JPH10214255A - Method and device for generating certification data - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a certification data generation technique for changing limit information such as the generation condition of an authority at a user's side. SOLUTION: Auxiliary information 102 is inputted from an auxiliary information inputting part 203, and control information 101 corresponding to the auxiliary information 102 is inputted to a control information inputting part 202. Moreover, a user inputs new control information to the control information inputting part 202. The inputted control information and auxiliary information is transmitted through a data bus 204 to an auxiliary information generating part 205. The auxiliary information generating part 205 calculates new auxiliary information from the transmitted control information and auxiliary information based on a prescribed expression, and transmits the result through the data bus 204 to an auxiliary information outputting part 206. The auxiliary information outputting part 206 outputs the transmitted new auxiliary information 105.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a method and an apparatus for generating proof data for generating data for certifying a user's right.

[0002]

2. Description of the Related Art A technique for controlling a user's right is disclosed in, for example, Japanese Patent Application Laid-Open No. 4-157555. In this technology, user ID
And the user's rights information in the host computer,
The user right information is searched from the user ID input from the terminal, the use is permitted within a range corresponding to the right information obtained as a result of the search, and the provision of a predetermined service is controlled.

However, in the above-mentioned conventional technique, information of a host computer must be rewritten in order to change a user's right. Therefore, the change operation needs to be performed by the administrator of the host computer. Therefore, if you have to manage a large amount of user information,
The management load of user information is concentrated on the host computer and its administrator.

[0004]

SUMMARY OF THE INVENTION The present invention has been made in view of the above circumstances, and provides a proof data generation technique which enables a user to change restriction information such as a right generation condition. It is intended to be.

[0005]

According to the present invention, certifying data for certifying a user's right based on input authentication data and at least auxiliary information generated corresponding to predetermined control information. The above problem is solved by providing a means for generating new auxiliary information using the control information and the auxiliary information on the user side in the configuration for generating. That is, the center side can hold only the basic right information (ID and the like) of the user, and can only change the use right of the resource by giving the control information to the user. In some cases, the method of changing the usage right can be given to the user in advance, so that the load on the center side can be reduced.

That is, according to the present invention, in order to achieve the above-mentioned object, the user is required to input the authentication data and at least the auxiliary information generated corresponding to the predetermined control information. In a proof data generation method for generating proof data for proving a right, a new control information to be set, a current auxiliary information, and a new control information based on the old control information used to generate the current auxiliary information. A step of generating auxiliary information and a step of generating new proof data based on the new auxiliary information are performed.

In this configuration, the auxiliary information can be changed only by setting new control information on the user side, and it is not necessary to send the held information to the user side every time the control information is changed.

In this configuration, the auxiliary information can be generated based on the control information and the user's unique information, and the control information generates a right generation condition and proof data. Side effects at times can be specified.

As a side effect, there is a price for the generation of the proof data (that is, when the proof is used, for example, when the content is used). As a result, a usage amount charging system can be realized. Another side effect is, for example, the validity period of the auxiliary information. Thereby, the use period of the content or the like can be specified. For example, the use time of the content can be indirectly managed by the validity period of the auxiliary information without including a mechanism for managing the use period in the content itself.

Further, new control information may be generated by changing existing control information.

Further, according to the present invention, in order to achieve the above-mentioned object, a user's authentication is performed based on input authentication data and at least auxiliary information generated corresponding to predetermined control information. A means for inputting the control information, a means for inputting the auxiliary information, and the input auxiliary information to a proof data generation device for generating proof data for proving the right;
Means for generating new auxiliary information based on the control information used to generate the auxiliary information and the newly input control information; and generating new certification data based on the new auxiliary information. Means are provided.

Also in this configuration, it is not necessary to send the held information to the user every time the control information is changed.

In this configuration, means for storing the input control information may be provided, or means for verifying the validity of the input control information and auxiliary information may be provided.

Further, according to the present invention, in order to achieve the above-mentioned object, the user can be identified based on the input authentication data and at least the auxiliary information generated corresponding to the predetermined control information. Means for storing the control information, means for inputting auxiliary information corresponding to the currently stored control information, and means for inputting auxiliary information corresponding to the currently stored control information to a proof data generation device for generating proof data for proving the right; Means for generating new control information from the control information, the currently stored control information, the auxiliary information corresponding to the currently stored control information, and the new auxiliary information based on the newly generated control information. A means for generating and a means for generating new certification data based on the new auxiliary information are provided.

