAC with 40362KA recorded in 40A as a message
Operating system management program that operates the software CRHN recorded in 404A 40A
405A External recording device of computer DP recorded in 40A (nonvolatile memory, hard disk, optical disk, etc.)
41A Terminal 4A control unit
Control processing unit to access the blockchain of 410A terminal 4A
411A Terminal 4A software CRHN control processing unit
42A Terminal 4A communication device
420A communication device 42A proximity wireless communication device (if necessary)
421A communication device 42A wireless communication device
422A communication device 42A wired communication device (if necessary)
Broadcast receiver of 423A communication device 42A (if necessary, including NITZ, JJY for time acquisition, GNSS receiver for time and position information positioning, and encrypted data broadcast receiver).
43A Terminal 4A control and arithmetic unit
44A Terminal 4A input device
440A terminal 4A keyboard
441A Terminal 4A pointing device (input device using mouse, contact screen, etc.)
442A Terminal 4A camera or scanner
443A Terminal 4A microphone
444A Terminal 4A sensors (accelerators, gyro sensors, magnetic sensors may be capable of measuring three-dimensional physical quantities; one or more of the sensors may be used).
4440A Terminal 4A environment sensor (temperature sensor or humidity sensor or pressure sensor or pressure sensor or illuminance sensor or optical sensor, chemical sensor, odor sensor)
4441A Position sensor of terminal 4A (magnetic sensor or geomagnetic sensor or accelerometer)
4442A Motion sensor (accelerometer or gyro sensor) of terminal 4A
4443A Biometric sensor of terminal 4A (sensor that can read patterns such as face structure, body temperature or thermography, eye structure, blink, voice, ear structure, hand structure, fingerprint, vein, etc.)
45A terminal 4A output device
450A Terminal 4A display (displays encrypted video data)
451A Terminal 4A speaker (plays encrypted music data and video data audio)
452A Terminal 4A printer (related data can be printed as two-dimensional information on paper with the permission of the content right holder of the encrypted data. The type of printer includes a 3D printer that can output three-dimensional data.)
Head-mounted display of 453A terminal 4A (HMD, head-mounted display. Used when you want the wearer to view the contents of encrypted data. Glass-type display is also possible)
4530A Biometric sensor attached to the HMD of the terminal 4A.
The 4530A measures multiple biometric information of the wearer (face structure, body temperature or thermography, eye structure, blinking, voice, ear structure, hand structure, eye vein pattern, etc.) to confirm the presence of the wearer and the living body. Authenticate
The 4530A may share a function with the sensor described in 4443A.
(Here, the sensor of 4530A is an input device that assists 453A. It is a sensor for confirming the presence of the wearer, and the biometric authentication function is attached to the existence confirmation function.)
(In the present invention, it is assumed that the measurement of the body temperature around the eyes of the HMD wearer and the thermographic image are used in order to consider privacy, not for the purpose of authentication but for the purpose of confirming the presence of the wearer.)
(For body temperature, an infrared temperature sensor is installed inside the HMD to measure the skin temperature of the eyes and the skin around the eyes of the equipped vehicle. The measurement point of the sensor may be one point, or the sensors are arranged in two dimensions and lines and images. It may be measured in the form of.)
(The 4530A sensor measures the temperature distribution around the wearer's eyes and the thermography of the face around the wearer's eyes and uses it as simple biometric authentication information and existence confirmation information in consideration of privacy.)
(The temperature and its hash value detected by the HMD sensor may be notified to the service server such as the terminal 5A in order to detect unauthorized access to the private key, if the wearer permits it.)
46A External recording device of terminal 4A (external recording device including magnetic tape, magnetic disk, optical disk, and semiconductor memory for storing encrypted data. The private key may be stored.)
47A terminal 4A power supply
5A Terminal 5A server SVCRHNcm (server to access advertisements in encrypted file decryption viewing software)
Server recording unit of 50A terminal 5A
SVCRHNcm operation program of 500A terminal 5A (program for services such as advertisement information distribution that is the target of the link URI specified in software CRHN.
Includes programs that connect to blockchain on websites or web apps. )
Access monitoring unit database of 501A terminal 5A (database related to user terminal and token number that accessed SVCRHNcm.
Information that associates a user identifier or token number with an IP address or location information or a terminal ID or terminal sensor value and a service usage status.
