JPH1032571A - Authentication system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To simply execute authentication processing while securing security by executing authentication processing based on a rule that a first authenticator included in first authentication information is the same authenticator as that signing a first code included in the first authentication information with a key. SOLUTION: A center 11 checks whether or not the rule is conformed consisting of a first sub-rule that a counted value included in the authentication information transmitted this time (first authentication information) is larger than a counted value included in authentication information transmitted last time (second identification information), and a second sub-rule that an authenticator included in authentication information has a counted value included in the authentication information the same as that the authenticator which is signed with a key. Then at the time of obeying, the center 11 identifies that the call originating source of the identification information is correctly a user 10.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a center for performing authentication based on transmitted information that the information is transmitted from a legitimate source, and transmitting information to the center. The present invention relates to an authentication method for performing authentication with a user who is authenticated that the information is information transmitted from a valid source.

[0002]

2. Description of the Related Art Conventionally, the following types of authentication systems have been known as the above-mentioned authentication systems. 1) Password-type authentication method A user registers a password in the center in advance, and transmits the password to the center upon receiving authentication. When the transmitted password matches the password registered in advance, the center authenticates that the source of the password is the correct user.
This scheme results in an unauthorized access to the center by the malicious third party if the password is intercepted by a malicious third party. 2) Sequential number type authentication system Both the user and the center have counters (this counter may be of a monotonically increasing sequence, and may use time, for example). The counter value on the user side is transmitted to the center. When the value of the transmitted counter and the value of the counter on the center side match, the center authenticates that the source of the value of the counter is the correct user. In this method, the value or time of the counter must be exactly the same between the user and the center, and if the user attempts to access the center and fails, or if the user accesses multiple centers, the counter value is used. May be different, and when the time is adopted, the clock of the user and the clock of the center need to completely match. In addition, the value of the transmitted counter is eavesdropped, and the value of the next counter is immediately generated and transmitted, thereby allowing unauthorized access. 3) Authentication method of serial signature type Both the user and the center have counters. The user also has a key to encrypt the value of the counter,
The key is registered in the center in advance. Upon receiving the authentication, the user creates a signature (authenticator) with the value of the counter on the user side using the key, and transmits the signature to the center. On the other hand, the center signs the value of the counter on the center side with the registered key, and if the created signature (authenticator) matches the signature transmitted from the user, the signature source is the correct user. Certify that Here, the value of the counter on the user side and the value of the counter on the center side are incremented each time authentication is performed. In the case of this system, even if the eavesdropping is performed, the value of the counter is not known because the value of the counter is not known, but there is still a problem that the counter value needs to be always kept the same. 4) Challenge-Response Authentication Scheme FIG. 5 is a diagram showing the flow of a conventional challenge-response authentication scheme.

[0005] A user 40 shown in FIG. 5 has a key for signing a random number R and registers the key in a center 41. First, the user 40 sends a service request to the center 41. Then, the center 41 receives the service request and transmits a random number R to the user 40 upon authentication. The user 40 signs the transmitted random number R with the key possessed by the user 40 and authenticates the authenticator E (R).
(Signature of random number R) is created, and the authenticator E (R) is transmitted to the center 41. On the other hand, the center 41 also signs the random number R with a registered key to create an authenticator,
When the created authenticator matches the authenticator E (R) sent from the user 40, the authenticator E (R) authenticates that the source of the authenticator E (R) is the correct user 40, and provides a service to the user 40. I will provide a. In the case of this method, since an unpredictable random number is signed with a key, the security against a malicious third party is further enhanced.

[0004] In the above four types of authentication methods, it becomes difficult to predict a message transmitted for authentication in the order of a password type, a serial number type, a serial number signature type, and a challenge response type. Therefore, the security against unauthorized access to the center by an unauthorized user increases in the order of a password type, a serial number type, a serial number signature type, and a challenge response type. For this reason, conventionally, a challenge-response type authentication method is often used.

On the other hand, the authentication process becomes more and more complicated in the order of a password type, a serial number type, a serial number signature type, and a challenge-response type. For this reason, when authentication processing is required many times continuously, there has been a demand for simplifying the authentication processing while securing the same level of security as the challenge-response type authentication method. To meet this demand, Japanese Patent Laid-Open
There is one proposal in JP-A-219053.

FIG. 6 is a diagram showing the flow of a challenge-response type authentication scheme proposed in Japanese Patent Laid-Open No. 5-219053. In this authentication method, when the authentication process is repeatedly performed, both the user 50 and the center 51 perform
The authenticator (E (R)) created by the user 50 at the I-th time
It is used as the (+1) -th random number E (R). For this reason,
The center 51 does not need to send a random number at the (I + 1) -th time, and the entire process is faster, which is more secure than the simple authentication process of the challenge-response type authentication method shown in FIG. It does not decline.

[0007]

However, the above-mentioned I
Using a challenge-response type authentication method in which the authenticator created the first time is used as the (I + 1) -th random number, and performing authentication processing repeatedly using a communication line such as the Internet, where the authenticator does not always reach the center. ,
Authentication may fail and authentication may fail.

[0008] Also, WWW (World Wide W)
If this authentication method is used for a service that randomly accesses a plurality of centers, such as eb), the user must record the transmitted authenticator for each center, which complicates the mechanism on the user side. become. The present invention has been made in view of the above circumstances, and has as its object to provide an authentication method that can easily perform authentication processing while ensuring sufficient security.

