WO2005093594A1 - 認証システム - Google Patents
認証システム Download PDFInfo
- Publication number
- WO2005093594A1 WO2005093594A1 PCT/JP2005/006447 JP2005006447W WO2005093594A1 WO 2005093594 A1 WO2005093594 A1 WO 2005093594A1 JP 2005006447 W JP2005006447 W JP 2005006447W WO 2005093594 A1 WO2005093594 A1 WO 2005093594A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- authentication
- exclusive
- value
- data
- sets
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3271—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
Definitions
- the present invention relates to authentication systems, and more particularly to "spoofing" and authentication systems.
- an authentication process is executed based on authentication information of a mobile phone itself and information of a user.
- the mobile phone authentication information usually, for example, a fixed authentication identifier ⁇ assigned to the mobile phone by the mobile phone manufacturer, and a variable authentication identifier assigned to the mobile phone by the communication carrier, for example, Many types of authentication information such as telephone numbers and IP addresses assigned to telephones are set. The flow of providing the authentication information and the flow of communication will be described with reference to FIG.
- a manufacturing company 100 which manufactures a mobile phone, distributes a mobile phone in which a manufactured mobile phone is provided with a fixed authentication identifier, for example, an authentication identifier /? , And the communication carrier 200 assigns, for example, an authentication identifier ⁇ as a variable authentication identifier, and the distributor 3 via the distribution system ⁇ .
- a telephone number and an IP address are given and handed over to the user 400.
- User 400 has an authentication identifier,? And a telephone number,
- the torturer obtains the authentication identifier /? Inside the manufacturer 100 and at the distribution system B stage (highly likely to be obtained at the distribution system B). There is a risk that the authentication identifier ⁇ may be obtained internally or at the distribution system A stage (it is likely to be obtained at the distribution system A), and it is easy to obtain the telephone number information and I-address information, which are publicly available information. Considering this, it is possible to create a so-called clone mobile phone using various types of authentication information required for authentication. Also, even if it is difficult to obtain the authentication identifier /? From the manufacturer 100 or obtain the authentication identifier from the telecommunications carrier 200, the user 400 cannot communicate via the communication line.
- the above-mentioned authentication identification information may be obtained by wiretapping or interception via a communication line. Therefore, in order to avoid eavesdropping and eavesdropping on the authentication information transmitted via the communication line from the mobile phone to the authentication server, the transmitted authentication information was encrypted, and the encrypted authentication information was decrypted on the authentication server side. Later, a system that performs authentication processing has been proposed.
- the mobile phone is equipped with a storage medium (ROM) storing the authentication information, and the authentication information (authentication identifier) may be stolen and copied from the storage medium.
- ROM storage medium
- the authentication information authentication identifier
- a measure is desired to make illegal reading of the information itself stored in the ROM impossible.
- the solution of this problem is not the main subject of the present invention, and will not be described further.
- Patent Document 1 As an example of an authentication system in e-commerce, as disclosed in Patent Document 1, a user ID and a password are transmitted from a communication terminal at regular intervals, and the server side of the transaction system performs authentication to perform double login and There is a system that prevents illegal activities such as "spoofing" during the course of a transaction.
- Patent Document 1 Japanese Unexamined Patent Application Publication No. 2000-210-214 (paragraph numbers [0 08] to [0 17], Fig. 1)
- the present invention has been made in view of the above-mentioned problems of the related art, and a main object of the present invention is to provide an authentication system that does not allow eavesdropping or deception of authentication information of a communication terminal.
- the authentication system according to the present invention employs the following characteristic configuration.
- the authentication requesting side executes a predetermined encryption algorithm for each of the two sets of random number data R i and R 2 with at least one predetermined secret eigenvalue N as a parameter.
- one of the calculated encrypted data yi and y 2 obtains an exclusive OR value Y taking two exclusive OR of encryption data and y 2 obtained, the two sets of random number data R have R 2
- the authentication side executes a predetermined encryption algorithm for each of the two sets of random number data R i and R 2 with at least one predetermined secret eigenvalue N as a parameter.
- the two sets of received random number data R 01 and R 02 and the unique value N 0 of the same value as that of the authentication request side registered in advance privately from the authentication request side are set as parameters as described above.
