WO2005098639A1 - ログインシステム及び方法 - Google Patents
ログインシステム及び方法 Download PDFInfo
- Publication number
- WO2005098639A1 WO2005098639A1 PCT/JP2005/005384 JP2005005384W WO2005098639A1 WO 2005098639 A1 WO2005098639 A1 WO 2005098639A1 JP 2005005384 W JP2005005384 W JP 2005005384W WO 2005098639 A1 WO2005098639 A1 WO 2005098639A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- service
- right data
- identifier
- user terminal
- storage medium
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
Definitions
- the present invention relates to a log-in system and method for logging in to a service provider apparatus from a user terminal, and particularly to a log-in system that can be easily applied to corporate members and prevents unauthorized use even if authentication information is copied. Login system and method.
- such a form is not limited to the case where the user is an individual.
- the form of paying the membership fee is known according to the number of employees who receive the service among all the employees.
- a first aspect (aspect) of the present invention is a login system for logging in to a service terminal apparatus from a user terminal card that detachably holds a secure storage medium storing a medium identifier.
- the secure storage medium stores a key area for storing a service encryption key issued based on the medium identifier, and encryption service right data obtained by encrypting service right data with the service encryption key.
- a data area for reading the medium identifier from the secure storage medium at the time of the login, and the user terminal transmits the read medium identifier and the login request to the service.
- a device configured to transmit to the service provider device, and based on the transmission, the service encryption key and the encryption service.
- a device configured to read the rights data from the secure storage medium card, and a device configured to decrypt the encrypted data based on the service encryption key.
- a device configured to transmit the decrypted service right data to the service provider device, and a device configured to terminate the login when the transmission permits the access from the service provider device.
- the service provider device includes, for each medium identifier, a storage device in which service right data is stored, and a storage device in the storage device based on the medium identifier and the login request received from the user terminal.
- a device configured to read the corresponding service right data of the user terminal; Upon receiving the data, and configured verification device so as to match the service right data read said this service right data, if they match by said match, based on the service right data, the Interview A device configured to permit access to the terminal.
- the unauthorized person since the log-in is performed using the service right data for each medium identifier of the secure storage medium, unless the unauthorized person uses the secure storage medium, the unauthorized person can use the authentication information. You cannot log in even if you copy Also, if the secure storage medium is distributed to each individual belonging to a corporation, it can be applied to corporate users as well as individual users. That is, it is possible to provide a login system that can be easily applied to corporate members and that can prevent unauthorized use even if the authentication information is copied.
- a second aspect of the present invention is a login system for logging in to a service terminal apparatus which detachably holds a secure storage medium storing a medium identifier, wherein the secure storage medium is provided.
- the user terminal transmits, to the service provider device, the device configured to read the medium identifier also at the time of the login, the secure storage medium, and the read medium identifier and the login request. And the transmission of the encrypted timed login information and service identification information from the service provider apparatus.
- a device configured to receive the service encryption key and the encryption function designation data from the secure storage medium based on the service identifier. Then, a device configured to decrypt the encrypted function specifying data and the encrypted timed login information, and the decrypted timed login information into a function obtained by decrypting the function specified data are substituted.
- a device configured to calculate a first function value, a device configured to transmit the first function value to the service provider device, and an access from the service provider device by the transmission. And a device configured to terminate the login when permitted.
- a storage device in which a service encryption key and function designation data corresponding to the service identifier are stored in association with each other, and when a medium identifier and a login request are received from the user terminal, Service identifier, service encryption key and function corresponding to medium identifier Substitute timed login information related to the time at which the login request was received into a device configured to read the designated data and a function obtained from the designated function data, and calculate a second function value A device configured to encrypt the timed login information using the service encryption key, the encrypted timed login information obtained by the encryption, and the read service identifier. And a first function value received from the user terminal when the first function value is received from the user terminal and a device configured to return the first function value to the user terminal. And a device configured to permit access of the user terminal when the two match by the comparison.
- login is performed using the first and second function values calculated also for the function specification data.