[0009]

According to a first aspect of the present invention, there is provided an authentication method, wherein information transmitted from an authorized source is transmitted based on information transmitted. Authentication between a center that authenticates that the information is transmitted and a user that transmits information to the center and is authenticated that the information is information transmitted from a valid source. In the system, both the user and the center share information indicating the order of those codes constituting a set of ordered codes and a key for signing the codes. When receiving the above authentication, an authentication comprising both a code constituting the above set, which is updated according to the above-mentioned order each time the user intends to receive the authentication, and an authenticator which signs the code with the above key information The center transmits the first code included in the first authentication information transmitted this time, the second code included in the second authentication information transmitted last time from the user. A first sub-rule that is a code located after the code in the above order according to the above order;
The second authenticator that the first authenticator included in the first authentication information is the same authenticator as the authenticator obtained by signing the first code included in the first authentication information with the key. It is checked whether or not to comply with a first rule consisting of both sub-rules and sub-rules. If the first rule is followed, it is verified that the source of the first authentication information is correctly authenticated as the user. Features.

[0010] A second authentication method according to the present invention for achieving the above object is a center for performing authentication based on transmitted information that the information is information transmitted from a valid source. An authentication method for transmitting the information to the center and performing the authentication with a user who is authenticated that the information is transmitted from a valid source. In both cases, both the information representing the order of those codes constituting the set of ordered codes and the key that signs the codes are shared, and the user, upon receiving the authentication, A signature with the above-described key, which is a combination code that is a combination of a code that is updated according to the above-described order each time authentication is attempted and a center ID code that specifies the center of the transmission destination. The authentication information including both the authenticator and the authenticator is transmitted to the center, and the center transmits the first code included in the first authentication information transmitted this time from the user last time. The first sub-rule that the code is located later in the order than the second code included in the second authentication information and the first authenticator included in the first authentication information are the first sub-rule. And a second sub-rule indicating that the combined code obtained by combining the first code included in the authentication information of the above and the own center ID code is the same as the authenticator signed with the key. Check whether the first rule consisting of both sub-rules is followed,
When the first rule is followed, it is authenticated that the source of the first authentication information is correctly the user.

Here, in the first authentication method or the second authentication method of the present invention, as the first sub-rule, the center may include, as the first sub-rule, the first code starting from the second code and the sequence It is preferable to adopt a sub-rule to which a rule that the code is located within a predetermined range according to the above. Further, the center determines that the authentication information is an unauthorized authentication request when the first authentication information transmitted this time does not comply with the second sub-rule.

In the first authentication method and the second authentication method according to the present invention, the center may determine that the first authentication information transmitted this time complies with the second sub-rule, but the first authentication information is transmitted in accordance with the second sub-rule. If the sub-rule is not followed, the random number generated by the center is transmitted to the user, and the user includes a second authenticator including a second authenticator signing the random number transmitted from the center with the key. The third authentication information is transmitted to the center, and the center signs the random number generated by the second authenticator included in the third authentication information transmitted this time with the key. It is checked whether or not a second authenticator is the same as the authenticator compared to the first authenticator. If the second rule is followed, the first authentication information transmitted last time and the current authentication information transmitted this time are transmitted. Third It is effective to both of the source of the witness information to authenticate that it is properly the user.

[0013] In this case, the third authentication information is a third code that is one of codes constituting the set.
It is preferable that the user further signs the combined code obtained by combining the random number and the third code with the key as the second authenticator. The center is transmitted to the center, and the center generates, as the second rule, the second authenticator included in the third authentication information transmitted this time, generated by the center. A rule is adopted that a combined code obtained by combining the random number and the third code included in the authentication information transmitted this time is the same authenticator as the authenticator signed with the above key. Is preferred.

A third authentication method among the authentication methods according to the present invention that achieves the above object is based on the fact that the information is transmitted from a valid source based on the transmitted information. In an authentication method for performing the above-mentioned authentication between a center that performs authentication and a user that transmits information to the center and is authenticated that the information is information transmitted from a valid source, Both the user and the center share information indicating the order of those codes constituting a set of codes whose order is determined, and a key for signing the codes. Upon receiving the authentication information, the authentication information including the authenticator obtained by signing the code updated with the key in accordance with the above-described order each time the authentication is performed is transmitted to the center. The first authenticator included in the first authentication information transmitted this time has a higher order than the second code included in the second authentication information transmitted last time from the user in the above order. A sign located after,
In addition, the second code is used as a starting point, and the codes located within a predetermined range according to the above-mentioned order are each the same as one of the authenticators signed with the key. When the first rule is followed, it is authenticated that the source of the first authentication information is correctly the user.

Further, a fourth authentication method among the authentication methods according to the present invention includes a center for performing authentication based on transmitted information that the information is information transmitted from a valid source. An authentication method for transmitting the information to the center and performing the authentication with a user who is authenticated that the information is transmitted from a valid source. In both cases, both the information representing the order of those codes constituting the set of ordered codes and the key that signs the codes are shared, and the user, upon receiving the authentication, Authentication by forming a set, signing with the key a combined code obtained by combining a code updated in accordance with the above-mentioned order each time authentication is to be performed and a center ID code for specifying a destination center. Is transmitted to the center, and the center transmits the first authentication code included in the first authentication information transmitted this time to the second authentication information transmitted last time from the user. And the center ID of the own code which is located after the second code included in the above-mentioned order and which is located within a predetermined range according to the above-mentioned order starting from the second code. When the first rule that one of the authenticators signed by the key is the same authenticator as each authenticator signed by the above key, the first It is characterized in that it is authenticated that the source of the authentication information is the above user correctly.

