US20050223233A1 - Authentication method and system - Google Patents

Authentication method and system Download PDF

Info

Publication number
US20050223233A1
US20050223233A1 US11/047,651 US4765105A US2005223233A1 US 20050223233 A1 US20050223233 A1 US 20050223233A1 US 4765105 A US4765105 A US 4765105A US 2005223233 A1 US2005223233 A1 US 2005223233A1
Authority
US
United States
Prior art keywords
storage medium
password code
computer
stored
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US11/047,651
Inventor
Nobutaka Ishidera
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fujitsu Ltd
Original Assignee
Fujitsu Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to JP2004-108938 priority Critical
Priority to JP2004108938 priority
Application filed by Fujitsu Ltd filed Critical Fujitsu Ltd
Assigned to FUJITSU LIMITED reassignment FUJITSU LIMITED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ISHIDERA, NOBUTAKA
Publication of US20050223233A1 publication Critical patent/US20050223233A1/en
Application status is Abandoned legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2129Authenticate client device independently of the user

Abstract

An authentication method to minimize a number of times a PIN of a smart card is input to solve a problem related to deterioration in security caused when storing a password on a memory of a personal computer and when the smart card is lost and authentication condition is stored on the smart card. In the application authentication of the present invention, an input password code is encrypted and identification information of a computer which has generated the encrypted password code and the encrypted password code are transmitted to a storage medium. When the storage medium is connected with the computer, the encrypted code is decoded upon determining that the identification information of the computer is stored in the storage medium.