The accessor information may be processed and stored so as to protect personal information by hashing or the like. FIG. 6X shows a chart showing the data structure. )
Unauthorized access detection program for 502A terminal 5A (detects access from a terminal that indicates a different IP address or location information or terminal ID or terminal sensor value for a user identifier or token number)
Unauthorized access notification program of 503A terminal 5A (Send notification token to user identifier that may have unauthorized access with 502A, or notify e-mail, SMS, etc. corresponding to the identifier)
Customer information database for 504A terminal 5A (not required, ledger recording contacts corresponding to user identifiers)
(For privacy reasons, if there is no customer information, unauthorized access will be notified by sending a notification token.)
(If you want to notify the customer of unauthorized use at any time, you need a resident program to notify the terminal DP that the token has been sent when the notification token is sent.)
Information such as advertisements delivered when accessed from the URI information embedded in the encrypted data of the 505A terminal 5A (the contents of the advertisement are controlled by the signboard information of the token and the rating obtained at the time of decrypting the encrypted data).
Information such as advertisements linked to the information contained in the software CRHN of the 506A terminal 5A (506A includes a function of delivering a notification such as a version update of the software CRHN).
5000A Terminal 5A arbitrary blockchain storage (if necessary, 300A and 5000A are the same)
Server control unit of 51A terminal 5A
SVCRHNcm control unit of 510A terminal 5A
511A Access monitoring unit and control unit of terminal 5A
512A Unauthorized access monitoring unit of terminal 5A
513A Unauthorized access notification unit of terminal 5A
Customer information database management department of 514A terminal 5A
Distribution unit for advertisements for encrypted data of 515A terminal 5A
516A Terminal 5A software CRHN advertisement distribution unit
5100A Arbitrary blockchain control unit of terminal 5A (if necessary, 310A and 5100A are the same)
52A Terminal 5A communication device
53A Terminal 5A control and arithmetic unit
Input device of 53A terminal 5A
54A terminal 5A output device
57A terminal 5A power supply
5B server SVCRHNdrive, terminal 5B (for server use that distributes, shares, searches, and manages encrypted data and files.)
Server recording unit of 50B terminal 5B
500B terminal 5B program (basic program part of the server that delivers the encrypted data desired by the user)
501B Encrypted file database recorded in terminal 5B (hash value of encrypted data or file, file name, one-time password generation that can decrypt file
And a database of contract identifiers for tokens involved in authentication. )
502B Encrypted file search database recorded in terminal 5B (a program that searches the database for information requested by the user and downloads it from the server).
503B Encrypted file registration unit recorded in terminal 5B (user uploads encrypted file to database,
A program that registers the identifier, file name, hash value, etc. of the one-time password generation and authentication contract that decrypts it)
Key information AKTB notification unit of 504B terminal 5B (This may be an e-mail, a letter may be sent, or may be linked with a telephone number SMS service. Key notification may be performed outside the terminal 5B).
Notification unit for delivery destination such as URI of file encrypted by AKTB of 505B terminal 5B (mail notification unit for notifying URI of file encrypted with key TTKY generated by using AKTB as one of the keys)
506B Terminal 5B e-commerce program (if necessary. Used when selling content files such as books and video / audio together with encrypted files and corresponding OTP generation tokens. Linked with payment function)
507B OTP token issuing unit for OTP generation and authentication of terminal 5B (if necessary, a program that issues OTP tokens that can confirm the completion of payment of 506B and decrypt data. Issue instruction to terminal 1C)
508B Terminal 5B access user database (if necessary, customer user access database. Data structure is the same as in Figure 6X)
Unauthorized access detection unit of 509B terminal 5B (It is not essential when only distributing encrypted data. It is preferable to mount it on 5B when buying and selling encrypted data and OTP tokens using money in electronic commerce. )
5000B Terminal 5B arbitrary blockchain storage (if necessary, 300A and 5000B are the same)
Server control unit of 51B terminal 5B
Service control unit of 510B terminal 5B (part controlled according to programs 500B, 501B, 502B, 503B, 504B, 505B, 506B, 507B, 508B, 509B)
5100B Any blockchain control unit of terminal 5B (if necessary, 310A and 5100B are the same)
Communication device of 52B terminal 5B
53B Terminal 5B control and arithmetic unit
Input device for 53B terminal 5B
54B terminal 5B output device
57B terminal 5B power supply
5C Broadcasting station server SVCRHNroadcaster, terminal 5C, broadcasting station terminal 5C
Server recording unit of 50C terminal 5C
Private key for blockchain access for 501C terminal 5C
A program for accessing a blockchain using a 501C private key of a 502C terminal 5C
Broadcasting software for 503C terminal 5C (software 403A may be included. Software for broadcasting positioning information by GNSS may be included.)