Here, in the first to fourth authentication methods according to the present invention, the user has a first clock that knows the current time, and the user uses the first clock as a code that constitutes the set. A code indicating the obtained current time may be used. In that case, the center further has a second clock that knows the current time,
The first authentication information transmitted this time complies with the first rule, and the second authentication information transmitted last time at the current time indicated by the first code included in the first authentication information. The first elapsed time from the current time represented by the second code included in the first authentication information obtained from the second clock is the reception time of the first authentication information transmitted this time.
If the second authentication information transmitted last time is within a predetermined allowable error compared to the second elapsed time from the reception time of the second authentication information, it is determined that the source of the first authentication information is correctly the user. Authentication is preferred.

[0017]

Embodiments of the present invention will be described below. FIG. 1 is a diagram showing a data flow in the authentication method according to the first embodiment of the present invention. Here, in order to facilitate the explanation, the same numbers as those of the item numbers 2 to 10 described below are given by attaching the arrows indicating the data flow in FIG. 1. Assumption (this number 1 is not entered in FIG. 1) The user 10 shown in FIG. 1 has both a counter and a key that signs the count value of the counter. The count value of this counter corresponds to a code according to the present invention, and a series of count values of the counter corresponds to a set of codes according to the present invention. Here, it is assumed that the current count value of this counter is the count value (i). Also, the user 10
A key for signing the count value is registered in the two centers 11 and 12. On the other hand, the centers 11 and 12
Of the center 11 (here, the count value of the center 11 is (i−
1), the count value (i-2) of the center 12 and these count values are different from each other). in this way,
Here, both the user 10 and the centers 11 and 12
The information used here is that the counter is an up-counter (information indicating the order of the codes according to the present invention), that is, information that the count value is sequentially incremented, and a key for signing the count value. ing. 2. Request for Authentication to Center 11 (No. 1) Upon receiving authentication, the user 10 receives a count value (i) at that time and an authenticator E (i) obtained by signing the count value (i) with a key. Authentication information consisting of both (i, E
(I) is transmitted to the center 11. User 10
Then increments the count value (i) to a count value (i + 1). 3. Authentication processing in the center 11 The center 11 transmits the authentication information (i, E
(I) The count value (i) (the first code according to the present invention) included in (the first authentication information according to the present invention) is the authentication information (i-1, E (i- 1)) The count value (i) included in the (second authentication information according to the present invention)
-1) A first sub-rule that is a count value larger than (a second code according to the present invention) and an authenticator E (i) included in authentication information (i, E (i)) are: Both the sub-rule and the second sub-rule indicating that the count value (i) included in the authentication information (i, E (i)) is the same authenticator as the authenticator E (i) signed with the key. It is checked whether or not to obey the rule (first rule according to the present invention), and when the rule is obeyed, it is authenticated that the source of the authentication information (i, E (i)) is the user 10 correctly. I do. The center 11 records the count value (i) received from the user 10. Further center 11
Provides a service to the user 10 because the source of the authentication information is the legitimate user 10. 4. Authentication Request to Center 11 (No. 2) Upon receiving the next authentication, the user 10 receives both the count value (i + 1) and the authenticator E (i + 1) obtained by signing the count value (i + 1) with a key. The authentication information (i + 1, E (i + 1)) is transmitted to the center 11. When compared with the present invention, the authentication information (i + 1, E
(I + 1)) also corresponds to the first authentication information according to the present invention. Thereafter, the user 10 increments the count value (i + 1) to obtain the count value (i + 2). 5. Authentication processing at the center 11 The center 11 transmits the authentication information (i + 1,
The count value (i + 1) included in E (i + 1)) is larger than the count value (i) included in the authentication information (i, E (i)) transmitted last time. 1 and the authentication information (i + 1, E (i
+1)) included in the authentication information (i + 1, E (i + 1)).
+1) is a rule composed of both sub-rules and a second sub-rule that is the same authenticator as the authenticator E (i + 1) signed with a key (the first rule according to the present invention).
To see if you follow the rules, and if you follow those rules,
It authenticates that the source of the authentication information (i + 1, E (i + 1)) is the user 10 correctly. Center 11
Records the count value (i + 1) from the user 10. Further, since the origin of the authentication information is the legitimate user 10, the center 11 provides a service to the user 10.

