JPH1168732A - Device and method for mutual certification for network system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To remarkably reduce traffic at the time of certification and further to secure strong security by collating the converting processing result for itself and the converting processing result for party while using both results, and judging whether the party is a proper connection object or not. SOLUTION: A device A performs converting processing to a random number (r) generated by itself through a 2nd converting means 13 for performing the converting processing based on a conversion function F1 and preserves the resulting F1(r) in a memory 14. Then, the F1(r) sent from a device B is compared with the F1(r) preserved in the memory 14 and when they are coincident, the device A certifies the device B as a proper device having the converting processing means of the same secret. Besides, the device B compares and collates the converted result F1(F2(r)) sent from the device A with the converted result F1(F2(r)) converted by itself and temporarily preserved in a memory and when they are coincident, the device A is certified as a proper device having the converting processing means of the same secret.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to a mutual authentication apparatus and a mutual authentication method which can secure simple and strong security for mutually authenticating each other on a network using an information terminal.

[0002]

2. Description of the Related Art In a computer network system in which a host computer such as a server and a large number of information terminals are connected by a network so that they can be accessed, use is made from terminals other than legitimate terminals or illegal use due to intrusion from outside. When connecting to a network, you must prove that you are the correct connection requester,
A mechanism is used that certifies that the connection destination is correct, and enables mutual connection only after mutual proof has been made. This is called mutual authentication, and a system that needs to ensure security generally has a mechanism for performing mutual authentication by some method.

There are various methods of mutual authentication, and among them, a method called a challenge-response method is known. This means that a challenge using a random number or the like is issued from one side to the other side, and the side receiving the challenge (the other side)
Returns the response to the challenge in response to the other party (the one side), and verifies that the response is correct, thereby confirming that the parties possess a secret for a response that is only a legitimate party. In this method, the other party is authenticated.

[0004] Mutual authentication is performed by changing the other party and performing each other. That is, one side sends the above-mentioned challenge to confirm the response, and if the other party authenticates as valid, then the other side sends the above-mentioned challenge to the one side to confirm the response. Then, both authenticate with a valid partner.

[0005]

In a computer network system, in order to prohibit a connection from a terminal other than a legitimate terminal, when connecting to a network, the connection request source and the connection request destination must prove each other's validity. However, if it is proved, mutual authentication is often performed to enable connection between the two. There are various methods for this authentication, one of which is a challenge-response method.

[0006] In this method, a challenge is issued from one side to the other party, and a response to the challenge is returned on the side receiving the challenge to verify that the response is correct.

However, in the conventional challenge-response method, the mutual relation is equal, and it is necessary to perform the challenge-response from one to the other and from the other to the other. It will be repeated times.

[0008] Therefore, it takes time to perform authentication, and the use efficiency of the network is reduced accordingly.
In a congested network, the load increases unnecessarily,
It is a problem. Therefore, in such a challenge-response method, there is a demand for the development of a technique for improving the efficiency and suppressing an unnecessary increase in traffic on the network.

Therefore, the object of the present invention is to
It is possible to perform reliable mutual authentication by one challenge-response instead of one time, so that traffic at the time of authentication can be significantly reduced, and a robust security effect can be secured. To provide a mutual authentication device and a mutual authentication method in a network system.

[0010]

In order to achieve the above object, the present invention is configured as follows. That is, in a mutual authentication device in a network system in which first and second devices that can communicate are configured to be connectable via a network, a random number is provided in at least one of the first and second devices, And a first conversion that is provided in each of the first and second devices and receives the random number and performs a predetermined conversion process on the random number to obtain a first conversion processing result. Means,
Each of the first and second devices receives the random number and performs a predetermined conversion process on the random number to obtain a second conversion processing result. The predetermined conversion processing is performed on the processing result to obtain a third conversion processing result. Of the second and third conversion processing results, one is used for self and the other is used for authentication for the other party. Of the second conversion means provided in the first device and the second conversion means of the second conversion means in the first device, and the second conversion means in the second device, Of the two conversion processing results of the conversion means, by using the conversion processing result for the other party to collate the two, to verify whether the other party is a legitimate connection target for the first device, Provided in the second device,
Among the two conversion processing results of the second conversion means in the device, the conversion processing result for the self and the two conversion processing results of the second conversion means in the first device are used for the partner. A collation unit for a second device that authenticates whether or not the other party is a legitimate connection target by collating both using the conversion processing result is configured.

Further, the first and second conversion means are characterized in that the conversion processing is performed by adding a secret parameter to the outside of the conversion processing. Further, the first and second conversion means are configured to perform processing by adding a non-disclosed parameter to the outside of the conversion processing, respectively. Means for generating a predetermined parameter corresponding to the parameter generation information based on the parameter to obtain the parameter to be used on its own side, and means for generating indirect instruction information for reproducing the same parameter as the parameter given to the other side. In addition, among the first and second devices, a partner device reproduces parameter generation information from the received indirect instruction information and, based on the reproduced parameter generation information, Means for generating a parameter and obtaining the parameter to be used on its own side.