Storage unit of any blockchain of 5000C terminal 5C (if necessary. 300A and 5000C are the same. In particular, the artificial satellite type terminal 5C may be equipped with 5000C).
Encrypted data broadcast by 5034C terminal 5C (data encrypted and broadcast by key TTKY that can decrypt 5035C with 403A)
Plaintext data of encrypted data broadcast by the 5035C terminal 5C (The plaintext data itself may be stored in the storage device 50C in case of broadcasting after decryption in an emergency).
Server control unit of 51C terminal 5C
510C Terminal 5C control unit
5100C Terminal 5C optional blockchain control unit (if necessary, 310A and 5100C are the same)
Communication device of 52C terminal 5C
Broadcast radio device for 520C terminal 5C
521C Terminal 5C wireless communication device (for communication with terminal 5CC that controls 5C)
Wired communication device of 522C terminal 5C (If necessary. It can be used when the terminal 5C is a ground station. In the case of wired broadcasting instead of wireless broadcasting, it also serves as a connection device to the communication network.)
5200C Terminal 5C broadcasting antenna
521C Terminal 5C bidirectional communication device
53C Terminal 5C control and arithmetic unit
Input device for 53C terminal 5C
54C terminal 5C output device
57C terminal 5C power supply (including secondary batteries and solar cells in the case of artificial satellites)
5CC terminal A terminal or device that controls a server terminal that becomes a broadcasting station of 5C.

Claims (19)

A blockchain type or existing server terminal that is a node that constitutes the distributed ledger system DLS that can execute smart contracts and a group of terminals equivalent to the server terminal that is the node are connected to the network and communicate with each other to execute smart contracts. In a computer-network system forming a distributed ledger system DLS with a non-directional graph type data structure
Dynamic and smart contract OTP token with an OTP generation function to generate a password VP, password VP distributed ledger system DLS smart contract with the OTP authentication function of performing authentication of using variables TB that changes at a certain time The smart contract of the OTP token equipped with the recording part of the distributed ledger of the server terminal that becomes the node of the distributed ledger system or the OTP generation function that generates the password VP of the distributed ledger of the server terminal that becomes the node of the distributed ledger system DLS. The OTP authentication function of the password VP is provided in the storage unit / storage device of the service providing terminal as well as in the recording unit.
When the password VP of the OTP generation function and the OTP authentication function is calculated using the hash function fh, the token number TIDA is used as an argument of the hash function fh, and a smart contract and OTP having an OTP generation function for generating the password VP. Block from the secret variable KC used in the smart contract equipped with the authentication function or OTP authentication function, the variable TB that is changed in the distributed ledger system at a certain time, and the secret key of the user terminal or the seed information corresponding to the secret key. Three or more of the four variables of the user identifier A calculated by the method set in the chain part or the distributed ledger system DLS are provided as key values or seed values to be used as arguments of the hash function fh.
A terminal that uses the program section, functions, and processing section of a smart contract that calculates a hash value using arguments based on three or more of the four variables and uses it to calculate an OTP as a node of the distributed ledger system DLS. Or in preparation for the service providing terminal
It has an OTP generation function that generates a password VP as an OTP and an OTP authentication function that authenticates the generated OTP, which can be calculated as a password VP = fh (A , TIDA , KC , TB) that can be changed at a certain time. Used to calculate the OTP of the password VP as variable password VP = fh (TIDA , KC , TB) or password VP = fh (A , KC , TB).
Variables and calculation processing method for the key value or a seed value used in the OTP generation function and the OTP authentication function, the same smart contract or smart contract includes a smart contract and OTP authentication function including a OTP generation function, or OTP generation function In preparation for the OTP authentication function of smart contracts and service providers including
Key value or seed value variables and calculation processing method used for the OTP generation function and OTP authentication function of the password VP in order to match the calculation processing method used for the calculation of the password VP between the OTP generation function and the OTP authentication function. The smart contract and service provider terminal are equipped with a function that allows access and operation to change and update the values and data of functions and variables and the calculation processing method so that they match.