Up to this point, the authentication processing has been performed twice. However, if the challenge-response authentication is simply repeated twice, the center 11 needs to send a random number to the user 10 and the communication is required eight times. In the authentication method of the form, only four communications are required. Next, a case where communication fails as a result of performing an authentication request following the above-described processing will be described. 6. Authentication Request to Center 11 (Part 3) The user 10 receives the count value (i
+2) and an authenticator E (i + 2) obtained by signing the count value (i + 2) with a key.
2, E (i + 2)) to the center 11. After that, the user 10 increments the count value (i + 2) to the count value (i + 3). However, since this communication has failed and there is no response from the center 11, the communication processing of the user has timed out, and authentication is requested again. 7. Authentication Request to Center 11 (No. 4) The user 10 receives the count value (i
+3) and an authentication information (i + 3) including both an authenticator E (i + 3) obtained by signing the count value (i + 3) with a key.
3, E (i + 3)) to the center 11.
The authentication information (i + 3, E (i + 3)) also corresponds to the first authentication information according to the present invention. Thereafter, the user 10 increments the count value (i + 3) to the count value (i + 4). 8. Authentication processing in the center 11 The center 11 transmits the authentication information (i + 3,
The count value (i + 3) included in E (i + 3)) is larger than the count value (i + 1) included in the authentication information (i + 1, E (i + 1)) transmitted last time. 1 and the authentication information (i
+3, E (i + 3)) contained in the authenticator E (i + 3)
Is an authenticator E (i) obtained by signing the count value (i + 3) included in the authentication information (i + 3, E (i + 3)) with a key.
+3), it is checked whether or not to obey a rule consisting of both sub-rules with the second sub-rule indicating that the authenticator is the same as the authenticator. Originally correct user 10
Certify that In the center 11, the source of the authentication information records the count value (i + 3) from the user 10. Further, since the origin of the authentication information is the legitimate user 10, the center 11 provides a service to the user 10.

Thus, the authentication information (i + 2, E (i +
Even if 2)) did not arrive at the center 11,
In the center 11, the next authentication information (i + 3, E (i +
The count value (i + 3) included in 3)) is larger than the count value (i + 1) recorded in the center 11 and the authenticator (E (i + 3)) included in the authentication information (i + 3, E (i + 3)). ) Is the same authenticator as the authenticator obtained by signing the count value (i + 3) with the key, and thus the authentication is successful.

Next, following the above-described processing, the center 11
A case where an authentication request is made to the center 12, which is a center different from the above, will be described. 9. Authentication Request to Center 12 The user 10 receives the count value (i
+4) and an authenticator E obtained by signing the count value with a key
(I + 4) and authentication information (i + 4, E (i
+4)) (this authentication information is also the first authentication information according to the present invention) is transmitted to the center 12. Thereafter, the user 10 increments the count value (i + 4) to the count value (i + 5). 10. Authentication processing in the center 12 The center 12 checks the authentication information (i + 4,
The count value (i + 4) included in E (i + 4)) is larger than the count value (i-2) included in the authentication information (i-2, E (i-2)) transmitted last time. A first sub-rule that is a count value and authentication information (i
+4, E (i + 4))) included in the authenticator E (i + 4)
Is an authenticator (E) obtained by signing the count value (i + 4) included in the authentication information (i + 4, E (i + 4)) with a key.
(I + 4)), it is checked whether or not to comply with a rule (first rule according to the present invention) composed of both sub-rules and a second sub-rule that is the same authenticator. Authentication information (i + 4, E (i +
4) Authenticate that the source of the user is the user 10 correctly. The center 12 records the count value (i + 4) from the user 10. Further, since the origin of the authentication information is the legitimate user 10, the center 12 provides a service to the user 10.

As described above, the user does not need to change the authenticator for each center and can perform the same processing regardless of the access to any center. Therefore, the mechanism on the user side is simplified. FIG. 2 shows an example of the authentication method shown in FIG.
FIG. 8 is a diagram illustrating a process when a count value from a user is smaller than a count value recorded in the center when the center receives an authentication request.

The center 11 determines that the access is unauthorized when the authenticator is incorrect (when the second sub-rule according to the present invention is not satisfied). On the other hand, the authenticator is correct,
If the count value from the user is smaller than the count value recorded in the center (does not satisfy the first sub-rule according to the present invention), the user 10 may have reset the counter for some reason, and the current Inquire the user 10 about the count value. The inquiry procedure will be described with reference to FIG. The same numbers as the item numbers 1 to 4 described below are attached to FIG.

1. Authentication request to the center 11 Upon receiving authentication, the user 10 obtains authentication information including both a counter value (i) and an authenticator E (i) obtained by signing the counter value (i) with a key. (I, Ei)
(The first authentication information according to the present invention) is transmitted to the center 11. The user 10 then increments the count (i) to a count value (i + 1).

2. Authentication processing in the center 11 In the center 11, the authentication information (i, E,
The count value (i) included in (i)) is the center 11
Is smaller than the count value recorded in the center 11 (here, the count value recorded in the center 11 is a count value larger than the count value (i)), the authentication information (i, E (i )), The authenticator is created by signing the count value (i) included in the key with a key, and if the created authenticator does not match the authenticator E (i) from the user 10, it is determined that the access is unauthorized. And end the communication. On the other hand, when the created authenticator matches the authenticator E (i) from the user 10, the center 11 generates a random number R arbitrarily generated by a random number generator (not shown) provided in the center 11. Send to user 10. At this time, the current count value (i) is temporarily recorded while the count value (i-1) recorded in the center 11 is held.

3. Response of the user 10 The user 10 receives the random number R transmitted from the center 11.
And the authentication information (i, E,
The key is signed with a combined code obtained by combining the count value (i + 1) (third code according to the present invention) updated from the count value (i) included in (i)). Authentication information (i + 1, E (R, i + 1)) comprising both an authenticator E (R, i + 1) (an example of a second authenticator according to the present invention) and a count value (i + 1) thereof (in the present invention) (Third authentication information) is transmitted to the center 11.