- the secure storage medium is distributed to each individual belonging to a corporation, it can be applied to corporation users as well as individual users. In other words, it is possible to provide a login system that can be easily applied to corporate members and that can prevent unauthorized use even if authentication information is copied.
- Each aspect of the present invention is not limited to the power of expressing an aggregate of each device as a "system”.
- the present invention is not limited to this.
- a "device”, “system”, “ Needless to say, it may be expressed as “method”, “computer-readable storage medium” or “program”.
- FIG. 1 is a schematic diagram showing a configuration of a login system according to a first embodiment of the present invention.
- FIG. 2 is a schematic diagram showing a configuration of a service DB table according to the embodiment.
- FIG. 3 is a schematic diagram showing a configuration of a rights DB table in the embodiment.
- FIG. 4 is a schematic diagram showing a configuration of both tables in the embodiment.
- FIG. 5 is a schematic diagram showing a configuration of a personal identification number table in the embodiment.
- FIG. 6 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 7 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 8 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 9 is a schematic diagram for explaining an operation in the embodiment.
- FIG. 10 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 11 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 12 is a schematic diagram for explaining an operation in the embodiment.
- FIG. 13 is a schematic diagram for explaining the operation in the embodiment.
- FIG. 14 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 15 is a schematic diagram showing a configuration of a secure storage medium applied to a login system according to a second embodiment of the present invention.
- FIG. 16 is a schematic diagram showing a modified example of the secure storage medium in the embodiment.
- FIG. 17 is a schematic diagram showing a modified example of the secure storage medium in the embodiment.
- FIG. 18 is a schematic diagram showing a configuration of a service DB table in the embodiment.
- FIG. 19 is a schematic diagram showing a modified example of the service DB table in the embodiment.
- FIG. 20 is a schematic diagram showing a modified example of the service DB table in the embodiment.
- FIG. 21 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 22 is a schematic diagram showing a configuration of a secure storage medium applied to a login system according to a third embodiment of the present invention.
- FIG. 23 is a schematic diagram showing a configuration of a rights DB table in the embodiment.
- FIG. 24 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 25 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 26 is a sequence diagram for explaining an operation in the embodiment.
- FIG. 27 is a schematic diagram showing a configuration of a login system according to a fourth embodiment of the present invention.
- FIG. 28 is a schematic diagram showing a configuration of a service DB table in the embodiment.
- FIG. 29 is a sequence diagram for explaining the operation in the embodiment.
- FIG. 30 is a schematic diagram showing a first configuration of a service DB table in a modification of the embodiment.
- FIG. 31 is a schematic diagram showing a second configuration of the service DB table in a modification of the embodiment.
- FIG. 32 is a schematic diagram showing a third configuration of the service DB table in a modification of the embodiment.
- FIG. 33 is a sequence diagram for explaining an operation in a modification of the embodiment.
- FIG. 34 is a sequence diagram for explaining an operation in another modification of the embodiment.
- FIG. 1 is a schematic diagram illustrating a configuration of a login system according to a first embodiment of the present invention
- FIGS. 2 to 5 are schematic diagrams illustrating configurations of respective tables applied to the system.
- This login system includes a secure storage medium SD, a user terminal 10, a license center device 20, and a service provider device 30.
- each of the devices SD, 10, 20, and 30 is composed of a plurality of devices for realizing each function of the device.
- Each device may be realized by a hardware configuration or by a combination of a hardware configuration and a software configuration!
- the secure storage medium SD has a medium identifier SD-ID01 unique to the medium. When data issued (encrypted) based on the medium identifier SD-ID01 is read out and Z-written, It is a unique storage medium.
- Secure storage medium SD for example, SD memory card can be used And includes a system area 1, a protection area 2, a user area 3, and a decryption unit 4.
- the system area 1 is an area where only the interface unit 11 of the legitimate user terminal 10 can read, and stores a medium identifier SD—ID01 that is identification information unique to the medium.