- the exclusive OR value YQ obtained by taking the exclusive OR of 2 is obtained, and the exclusive OR value Y received from the authentication requesting side. And when both values match, it is determined that the authentication is ⁇ K,
- the encrypted data and y. Either of 2 is predetermined and the unique value N!
- the predetermined of two obtained by executing the encryption Arugorizumu encrypted data yi and obtains the exclusive-OR value Y i obtained by taking the exclusive OR of yi 2, compared with the exclusive OR value Y i received from the authentication requesting side, both values match
- authentication requesting side is a random number generator for outputting two sets of random numbers de Isseki R ,, R 2, At least one private eigenvalues N determined in advance as a parameter Isseki, the encryption unit to obtain the two encryption data y t and y 2 obtained by executing a predetermined encryption Arugorizumu,
- a transmission unit that transmits the exclusive OR value Y and the two sets of random number data Ri and R 2 to an authentication side;
- a reception unit for receiving the data transmitted from the transmission unit, the two sets of random number data R or R 2 received by the reception unit and the authentication requesting side registered in advance privately from the authentication requesting side
- a decryption unit that executes the predetermined encryption algorithm using the eigenvalue N based on the initial value of the same value as a parameter to obtain two encrypted data y and; ⁇ 2 ,
- An exclusive OR unit that takes an exclusive OR of two encrypted data yi and y2 output from the decryption unit and outputs an exclusive OR value Y;
- the exclusive-OR value Y obtained by the exclusive-OR unit is compared with the exclusive-OR value Y received from the authentication requesting side.
- An authentication system that includes a comparison unit that rejects requests.
- the encrypted data and two sets of random number data and eigenvalues N 2 assigned selected either a predetermined method new to y 12 R 2 have R 22
- the eigenvalue N 2 is set as a parameter
- the two obtained encrypted data y 2 i and y 2 2 obtained by executing the predetermined encryption algorithm are obtained by taking the exclusive OR.
- the exclusive OR value Y 2 is obtained and transmitted to the authentication side together with the two sets of random number data R 21 and R 22 ,
- the eigenvalue N 2 is set as a parameter, and the two encrypted data y 21 and y 22 obtained by executing the predetermined encryption algorithm are mutually exclusive.
- the exclusive OR value Y 2 obtained by taking the logical OR Authentication system authentication requesting side received from compares the exclusive-OR value Y 2, executes a process to determine that the authentication ⁇ _Kappa to come and both values match the cascade.
- the eigenvalue N Is the authentication system according to any one of the above (1) to (5), which is an authentication requester (the specified ID (authentication identifier)).
- the encrypted data and y 2 take the exclusive OR of the obtained two encrypted data yi and y 2 , obtain the exclusive OR value Y, and obtain the obtained exclusive logical Decrement the number of digits of the sum Y by a predetermined method to obtain Y, and calculate the random number and R 2 as known values and obtain Y 'from N as forward calculation, and reverse the calculation of N from Y'
- the forward direction calculation is defined as the direction calculation, and the forward direction calculation can be easily calculated.However, the backward direction calculation for obtaining ⁇ from Y, obtained by reducing the number of digits of the exclusive OR value Y by a predetermined method is a calculation.
- the two sets of received random number data 1 ⁇ R 2 and the unique value N based on the same initial value as the authentication requesting side registered in advance privately from the authentication requesting side are set as parameters and the predetermined encryption is performed. asked 2nd one of the encrypted data yi and y 2 by running the algorithm, the two found encrypted data y! The exclusive OR of y and y 2 is obtained to obtain an exclusive OR value Y, and the number of digits of the obtained exclusive OR value Y is reduced by the same method as that of the predetermined authentication requesting side.
- An authentication system that compares overnight Y 'with the authentication encryption data Y' received from the authentication requesting side, and determines that the authentication is OK when both values match.
- one of the two encrypted data y 0 i and yo 2 is selected in a predetermined manner and converted into a binary value so that the most significant digit is always 1.
- the assigned value is a unique value
- the unique value is a parameter and the predetermined encryption algorithm is executed.
- the exclusive OR value Y obtained by taking the exclusive OR of two encrypted data yt and yi2! And determine the number of digits of the obtained exclusive OR value YJ in advance.