4. Authentication processing at the center 11 The center 11 transmits the authentication information (i + 1,
The count value (i + 1) included in E (R, i + 1)) is larger than the count value (i) included in the authentication information (i, E (i)) transmitted last time. And the authentication information (i + 1, E
Authenticator E (R, i + 1) included in (R, i + 1))
Is signed with a key to a combined code obtained by combining the random number R generated by the center 11 and the count value (i + 1) included in the authentication information (i + 1, E (R, i + 1)) transmitted this time. It is checked whether or not a rule (an example of a second rule according to the present invention) that the authenticator is the same as the authenticator is compared. If the rule is followed, the authentication information (i , E (i)) and the authentication information (i + 1, E (R, i + 1)) transmitted this time, authenticate that the source is the correct user 10, and provide the service. At this time, the count value (i + 1) sent from the user 10 is recorded. If the rule is not followed, it is determined that the access is unauthorized, and the temporarily recorded count value (i) is discarded, and the previously recorded count value (i-1) is returned.

Subsequently, when the user 10 makes an authentication request to the center 11 (number 5 shown in FIG. 2),
The center 11 performs an authentication process (No. 6 shown in FIG. 2) for the authentication request. As described above, according to the authentication method of the above-described first embodiment, authentication at the center is performed based on a count value larger than the count value of the user obtained as a result of the previous successful authentication. In other words, according to the present embodiment, it is not always necessary to authenticate with an authenticator generated from a continuous count value, and the present embodiment authenticates that the count value is advanced (of course,
Since the authentication method authenticates that the user has the key at the same time), the authentication processing can be continuously performed without extra processing even if there is no guarantee that the authenticator always reaches the center.

Further, since the count value only needs to be advanced, the user does not need to record the transmitted authenticator for each center. Even when accessing a different center, the user can make an authentication request using the same mechanism. it can. Further, in the above embodiment, since the mechanism for synchronizing the counters is provided as described with reference to FIG. 2, when the count value of the user is changed in order to improve the safety, the system on the user side is used. It is also possible to easily cope with a case where the value of the user's counter is changed due to reinstallation of the user.

In the first embodiment, as the first sub-rule, the authentication information transmitted this time (for example,
Count value (j) included in authentication information (j, E (j))
Is the authentication information transmitted last time (for example, the authentication information (i,
E (i)) employs a sub-rule in which the count value (j> i) is larger than the count value (i) included in E (i). | J-i | May be added in the range of (| ji−i | ≦ n). By doing so, the security of communication is further enhanced. In the first embodiment, the authentication information transmitted from the user to the center includes a count value (for example, a count value (j)) and an authenticator (e.g., a signature obtained by signing the count value (j) with a key). For example, both E (j)) are included, but as a modification of the first embodiment, the count value (for example, the count value (j)) itself is not transmitted from the user to the center. , Its authenticator (eg E
(J)) only, and the center locates within a predetermined range starting from the count value i stored corresponding to the authenticator (eg, E (i)) previously transmitted from the user. Count value (for example, count value (i + 1),
(I + 2),..., (I + N)), each of which is signed with a key and each authenticator E (i + 1), E (i + 2),.
+ N), and the authenticators E (j) transmitted from the user this time are those authenticators E (i + 1) and E (i +
2) If the authenticator matches any of the authenticators of E (i + N), the authenticator E (j) authenticates that the source of the authenticator is the correct user, and assigns the authenticator that matches the authenticator. The corresponding count value (j) may be recorded next time for authentication. In this case, the center does not need the count value itself (the first code according to the present invention), but expects the count value (the first code) to be within a predetermined range. doing.

Further, in the first embodiment, as described with reference to FIG. 2, although the authenticator is correct at the center (the second rule according to the present invention is satisfied),
When it is determined that the count value from the user is smaller than the count value recorded in the center (does not satisfy the first sub-rule according to the present invention), the center transmits a random number to the user, and The authenticator, which is obtained by signing a combination code obtained by combining the random number and the count value (the third code according to the present invention) with a key, and the count value itself (the third code) are set to the center However, the authenticator transmitted from the user to the center may be an authenticator obtained by signing only a random number with a key. Even in such a case, it is necessary for the user to transmit the count value (third code) relating to the center. Even when an authenticator signed only with a random number by a key is transmitted to the center, the count value (third code) is transmitted not for the current authentication but for the next authentication. .

FIG. 3 is a diagram showing a data flow in the authentication method according to the second embodiment of the present invention. Here, FIG.
A difference from the first embodiment described with reference to FIG. In the second embodiment shown in FIG. 3, the item numbers 2, 4, 6, 7 shown in FIG.
When the authentication information is transmitted toward 1, the count value will be described using item number 2 as an example. The count value (i) at that time, the count value (i), and the center 11 of the transmission destination
Authenticator E (i, C1) obtained by signing a combination code (i, C1) obtained by combining a center ID code (C1) specifying
C1) and authentication information (i, E (i, C
1)) is transmitted to the center 11, and then the user 10 increments the count value (i) to the count value (i + 1).