Also in this configuration, it is not necessary to send the held information to the user every time the control information is changed.

In this configuration, the means for newly generating control information may control a method of generating control information by generation control information for controlling a method of generating control information. The generation control information may be used number information, the number of uses may be compared with a predetermined value, and the control information may be changed according to the result. Further, the generation control information may be used time information, the usage time may be compared with a predetermined value, and the control information may be changed according to the result. Further, means for storing the generation control information may be provided, and means for inputting the generation control information may be provided.

[0017]

BEST MODE FOR CARRYING OUT THE INVENTION

[Overview of Authentication System] First, before describing an embodiment of the present invention, an authentication system based on the embodiment of the present invention will be described. The present invention can be applied to other than the following authentication system.

As shown in FIG. 1, the authentication system based on the embodiment of the present invention includes three entities, that is, a management center 1, a provider 2, and a user 3. The provider 2 has information, devices, or resources (hereinafter collectively referred to as contents), and a user 3 corresponding thereto.
Want to control access to In such a case, a public key encryption technique that is a known technique can be used. Hereinafter, it is assumed that this public key encryption technology is used.

According to the public key cryptography, each entity has the following information. Management center 1: Center public key pair (ec, n
c), signature key dc (secret) User 3: authentication key du (secret) Provider 2: content encryption key K (secret) The key of the management center 1 is, for example, RSA (Rivest, S)
hamir, Adleman) encryption technology. The user 3 has a user-specific authentication device (token) 31 called a token enclosing du and a content use program 32 for using the content. Basically, the user 3 has the center 1 issue information for performing access control (hereinafter referred to as a ticket) to access certain contents. The user can access resources using the ticket and the user-specific authentication device 31 called a token.

As a preparation for issuing the ticket, the following is performed.

First, the provider 2 requests the management center 1 to generate information n (hereinafter referred to as a ticket modulus) and E (referred to as a ticket public key) for a specific resource. n is generated as n = p · q using two cryptographically secure prime numbers p and q. The electronic signature of the management center 1 is given to n. Further, the management center 1 holds E and n. The provider 2 encrypts its content using a secret key K. This encryption may be a conventional key encryption or a public key encryption. Next, provider 2 has E
And K using

[0022]

## EQU1 ## K ′ is obtained as K ′ = K ^E mod n to obtain K ′. Then, it is distributed to the user 3 together with the encrypted content. Where K '
Is enclosed in the content so that the user 3 does not know it.

The user 3 sends his / her ID and the ticket modulus n to the management center 1 to obtain a ticket. The management center 1 generates secret information du of the user 3 retrieved from the ID of the user 3, secret information D generated from the ticket modulus n and the corresponding ticket public key E as follows.

[0024]

ED = 1 mod φ (n) (1) where φ (n) is the Euler number of n and is generated from p and q.

Using this D, a ticket t is generated as follows and sent to the user 3.

[0026]

T = DF (du, L) + wφ (n) (2) where w = G (du, L), G () is a suitable non-collision function, and F is one-way A transformation or function with
Is control information describing conditions for using resources and the like.

The user 3 uses the issued t to access the content as follows. First, user 3
A random number r is generated, and the following challenge C is calculated.

[0028]

C = r ^E · K ′ mod n (3) The above calculation is performed in the content use program 32.

The content use program 32 communicates with the token 31 and sends C to the token 31. Token 31
Within

[0030]

[Mathematical formula-see original document] R = ^{Ct + F (du, L)} mod n (4) is calculated and returned to the content use program 32.

On the user 3 side, the content use program 32 uses R to

[0032]

## EQU00006 ## K is obtained by K = r.sup. ^- 1.R mod n (5), and the content is decrypted. Here, the user can use the content for the first time.