Description

    CROSS-REFERENCE TO RELATED APPLICATION
  • This application is related to and claims the benefit of Japanese Patent Application No. 2004-108938, filed Apr. 1, 2004, in Japan, the disclosure of which is incorporated herein by reference.
  • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to providing a secured access to data, such as personal information, etc., stored in a storage medium of a personal computer.
  • 2. Description of the Related Art
  • Generally, when using a personal computer or other devices, a password or a personal identification number (hereinafter, referred to as a PIN) of a storage medium is input for each access to data stored in the storage medium to access the data, such as personal information, in the storage medium.
  • While requiring input of a PIN provides security and prevents unwanted disclosure of data, such as personal information or other secured data, in the storage medium, it is inconvenient because the PIN of the storage medium must be repeatedly input for each access to the data within the storage medium.
  • Accordingly, the following methods of accessing a storage medium have been considered in order to solve this problem. A smart card will be described as an example of a storage medium.
  • The smart card is formed as a plastic card about the size of a credit card into which an IC chip, such as a CPU, etc., is provided.
  • Initially, the PIN of the smart card is input in a personal computer or other smart card processing/reading devices to access data, such as personal information or other secured data, of the smart card. The input PIN of the smart card is then stored in a memory of the personal computer.
  • When subsequent access is made to the data in the smart card, the PIN of the smart card stored in the memory is collated or compared with the PIN stored in the smart card. When these PiNs match, access can be made to the data in the smart card.
  • Accordingly, it is no longer necessary to repeatedly input the PIN for each access to data in the smart card, applications of the smart card can be more simplified and the convenience of using the smart card can also be improved.
  • Moreover, Japanese Patent Application Laid-Open No. 6-115287 discloses a means for improving convenience of the smart card in addition to the previously discussed smart card access method.
  • Initially, the PIN of the smart card is input to access the data, such as personal information, etc., in the smart card using a personal computer.
  • When the PIN of the smart card is collated, “authenticated condition” information is stored to a nonvolatile memory provided in the smart card.
  • Accordingly, when subsequent access is made to the smart card and the “authenticated condition” information is stored in the nonvolatile memory of the smart card, the data in the smart card can be accessed without collation of the PIN.
  • Accordingly, it is no longer necessary to repeatedly input the PIN for each access to the data in the smart card. As a result, application of the smart card can be more simplified and use of the smart card becomes more convenient.
  • However, existing methods of accessing a smart card have the following problems.
  • In cases where the PIN of a smart card is stored in the memory of the personal computer to make subsequent input of the PIN unnecessary, because the PIN is stored on the memory of the personal computer, security of the password or the PIN may be compromised through a network with which the personal computer is connected, resulting in deterioration of security though convenience of smart card can be improved.
  • Moreover, when subsequent input of the password or the PIN is no longer required by storing the “authenticated condition” information in the nonvolatile memory provided in the smart card after collation of the PIN of smart card, if the smart card is lost while it is in the authenticated condition, a third party is capable of accessing the data, such as personal information, etc., in the smart card by taking advantage of the authenticated condition of the smart card.
  • For example, if the smart card authenticated by a company is lost, the third party can freely access the data therein, from outside of the company. Accordingly, risk of disclosure of data, such as personal information, stored in a smart card is remarkably increased.
  • SUMMARY OF THE INVENTION
  • An aspect of the present invention is therefore to only require a single input of a smart card PIN while improving convenience of use of the smart card and eliminating a security problem presented when storing the smart card PIN or a smart card password on a memory of a personal computer and/or when the smart card is lost and the authenticated condition is stored on the smart card.
  • In order to solve the problems described above, an application authentication program is provided that uses a password code for allowing access to information stored in a storage medium. The application authentication program controls a computer to execute operations including, confirming connection with a storage medium, encrypting an input password code for generating an encrypted password code, transmitting identification information for identifying a computer which has generated the encrypted password code and corresponding encrypted password code to the storage medium, and decoding the encrypted password code for confirming whether the identification information is stored in the storage medium when connection with the storage medium is subsequently confirmed and for decoding the corresponding encrypted password code upon determining that the identification information is stored.
  • According to another aspect of the application authentication program of the present invention, the password code encrypting includes controlling a computer to generate the encrypted password code and set an effective period for the encrypted code password code.
  • Moreover, the application authentication method of the present invention uses a password code for allowing access to information stored in a storage medium and controls a computer to execute a storage medium confirming sequence for confirming whether connection with the storage medium is set up, a password code requesting sequence for conforming whether connection with the storage medium is set up, a password code encrypting sequence for generating the encrypted password code by encrypting an input password code, a storage medium transmitting sequence for transmitting identification information for identifying a computer which has generated the encrypted password code and corresponding encrypted password code to the storage medium, and an encrypted password code decoding sequence for confirming whether the identification information is stored in the storage medium when the connection with the storage medium is confirmed and for decoding the corresponding encrypted password code upon determining that the identification information is stored.
  • Additional aspects and/or advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
  • Accordingly, the present invention enables data to be protected from illegal access when a smart card is lost and allows convenient use of the smart card by requiring a PIN input only once.
  • Moreover, since the PIN is not cached in a memory on the personal computer, disclosure of the PIN due to the analysis of memory is prevented.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 illustrates an exemplary application of a smart card.
  • FIGS. 2A through 2C illustrate exemplary operations of a PIN authentication.
  • FIG. 3 illustrates a structure of an embodiment of the present invention.