In the item numbers 3, 5, and 8 shown in FIG. 3, the center 11 uses the item number 3 as an example for the count value, and the authentication information (i, E
The count value (i) included in (i, C1)) is larger than the count value (i-1) included in the authentication information (i-1, E (i-1, C1)) transmitted last time. A first sub-rule that the count value is a large count value, and an authenticator E (i, C) included in the authentication information (i, E (i, C1)).
1) includes a count value (i) included in the authentication information (i, E (i, C1)) and a center ID code (C
1) and a second sub-rule that is the same as the authenticator E (i, C1), which is the same authenticator as the authenticator E (i, C1) obtained by using the combination code (i, C1) with the key. It is checked whether or not the rule is followed, and if the rule is followed, it is authenticated that the source of the authentication information (i, E (i, C1)) is the user 10 correctly. The center 11 also provides a service to the user because the source of the authentication information is the legitimate user 10.

Each process in item numbers 9 and 10 shown in FIG. 3 has a center ID code that is different from the processes in item numbers 2, 4, 6, and 7 and the processes in item numbers 3, 5, and 8, respectively. Center ID specifying the center 12
Only the symbol (C2) is changed, and a duplicate description is omitted. In the second embodiment shown in FIG. 3, when the authentication information is sent from the user 10 to the centers 11 and 12, it is specified to which center the authentication information is to be sent, and the destination is not altered. Sign a combined code consisting of both the count value and its destination (center ID code). By doing so, it is possible to prevent erroneous authentication when the authentication information that the user 10 was trying to send to the center 11 was sent to the center 12 by a malicious third party, for example.

Note that the second embodiment described with reference to FIG. 3 is different from the first embodiment in that the count value is signed with a key to create an authenticator.
A signature is created by signing a combined code formed by combining a code with a key, and if only this point is changed, the above-described modification of the first embodiment or the like is applied as it is. Therefore, further description of the second embodiment is omitted here.

FIG. 4 is a diagram showing the flow of the authentication method according to the third embodiment of the present invention. Item numbers 1 to 8 shown below
The same numbers as item numbers 2 to 8 will be described with reference to FIG. 1. Assumption The user 30, the centers 31, 32 shown in FIG. 4 each have a clock for knowing the current time. In addition, the user 30
A key for signing the time on the clock of the user 30 is registered in the centers 31 and 32 in advance. On the other hand, the centers 31, 3
2 holds the access time obtained by the user 30's clock by the previous authentication process. The center 31,
Reference numeral 32 holds the access time to the centers 31 and 32 by the clocks of the centers 31 and 32, respectively. The access time (tu01) to the center 31 and the access time (tu0) to the center 32 by the clock of the user 30.
2) are different from each other. The access time (tc01) to the center 31 by the clock of the center 31 and the access time (tc01) to the center 32 by the clock of the center 32
c02) are also different from each other. Access times tu01 and tc
01 is also usually different. Similarly, the access time tu02 and the access time tc02 are usually different. 2. Request for Authentication to Center 31 (Part 1) Upon receiving authentication, the user 30
Time tu1 by the clock (the first clock according to the present invention)
And an authenticator E (tu) signed by the key at the time tu1.
1) and authentication information (tu1, E (tu)
1)) is transmitted to the center 31. 3. Authentication processing in the center 31 The center 31 transmits the authentication information (tu1,
The time tu1 included in E (tu1)) is earlier than the time tu01 included in the previously transmitted authentication information (tu01, E (tu01)), and has been transmitted this time. Authentication information (tu1, E (tu1))
Is included in the authentication information (tu1, E (tu1)) transmitted this time.
1 is compared with an authenticator signed with a key to determine whether or not the rule is the same as the authenticator. If the rule is followed, the authentication information (tu1, E (tu)
The authentication information (tu01, E (tu01)) transmitted last time at the current time indicated by the time tu1 included in 1)).
, The first elapsed time (tu1-tu01) from the current time represented by the time tu01, and the authentication information transmitted this time obtained from the clock of the center 31 (the second clock according to the present invention). The previously transmitted authentication information (tu01, E) at the reception time tc1 of tu1, E (tu1)).
(Tu01)) and a second elapsed time (tc1-tc01) from the reception time tc01. That is, | (tu1
−tu01) − (tc1−tc01) | (where ||
Indicates an absolute value), and when the calculation result is within a predetermined allowable error (for example, 30 seconds), the source of the authentication information (tu1, E (tu1)) is correct for the user 3.
It authenticates that it is 0. The center 31 records the times tu1 and tc1. Further, since the source of the authentication information this time is the legitimate user 30, the user 30
To provide services.

Next, a case where the communication fails as a result of performing an authentication request following the above-described processing will be described. 4. Request for Authentication to Center 31 (Part 2) Upon receiving authentication, the user 30
Then, the authentication information (tu2, E (tu2)) including both the time tu2 by the clock and the authenticator E (tu2) obtained by signing the time tu2 with the key is transmitted to the center 31. However, since this communication has failed and there is no response from the center 31, the user 30 determines that the communication process has timed out and requests authentication again. 5. Request for Authentication to the Center 31 (Part 3) Upon receiving the authentication, the user 30
Then, authentication information (tu3, E (tu3)) including both a time tu3 by the clock of (3) and an authenticator E (tu3) obtained by signing the time tu3 with a key is transmitted to the center 31. 6. Authentication processing in the center 31 The center 31 transmits the authentication information (tu3,
E (tu3)) to see if it follows the above rules,
If the rule is followed, the previously transmitted authentication information (tu1, tu1) at the current time indicated by the time tu3 included in the authentication information (tu3, E (tu3)) is further added.
E (tu1)), the first elapsed time (tu3-tu1) from the current time indicated by the time tu1 and the center 3
1 from the reception time tc3 of the authentication information (tu3, E (tu3)) transmitted this time, from the reception time tc1 of the authentication information (tu1, E (tu1)) transmitted last time. The second elapsed time (tc3−tc1) is compared. That is, | (tu3-tu1)-(tc3-t
c1) | (where || indicates an absolute value), and if the calculation result is within a predetermined allowable error (for example, 30 seconds), the authentication information (tu3, E (tu3)) It authenticates that the source is the user 30 correctly. The center 31 records the times tu3 and tc3.
Further, since the source of the authentication information is the legitimate user 30, the service is provided to the user 30.