Using the change of the variable TB of the distributed ledger system DLS at a certain time T, a dynamic password VP is sent to the user terminal having the private key information of the user identifier A to which the OTP token is assigned and the different token number TIDA. On the other hand , a computer-network system that is generated by an OTP generation function and authenticates the VP by an OTP authentication function. Regarding the distributed ledger system capable of executing the smart contract described in claim 1,
It is equipped with a function fscb that is a setter that can be accessed only by the user with the user identifier C calculated using the secret key information for the administrator recorded in the administrator terminal having the authority to manage the smart contract.
A variable BC inside a smart contract that can be rewritten at any time using the secret key information for the administrator recorded in the administrator terminal instead of the variable TB that can be changed at a certain time according to claim 1 is provided.
Seed to use user identifier A, token number TIDA, smart contract inside of secret variable KC, the variable BC of smart contract, which can be changed by using the secret key information for the administrator, which is recorded in the management's terminal to the argument of the hash function fh It has a function fh (A, TIDA , KC , BC) that has a value and hashes the key value or seed value using the variable as an argument.
The same smart contract or OWP generation can be used to generate an OWP generation function that generates a password OWP and an OWP authentication function that authenticates a password OWP, which can be calculated as password OWP = fh (A , TIDA , KC , BC) instead of password VP. comprising separating the service providing terminals with smart contract and OWP authentication function including a function, or with separating smart contract including smart contract and OWP authentication function including a OWP generation function,
By changing and updating the KC or BC using the function fscb by the terminal of the user who has the access right, the key value used to generate the OWP of all OTP tokens belonging to the smart contract can be changed or updated.
It is characterized by generating and authenticating a dynamic password OWP for all token numbers and user identifiers belonging to the smart contract by rewriting and updating one or more variables such as the key variable KC and variable BC at any time. Computer-Network system. The distributed ledger system DLS according to claim 1 is a distributed ledger system using a blockchain, which has a blockchain type data structure and can execute smart contracts.
When the latest block is added to the blockchain as the block number Bn, the variable TB that can be changed at a certain time according to claim 1 by utilizing the fact that Bn increases with the passage of a certain time in the base of the blockchain. Instead of using the variable Bn as a variable that increases at regular intervals,
Regarding the argument of the hash function fh, the user identifier A, the token number TIDA, the secret variable KC inside the smart contract , and the variable Bn based on the block number are used as the seed value to be used as the argument of the hash function fh, and the block number Bn is used. Time-based one-time password BnTOTP = fh (A , TIDA , KC , Bn), Time-Based-One-Time-Password, an authentication system that uses a time-based one-time password.
A password BnTOTP is used in the authentication system instead of the password VP of claim 1, and an OTP generation function and an OTP authentication function using BnTOTP are provided in the authentication system.
By changing and updating the KC using the setter function fscb by the terminal of the user who has the access right, the appearance of the calculated value of BnTOTP used for the future generation and authentication of BnTOTP of all OTP tokens belonging to the smart contract can be seen. With features that can be changed,
The block number Bn changes as the time changes, resulting in a different block number Bn at regular intervals. The block number of the blockchain is characterized by generating and authenticating a one-time password according to the change in the block number Bn. A computer-network system that performs BnTOTP method authentication, characterized in that Bn is used. Regarding the distributed ledger system and device using the blockchain type data structure capable of executing the smart contract according to claim 3.
The key variables used for OTP calculation include variables KC and BC.
The variable KC and the variable BC rewrite one or more secret variables KC or BC inside the smart contract via the function fscb which is a setter that can be accessed using the secret key information for the administrator recorded in the terminal of the administrator. Can ,
All OTP tokens belonging to a smart contract that generate a password BnTOTP by rewriting the secret variable KC or variable BC in the smart contract at any time to update one or more key or seed values (one-time password generation tokens, Update the seed value or key value variable of the OTP generation token) and update the appearance of future OTP calculation results when the OTP seed value and block number displayed on the user terminal increase with time. A computer-network system that performs BnTOTP authentication with features that allow it. In the system according to any one of claims 1 and 4, the variable TB that can be used as an integer that increases with time in the distributed ledger system and the block number Bn of the latest blockchain are used.