  • FIG. 4 is a flowchart of a log-on display image registration tool according to the present invention.
  • FIG. 5 is a flowchart of a log-on information registration tool according to the present invention.
  • FIG. 6 is a flowchart of a log-on engine according to the present invention.
  • FIG. 7 is a flowchart of a smart card access library according to the present invention.
  • FIG. 8 illustrates examples of information stored in a free storage area according to the present invention.
  • DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • Reference will now be made in detail to the present invention, examples of which are illustrated in the accompanying drawings.
  • FIG. 1 is a diagram illustrating an application profile of a smart card in relation to the present invention.
  • FIG. 1 shows a smart card 1; a personal computer 2; a smart card reader/writer 3; and a PIN input device 4. The smart card reader/writer 3 is connected with the personal computer 2 and enables information stored in the smart card 1 to be accessed, thereby allowing information to be retrieved from and added to the smart card 1. The PIN input device 4 is also connected with the personal computer 2 to allow identification information to be entered into the personal computer 2 for accessing the smart card 1.
  • Further, FIG. 1 shows a storage unit 5 in the smart card 1 where the storage unit 5 comprises a PIN protected storage area 6 and a free storage area 7, which can be read without PIN authentication. The smart card 1 also includes a computer chip (not shown) for controlling the smart card 1. The personal computer 2 includes a memory 8, as also shown in FIG. 1.
  • According to an aspect of the present invention, a user inserts the smart card 1 into the smart card reader/writer 3 connected with the personal computer 2. The user inputs the PIN via the PIN input device 4 to access the PIN protected storage area 6 and attempts to cancel/override the data access protection of the PIN protected storage area 6.
  • When the computer of the smart card has authenticated the PIN, the personal computer 2 issues a certificate 9 (further below described in relation to FIGS. 2A and 2B) and stores the certificate 9 into the memory 8 provided in the personal computer 2.
  • The certificate 9 issued by the personal computer 2 is given or assigned a public key. This public key is used to encrypt the input PIN and the encrypted PIN is stored in the free storage area 7 of the smart card 1 shown in FIG. 1.
  • Thereafter, to access the PIN protected storage area 6, the personal computer 2 reads the encrypted PIN stored in the free storage area 7, decodes the PIN with a secret key in the certificate 9 stored in the memory 8 and also cancels data access protection of the card.
  • In this situation, it is possible to designate the term of validity to the certificate stored in the memory 8. Accordingly, it is also possible to designate the period in which the encrypted PIN stored in the free storage area 7 can be used.
  • Moreover, since the encrypted PIN stored in the free storage area 7 can be decoded only with the secret key in the certificate stored in the memory 8, if the card is lost, it is impossible to access the PIN protected storage area 6 from other personal computers or smart card processing devices.
  • When a plurality of encrypted PINs are stored in the free storage area 7, only predetermined user(s) are capable of realizing or effecting operations with a plurality of personal computers using the smart card.
  • In this case, for example, CPU data of the personal computer 2 and the encrypted PIN are correspondingly stored in order to identify the certificate on the personal computer 2 using which the encrypted PIN stored in the free storage area 7 has been encrypted.
  • FIGS. 2A, 2B and 2C illustrate operations related to input of the PIN via the PIN input device 4, storage of the encrypted PIN into the smart card 1, and authentication of the PIN in the personal computer 2. Here, the smart card reader/writer 3 is not illustrated in FIGS. 2A, 2B and 2C.
  • FIG. 2A illustrates the operation of storing the PIN into the personal computer 2 via the PIN input device 4.
  • The smart card 1 is connected with the personal computer 2 in order for the data in the smart card 1 to be read. The PIN is input using the PIN input device 4 in order to access the data stored in the PIN protected storage area 6 of the smart card 1. The input PIN is then stored in the memory 8 of the personal computer 2. When the input PIN is correct, access can be made to the data stored in the PIN protected storage area 6.
  • FIG. 2B illustrates the operation of encrypting the PIN and storage thereof into the smart card 1.
  • The personal computer 2 ciphers or encrypts the PIN stored in the memory 8 with a public key. Here, the encrypted PIN is expressed as “@!#?” in FIG. 2B, but the PIN is not always ciphered into such stream of characters. In this case, since the certificate 9 is issued, the user can designate the period within which the PIN can be used, for example, by storing validating data in the data received for the certificate and/or the encrypted PIN. The personal computer 2 stores the encrypted PIN “@!#?” into the free storage area 7 of the smart card 1.
  • FIG. 2C illustrates the operation in which the personal computer 2 reads the encrypted PIN “@!#?” forming PIN data to be deciphered or decrypted upon authentication.
  • Here, the smart card 1 is connected with the personal computer 2 to read the data in the smart card 1. The personal computer 2 reads the encrypted PIN “@!#?” stored in the free storage area 7. The PIN data stored in the free storage area 7 is the PIN data obtained by ciphering or encrypting the PIN. Accordingly, the data in the smart card 1 is accessed by authenticating the PIN data.
  • Accordingly, since the card PIN is never cached in the memory 8 of the personal computer 2, disclosure of the PIN data by analyzing the memory 8 or other types of access, such as through a network, are prevented.
  • Next, an operation of the present invention will be described in relation to an application log-on function using the smart card.
  • FIG. 3 is a structural diagram in relation to the embodiment of the present invention.
  • As shown in FIG. 3, the present invention includes a log-on display image of an application 31; a log-on display image registration tool 32; a log-on information registration tool 33; a log-on engine 34; a log-on display image information storage file 35; a card access library 36; and an encryption library 37 having a key 38 stored therein to be used for decrypting or deciphering log-on information.
  • A user stores the log-on display image information for identifying the log-on display image of application 31 into the log-on display image information storage file 35 using the log-on display image registration tool 32.
  • The log-on information, such as ID and password, to be input to the registered application log-on display image 31 is registered to or stored in the smart card 1 via the card access library 36 using the log-on information registration tool 33. In this case, the ID and/or password is stored into the PIN protected storage area 6 and the ID and/or password is protected or is accessible by using the key 38 stored in the encryption library 37.
  • The log-on engine 34 requests, as a permanent program, the log-on information to the smart card 1 when the log-on information registered to the smart card 1 matched with the log-on display image information stored in the log-on display image information file 35 is displayed. After the PIN protection is cancelled, the log-on information is read and is then transmitted to the log-on display image of the application 31. Accordingly, log-on to the application is attempted using the smart card 1.