Next, following the above-described processing, the center 3
A case where an authentication request is made to a center 32 other than 1 will be described. 7. Authentication Request to Center 32 (Part 1) Upon receiving authentication, the user 30
The authentication information (tu4, E (tu4)) including both the time tu4 by the clock of the clock and the authenticator E (tu4) obtained by signing the time tu4 with the key is transmitted to the center 32. 8. Authentication processing of the center 32 The center 32 transmits the authentication information (tu4,
E (tu4)) to see if it follows the above rules,
If the rule is followed, the previously transmitted authentication information (tu0) of the current time indicated by the time tu4 included in the authentication information (tu4, E (tu4)) is further added.
2, E (tu02)), the first elapsed time (tu4-tu02) from the current time represented by time tu02
And the reception time tc0 of the authentication information (tu4, E (tu4)) transmitted this time, obtained from the clock of the center 32.
4, the authentication information (tu02, E (t
u02)) is compared with a second elapsed time (tc4-tc02) from the reception time tc02. That is, | (tu4-t
u02)-(tc4-tc02) | (where || indicates an absolute value), and if the calculation result is within a predetermined allowable error (for example, 30 seconds), the authentication information (tu4, E (tu4)) is correctly transmitted from the user 30
Certify that At the center 32, the time t
Record u4 and tc4. Further, since the source of the authentication information is the legitimate user 30, the service is provided to the user 30.

As described above, in the authentication method according to the third embodiment of the present invention, since both the user and the center have clocks, the user does not need to record the authenticator sent for each center. Even when accessing different centers, an authentication request can be made by the same mechanism. Further, the authentication at the center may be such that the clock of the user is advanced by the same time as the clock of the center, and there may be an error between the clock of the user and the clock of the center. In addition, by combining the method shown in FIG. 2 with the center transmitting random numbers to the user, the security can be further improved, and even if the user's clock is reset due to the reinstallation of the user side system or the like. I can deal with it.

In the third embodiment described with reference to FIG. 4, instead of generating an authenticator by signing only the time with a key, the time and the center ID are changed as in the second embodiment. The authenticator may be created by signing a combined code formed by combining the code with a key. In this way, incorrect authentication when the authentication information to be transmitted to the center 31 reaches the center 32 can be prevented.

[0040]

As described above, according to the authentication method of the present invention, in the authentication at the center, the first code included in the first authentication information transmitted this time is the second code transmitted last time. Is a code located after the code included in the first authentication information, and the first authenticator included in the first authentication information is the first code ( Or a combination code obtained by combining the first code and the center ID code) with a key that is the same as the authenticator signed with a key.
Even when the authenticator does not reach the center, the authentication process can be continuously performed easily. Further, the user does not need to record the transmitted authenticator for each center, and can perform the authentication processing by the same mechanism even when accessing a different center.

[Brief description of the drawings]

FIG. 1 is a diagram showing a flow of an authentication method according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a process in a case where a count value from a user is smaller than a count value recorded in the center when the center receives an authentication request in the authentication method shown in FIG. 1;

FIG. 3 is a diagram showing a flow of an authentication method according to a second embodiment of the present invention.

FIG. 4 is a diagram showing a flow of an authentication method according to a third embodiment of the present invention.

FIG. 5 is a diagram showing a flow of a conventional challenge-response type authentication method.

FIG. 6 is a diagram showing a flow of a challenge-response type authentication scheme proposed in Japanese Patent Application Laid-Open No. 5-219053.

[Explanation of symbols]

 10,30 users 11,12,31,32 center

 ──────────────────────────────────────────────────続 き Continuing from the front page (72) Inventor Naoya Torii 4-1-1, Kamidadanaka, Nakahara-ku, Kawasaki-shi, Kanagawa Prefecture Inside Fujitsu Limited (72) Inventor Masahiko Takenaka 4-1-1 Kamiodanaka, Nakahara-ku, Kawasaki-shi, Kanagawa No. 1 Inside Fujitsu Limited

Claims (11)