- the authentication encryption data Y i ′ reduced by the above method is transmitted to the authentication side together with the two sets of random number data R 1 2 ,
- the two encrypted data y 0 1 and y. 2 is selected in the same way as the predetermined authentication requesting side and converted to a binary value.
- the value assigned so that the most significant digit is always 1 is the unique value N!
- the exclusive OR obtained by taking the exclusive OR of the data yi i and yi 2 Y!
- the authentication identification data Y i ′ obtained by reducing the number of digits of the obtained exclusive OR value Y i by the same method as the predetermined authentication requesting side, and the authentication encryption data received from the authentication requesting side.
- a general authentication encryption signal is transmitted after being encrypted using advanced encryption technology that relies on computational security, but in the present invention, the authentication encryption signal is replaced with a random number and communicated, and extracted from this random number.
- the one-time disposable is used by associating the other party authentication algorithm with the cascade every time from the first communication start.
- the authentication encryption signal itself cannot be transmitted to a communication line without encryption, it is possible for an illegal person to use the authentication identifier and Even if the manufacturer or distribution process illegally copies and steals the partner verification authentication algorithm from the storage medium (ROM) of the mobile phone, and manufactures a so-called cloned mobile phone and attempts "spoofing," Since the algorithm is related to the cascade, the illicit person must continuously eavesdrop on the random number and the authenticated encrypted data from the start of communication, and accumulate and analyze it on a data base.
- ROM storage medium
- a one-time disposable partner confirmation authentication signal is a method that continuously records and manages all past communication histories to prevent the same one-time first hand confirmation authentication signal from being repeated.
- the memory in the carrier's authentication server can be saved and the program can be simplified.
- FIG. 1 is a system configuration diagram on the authentication request (transmission) side in an embodiment of the authentication system according to the present invention. .
- FIG. 2 is a system configuration diagram on the authentication (reception) side in an embodiment of the authentication system according to the present invention.
- FIG. 3 is a system configuration diagram showing a procedure of a conventional mobile phone authentication process.
- authentication encryption data is encrypted using advanced encryption technology that relies on computational security and sent. Communicates by replacing the authentication encryption data with a random number, and associates the authentication algorithm extracted from the random number with the cascade every time from the start of the first communication and makes it a one-time disposable.
- the random number R have R 2 and the authentication cryptographic data Y is also sent to intercept the communication line attempted partner confirmation authentication algorithm deciphering, because the relationship is a relationship between the random number and the random number that does not at all exist algorithms since decryption by the communication line interception is completely impossible, the authentication encryption data itself random de Isseki R have R 2 from past communication history together it is possible to send to the communication line unencrypted authentication 'Any attempt numerical mimic to a "spoofing" of the random number I ⁇ , R 2 and the authentication encryption de one da Y' cryptographic data Y except that the relationship is coincidental, a reasonably "spoofing" be Rukoto becomes impossible, random number R i, the total number of per binary value of R 2 and the authentication encryption de probability that the relationship is consistent with the chance of Isseki random number R!
- authentication encryption de random number de Isseki R have R 2 such that at least 2 8 digits (1 2 8-bit) or more, almost prevent "spoofing" by coincidence can do.
- the one-time disposable party confirmation authentication signal is usually a method of continuously recording and managing all past communication histories to prevent the same one-time party confirmation authentication signal from being repeated.
- communication is performed by replacing the authentication encryption data with a random number, and the partner verification authentication algorithm extracted from the random number is associated with the cascade every time from the start of the first communication to make the one-time disposable. It is possible to record the unique value used immediately before, without having to continuously record and manage the communication history, and establish a one-time disposable party confirmation authentication signal. As a result, the memory in the carrier's authentication server can be saved and the program can be simplified.
- FIG. 1 is a system configuration diagram of a transmitting side as an authentication requesting side in an embodiment of the authentication system according to the present invention.
- a random number generation unit 11, a random number selection unit 12, an encryption unit 13, an exclusive OR ( ⁇ ⁇ —OR) unit 14, a transmission unit 15 Is provided.
- Random number selector 12 and outputs the generated random number by the random number generator 11 to select a desired random de Isseki, in this embodiment, outputs two random data and R 2.