In the system having such a configuration, mutual authentication is performed when connecting the communicable first and second devices via a network. On the other hand, a random number is generated, and this random number is also sent to the other party. The first and second devices respectively perform a predetermined conversion process on the random number,
Is obtained by performing a predetermined conversion process on the random number in each of the first and second devices, and a second conversion process result is obtained. The predetermined conversion processing is performed on the conversion processing result of the conversion means to obtain a third conversion processing result. One of the second and third conversion processing results is used for self-authentication and the other is used for authentication for the other party. The first device side, among the second and third conversion process results in the device, the conversion process result for itself and the second and third conversion process results in the second device. Of the two, the two are collated using the conversion processing result for the other party to determine whether the other party is a legitimate connection target, and the second apparatus performs the second and third conversion processing in the apparatus. Of the results,
By using the conversion processing result for the user and the conversion processing result for the other party obtained in the first apparatus, the two are compared to determine whether the other party is a legitimate connection target.

More specifically, a random number r is generated by random number generation means further provided in the device A between the devices A and B having the first conversion rule F1 and the second conversion rule F2 which are kept secret. The generated random number r is also transmitted to the device B, and the device B calculates F1 (r) and F1 (F2 (r)) from the secret conversion rules F1 and F2 and the random number r. , F1 (r) to the device A. After this process, F1 (r) is calculated in the device A, and the response F1 obtained from the device B in the second step is obtained.
(R) is correct, and then F1 (F2
(R)) is calculated and returned to the device B.

By this processing, the apparatus B confirms that F1 (F2 (r)) sent from the apparatus A is correct. As described above, the device A authenticates the device B, the device B authenticates the device A, and the devices A and B authenticate each other. The challenge device A sends the random number r to the other party, and the challenge device A uses the random number r for the device B and
The device B generates authentication information having different contents for the device A and sends it to the other party.
Checked against authentication information generated by self. Therefore, authentication can be performed by transmitting the authentication information for the other party generated by itself to the other party, and by performing the challenge-response only once, it is possible to confirm that each of the other apparatuses is a legitimate connection partner, In carrying out mutual authentication, the necessary information transfer traffic can be reduced by half, and the information to be sent to the other party is different from each other. Therefore, it is difficult to find the authentication mechanism, and a high security effect can be exhibited.

Further, a secret parameter is used in the conversion process, and information for generating or specifying the secret parameter is transmitted from the apparatus B to the apparatus A, and the apparatus A side generates a secret parameter or a secret parameter. Means for generating or specifying the secret parameter based on the transmitted information, and adding this to the conversion means F1 and F2 to obtain the same result as the conversion result of the apparatus B. By doing so, a further security effect can be secured.

[0016]

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS The present invention provides a single challenge-response method in which a challenger presents data generated from the same challenge so that the challenger himself can use another method to validate the opponent. Authentication is performed. Further, in the present method, conventionally, not only the secret information for authentication processing, which is the secret information to be authenticated, is stored in an information terminal such as a PC or a dedicated device, but also part or all of the information is separated from the device. It is intended to improve the distribution, portability, and availability of the secret information for authentication processing by storing it in another device that can perform the authentication.

Further, a secret parameter is added to the secret conversion means, so that each user who uses the device can have different secret information for authentication processing, and each device or device is used. This enables individualized mutual authentication for each user. Such an information exchange device for a network system equipped with the present scheme and the mutual authentication apparatus of the present scheme generates a secret parameter. By transmitting information for identification and information for identification in the step of mutual authentication, secret parameters can be efficiently shared between the two parties.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. (First Embodiment) A first embodiment will be described with reference to FIG. In FIG. 1, A and B denote information terminal devices connected to a network, respectively, and are conceptual diagrams in which functional blocks of main parts and operation transitions are combined.
Assuming that the devices to be connected are the devices A and B, the information terminal device A includes a random number generation unit 11, a first conversion unit 12, a second conversion unit 13, which are elements forming a mutual authentication device.
A memory 14 and a matching unit 15 are provided.

Of these, the random number generation means 11 generates the random number r
The first converter 12 processes the random number r generated by the random number generator 11 with a function (conversion rule) F2 and obtains the result as "F2 (r)". . Further, the second conversion unit 13 performs a function (conversion rule) F1 on the random number r generated by the random number generation unit 11.
To obtain the result as "F1 (r)", and "F2 (r)" which is the processing result obtained by the first conversion means 12.
Is further converted by a function F1 to obtain “F1 (F2 (r))”. Here, “F1 (F2 (r))” is information for authentication on the device B side, and is transmitted to the device B side.