[Claims] A center for authenticating, based on the transmitted information, that the information is transmitted from a legitimate source, and a center for transmitting the information to the center and verifying that the information is valid. In an authentication method for performing the authentication with a user who is authenticated that the information is transmitted from a source, both the user and the center constitute a set of ordered codes. Both the information indicating the order of the code and the key that signs the code are shared, and the user, upon receiving the authentication, constitutes the set. The authentication information including both the updated code and an authenticator obtained by signing the code with the key is transmitted to the center, and the center transmits the authentication information transmitted this time to the first authentication information transmitted this time. First included Is included in the first authentication information, and a first sub-rule that the code is a code located in the order above the second code included in the second authentication information previously transmitted from the user. The second sub-rule that the first authenticator to be executed is the same authenticator as the authenticator obtained by signing the first code included in the first authentication information with the key, from both sub-rules Whether or not to comply with the first rule, and if the first rule has been followed,
An authentication method for authenticating that the source of the first authentication information is the user correctly. 2. A center for authenticating that the information is transmitted from a valid source based on the transmitted information, and a center for transmitting information to the center and verifying that the information is valid. In an authentication method for performing the authentication with a user who is authenticated that the information is transmitted from a source, both the user and the center constitute a set of ordered codes. Both the information indicating the order of the code and the key that signs the code are shared, and the user, upon receiving the authentication, constitutes the set. The authentication information including both the updated code and an authenticator obtained by signing the combined code obtained by combining the code and the center ID code specifying the transmission destination center with the key is sent to the center. Send The center may be configured such that the first code included in the first authentication information transmitted this time is more in accordance with the order than the second code included in the second authentication information transmitted last time from the user. A first sub-rule that is a code located later, and a first authenticator included in the first authentication information is a combination of the first code included in the first authentication information and its own center ID code. A check is made to determine whether or not to comply with a first rule consisting of both sub-rules and a second sub-rule indicating that the combined code obtained by combining the combined code is the same authenticator as the authenticator signed with the key. If you follow the rules of
An authentication method for authenticating that the source of the first authentication information is the user correctly. 3. The center according to claim 1, wherein the first sub-rule is a sub-rule to which a rule that the first code is a code located within a predetermined range in the order from the second code as a starting point is added. The authentication method according to claim 1 or 2, wherein the authentication method is adopted. 4. The center according to claim 1, further comprising:
3. The authentication method according to claim 1, wherein when the authentication information does not comply with the second sub-rule, the authentication information is determined to be an unauthorized authentication request. 5. The center according to claim 1, further comprising:
If the authentication information does not comply with the first sub-rule but does comply with the second sub-rule, a random number generated at the center is transmitted to the user, and the user is transmitted from the center. And transmitting third authentication information including a second authenticator obtained by signing the random number with the key to the center. The center transmits the second authentication information included in the third authentication information transmitted this time. Whether the authenticator according to the second rule is the same as the authenticator obtained by signing the random number generated by the center with the key, and whether the authenticator follows the second rule. 3. The authentication apparatus according to claim 1, wherein both of the first authentication information transmitted last time and the third authentication information transmitted this time are correctly authenticated as the user. Authentication method. 6. The authentication method according to claim 5, wherein the third authentication information includes a third code which is one of codes constituting the set. 7. The user transmits, to the center, an authenticator obtained by signing a combined code obtained by combining the random number and the third code with the key as the second authenticator. The center is configured to determine, as the second rule, a second authenticator included in the third authentication information transmitted this time, the random number generated by the center, and the authentication information transmitted this time. 7. The method according to claim 6, wherein a combination code obtained by combining the third code included in the key and the authenticator signed with the key is the same as the authenticator. Authentication method. 8. A center for authenticating, based on the transmitted information, that the information is transmitted from a valid source, and a center for transmitting information to the center and verifying that the information is valid. In an authentication method for performing the authentication with a user who is authenticated that the information is transmitted from a source, both the user and the center constitute a set of ordered codes. Both the information indicating the order of the code and the key that signs the code are shared, and the user, upon receiving the authentication, constitutes the set. The authentication information including an authenticator obtained by signing the updated code with the key is transmitted to the center. The center transmits a first authenticator included in the first authentication information transmitted this time. But the user The second code included in the second authentication information transmitted last time from the second code is a code located in the order following the second code, and the second code
In accordance with the first rule that each of the codes located within a predetermined range in the order described above is the same authenticator as one of the authenticators signed with the key. An authentication method for authenticating that the source of the first authentication information is the user correctly. 9. A center for authenticating that the information is transmitted from a valid source based on the transmitted information, and a center for transmitting the information to the center and verifying that the information is valid. In an authentication method for performing the authentication with a user who is authenticated that the information is transmitted from a source, both the user and the center constitute a set of ordered codes. Both the information indicating the order of the code and the key that signs the code are shared, and the user, upon receiving the authentication, constitutes the set. Transmitting, to the center, authentication information including an authenticator obtained by signing a code obtained by combining the updated code and a center ID code specifying the transmission destination center with the key; ,now The first authenticator included in the first authentication information transmitted one time is positioned later in the order than the second code included in the second authentication information transmitted last time from the user. Sign and the second
Any one of the authenticators obtained by signing each of the codes located within a predetermined range in accordance with the above-described order and the own center ID code with the key, starting from the code An authentication method characterized by authenticating that the source of the first authentication information is correctly the user when the first rule that the authenticator is the same authenticator is followed. 10. The apparatus according to claim 1, wherein the user has a first clock for knowing a current time, and the user uses a code representing the current time obtained from the clock as a code constituting the set. The authentication method according to claim 1 or 7, wherein: 11. The center has a second clock for knowing a current time, the center determines that the first authentication information transmitted this time complies with the first rule, The second time included in the previously transmitted second authentication information at the current time indicated by the first code included in the authentication information
Of the first authentication information transmitted from the second clock obtained from the second clock, and the second authentication information transmitted last time of the reception time of the first authentication information transmitted this time. 11. The authentication apparatus according to claim 10, wherein when the second authentication time is within a predetermined allowable error as compared with a second elapsed time from the reception time, the source of the first authentication information is correctly authenticated to be the user. The authentication method described.