- the two random numbers R 1 and R 2 cut out, for example, two sets of 256-bit random number data from the random number generated by the random number generation unit 11 and output them. If configured as a random number generator 2 sets of random de Isseki ing from 11 R t and R 2 is obtained, the random number selector 1 2 is not necessarily required. Here, the random number is preferably a true random number, but two pseudo random numbers are also applicable.
- Encrypting unit 13 assigns two sets of random data Ri outputted from the random number selector 12, and R 2, at least one of a predetermined, for example, a value of the most significant digit is 2 it method at 128 Bidzuto
- the encrypted data y! Encrypted by executing a predetermined encryption algorithm, for example, a one-way function as shown in equations (1) and (2), using the unique value N as a parameter as input. Seeking y XOR exclusive OR obtained by taking ⁇ of 2 Upsilon and, Kasumininsho reduce the number of digits of the exclusive OR value Upsilon obtained in a predetermined way encrypted data Y and transmits the 11 card side is the reception side together with the two sets of random number data R have R 2 as'.
- the authentication encryption data Y thus obtained, and two sets of random number data 1 ⁇ , R 2 are transmitted.
- two different sets of random number data R 01 and R 02 for example, 256 bits, which are generated by the random number generation unit 11 in the initial stage, are output to the encryption unit 13.
- the special value of the authentication requesting side for example, a unique value N0 to which the most significant digit of 128 bits is assigned a binary 1 is input as a parameter.
- This eigenvalue N for example, an ID (authentication identifier) can be used.
- the encryption unit 13 generates the random number data R. , R 02 and the eigenvalue N 0 to execute a function operation as in the above equations (1) and (2). Where eigenvalue N. ⁇ The random number data is assumed to be H 0 t or R 02 . For each of the two sets of random number data R 0 and R 02 , two encrypted data y 01 and y 02 are obtained by the following equations (3) and (4). That is,
- the two encrypted data y 01 and y 02 thus obtained are subjected to the following exclusive OR processing in the exclusive OR unit 14, and the exclusive OR value Y is obtained. And the obtained exclusive OR value Y is obtained.
- the authentication encryption data ⁇ 0 ′ is obtained by reducing the number of digits in a predetermined method. '
- y 01 (EX-0R) y O2 indicates an exclusive OR of y 0 i and y 02 .
- the authentication encrypted data ⁇ 0 'and two sets of random number data R 01 and R 02 are transmitted to the authentication side via the communication line.
- This authentication encrypted data ⁇ 0 ′ is a one-way partner confirmation authentication signal.
- the random number decoder R 0 or R 02 and the unique value N 0 transmitted from the authentication requesting side are passed.
- the unique value N 0 is kept secret and is passed to the authentication side without intervening other media such as handing over, and the data of the random number data R 01 and R 02 is transmitted via the communication line.
- the functions of the above equations (1) and (2) used between the authentication requesting side and the authentication side are determined and are known to each other. And the eigenvalue N. Since the random number data R 0 and R 02 are also known, the authentication side can execute the function operation based on the above equations (3) and (4) on the authentication request side, and the encrypted data y 01 and y 02 can be obtained. Can be
- the exclusive OR value Y Q is obtained by equation (5), and the obtained exclusive OR value Y is obtained.
- 'Since being sent from the authentication requesting side via a communication line, the authentication side, the authentication encryption data Upsilon 0 received' authentication encryption de Isseki Upsilon 0 and, the resulting encrypted data y XOR value Y obtained as a result of exclusive OR of 01 and y02.
- a predetermined number of digits Authentication identification data Y obtained by reducing in the same way as the billing party. 'If it matches, it indicates that the parameters held in secret between the requesting party and the authenticating party match, and it can be authenticated that the requesting party is who he claims to be.
- FIG. 2 shows a system configuration diagram on the authentication side that performs such an operation.
- the authentication encryption data Y 0 ′ and the random number data R 01 and R 02 transmitted via the communication line are received by the reception unit 21, and the decryption unit 22 converts the eigenvalue N 0 , the random number data 1 ⁇ 01 and R 02 into Based on the above equations (3) and (4), the encrypted data y 01 and y 02 are obtained.
- an exclusive OR operation is performed in the exclusive OR unit 23 according to the equation (5), and an exclusive OR value Y is obtained.
- the obtained exclusive OR value Y is obtained.