  • Since the log-on information has generally been stored in the area protected by the PIN data, the internal application log-on information has been obtained by accurately collating the PIN data for the smart card 1 for each access to the smart card 1. But, in the present invention, such collation of the PIN data is required only for the first access.
  • FIG. 4 is a flowchart of the log-on display image registration tool according to an aspect of the present invention. A title name of the application log-on display image is input (operation 401). Then, a password input field name of the application log-on display image is input (operation 402), and an ID input field name of the application log-on display image is input (operation 403).
  • The title name, password input field name, and ID input field name of the log-on display image of the application input are then stored in the log-on display image information file 35 (operation 404).
  • FIG. 5 is a flowchart of the log-on information registration tool according to an aspect of the present invention.
  • A password for logging on to the application is input (operation 501). Then, an ID for logging on to the application is input (operation 502). Access is made to the card access library 36 to store the password and ID input (operation 503).
  • FIG. 6 is a flowchart of the log-on engine.
  • Reference is made to the log-on display image information stored within the log-on display image information storage file 35 (operation 601).
  • The display image information being displayed at present is read (operation 602).
  • It is decided whether the log-on display image including the log-on display image information to which the reference is made in operation 601 is displayed or not (operation 603).
  • When the display image information displayed does not match with the log-on display image information to which the reference is made, the display image information displayed is read again.
  • When the display image information being displayed matches with the log-on display image information to which the reference is made, reference is made to the card access library 36 (operation 604).
  • It is decided using the card access library 36 whether the log-on information has been read successfully (operation 605).
  • When the log-on information of the log-on display image being displayed can be read, the log-on information is transmitted to the log-on display image (operation 606).
  • FIG. 7 is a flowchart of the card access library operations according to an aspect of the present invention
  • It is decided or determined whether the smart card is or has been inserted into the smart card reader/writer (operation 701).
  • When the smart card is not inserted, the log-on display image “Insert the card, please!” is displayed. The decision is “OK”, whether the smart card is inserted is decided again. When the decision is “cancel”, the access to the smart card is terminated (operation 702).
  • When it is decided that the smart card is inserted, the encrypted PIN is read from the free storage area (operation 703).
  • It is then decided or determined whether the encrypted PIN is read successfully or not (operation 704).
  • If the encrypted PIN is not read successfully, the logon display image “Input the PIN, please!” is displayed (operation 705). When the decision is “cancel”, access to the smart card is terminated. When the PIN is input and the decision is “OK”, the PIN is collated (operation 706).
  • If the collation of PIN is not successful, the log-on display image “Input the PIN, please!” is displayed. When the collation of PIN is successful, a certificate is issued (operations 707 and 708).
  • Encryption of the PIN which has been collated successfully is requested from the encryption library 37 (operation 709).
  • The PIN encrypted by the encryption library 37 is stored in the free storage area and access is then made to the ID and password in the smart card (operations 710 and 714).
  • When the encrypted PIN is read successfully in operation 704, decoding of the encrypted PIN is requested from the encryption library (operation 711).
  • The decoded PIN is collated (operation 712) and if the collation of the PIN is not successful, the process shifts to the operation 705. When the collation of PIN is successful, access is made to the ID and password in the smart card (operation 714).
  • FIG. 8 is a table illustrating examples of information to be stored in the free storage area 7 of the smart card 1.
  • In order to use a plurality of personal computers with one smart card, the PINs encrypted by respective personal computers are stored in memory with the data size of 32 bytes and the ID information of the corresponding personal computer CPUs is stored with the data size of 16 bytes. The data indicating the number of PINs encrypted is stored with the data size of one byte. Accordingly, when it is requested to use the smart card with a particular personal computer, if the corresponding encrypted PIN and the ID information of CPU exist within the free storage area, such information is read to try to read the personal information stored in the PIN protected storage area.
  • Next, modification examples of the embodiment or alternate embodiment of the smart card in the present invention and the other technical extension items will be itemized below.
  • In the above discussed embodiment, the password code is not restricted to a string of characters and combination of the ID and password. For example, it is also possible to protect personal information of users with authentication of a fingerprint or other biometric authentication techniques.
  • In the embodiment described above, application of the smart card is not restricted to a personal computer and may also be used in the other information apparatuses.
  • In above embodiment, the public key encryption system is introduced or described as the PIN encryption system. However, the present invention is not limited thereto and also allows employment of other secret key systems.
  • In above embodiment, the CPU information of the personal computer and encrypted PIN are stored correspondingly in order to identify with which personal computer's certificate the PIN has been encrypted. However, the present invention is not restricted to the encrypted PIN and the CPU information being stored correspondingly as long as the personal computer which has encrypted the PIN can be identified.
  • In above embodiment, the effective period is set with the certificate on the personal computer, but the present invention is not restricted thereto.
  • In above embodiment, the smart card reader/writer and the personal computer are not required to be isolated and therefore the smart card reader/writer may be provided as part of the personal computer.
  • In above embodiment, when the smart card has authenticated the PIN, the personal computer newly issues a certificate, but it is also possible to previously register or store the certificate. Moreover, in the above embodiment, the personal information, etc., is stored in the smart card, the present invention is not restricted thereto and various storage mediums which are capable of storing data may also be used.
  • Although embodiments of the present invention have been shown and described, it would be appreciated by those skilled in the art that changes may be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the claims and their equivalents.