The memory 14 is for holding the result "F1 (r)" obtained by the second conversion means 13, and the collation means 15 receives the information held in the memory 14 and the information received from the device on the authentication partner side. The conversion result "F1 (r)" is collated to generate a match output "OK" if they match and a mismatch output "NG" if they do not match. In addition, transmission of the random number r to the authentication partner device (device B), reception of the conversion result “F1 (r)” from the authentication partner device, and “F1 (F2 (r))” to the authentication partner device Is transmitted by a communication unit (not shown) under the control of a control unit (not shown).

The information terminal device B is provided with a first conversion means 21, a second conversion means 22, a memory 23, and a collation means 24, which are elements forming a mutual authentication apparatus. Among them, the first conversion means 21 is a means for processing the random number r sent from the device A by the function (conversion rule) F2 and obtaining the result as “F2 (r)”. The conversion means 22 processes the random number r sent from the device A by a function (conversion rule) F1, and outputs the result to "F1 (r)
"And" F2 "obtained by the first conversion means 21.
(r) "using the function F1 and processing the result to" F
1 (F2 (r)) ", and the memory 23 is for holding the" F1 (F2 (r)) "obtained by the second conversion means 22. The information held in the memory 24 is compared with the conversion result "F1 (r)" received from the authentication partner apparatus.
K ”, and in the case of a mismatch, a mismatch output“ NG ”is generated.The random number r is received from the authentication partner device (device A) on the device B side, and the random number r is output from the authentication partner device. Receiving the conversion result “F1 (F2 (r))” and transmitting “F1 (r)” to the authentication partner under the control of a control unit (not shown). It is.

Next, the operation of the present system having the above configuration will be described. When an authentication request is generated between the two apparatuses A and B having such a configuration connected by a network, the apparatus A generates a random number r by its own random number generation means 11 and transmits the random number r to its own first and second devices. 2, and is also transmitted to the device B (implementation of the challenge).

Upon receiving the random number r, the device B performs a conversion function F1 for performing a conversion process operation such as an encryption algorithm.
Is converted to F1 (r) by using the second conversion means 22 for the calculation by the formula (1) and transmitted to the device A (response from the device B to the device A). In the device B, the received random number r is converted by the first conversion means 21 using a conversion function F2 for performing a conversion processing operation such as taking a complement thereof to obtain F2 (r).

In the apparatus B, F2 (r) converted by the first conversion means 21 is further converted by a second conversion means 22 for performing a conversion processing operation using a function F1 by a conversion function F1. Then, the obtained F1 (F2 (r)) is stored in the temporary storage memory 23.

On the other hand, the apparatus A converts the random number r generated by itself by the second conversion means 13 which is a means for performing the conversion processing by the conversion function F1, and stores the obtained F1 (r) in the memory 14
To save. Then, F1 sent from the device B
(R) is compared with F1 (r) stored in the memory 14, and if they match, the device A authenticates that the device B as the partner device is a correct device having the same secret conversion processing means.

Further, the apparatus A further converts the random number r (F2 (r)) converted by the first conversion means 12 which is a conversion processing means using a conversion function F2, by a second conversion means 13, and The processing result “F1 (F2 (r))” is transmitted to the device B (response from the device A to the device B).

The device B itself converts the conversion result “F1 (F2 (r))” sent from the device A, and
"F1 (F2
(R)) is compared and matched, and if they match, the device A authenticates as a correct device having the same secret conversion processing means.

As described above, when the two devices A and B are connected via the network and the two devices A and B communicate with each other, the random number r given by one device A is used by each of the two devices. Each of them is converted by a predetermined first conversion function F2, and is used for comparison and collation of the device on one side, and the conversion result of the first conversion function F2 is converted by a predetermined second conversion function F1. Each of them is converted and used for comparison and collation on the other device side, and when the respective devices match each other, it is authenticated that the partner device is a legitimate connection target device.

That is, a random number is sent from only one, and the random number is converted by one of two predetermined functions (two predetermined conversion rules), and the other function converts the random number into one. The result of the conversion process is further used in the process of further conversion, thereby obtaining two types of conversion process for comparison and comparison in each of the two communication partner devices, and one of the two types of conversion process for comparison and comparison obtained. Is used for comparison and comparison on its own side, and the other is used for comparison and comparison on the other side, and the conversion processing result for comparison and comparison for the other side is transmitted to the other side, and the comparison and comparison generated by itself is performed. The other party is authenticated with a match by comparing and collating with the conversion result. Therefore, it is only necessary for the other party to transmit information different from that used for comparison and comparison on its own side as information for validity authentication, and it is also necessary to perform validity authentication only by this one information transmission. Therefore, the authentication processing procedure is simplified, traffic on the network associated with the authentication processing can be suppressed, and a high security effect can be ensured.