- the number of digits of is reduced in the same manner as the predetermined authentication requesting side to obtain authentication identification data Y 0 ,.
- the obtained authentication identification data ⁇ 0 ′ is compared by the comparing unit 24 with the authentication encrypted data ⁇ 0 ′ received by the receiving unit 21. As a result of the comparison, if the two values match, it is determined that the user is the authenticator in authentication ⁇ , and if they do not match, it is determined that authentication is not possible and that the user is not the individual.
- This authentication determination result is transmitted from the transmission unit 25 to the authentication requesting side via the communication line.
- the use of either the encrypted data y 01 or y 02 as the unique value ⁇ at the time of the next authentication is a prerequisite between the authentication requesting side and the authentication side.
- the encrypted data y01 is used as the unique value selected on the authentication requesting side at the next authentication.
- the eigenvalue as the initial N value ⁇ 0 is the eigenvalue of the claimant's ID, etc., as described above, for example, a 128-bit eigenvalue with a binary 1 assigned to the first digit.
- the authentication requesting side provides encrypted data y 01 as a unique value and similarly sets two different sets of random number data 1 ⁇ from the random number generation unit 11.
- R 12 similarly to the above (3) and (4), the encrypted data yi l; 5 ⁇ 2 below (6) obtained by equation (7).
- the value of y01 obtained by the equation (3) is the eigenvalue N, where the most significant digit of the data is assigned the binary 1, the N value, and the two sets of tongues obtains an exclusive oR value with the number of de Isseki have R 12 and above (8), and via the communication line as the authentication encryption data Y reduced in a predetermined way the number of digits of the exclusive oR values calculated Sent to the authentication side.
- the random number data R i or R i 2 received by the receiving unit 21 and the same encryption data y 01 as the encrypted data y 01 selected in the authentication request rule are sent to the authentication side (3).
- select y 01 which is more required for expression, and converts the selected cipher Cadet Isseki yen in binary value by using the eigenvalues allocated to the most significant digit is always 1, the decoding section 22 obtaining Oite, equation (6) and the encryption Cadet Isseki and y 12 based on the equation (7) to.
- the resulting encrypted data and y 12 is the exclusive OR unit 23 (8) Haii ⁇ logical OR process by expression is executed, Motomari exclusive OR value, the obtained exclusive Theory sum value The number of digits of Y i is reduced by the same method as the predetermined authentication requesting side, and the authentication identification data is obtained.
- the comparison unit 24 performs the authentication identification data ⁇ ! 3 is compared with the authentication encryption data ⁇ ⁇ transmitted from the authentication requesting side by the receiving unit 21 and received by the authenticating side. As a result of the comparison, if the two values match, the user is determined to be authentic by authentication ⁇ . If the values do not match, it is determined that authentication is not possible and the user is not the user. The result of the authentication judgment is sent from the transmission unit 25 to the authentication requesting side via the communication line. The same authentication processing is executed in the subsequent authentication processing.
- the authentication requesting side likewise, use encryption data y tl obtained during the previous authentication as eigenvalues N 2 used during those authentication. Then, two sets of random number data R 2 i and R 22 are extracted from the random number generator 11 and the encrypted data y 21 and y 22 are converted into the equation (9) in the same manner as in the above equations (3) and (4). And (10).
- the two encrypted data y 2 i and y 22 obtained in this way are subjected to an exclusive OR operation according to the following equation (1) in an exclusive OR unit 14 to obtain an exclusive OR value Y 2 calculated et is, authentication encryption data Upsilon 2 to Shin finally feed reduced in the obtained beads other logical sum value Upsilon predetermined method 2 of the digits, is obtained.
- the two sets of random number data R 21 and R 22 and the exclusive OR value Y 2 obtained by the above equation (11) are used to determine the number of digits by a predetermined method.
- the authentication encryption data ⁇ 2 ′ obtained by the reduction is transmitted to the authentication side via the communication line.
- the authentication side selects on the authentication side obtained by the above equation (6), converts the selected encrypted data t into a binary value, and assigns a unique value N 2 assigned so that the most significant digit is always 1.
- the decoding unit 22 obtains the encrypted data y 21 and y 22 based on the above equation (9) and (1 0) below.