Claims (12)

1. A computer-readable medium storing a program which, when executed by an information processing apparatus, causes the information processing apparatus to perform operations, comprising:
checking a connection with a storage medium;
requesting a password code for accessing information in the storage medium;
encrypting an input password code to generate an encrypted password code;
transmitting identification information of a computer which has generated the encrypted password code and corresponding encrypted password code to the storage medium; and
decoding the encrypted password code for confirming whether the identification information is stored in the storage medium when connection with the storage medium is confirmed and for decoding the corresponding encrypted password code upon confirming that the identification information is stored in the storage medium.
2. A computer-readable medium storing a program according to the claim 1, where encrypting the password code is executed by the computer and includes setting an effective period for the encrypted password code.
3. An authentication method using a password code for allowing access to information stored in a storage medium, comprising:
confirming a connection with the storage medium;
requesting the password code for accessing information in the storage medium;
encrypting an input password code to generate an encrypted password code;
transmitting identification information of a computer via which the encrypted password code is generated and corresponding encrypted password code to the storage medium; and
decoding for confirming whether the identification information is stored in the storage medium when the connection with the storage medium is confirmed and decoding the corresponding encrypted password code upon confirming that the identification information is stored.
4. An authentication method to enable access to a storage medium connected with a computer, comprising:
encrypting an input password code input to access a first portion of the storage medium;
storing the encrypted password code in a second portion of the storage medium and storing a key for decoding the encrypted password code in the computer; and
authenticating access to the first portion of the storage medium by decoding the encrypted password code stored in the second portion of the storage medium using the key stored in the computer.
5. The authentication method according to claim 4, wherein the key for decoding the encrypted password code is invalidated after a predetermined period of time.
6. The authentication method according to claim 4, wherein the encrypted password code in the second portion of the storage medium is invalidated after a predetermined period of time.
7. An authentication method to enable access to a storage medium connected with a computer, comprising:
receiving a password code input to access the storage medium and encrypting the password code;
storing the encrypted password code in a predetermined portion of the storage medium and storing a key for decoding the encrypted password code in the computer; and
authenticating access to another portion of the storage medium by decoding the encrypted password code stored in the predetermined portion of the storage medium using the key stored in the computer.
8. An authentication method to enable access to a storage medium connected with a computer, comprising:
encrypting an authenticated password code to generate an encrypted password code;
correlating identification information of the computer using which the encrypted password code is generated and transmitting the identification information and the encrypted password code to the storage medium; and
authenticating access to the storage medium upon determining that the identification information of the computer is stored in the storage medium.
9. An authentication method to enable access to a storage medium connected with a computer, comprising:
issuing a certificate having a public key corresponding to a password code and storing the certificate in the computer;
encrypting the password code sing the public key and storing the encrypted password code in a section of the storage medium accessible without authentication; and
authenticating an input password code by decoding the encrypted password code using the certificate.
10. An authentication system for accessing a storage medium, comprising:
a storage reading device reading data stored in the storage medium;
an input device inputting a password code to access the storage medium; and
a computer encrypting the password code and transmitting the encrypted password code and identification information of the computer to the storage system, where the encrypted password code is decoded and access to the storage medium is authenticated upon determining that the identification information of the computer is stored in the storage medium.
11. The authentication system according to claim 10, wherein the storage medium includes a portion accessible without inputting the password code.
12. The authentication system according to claim 10, wherein a public key is used to encrypt the password code and the encrypted password code is stored in a portion of the storage medium accessible without inputting the password code and the public key is stored in the computer, and the access to the storage medium is authenticated when the encrypted password code in the storage medium is decoded using the public key.
US11/047,651 2004-04-01 2005-02-02 Authentication method and system Abandoned US20050223233A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2004-108938 2004-04-01
JP2004108938 2004-04-01