The password VP according to claim 1 or claim 3 or claim 4 by increasing the value of M for the remainder r obtained by dividing the Bn or TB by the variable M of an unsigned integer, that is, r = Bn mod M. A function that becomes a setter that can be accessed using the administrator's private key information recorded on the administrator's terminal at any block number and any time to increase the time when the described one-time password BnTOTP is generated and can be authenticated. The smart contract has variables and functions that can change M by
In the case of BnTOTP, Bnr calculated by subtracting r from Bn is used, and three or more variables of the user identifier A, token number TIDA, key variable KC, and modified block number Bnr are used as arguments of the hash function fh. It is characterized by using and generating and authenticating BnTOTP.
In the case of password VP as well, set r = TB mod M and use TBr calculated by subtracting r from TB, and use 3 or more of the user identifier A, token number TIDA, key variable KC, and modified integer variable TBr. The feature is that the password VP is generated and authenticated by using the variable of the hash function fh as an argument.
It has a means to change and adjust the password generation, output, display and authentication time of the user's terminal holding all OTP generation tokens belonging to the smart contract that generates the password.
A computer network system characterized in that the time during which a password can be generated and authenticated by inputting using an input / output device of a user terminal can be increased or decreased and changed. Calculated when a one-time password OTP that can be displayed is generated and used for authentication at any time in the system according to any one of claims 1, 2, 3, 3, and 5. The value m obtained by converting the OTP into an unsigned integer is defined as the divisor m.
A processing unit and a storage unit that calculates the remainder r when the integer Y is divided by the divisor n and the remainder r is calculated by using an integer obtained by multiplying the integer Y by an unsigned integer N multiplied by N as a divisor n and using the r as an integer value password OTPr. The smart contract is equipped with a means to set the integer Y and the integer N by the setter function provided in the smart contract that can be accessed using the administrator's private key information recorded in the administrator's terminal at any time.
When the password OTPr is generated, output, displayed and authenticated to the user terminal that holds all the OTP generation tokens belonging to the smart contract that generates the password, the digit of OTPr is changed at any time by changing the integer Y or the integer N. A computer network system characterized by the ability to change the number and number of characters. In the system according to any one of claim 1, claim 2, claim 3, claim 4, claim 5, and claim 6.
As a variable used when executing a function that generates and authenticates a one-time password (OTP) inside the smart contract of the distributed ledger data unit that is tamper-resistant in the distributed ledger system.
A variable whose search key is the token number that records the number of executions of the OTP generation function or the number of executions of the OTP authentication function.
Or a variable that records the number of executions that uses a number based on the token number as an element in the data type,
Alternatively, the smart contract is equipped with variables that change numerical values depending on the number of executions and function execution.
A computer network system that can increase or decrease the value of a variable that records the number of times a function is executed each time the function is executed for either or both of the OTP generation function and the OTP authentication function by a predetermined constant. .. In the system according to any one of claims 3, 4, 5, 5, and 7, a data block is formed between the nodes constituting the blockchain or between the nodes constituting the distributed ledger system DLS. When connecting
A seed that calculates the time-synchronized one-time password BnTOTP with the value V determined by voting when determining the variables used between the nodes that make up the blockchain or between the nodes that make up the distributed ledger system by voting between the nodes. A computer network system equipped with functions and variables that can be used as values and can be calculated as a one-time password BnTOTP = fh (A , TIDA , KC , Bn, V) in a smart contract. In the system according to claim 8, the variable V is determined by the voting of the node terminals constituting the blockchain when the block size BSZ or BlockGasLimit, which is the data size of the block, is variable in the base of the blockchain. A computer network system characterized in that the block size BSZ or BlockGasLimit is used as the variable V. The system according to any one of claims 1 to 9 in a smart contract provided with a token transmission function tf.
The variables required for executing the function tf are provided, and the variables required for executing the function tf are changed from the function that is a setter that can be accessed using the secret key information for the administrator recorded in the terminal of the administrator. Being done
The execution of the transmission function tf is controlled by the value of the variable required when executing the function tf.