- the obtained encrypted data y 21 and y 22 are subjected to an exclusive OR processing by the exclusive OR unit 23 according to the equation (11), and an exclusive OR value Y 2 is obtained.
- authentication identification de Isseki Upsilon 2 ' is obtained by reducing by exclusive-OR value Upsilon predetermined authentication requesting side and the same method 2 of the digits.
- This authentication determination result is transmitted from the transmission unit 25 to the authentication requesting side via the communication line.
- the above processing is executed between the authentication requesting side and the authentication side for each authentication request.
- the predetermined encryption algorithm assumes that two sets of random values R i and R 2 are known to two identical functions, and that the most significant digit of the binary value is always 1 or more in one or more hexadecimal digits.
- the required calculation is defined as the reverse calculation.
- the calculation of N ′ to Y ′ by reducing the number of binary digits of the obtained exclusive logical value Y has a one-way irreversibility relationship, and in the forward direction, although it is possible to calculate, the reverse direction cannot be calculated, and even if an attempt is made to obtain the fixed value N by a brute force calculation method, a plurality of values are obtained. It is impossible to confirm.
- R 0 1 to: (n -D i is a random number, so y 0 1 to y ( n- u i
- the signal is also a random number, and the number of digits of N fluctuates, that is, the number of digits of N decreases when the number of digits of N decreases by accidental occurrence of 0 in the upper digit of the numerical value of y.
- the number also decreases accordingly, and the number of digits of N and y never returns to the original number of digits, as a result, on both the authentication requesting side and the authentication side, the exclusive logical value Y, the authentication encryption data ⁇ '
- the ⁇ have y l Y, Upsilon, to keep the number of digits to be constant y binary Numbers from the top of the second following digit y 0 1 ⁇ y (n _ u i assigned to always be 1 to the most significant digit y 0 ⁇ y (n of - the change in the value of i) i Coincide with the most significant digit of the binary value of N i to N r Assigns the value of y to the value of N in accordance with the change in the value of y by assigning the value following the value.
- the description of the above-described embodiment relates to a general authentication process, but it can be easily understood that the embodiment can be used for the authentication process of the portable telephone.
- the N value to be set first the special unique information ID of the holder of the mobile phone may be used.
- an exclusive OR value Y obtained by executing an exclusive OR process according to the expression (5) using the encrypted data y 0 1 and y 0 2 obtained by the expression or the function operation of the expression (4).
- the authentication encrypted data ⁇ 0 'obtained by reducing the number of digits by a predetermined method can secure one-way irreversibility.
- a unique value such as the ID of the claimant ⁇ .
- the secret is confidentially and personally handed over to the authentication side, and after the next authentication, it is decided that the encrypted data (for example, y 0 1 ) obtained during the previous authentication process decided in advance will be used.
- the data sent from the to the authentication side include the authentication encryption data Y 0 ′ and the two types of random number data R 01 and R. Since there is only 2 and these data themselves do not have an algorithmic relationship, it is extremely difficult to "spoof" even if the data is eavesdropped from a communication line. That is, the eigenvalue N is the initial eigenvalue N. (Confidential information such as the ID of the claimant) is a cascade-related data that continues from the previous record. Only the unique value N used in the immediately preceding authentication process is recorded without recording and managing past communication history. Just managing it can prevent "spoofing" by others.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Description