The technology premised on the embodiment of the present invention has been described above. Hereinafter, examples of the present invention will be described. In the embodiment described below, the above-described ticket is considered as auxiliary information and L is considered as control information, and the proof data generation method according to the present invention is implemented in the above-described token. With this configuration, the user can obtain a new ticket t by giving L to the token. [Embodiment 1] FIG. 2 shows an embodiment of a proof data generation method according to the present invention. In FIG. 2, 101 is control information, 1
02 is auxiliary information corresponding to the control information 101, 103 is new control information, 104 is auxiliary information generating means for generating new auxiliary information from the control information, auxiliary information and new control information 103, and 105 is newly generated. Auxiliary information.

In this configuration, the proof data generating means 1
04 is the given control information 101 and new control information 10
3, the auxiliary information 102 is changed and output as new auxiliary information 105. Specifically, the auxiliary information and control information that have already been acquired are respectively referred to as told and Lol.
d, new control information Lnew,

[0035]

Δ = F (du, Lold) −F (du, Lnew) (6) Next, new auxiliary information tnew is obtained by using the obtained Δ.

[0036]

## EQU8 ## Generated as tnew = told + Δ (7).

FIG. 3 shows an example of the configuration of a proof data generation device that implements the first embodiment. In this figure, control information 10
1, auxiliary information 102, new control information 103, and new auxiliary information 105 are the same as those in FIG. 201 is a proof data generation device; 202 is a control information input unit for inputting control information 101 and new control information 103 from outside;
3 is an auxiliary information input unit for inputting auxiliary information from outside, 20
4 is a data bus for transferring the input auxiliary information and control information, 205 is an auxiliary information generation unit that generates new auxiliary information from the changed control information and auxiliary information, and 206 outputs the generated new auxiliary information 106. This is an auxiliary information output unit.

In this configuration, the auxiliary information 102 is input from the auxiliary information
2 is input to the control information input unit 202. Further, the user inputs new control information to the control information input unit 202. The input control information and auxiliary information are transmitted through the data bus 204 to the auxiliary information generation unit 20.
Sent to 5. The auxiliary information generation unit 205 calculates new auxiliary information from the transmitted control information and auxiliary information, for example, based on the above-described equation (7), and sends the result to the auxiliary information output unit 206 via the data bus 204. Auxiliary information output unit 2
06 outputs the sent new auxiliary information 105.

FIG. 4 shows a modification of the proof data generating apparatus of FIG. In FIG. 4, control information 101, auxiliary information 10
2. New control information 103, new auxiliary information 105, proof data generation device 201, control information input unit 202, auxiliary information input unit 203, data bus 204, auxiliary information generation unit 20
5 and the auxiliary information output unit 206 are the same as those in FIG. Reference numeral 301 denotes a control information storage unit that stores input control information.

In this configuration, the input control information 1
01 is a control information storage unit 301 via the data bus 204.
Sent to and retained. Next, when new control information 103 is input, the stored control information 101 is read out and sent to the auxiliary information generation unit 205 via the data bus 204. At this time, the control information 10 in the control information storage unit 301 is
3 is replaced with the new control information 105. In this case, the new control information may be additionally stored in the storage unit without being replaced. By doing so, it is also possible to use only the control information in the storage unit without using the control information input from the outside. Furthermore, it may be handled as a use history by associating it with the use of the content, and may be used, for example, when performing charging according to the use status or performing more detailed control of change of control information.

FIG. 5 shows another modification of the proof data generating apparatus of FIG. In FIG. 4, control information 101, auxiliary information 102, new control information 103, new auxiliary information 105, proof data generation device 201, control information input unit 202, auxiliary information input unit 203, data bus 204, auxiliary information generation unit 205, The auxiliary information output unit 206 and the control information storage unit 301 are the same as those in FIG. An inspection unit 401 inspects the validity of the auxiliary information 102.

In this configuration, for the auxiliary information, at the time of issuance, the management center performs an electronic signature of the center itself with the secret key of the center. In the inspection unit 401, the signature is verified using the public key of the center. In addition, at the time of issuance, the auxiliary information or control information is issued using the user's public key, so that only authorized users can use it,
The user decrypts with the user's private key. Thereby, the validity of the auxiliary information 102 can be verified.