A computer network system characterized by using a smart contract having a function that allows a smart contract administrator to stop transmission and transfer of OTP tokens between different user identifiers of user identifier A and user identifier B. In the system according to any one of claims 1 to 10, the OTP is calculated and generated from the smart contract of the OTP token provided with the OTP generation function, and the OTP is acquired in the storage device of the user terminal.
The OTP stored and acquired in the storage device and / or the user identifier are included in the authentication function included in the web service program provided by the server terminal providing the login service or the smart contract that can be referred from the web service program. Execute the authentication function by inputting it to the OTP authentication function
The verification OTP input by the authentication function and the verification OTP calculated by using the key variables and functions in the authentication function are verified.
When the OTP for verification and the OTP for verification match, it is determined that authentication has been completed, and the variable CTAU at the time of authentication is passed as a return value to the storage device of the user terminal.
When the CTAU value stored in the storage device of the user terminal is passed to the web service program provided by the server terminal,
When the CTAU value passed to the web service program is the return value when the authentication defined in the web service program is successful, the server terminal is a computer network system that provides the web service to the user terminal. In the system according to claim 2, the user identifier A, the token number TIDA, and the password OWP are recorded and displayed as a character string or a two-dimensional bar code on a recording means such as a paper or a display of a user terminal.
Alternatively, a record such as a magnetic stripe card or IC card terminal, an NFC terminal (NFC tag) , a smartphone terminal, or a user terminal including a wearable computer terminal possessed by the user with the information of the user identifier A, the token number TIDA, and the password OWP, which are authentication data. Have the means record
User identifier A and Token Number TIDA and Password OWP authentication information is recorded in the form of printed matter such as the display screen of the user terminal or paper. A valuable paper leaf, magnetic stripe card, IC card terminal, NFC terminal, smartphone terminal, or wearable computer. Manufactures recording means such as user terminals including terminals,
When the recording means is used in the form of a valuable paper leaf that can be recognized as an image by the human eye or a camera such as a paper or a display of a user terminal, the recording means is used.
The variables recorded in the recording means are read by using a camera or a scanner provided in the service providing terminal that provides the service.
Enter the argument of the OTP authentication function of the smart contract including the OTP authentication function or the service providing terminal to execute the OTP authentication function.
From the return value CTAU of the OTP authentication function, the service providing terminal is equipped with a processing unit that identifies and determines whether the paper is correct.
Return value A computer network system used for facilities, devices, equipment, buildings and containers such as entrance / exit gates, ticket gates or stores that provide services to users when the CTAU is the correct value for the authentication result.
When the recording means is recorded and read by data such as a magnetic stripe card, an IC card terminal, an NFC terminal, a smartphone terminal, or a user terminal including a wearable computer terminal, the recording means is recorded and read.
Read as authentication data recorded in the recording means using a service providing terminal installed in the place where the service is provided, and read it.
Enter the argument of the OTP authentication function provided in the service providing terminal, execute it, and judge whether the authentication result is correct from the return value CTAU of the OTP authentication function.
A computer network system that provides services to users who present correct authentication data when the authentication result is correct. In the system according to any one of claims 1 to 10, the return value CTAU obtained from the OTP authentication function as a result of authentication by OTP is encrypted using the key information for decrypting the encrypted data. A computer network system equipped with software CRHN that decrypts encrypted data and encrypted data in the user terminal. In the system according to any one of claims 1 to 13.
For server terminals connected to the network that provides the service
The user identifier A or token number TIDA or both based on the private key information when the user terminal of the user UA accesses the service providing terminal, and the IP address or location information of the user terminal or the terminal identifier or terminal sensor value directly or Collect it as a pseudonym or anonymize it and record it on the service providing terminal.
Have the service providing terminal record the login time or access time or browsing time T of the user terminal, login history information or access history information or browsing history information Cnt in the service providing terminal.
Identical to the user identifier A or token number TIDA Moshiku are both different IP address or location information or terminal identifier or user of the terminal sensor values or a different IP address and location information and the terminal identifier and the terminal sensor value Concatenated value The service providing terminal is equipped with a control unit and a storage unit that record and monitor whether or not access has been made from the IPV.