FIG. 2 is a wish diagram of the device B-side authentication device in the first embodiment, and FIGS. 3 and 4 show a part of the device B such as an information terminal or an IC card which can be separated from the device body. It is a conceptual diagram at the time of separating into the portable apparatus b.

The configuration of FIG. 2 will be described first. 2, reference numeral 21 denotes a first conversion unit, 22 denotes a second conversion unit, 23 denotes a memory, 24 denotes a matching unit, 30 denotes an interface and a sequence controller, and 31 and 32 denote selectors.

Of these, the first conversion means 21 and the second
, The conversion unit 22, the memory 23, and the collation unit 24 refer to the elements having the same names and the same reference numerals described in FIG. Therefore, the description is omitted here. The interface and the sequence controller 30 take an interface for inputting and outputting data, transfer the received random number r to the first conversion means 21 and the selector 31,
Switching the input of the selector 31 and the selector 32
Of the output of the selector 32, output of the output of the selector 32 to the outside, capture of the conversion processing result for comparison and comparison from the outside, and transfer of the captured conversion processing result for comparison to the verification means 34. Things.

The selector 31 calculates the random number r and the first conversion means 2
1 for selecting one of the conversion processing results, and the selector 32 selects a path for sending the output of the second conversion means 22 to the memory 23 side or sending it to the interface and sequence controller 30 side. It is for doing.

In such a configuration, the interface and sequence controller 30 gives the random number r sent from the device A to the first conversion means 21 and the interface and sequence controller 30 converts the random number r into the second conversion means. Selector 3
Switch 1.

First conversion means 21 given random number r
Processes the random number r with the function F2 to obtain "F2 (r)" as a result. Further, the second converting means 22 to which the random number r is given via the selector 31 processes the given random number r by the function F1, obtains the result as “F1 (r)”, and outputs the result to the selector 32. I do.

The interface and sequence controller 30 controls the switching of the selector 32 to fetch “F1 (r)” obtained through the selector 32, and sends the result to the device A as a result of the comparison / conversion conversion process for the device A. And send it out.

Next, the interface and sequence controller 30 performs switching control so as to select the output of the first conversion means 21, and obtains “F2” obtained by the first conversion means 21.
(R) "is given to the second conversion means 22. Thereby,
The second conversion means 22 converts this “F2 (r)” into a function “F
1 to obtain "F1 (F2 (r))".

Next, the interface and sequence controller 30 controls switching of the selector 32 so as to pass the output of the second conversion means 22 to the memory 23. As a result, "F1 (F2
(r)) ”is sent to the memory 23 and is stored therein.

Next, the interface and the sequence controller 30 are independently requested on the device A side,
The result of the comparison / conversion conversion process “F (F2 (r))” for the device B sent from the side is passed to the verification unit 24. Collation means 24
Is the comparison / conversion conversion processing result “F1 (F2 (r))” for the apparatus B sent from the apparatus A and the comparison / conversion conversion processing result “F1 (F1 (F2 (r))”) acquired by the self apparatus stored in the memory 23.
(F2 (r)) ", and if they match," OK "is generated, and if they do not match," NG "is generated.

Thus, the device B can know whether the partner device A is a valid communication partner. The above is the description of the configuration example of the authentication device on the device B side. It would be convenient if the authentication could be made into an IC card and the device could be configured to perform legitimacy authentication by mounting the IC card on a terminal device. Therefore, an example of such a configuration will be described next.

FIG. 3 is a conceptual diagram of a case where a part is separated into a portable device b such as a form information terminal or an IC card which can be separated from the apparatus main body. In FIG. 3, reference numeral 21 denotes a first conversion unit, 22 denotes a second conversion unit, 23 denotes a memory, and 24 denotes a collation unit. All of these indicate elements having the same names and the same reference numerals described in FIG. Therefore, the description is omitted here.

In FIG. 3, the configuration having all of the elements 21 to 24 (the configuration of the portion surrounded by the dotted line b1) and the first conversion means 21 are made independent.
A configuration in which a card is formed and attached to and detached from the device B (the configuration of a portion surrounded by a dotted line b2) is shown as a representative example.

FIG. 4 shows an example of the configuration of the device B and the card to be adopted when the configuration of b2 is adopted. As shown in FIG. 4, the first conversion means 2 is provided on the card side.
1 and an interface 41 for providing an input / output interface with the outside, the first conversion means 21 receives a random number r via the interface 41, processes the result by a function F2, and obtains the result. "F2
(R) ”. The device B side is provided with an interface 42 for connection with a card, and the interface B and the output terminal of the controller 30 are provided.
A terminal for outputting the received random number r is connected to the interface 42, and the output of the first conversion means 21 is provided to the selector 31 via the interface 42.

Therefore, the card incorporating the first conversion means 21 is connected to the device B via its own interface 41.
Connected to the device B via the interface 42 on the
It is configured to be able to exchange information with the device B side.