[Second Embodiment] FIG. 6 shows another embodiment of the proof data generation method of the present invention. In FIG. 6, control information 1
01, auxiliary information 102, new control information 103, auxiliary information generating means 104, and new auxiliary information 105 are the same as those in FIG. Reference numeral 501 denotes a control information generation unit.

In this configuration, the control information 101 given first is sent to the auxiliary information generating means 104 and also to the control information generating means 501. The control information generation means 501 rewrites the input control information in accordance with appropriate conditions, and generates new control information 103.

FIG. 7 shows an example of the configuration of a proof data generation device for realizing the proof data generation method according to the second embodiment. 7, control information 101, auxiliary information 102, new control information 1
03, new auxiliary information 105, proof data generation device 20
1. The auxiliary information input unit 203, data bus 204, auxiliary information generation unit 205, auxiliary information output unit 206, and control information storage unit 301 are the same as those in FIG. A control information generation unit 601 changes the control information and generates the new control information 103.

The entire operation is the same as in FIG. Therefore, the operation of the control information generation unit 601 having a different configuration will be described. The control information generation unit 601 reads the control information 101 from the control information storage unit 301 via the data bus 204, changes the control information 101 according to a predetermined condition, and generates new control information 103.

FIG. 8 shows the control information generating means 5 in FIG.
01 (the control information generation unit 601 in FIG. 7). 8, control information 101, new control information 103, and a control information generation unit 501 are the same as those in FIG. Reference numeral 701 denotes generation control information for controlling generation of control information, and reference numeral 702 denotes generation control conditions 703 for determining whether or not generation is possible, and generation method setting information for defining generation contents.

In this configuration, when the control information 101 is input to the control information generation unit 501, the condition at that time is compared with the generation control condition 702 in the generation control information 701,
If a predetermined condition is satisfied, it is in the generation control information 701,
Generation method setting information 703 corresponding to the generation control condition 702
In accordance with the control information 101 and the new control information 1
03 is generated and output.

FIG. 9 shows the generation control condition 702 in FIG.
The following shows an operation example using the number of times of use. In FIG. 9, the number of times of use is n1, n2,. . nk or less, the generation method setting information 703 indicates that the setting 1, setting 2,. . The setting is set to k. As the generation method setting information 703, for example, a unit price per use is used, and if the number of uses increases to some extent, it can be made available at a discounted price. Alternatively, as the generation method setting information 703, use authority may be used for setting, and use may be disabled if a certain number of times are used.

FIG. 10 shows the generation control condition 70 in FIG.
FIG. 2 shows an operation example using the usage time. In FIG. 10, the usage times are t1, t2,. . tk or less, the generation method setting information 703 indicates the setting 1, setting 2,. . The setting is set to k. As the generation method setting information 703, for example, a unit price per use is used, and when the usage time increases to some extent, it can be made available at a discount price. Alternatively, the usage authority may be used as the generation method setting information 703 for setting, so that the usage method cannot be used after a certain period of use.

FIG. 11 shows the configuration of the control information generator 601 in FIG. In FIG. 11, the control information 101, the new control information 103, the control information generation unit, and the data bus 204 are the same as those in FIG.
Is the same as Reference numeral 1001 denotes an input / output unit for inputting / outputting control information and generation control information 1003 via the data bus 204; 1002, a generation unit for generating new control information 103 based on the generation control information 1003; Generation control information 1004 defining a method of generating information;
Is an internal data bus.

In this configuration, the control information 101 and the generation control information 1003
Is read by the input / output unit 1001. When the read result is sent to the generation unit 1002, the generation unit 1002 decodes the generation control information and generates new control information 103 from the control information 101 based on the result. The new control information 103 is
The data is output from the input / output unit 1001 to the data bus 204.

FIG. 12 shows the configuration of the control information generator 601 shown in FIG. 12, control information 101, new control information 103, a control information generation unit, a data bus 204 input / output unit 1001, a generation unit 1002, generation control information 1003,
The internal data bus 1004 is the same as in FIG. 110
Reference numeral 1 denotes a generation control information storage unit that stores generation control information.

In this configuration, the method of generating the new control information 103 is the same as that of FIG. 11, but the generation control information 1003 to be used is read from the generation information storage unit 1101 via the internal data bus 1004 and used. The generation control information 1003 inside the generation control information storage unit 1101 may be read from the outside via the data bus 204 and the input / output unit 1001, or may be provided in a form semipermanently written in a semiconductor such as a ROM chip.