Publications (1)

Publication Number Publication Date
US20050223233A1 true US20050223233A1 (en) 2005-10-06

Family

ID=35055756

Family Applications (2)

Application Number Title Priority Date Filing Date
US11/047,651 Abandoned US20050223233A1 (en) 2004-04-01 2005-02-02 Authentication method and system
US11/474,973 Active 2028-11-26 US8572392B2 (en) 2004-04-01 2006-06-27 Access authentication method, information processing unit, and computer product

Family Applications After (1)

Application Number Title Priority Date Filing Date
US11/474,973 Active 2028-11-26 US8572392B2 (en) 2004-04-01 2006-06-27 Access authentication method, information processing unit, and computer product

Country Status (6)

Country Link
US (2) US20050223233A1 (en)
EP (1) EP1736889A4 (en)
JP (1) JP4550050B2 (en)
KR (1) KR100852927B1 (en)
CN (1) CN100504819C (en)
WO (1) WO2005096158A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030051146A1 (en) * 2001-09-11 2003-03-13 Akihiro Ebina Security realizing system in network
US20070050621A1 (en) * 2005-08-30 2007-03-01 Kevin Young Method for prohibiting an unauthorized component from functioning with a host device
US7685430B1 (en) * 2005-06-17 2010-03-23 Sun Microsystems, Inc. Initial password security accentuated by triple encryption and hashed cache table management on the hosted site's server
US20100205449A1 (en) * 2009-02-12 2010-08-12 Ricoh Company, Ltd. Image forming apparatus, method for validating IC card holder, and computer program product thereof
CN102693582A (en) * 2012-05-03 2012-09-26 福建星网视易信息系统有限公司 IC card data interaction method and system and method and system for downloading loss report information
US8886928B2 (en) 2012-06-25 2014-11-11 Chiba University Method and system for device authentication