In such a configuration, the function of each element is as described with reference to FIG. 1, whereby two devices A and B are connected via a network, and the two devices A and B are connected to each other. In the communication, the random number r given from one device A is converted by each of the two devices using a predetermined first conversion function F2, and the converted process is used for comparison and comparison of the devices on one side. , The result of the conversion by the first conversion function F2 is given by a predetermined second conversion function F2.
1 to perform the conversion process, and use it for comparison and collation on the other device side. With matching, it is possible to authenticate that the partner device is a legitimate connection target device.

(Second Embodiment) The conversion means 21 and 22 in the first embodiment can also be realized by the configuration shown in FIG. FIG. 5 shows an arithmetic processing unit 50 that performs a conversion operation with a conversion function f in order to realize the conversion processing function of the conversion means 21 and 22. It is. The conversion means 21 and 22 can change the state by changing the parameter PB. The parameter PB which can change the state of the function f is set in the device B in advance in the parameter input buffer 51. The parameter input buffer 51 may be of any type, such as one that cannot be changed from the outside, one that can be changed and set via parameter input means 52 such as a keyboard, or one that can be written only once.

Therefore, the parameter input buffer 51
As mask ROM, OTPROM, EEPROM
In addition to such a read-only memory, a logic circuit for realizing the parameter PB can be used. This conversion means 2
Reference numerals 1 and 22 each include an input / output interface 53 for exchanging information with the arithmetic processing unit 50. A random number r received from the outside is input to the arithmetic processing unit 50 via the interface 53, The conversion processing result for comparison and comparison, which is the processing result of the unit 50, is output to the outside via this interface 53.

According to this configuration, the conversion means can obtain the conversion processing result for comparison and collation simply by changing the parameters.
It can be of different content. (Third Embodiment) Here, an example of a system configuration in which the methods described in the first and second embodiments are combined will be described.

The conversion means 21 shown in the second embodiment,
According to 22, a parameter can be given, and a random number is processed using the given parameter and a conversion function to obtain a conversion processing result for comparison and comparison. Moreover, the obtained comparison / conversion conversion processing result varies depending on the value of the given parameter. Therefore, if the parameters are changed periodically or each time authentication is required, the result of the comparison / conversion conversion process becomes different from the previous one, so that stronger security can be ensured.

Therefore, in performing authentication between valid devices to be connected, first, a parameter to be used and a random number are determined, and the parameter and a predetermined processing function (conversion rule) are used to convert the random number into a conversion means. The conversion process is performed by 21 and 22 to obtain the conversion process for comparison and comparison for each of the user and the other party, the other party is transmitted, and the self-user is authenticated with a match by comparing and comparing with the one sent from the other party. I do.

Since the same parameter needs to be used between the devices to be connected, it is confidential. The secret is obtained by obtaining secret parameter acquisition information (that is, information for generating the secret parameter or specifying the parameter). Information) from one device to the other.

That is, a random number serving as a “seed” for generating the comparison / conversion conversion processing result is given from one device to the other device, and the other device obtains secret parameter acquisition information from the other device. And the conversion result for comparison and comparison obtained using the secret parameter. As a result, a third party cannot obtain the parameters simply by obtaining the transmission information, and cannot obtain a correct comparison / conversion conversion processing result only by knowing the conversion function.

FIG. 6 shows a specific configuration. In FIG.
50a and 50b are operation processing units, 61 is a parameter generation function output unit, and these are components provided on the device B side. 62 is a parameter conversion table; 63 is a parameter generation function output unit;
50d is an arithmetic processing unit, which is a component provided on the device A side.

The parameter generating function output unit 61, which is a component on the device B side, receives the parameter XB for changing the used parameter and generates the parameter PB used this time. In order to associate the parameter XB with the own apparatus B so that the other party can reproduce it, an ID (identification code) of the own apparatus B is used.
The function of outputting the parameter XB to the apparatus A by converting the parameter XB into information IDB associated with public information that can specify the apparatus B is provided.

The arithmetic processing unit 50a uses the random number r sent from the device A, which is the connection partner, and converts the random number with the conversion function f to obtain the first stage used for authentication on its own side. The arithmetic processing unit 50a receives the parameter PB from the parameter generating function output unit 61 and changes the state of the conversion function f according to the parameter. ing. This arithmetic processing unit 50a corresponds to the above-described first conversion means 21 on the device B side, and the conversion result is calculated by the arithmetic processing unit 5
0b.

The arithmetic processing unit 50b receives the parameter PB from the parameter generation function output unit 61 and changes the state of the conversion function f in accordance with the parameter PB. The given random number r
Is converted by the conversion function f and sent to the apparatus A as the other party as a result of the comparison and comparison conversion processing for the other party. The conversion function f is further converted by the conversion function f to obtain the final conversion result for the first comparison used for the self-authentication, and the result is transferred to the memory 23 described above. The arithmetic processing unit 50b corresponds to the above-described second conversion unit 22 on the device B side.