This is the end of the description of the embodiment. It should be noted that the present invention is not limited to the above-described embodiment, and various changes can be made. For example, in the above embodiment, the auxiliary information is based on the user's unique information and the control information.
The auxiliary information may be based on only the control information.

[0056]

As described above, according to the present invention,
Since the auxiliary information is changed on the user side based on the control information, it is not necessary to send the auxiliary information from the center side to the user every time the control information is changed.

[Brief description of the drawings]

FIG. 1 is a diagram illustrating an authentication system to which an embodiment of the present invention is applied.

FIG. 2 is a diagram illustrating a proof data generation method according to the first embodiment of the present invention.

FIG. 3 is a block diagram illustrating a configuration example of a proof data generation device that implements the first embodiment;

FIG. 4 is a block diagram illustrating another configuration example of the proof data generation device according to the first embodiment.

FIG. 5 is a block diagram illustrating another configuration example of the proof data generation device according to the first embodiment.

FIG. 6 is a diagram illustrating a proof data generation method according to a second embodiment of the present invention.

FIG. 7 is a block diagram illustrating a configuration example of a proof data generation device that implements a second embodiment;

FIG. 8 is a diagram illustrating a main part of a second embodiment.

FIG. 9 is a diagram illustrating an operation of a main part of the second embodiment.

FIG. 10 is a diagram illustrating an operation of a main part of the second embodiment.

11 is a block diagram illustrating a configuration example of a control information generation unit of the proof data generation device of FIG. 7;

12 is a block diagram illustrating another configuration example of the control information generation unit of the proof data generation device in FIG. 7;

[Explanation of symbols]

 201 proof data generation device 202 control information input section 203 auxiliary information input section 205 auxiliary information generation section 206 auxiliary information output section

Claims (13)

[Claims] 1. A certifying data generating method for generating certifying data for certifying a user's right based on input authentication data and at least auxiliary information generated corresponding to predetermined control information, Generating new auxiliary information based on the control information to be newly set, the current auxiliary information, and the old control information used to generate the current auxiliary information; and Generating new proof data by performing the above steps. 2. The proof data generation method according to claim 1, wherein the auxiliary information is generated based on the control information and user's unique information. 3. The proof data generation method according to claim 1, wherein the control information defines conditions for generating rights and side effects when proof data is generated. 4. The proof data generating method according to claim 1, wherein the new control information is generated by changing the existing control information. 5. A certifying data generating device for generating certifying data for certifying a user's right based on input authentication data and at least auxiliary information generated corresponding to predetermined control information, A means for inputting the control information, a means for inputting the auxiliary information, an input auxiliary information, a control information used to generate the auxiliary information, and a control information newly input. A proof data generation apparatus comprising: means for generating new auxiliary information; and means for generating new proof data based on the new auxiliary information. 6. The proof data generating apparatus according to claim 5, further comprising means for storing the input control information. 7. The proof data generating apparatus according to claim 5, further comprising means for verifying the validity of the input control information and auxiliary information. 8. A proof data generation device for generating proof data for certifying a user's right based on input authentication data and at least auxiliary information generated corresponding to predetermined control information, Means for storing the control information; means for inputting auxiliary information corresponding to the currently stored control information; means for generating new control information from the currently stored control information; Means for generating new auxiliary information based on the current control information, the auxiliary information corresponding to the currently stored control information, and the newly generated control information; and Means for generating proof data. 9. The means for newly generating control information includes:
9. The proof data generation device according to claim 8, wherein a generation method of the control information is controlled by generation control information for controlling a generation method of the control information. 10. The proof data generation apparatus according to claim 9, wherein the generation control information is information on the number of times of use, the number of times of use is compared with a predetermined value, and the control information is changed according to the result. 11. The proof data generation apparatus according to claim 9, wherein the generation control information is used time information, the used time is compared with a predetermined value, and the control information is changed according to the result. 12. The proof data generation device according to claim 9, further comprising means for storing the generation control information. 13. The proof data generation device according to claim 9, further comprising means for inputting the generation control information.