Claims
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2006511609A JPWO2005093594A1 (ja) | 2004-03-26 | 2005-03-25 | 認証システム |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004091274 | 2004-03-26 | ||
JP2004-091274 | 2004-03-26 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2005093594A1 true WO2005093594A1 (ja) | 2005-10-06 |
Family
ID=34991558
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/006447 WO2005093594A1 (ja) | 2004-03-26 | 2005-03-25 | 認証システム |
Country Status (3)
Country | Link |
---|---|
US (1) | US20050216737A1 (ja) |
JP (1) | JPWO2005093594A1 (ja) |
WO (1) | WO2005093594A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006041714A (ja) * | 2004-07-23 | 2006-02-09 | Sangikyou:Kk | 認証と認証応答システム |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4436294B2 (ja) * | 2005-08-26 | 2010-03-24 | 株式会社トリニティーセキュリティーシステムズ | 認証処理方法、認証処理プログラム、記録媒体および認証処理装置 |
CN113726742B (zh) * | 2021-07-30 | 2023-07-21 | 昆山丘钛微电子科技股份有限公司 | 测试认证方法、装置、电子设备及介质 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000148689A (ja) * | 1998-11-10 | 2000-05-30 | Nec Corp | ネットワークシステムのユーザ認証方法 |
JP2000513115A (ja) * | 1997-04-14 | 2000-10-03 | シーメンス アクチエンゲゼルシヤフト | 複数のデータセグメントに群分けされたデジタルデータに対するチェックサムの形成および検査方法、並びに形成および検査装置 |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5694471A (en) * | 1994-08-03 | 1997-12-02 | V-One Corporation | Counterfeit-proof identification card |
US5517567A (en) * | 1994-08-23 | 1996-05-14 | Daq Electronics Inc. | Key distribution system |
US6542610B2 (en) * | 1997-01-30 | 2003-04-01 | Intel Corporation | Content protection for digital transmission systems |
EP1302022A2 (en) * | 2000-03-31 | 2003-04-16 | VDG Inc. | Authentication method and schemes for data integrity protection |
-
2005
- 2005-03-25 WO PCT/JP2005/006447 patent/WO2005093594A1/ja active Application Filing
- 2005-03-25 JP JP2006511609A patent/JPWO2005093594A1/ja active Pending
- 2005-03-25 US US11/088,931 patent/US20050216737A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2000513115A (ja) * | 1997-04-14 | 2000-10-03 | シーメンス アクチエンゲゼルシヤフト | 複数のデータセグメントに群分けされたデジタルデータに対するチェックサムの形成および検査方法、並びに形成および検査装置 |
JP2000148689A (ja) * | 1998-11-10 | 2000-05-30 | Nec Corp | ネットワークシステムのユーザ認証方法 |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2006041714A (ja) * | 2004-07-23 | 2006-02-09 | Sangikyou:Kk | 認証と認証応答システム |
Also Published As
Publication number | Publication date |
---|---|
US20050216737A1 (en) | 2005-09-29 |
JPWO2005093594A1 (ja) | 2008-02-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10609014B2 (en) | Un-password: risk aware end-to-end multi-factor authentication via dynamic pairing | |
CN111756533B (zh) | 用于安全密码生成的系统、方法和存储介质 | |
JP4680505B2 (ja) | 簡易音声認証方法および装置 | |
JP4885853B2 (ja) | 更新可能かつプライベートなバイオメトリクス | |
US20060195402A1 (en) | Secure data transmission using undiscoverable or black data | |
JP2002532985A (ja) | 改良された加入者認証プロトコル | |
JP2008503966A (ja) | 匿名証明書呈示に関する匿名証明書 | |
JP2004513420A (ja) | レベル化された機密保護があるアクセス制御のための方法及び装置 | |
TWI776404B (zh) | 生物支付設備的認證方法、裝置、電腦設備和儲存媒體 | |
TWI746229B (zh) | 基於區塊鏈的多節點認證方法及裝置 | |
US20110162053A1 (en) | Service assisted secret provisioning | |
US20210167963A1 (en) | Decentralised Authentication | |
EP1079565A2 (en) | Method of securely establishing a secure communication link via an unsecured communication network | |
CN113225302A (zh) | 一种基于代理重加密的数据共享系统及方法 | |
US20180287796A1 (en) | Security key hopping | |
WO2005093594A1 (ja) | 認証システム | |
JP2003152716A (ja) | 可変認証情報を用いる資格認証方法 | |
JP5275468B2 (ja) | サービスアクセスの制限を可能にする方法 | |
CN113990399A (zh) | 保护隐私安全的基因数据分享方法和装置 | |
JP2006041714A (ja) | 認証と認証応答システム | |
US20230143356A1 (en) | Method and system for performing cryptocurrency asset transaction | |
CN114726544B (zh) | 获取数字证书的方法以及系统 | |
Abinaya | Secure Banking Transaction using Encryption Based Negative Password Scheme | |
CN115941283A (zh) | 一种基于z算法实例扩展属性的离线z算法资源异步更新方法 | |
TWI392310B (zh) | 電子晶片的單次性密碼設定及認證方法 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2006511609 Country of ref document: JP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
122 | Ep: pct application non-entry in european phase |