The parameter conversion table 62, which is a component on the device A side, stores the parameter XB used on the device B side in order to reproduce the parameter XB for use parameter change used on the device B which is the connection partner. , A conversion table constituted by associating public information that can identify the device B, such as the ID number of the device B, for reproducing the parameter XB based on the IDB given from the device B side. is there.

The parameter generation function output section 63 receives the above-mentioned parameter XB for use parameter change obtained by conversion by the parameter conversion table 62, and generates a parameter PB to be used this time which is the same as that of the apparatus B side. The arithmetic processing unit 50c uses the above-described random number r generated by the random number generation unit 11 in the device A, converts the random number with the conversion function f, and uses the random number r for authentication on the partner side. The arithmetic processing unit 50c receives the parameter PB from the parameter generation function output unit 63 and changes the state of the conversion function f in accordance with the parameter. Has become. The arithmetic processing unit 50c corresponds to the above-described first conversion unit 12 on the device A side.

The arithmetic processing unit 50d receives the parameter PB from the parameter generating function output unit 63 and changes the state of the conversion function f in accordance with the parameter. The random number r given by the means 11 is converted by the conversion function f and passed as a result of the comparison and comparison conversion process for the self side to the above-mentioned memory 14 of the self side to be held therein. 1
The first-stage comparison / conversion conversion processing result obtained by the arithmetic processing unit 50c, which is the conversion means, is further converted by the conversion function f to obtain the final comparison / conversion conversion processing result used for authentication on the other side. , Which has a function of sending the same to the device B which is the other party. The arithmetic processing unit 50d corresponds to the above-described second conversion unit 13 on the device A side.

The basic concept of the present system having such a configuration is to avoid sending and receiving final authentication information as directly as possible with the partner device to be authenticated. The information for authentication is such that only the information used by the other party is sent to the other party only once, so that the authentication can be completed.

For this purpose, there is a conversion means for generating information for authentication between the connected devices, and each of the conversion means has a function f for conversion, and the function f can be changed by a change parameter. I have to. Then, the parameters for the change to be used can be restored through the conversion table, and the secret parameterized one is transmitted.
If you steal the parameter, you will not know anything from it.

A secret parameter, which is information from which a parameter for changing a function is generated or specified, is generated in the device B, used in the device B, and transmitted from the device B to the device A. Then, on the basis of this, the parameters for changing the function are independently restored in the apparatus A and used for changing the function.

A specific description will be given. It is assumed that when information is exchanged by connecting the devices A and B via a network, the request is generated from either the device A or the device B. Then, in the device A, the random number generation means 11 outputs the random number r
Is generated and supplied to its own arithmetic processing units 50c and 50d, and the random number r is also sent to the device B. The device B receives the random number r via the network and gives it to the arithmetic processing units 50a and 50b.

On the device B side, a parameter input means (not shown) outputs a parameter XB for changing the used parameter, and gives it to the parameter generation function output unit 61 of the device B. The parameter generating function output unit 61 receives the parameter XB for changing the used parameter and processes it according to a predetermined algorithm based on the parameter XB to generate the parameter PB to be used this time.

In order to associate this use parameter change parameter XB with the own apparatus B so that the other party can reproduce the same, the ID (identification code) of the own apparatus B is used.
The parameter XB is given to the device A by using the information IDB as the information IDB associated with public information that can specify the device B.

On the other hand, on the device B side, the arithmetic processing unit 50
a receives the parameter PB from the parameter generation function output unit 61 and changes the state of the conversion function f in accordance with the parameter. Then, the arithmetic processing unit 50a uses the random number r sent from the device A that is the connection partner, converts the random number r with the conversion function f, and performs the first-stage comparison used for authentication on its own side. The result of the conversion process for collation is obtained.

The arithmetic processing section 50b receives the parameter PB from the parameter generating function output section 61, and changes the state of the conversion function f corresponding to the parameter. Then, the random number r given from the device A is converted by the conversion function f and sent out to the device A, which is the other device, as the result of the comparison and comparison conversion process for the other device.

Next, the arithmetic processing unit 50b includes the arithmetic processing unit 5
0a is further converted by the conversion function f to obtain the final conversion result for the first comparison used for authentication on its own side. Hand over to

On the device A side, the information IDB sent from the device B is converted by the parameter conversion table 62. The parameter conversion table 62 stores the parameter XB used on the device B side, such as the ID number of the device B, in order to reproduce the used parameter change parameter XB used on the device B as the connection partner. B
Is a conversion table configured by associating the IDB with public information that can specify the IDB, based on the IDB given from the device B side.
Reproduce the parameter XB.

The parameter generating function output unit 63 receives the use parameter changing parameter XB obtained by conversion by the parameter conversion table 62, processes the XB according to a predetermined algorithm, and processes the XB. Similarly, a parameter PB to be used this time is generated, and the parameter PB is calculated by the arithmetic processing unit 50c,
Give to 50d.