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4855063B2 (en) * 2005-12-20 2012-01-18 株式会社リコー The image processing apparatus and a network terminal unit
US7802097B2 (en) * 2006-02-13 2010-09-21 Research In Motion Limited Secure method of termination of service notification
JP2007304686A (en) * 2006-05-09 2007-11-22 Sii Ido Tsushin Kk Unauthorized copy prevention system, unauthorized copy prevention device and computer program
DE102008027586A1 (en) * 2008-06-10 2009-12-24 Siemens Aktiengesellschaft Procedures to establish, issuing and verifying authorization permits
US20100228991A1 (en) * 2009-03-03 2010-09-09 Goldkey Security Corporation Using Hidden Secrets and Token Devices to Control Access to Secure Systems
JP5236541B2 (en) * 2009-03-17 2013-07-17 三菱電機ビルテクノサービス株式会社 Authentication system and personal identification number management apparatus
US8423783B2 (en) * 2009-11-27 2013-04-16 International Business Machines Corporation Secure PIN management of a user trusted device
JP2011123625A (en) * 2009-12-09 2011-06-23 Giga-Byte Technology Co Ltd Password management and authentication method suitable for trusted platform module
EP2426652A1 (en) * 2010-09-06 2012-03-07 Gemalto SA Simplified method for customising a smart card and associated device
JP2012186604A (en) * 2011-03-04 2012-09-27 Dainippon Printing Co Ltd Portable terminal verification system capable of verifying that encryption function for encrypting pin is implemented in portable terminal
US20120284534A1 (en) * 2011-05-04 2012-11-08 Chien-Kang Yang Memory Device and Method for Accessing the Same
US8994511B2 (en) * 2011-09-12 2015-03-31 The Boeing Company Electronic identification package
CN102938032B (en) * 2012-10-17 2017-09-22 中兴通讯股份有限公司 An addition of an application on the communication terminal, decrypting method, system and terminal
US20180212957A1 (en) * 2015-07-28 2018-07-26 Taw Wan LEE Apparatus and method for authentication, and computer program and recording medium applied to the same
KR101659234B1 (en) * 2015-07-28 2016-09-22 태 원 이 Apparatus and method for authentication, and computer program and recording medium applied to the same

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH04107793A (en) 1990-08-29 1992-04-09 N T T Data Tsushin Kk Data access method and ic card for execution
JPH06115287A (en) 1992-10-02 1994-04-26 Dainippon Printing Co Ltd Card, card reader and identifying method for card forgery
US5590199A (en) * 1993-10-12 1996-12-31 The Mitre Corporation Electronic information network user authentication and authorization system
AU1265195A (en) * 1993-12-06 1995-06-27 Telequip Corporation Secure computer memory card
JPH10504150A (en) * 1994-07-19 1998-04-14 バンカーズ トラスト カンパニー Method for securely using digital signatures in a commercial cryptographic system
WO1996007256A1 (en) * 1994-08-30 1996-03-07 Kokusai Denshin Denwa Co., Ltd. Certifying system
JP3272213B2 (en) * 1995-10-02 2002-04-08 インターナショナル・ビジネス・マシーンズ・コーポレーション Authentication method of Ic card and an information processing apparatus
US5857021A (en) 1995-11-07 1999-01-05 Fujitsu Ltd. Security system for protecting information stored in portable storage media
JP3905961B2 (en) * 1997-11-11 2007-04-18 インターナショナル・ビジネス・マシーンズ・コーポレーションInternational Business Maschines Corporation Method and system of extraordinary signature authentication
US6012049A (en) * 1998-02-04 2000-01-04 Citicorp Development Center, Inc. System for performing financial transactions using a smartcard
JP4169822B2 (en) 1998-03-18 2008-10-22 富士通株式会社 Data protection method of a storage medium, the apparatus and the storage medium
US6092202A (en) * 1998-05-22 2000-07-18 N*Able Technologies, Inc. Method and system for secure transactions in a computer system
JP2000090334A (en) * 1998-09-09 2000-03-31 Hitachi Ltd Ic card reader-writer and automatic charge reception device provided with the same
US7272723B1 (en) * 1999-01-15 2007-09-18 Safenet, Inc. USB-compliant personal key with integral input and output devices
US6848047B1 (en) 1999-04-28 2005-01-25 Casio Computer Co., Ltd. Security managing system, data distribution apparatus and portable terminal apparatus
CA2313312A1 (en) * 1999-07-27 2001-01-27 Nortel Networks Corporation System, method, and computer program product for smart card to smart card transactions
JP3749640B2 (en) * 1999-10-15 2006-03-01 株式会社東芝 Ic card use device, ics cards and storage medium
JP3690237B2 (en) 2000-04-03 2005-08-31 三菱電機株式会社 Authentication method, recording medium, the authentication system, terminal device, and the authentication recording medium production apparatus
US6968453B2 (en) * 2001-01-17 2005-11-22 International Business Machines Corporation Secure integrated device with secure, dynamically-selectable capabilities
GB2382172A (en) * 2001-11-16 2003-05-21 Rue De Int Ltd Software authentication device
JP2003174439A (en) * 2001-12-06 2003-06-20 Hitachi Ltd Distribution and storage system for digital contents
AUPR965801A0 (en) * 2001-12-20 2002-01-24 Canon Information Systems Research Australia Pty Ltd A user interface for accessing files in a smart card file system
US6845908B2 (en) * 2002-03-18 2005-01-25 Hitachi Semiconductor (America) Inc. Storage card with integral file system, access control and cryptographic support
JP4089294B2 (en) * 2002-05-24 2008-05-28 富士ゼロックス株式会社 Personal authentication system and personal authentication terminal device