A computer network system that detects and notifies unauthorized use due to leakage of private key information used in a distributed ledger system that accesses service-providing terminals, and unauthorized use due to reuse of private keys on multiple terminals. In the computer network system according to claim 14, an environment-dependent sensor measured from physical information such as geomagnetism, gravitational acceleration, acceleration, and angular velocity measured by a sensor of a user's terminal and physical values such as temperature, pressure, and illuminance. The information obtained from is used to calculate the identification information peculiar to the user terminal.
There are multiple terminals accessing the service providing terminal for the user identifier A and the token number TIDA of the OTP token that are collected by the service providing terminal when the service is used and calculated from the user UA's private key at the same time. It is a computer network system that uses a service-providing terminal equipped with an unauthorized access monitoring function and an unauthorized access notification function that monitors whether or not there is an unauthorized access and notifies the possibility that unauthorized access is being performed when multiple terminals exist.
A computer network system in which one or more motion sensors, position sensors, or environment sensors are provided as sensors of the input device of the user terminal and used as sensors.
The motion sensor is provided with an acceleration sensor (acceleration meter) or a gyro sensor (angular velocity sensor), the position sensor is provided with a geomagnetic sensor or a magnetic sensor or an accelerometer, and the environmental sensor is a temperature sensor or a humidity sensor or an optical sensor. Or equipped with an illuminance sensor or pressure sensor or pressure sensor,
Access the service provider terminal using the token number of the user terminal, the user identifier, or the private key corresponding to both, based on the measured value of one or more types of sensors at a certain time T. A computer network system characterized by being used to calculate the identification information of a user terminal. The information of the password OWP, the token number TIDA, and the user identifier A used in the computer-network system using the password OWP = fh (A , TIDA , KC , BC) according to claim 2.
Record it on a recording means such as a valuable paper leaf or NFC tag terminal and attach / attach it to the object as a tag of the object, or attach it to the surface of the object or the surface of the sealed / packaged object .
Computer using OWP according to claim 2-A computer network system that manages the distribution of goods by reading the information used in the network system from the tags attached / attached to the goods. The one-time password according to any one of claims 3 to 10 is generated by executing an OTP generation function in the blockchain portion of the distributed ledger system DLS of the communication terminal, the data distribution terminal, and the data broadcasting station terminal.
Alternatively, obtain it from the network by executing the OTP generation function of the smart contract of the OTP token of the node terminal of the blockchain.
A seed value that allows the user terminal to become a blockchain node or authenticate the authenticity of the distributed or broadcasted information data by attaching the main unit data, time information, block number Bn, and BnTOTP data to the data to be broadcast or distributed. Can be confirmed using the OTP authentication function of the software or hardware terminal that recorded the data .
A computer network system that authenticates data from tag information by tagging transmitted data with OTP authentication data that can confirm the authenticity of information and data. With respect to the computer network system according to claim 17, when a positioning signal and positioning data are broadcast from a global positioning satellite system (GNSS) satellite terminal to a user terminal by radio for positioning, known position information is determined. In addition to GNSS navigation data such as the latest time information required for
The latest block number Bn, or the latest authentication BnTOTP that dynamically changes with time of the variable TB or Tm, which is an arbitrary or automatically changing dynamic variable of the blockchain or distributed ledger system DLS that conforms to the block number. By being attached to the signal broadcast by the GNSS satellite terminal together with the block number Bn, TB or Tm,
The user terminal that receives the message data including the GNSS navigation data together with the one-time password BnTOTP and the block numbers Bn and TB determines that the GNSS navigation data for positioning received by the user terminal is the authenticated correct data. A computer network system equipped with a means for confirming the authenticity of broadcast data from a GNSS satellite terminal, which has a function to perform. In the computer network system according to any one of claims 3 to 15, a password generation function that dynamically changes according to a change corresponding to time of time information TB or Tm or block number Bn is used as an OTP generator.
For Bn or KC or TB-based BnTOTP with BnTOTP = fh (A, TIDA, KC, Bn, VU [TIDA]) including a seed value VU [TIDA] that can be set and voted by the owner of the OTP token , the token The owner user can rewrite part of the seed value to any value,
The feature is that the user can change / update the appearance of the authentication value of BnTOTP calculated in the future block number Bn, and the pseudo-random number of BnTOTP is improved.
A computer network system characterized by calculating an OTP authentication value for OTP authentication or a pseudo random number value in OTP.

Images