The arithmetic processing units 50c and 50d receive the parameter PB and convert the conversion function f corresponding to the parameter PB.
Change the state of each. And the arithmetic processing unit 50c
Converts the aforementioned random number r generated by the random number generation means 11 in the device A with the conversion function f, thereby obtaining a first-stage comparison / conversion conversion processing result used for authentication on the other side.

Next, the arithmetic processing section 50d processes the first-stage comparison / conversion conversion processing result with the conversion function f, and obtains the result obtained as the final partner-side comparison / conversion conversion processing result. To the partner device B.

The apparatus B side compares the conversion processing result for comparison and collation sent from the side A with the conversion processing result for internal comparison and comparison stored in the memory 23.
With the agreement, the partner device A is authenticated as a correct connection partner.

On the device A side, the arithmetic processing unit 50d
Is the random number r given from the random number generation means 11
Is converted by the conversion function f, and this is sent to the memory 14 as a result of the comparison and comparison conversion processing for the self side, and is stored.

Further, the conversion result for comparison and collation obtained by the arithmetic processing unit 50a, which is the first conversion means, is sent to the apparatus A from the apparatus B which is the other party. The comparison means 15 of this comparison conversion result for comparison and comparison,
The result of comparison is compared with the conversion processing result for comparison and comparison stored in the memory 14, and when the two match, the partner apparatus B is authenticated as a correct connection partner.

As described above, in the present system, the devices A and B
In this example, in order to ensure security, mutual authentication is performed between the device A and the device B without exposing the parameter PB to the outside.

Without directly outputting the parameter PB to the outside,
To perform mutual authentication between the device A and the device B, the parameter PB is registered in the device A in association with public information that can identify the device B, such as the ID number of the device B. This information I
DB is stored in a DB file or a device as a parameter table.

Further, a parameter generation function PF for directly generating the parameter PB to be used this time from the information IDB, and a table in which the parameter XB for changing the state of the parameter generation function PF is associated with the information IDB are described. Further hold.

As described above, the device B notifies the device A of the information IDB without directly communicating the parameter PB to be used by being added to the conversion function for comparison / conversion conversion processing result acquisition. Mutual authentication in the first embodiment can be performed. This information IDB
Is a key to reproducing the parameter PB, but if the conversion table prepared in advance for the device B is not used, the same P from the IDB as that used in the measure B is used.
Since B cannot be reproduced, the function for obtaining the conversion result used for authentication cannot be reproduced, and therefore, the respective authentication values used in the devices A and B cannot be known.
In addition, the information exchanged between the devices A and B is only one time, and the information exchanged between the devices A and B has no relevance. Therefore, the information exchanged between the devices A and B by the challenge-response method is performed. Even if the information is stolen, the third party cannot obtain any clues to be applied to the authentication, and even if the information is obtained through repeated attacks in order to search, the obtained information does not provide any clues. Therefore, a robust security effect can be ensured.

Although various specific examples have been described above, the present invention is, in short, a method in which a random number is generated from one side and sent to the other side, and conversion processing is performed on both sides by the same predetermined conversion rule. To obtain a first conversion processing result, and further apply a conversion processing according to a second predetermined conversion rule to the first conversion processing result to obtain a second conversion processing result.
And a conversion process according to the second predetermined conversion rule is applied to the random number to obtain a third conversion process result. One of the second and third conversion process results Is for the other side, and the other is for the self side.The other side is to be transmitted to the other side's device, and the self side compares and matches the self and the one transmitted from the other side. In such a case, the other party is authenticated as a valid connection partner.

As described above, the challenge is performed by sending the random number that is the source of the authentication information to the other party, and sends the other party-specific authentication information generated based on the random number to the other party. This is a method of collating with the authentication information generated by itself, and the authentication information is sent to the other party only once so that the authentication can be completed. Moreover, the authentication information dedicated to the other party sent from one side to the other and from the other side to the other side is different and becomes one-time disposable information. Therefore, even if this transmitted information is stolen, the third party can authenticate. However, since the security mechanism cannot be clarified, a robust security effect can be exhibited, and the challenge and response can be completed only once, so that the traffic can be reduced accordingly.

In this system, in particular, if a configuration is adopted in which the random number is given only from the host side and the challenge function is provided only on the host side, a third party who attempts to illegally invade the network receives the challenge. It is not possible to repeatedly collect a large amount of information based on the response, and thus it is impossible to collect information based on the response to attempt to clarify the authentication system, thereby eliminating unauthorized intrusion by a third party.

The method described in the embodiment can be executed on a recording medium such as a magnetic disk (floppy disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), a semiconductor memory, etc., as a program that can be executed by a computer. It can also be stored and distributed.