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030051146A1 (en) * 2001-09-11 2003-03-13 Akihiro Ebina Security realizing system in network
US7685430B1 (en) * 2005-06-17 2010-03-23 Sun Microsystems, Inc. Initial password security accentuated by triple encryption and hashed cache table management on the hosted site's server
US20070050621A1 (en) * 2005-08-30 2007-03-01 Kevin Young Method for prohibiting an unauthorized component from functioning with a host device
US20100205449A1 (en) * 2009-02-12 2010-08-12 Ricoh Company, Ltd. Image forming apparatus, method for validating IC card holder, and computer program product thereof
US8423781B2 (en) * 2009-02-12 2013-04-16 Ricoh Company, Ltd. Image forming apparatus, method for validating IC card holder, and computer program product thereof
CN102693582A (en) * 2012-05-03 2012-09-26 福建星网视易信息系统有限公司 IC card data interaction method and system and method and system for downloading loss report information
US8886928B2 (en) 2012-06-25 2014-11-11 Chiba University Method and system for device authentication

Also Published As

Publication number Publication date
KR100852927B1 (en) 2008-08-19
JPWO2005096158A1 (en) 2008-02-21
JP4550050B2 (en) 2010-09-22
CN100504819C (en) 2009-06-24
EP1736889A4 (en) 2009-02-04
US20060248345A1 (en) 2006-11-02
CN1914603A (en) 2007-02-14
EP1736889A1 (en) 2006-12-27
US8572392B2 (en) 2013-10-29
WO2005096158A1 (en) 2005-10-13
KR20060134037A (en) 2006-12-27

Similar Documents

Publication Publication Date Title
US7730310B2 (en) Key transformation unit for a tamper resistant module
JP3754004B2 (en) Data update method
US5721781A (en) Authentication system and method for smart card transactions
US5237614A (en) Integrated network security system
US9858567B2 (en) Dynamic card verification values and credit transactions
US7558965B2 (en) Entity authentication in electronic communications by providing verification status of device
CN100533456C (en) Security code production method and methods of using the same, and programmable device therefor
ES2680152T3 (en) Convenient method and apparatus for user authentication using a mobile authentication application
JP5050066B2 (en) Portable electronic billing / authentication device and method thereof
RU158940U1 (en) Strong authentication token with visual output PKI signatures (pki)
US7178025B2 (en) Access system utilizing multiple factor identification and authentication
US6948065B2 (en) Platform and method for securely transmitting an authorization secret
US6954855B2 (en) Integrated circuit devices with steganographic authentication, and steganographic authentication methods
US20100250936A1 (en) Integrated circuit, encryption communication apparatus, encryption communication system, information processing method and encryption communication method
US7155616B1 (en) Computer network comprising network authentication facilities implemented in a disk drive
US6087955A (en) Apparatus and method for providing an authentication system
US6829711B1 (en) Personal website for electronic commerce on a smart java card with multiple security check points
US20020016913A1 (en) Modifying message data and generating random number digital signature within computer chip
EP1752937A1 (en) System and method for encrypted smart card PIN entry
US8333317B2 (en) System and method for authenticating the proximity of a wireless token to a computing device
EP0752635B1 (en) System and method to transparently integrate private key operations from a smart card with host-based encryption services
US6910131B1 (en) Personal authentication system and portable unit and storage medium used therefor
US20060053302A1 (en) Information processing apparatus with security module
US7775427B2 (en) System and method for binding a smartcard and a smartcard reader
US6230272B1 (en) System and method for protecting a multipurpose data string used for both decrypting data and for authenticating a user

Legal Events

Date Code Title Description
AS Assignment

Owner name: FUJITSU LIMITED, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ISHIDERA, NOBUTAKA;REEL/FRAME:016244/0671

Effective date: 20041222