The present invention is not limited to the above-mentioned example, but can be used in various modifications. The present authentication device is not limited to a terminal device having a communication function, but may be a host computer,
The present invention is applicable to various types of devices connected to a network, such as a measurement device having a communication function.

[0085]

As described above in detail, according to the present invention, it is possible to significantly reduce the traffic at the time of executing authentication, and to secure a robust security effect. A mutual authentication device and a mutual authentication method for a system can be provided.

[Brief description of the drawings]

FIG. 1 is a diagram for explaining the present invention, and is a conceptual diagram combining functional blocks and operation transitions of main parts for explaining a specific example of the present invention.

FIG. 2 is a diagram for explaining the present invention, and is a conceptual diagram of a device B-side authentication device according to the first embodiment of the present invention.

FIG. 3 is a diagram for explaining the present invention, and is a portable device such as a form information terminal or an IC card in which a part of the device B-side authentication device having the configuration shown in FIG. FIG.

FIG. 4 is a diagram for explaining the present invention, and is a portable device such as a form information terminal or an IC card in which a part of the device B-side authentication device having the configuration shown in FIG. FIG.

FIG. 5 is a diagram for explaining the present invention, and is a block diagram for explaining a second embodiment of the present invention.

FIG. 6 is a diagram for explaining the present invention, and is a block diagram for explaining a third embodiment of the present invention.

[Explanation of symbols]

A, B ... Information terminal device connected to the network 11 ... Random number generation means 12, 21 ... First conversion means 13, 22 ... Second conversion means 14, 23 ... Memory 15, 24 ... Matching means 30 ... Interface (I / F) and sequence controllers 31, 32 selectors 50, 50a to 50d arithmetic processing unit 51 parameter input buffer 52 parameter input means 53 input / output interface 61 parameter output function output unit 62 parameter conversion table 63 ... Parameter generation function output section r. Random number XB... Parameter changing parameter PB... Parameter F1, F2, f.

Claims (4)

[Claims] 1. A mutual authentication device in a network system in which first and second devices capable of communication are connectable via a network, provided in at least one of the first and second devices,
Random number generation means for generating a random number when performing mutual authentication; first conversion means provided in each of the first and second devices for receiving the random number and performing a predetermined conversion process on the random number; Each of the first and second devices receives the random number and performs a predetermined conversion process on the random number to obtain a first conversion processing result. The predetermined conversion processing is performed on the conversion processing result to obtain a second conversion processing result, and one of the first and second conversion processing results is used for oneself.
A second conversion unit that uses the other for authentication of the other party; and a second conversion unit provided in the first device,
Of the two conversion processing results of the conversion means, the conversion processing result for the user and the conversion processing result for the other party among the two conversion processing results of the second conversion means in the second device are used. A collation unit for a first device that authenticates whether or not the other party is a valid connection target by collating the two, and a collation unit provided in the second device,
Out of the two conversion processing results of the conversion means, and the conversion processing result of the other one of the two conversion processing results of the second conversion means in the first device. A mutual authentication device in a network system, comprising: a second device matching unit that authenticates whether or not the other party is a valid connection target by comparing the two. 2. A mutual authentication apparatus in a network according to claim 1, wherein said first and second conversion means are configured to add a secret parameter to the outside of the conversion processing. . 3. The first and second conversion means are configured to add a non-disclosed parameter to the outside of the conversion process and process the conversion process. Based on the parameter generation information, a predetermined parameter corresponding to the parameter generation information is generated to obtain the parameter to be used on the own side, and indirect instruction information for reproducing the same parameter as the parameter given to the other side is generated. Means for reproducing parameter generation information from the received indirect instruction information among the first and second apparatuses, and generating the parameter generation information from the reproduced parameter generation information. 2. A network according to claim 1, further comprising means for generating a parameter corresponding to the information and obtaining the parameter used on its own side. Mutual authentication device in the system. 4. A mutual authentication method in a network system in which first and second devices capable of communication are configured to be connectable via a network, wherein when performing mutual authentication, one of the first and second devices is used. A random number is generated, and the random number is sent to the other party. The first and second devices respectively perform a predetermined conversion process on the random number to obtain a first conversion process result. And performing a predetermined conversion process on the random number in each of the second devices to obtain a second conversion process result. Also, the second device performs a conversion process on the conversion result of the second conversion unit in the own device. A predetermined conversion process is performed to obtain a third conversion process result. Of the second and third conversion process results, one is used for self and the other is used for authentication of the other party. The device Out of the second and third conversion results in the second device, and the other one of the second and third conversion results in the second device. By comparing the two, it is determined whether the other party is a legitimate connection target, and the second device uses the second and third devices in the device.
Of the conversion processing results, the conversion processing result for the user and the conversion processing result for the other party obtained in the first device are compared with each other to determine whether the other party is a legitimate connection target. A mutual authentication method for a network system, comprising: determining.