- the protected area (key area) 2 is an area in which ordinary users cannot directly read data, and stores service encryption keys kl1, kl2, and klx corresponding to service identifiers. It can be accessed from the authorized user terminal 10 through mutual authentication by the part 4.
- the user area (data area) 3 is an area in which data can be read directly by ordinary users.
- the notation En c (A, B) means encrypted data B obtained by encrypting data B with key A.
- the notation of klx is composed of k indicating a service encryption key, 1 indicating SD—ID01, and X indicating a service IDx.
- a service encryption key uniquely determined from a medium identifier and a service identifier is defined. Is shown.
- the notation of pxl is composed of p indicating service right data, X indicating service IDx, and 1 indicating SD-ID01, and service right data uniquely determined from the medium identifier and the service identifier.
- the service right data pl is information that is updated periodically, and includes at least scheduled update information (eg, scheduled update date or expiration date)!
- the B-sound decoding unit 4 controls access to the protection area 2 from the user terminal 10 as an external device, and encrypts the read Z write data flowing between them with the session key Ks. It is.
- the decryption unit 4 performs a mutual authentication with the user terminal 10 to share the session key Ks for access control, and a function to protect the user terminal 10 when the mutual authentication is successful. And a function that makes it accessible.
- the secure storage medium SD as described above may be either dedicated to a specific service provider or shared for a plurality of service providers.
- the service encryption key kl l, k21, ... corresponding to the service provider should be stored in the protected area 2.
- the user terminal 10 has a normal personal computer function.
- the user terminal 10 includes a login software installed in the computer of the user terminal 10 in advance and a CPU (not shown) operating with this software. It consists of one function and a memory for temporary storage of processing results.
- the user terminal 10 includes an interface unit 11, an initialization unit 12, a login unit 13, and a service use unit 14.
- the interface unit 11 is an interface device between the secure storage medium SD and each of the units 12 and 13, and for example, a card reader / writer can be used.
- a card reader / writer can be used.
- the description that the interface unit 11 is interposed in the communication between the secure storage medium SD and each of the units 12 and 13 will be omitted.
- the initialization unit 12 is for performing initialization processing of the secure storage medium SD. For example, as shown in FIG. 6 described later, the following functions (fl2-l) — (fl2-3) Have.
- Secure storage medium SD function is also a function to read the medium identifier SD-ID01.
- (112-3) Function interposed between the license center device 20 and the secure storage medium SD to enable communication between them.
- the login unit 13 is for executing a rights data distribution process and a login process after the initialization process by the initialization unit 12 is completed.
- the login unit 13 has the following functions (fl3-l)-(113-2) as shown in FIG. 10 or FIG. 11 described later.
- (113-1) A function of reading the medium identifier SD-ID01 from the secure storage medium SD and transmitting the medium identifier SD-ID01 to the license center apparatus 20 or the service provider apparatus 30.
- the login section 13 has the following functions (fl3-3) — (f! 3-8) as shown in FIG. 14 described later.
- (Fl3-3) A function of reading the medium identifier SD-ID01 from the secure storage medium SD and transmitting the medium identifier SD-ID01 and the login request to the service provider apparatus 30.
- the encrypted service right data Enc (k 11, pi 1) is decrypted based on the decrypted service encryption key kl 1, and the obtained service right data pi 1 is serviced. Function to send to the equipment 30.
- the service using unit 14 is for using the service provided by the service provider device 30 after the login process by the login unit 13 is completed.
- the license center device 20 includes a storage device 21 and a license management unit 22.
- the storage device 21 stores the service DB table T1 and the rights DB table T2 so that they can be read from and written to the license management unit 22.
- service encryption keys kl1, kl2,... Corresponding to the service identifier ID are stored in association with each other for each medium identifier SD—ID1, ID2,. I have.
- the notation “kux” is composed of k indicating the service encryption key, u indicating SD—IDu, and X indicating the service IDx.
- the service encryption is uniquely determined by the medium identifier and the service identifier. Show the key.
- the rights DB table T2 includes a service encryption key kl l, kl2,... And periodically updated service right data pi 1, p21,. It is remembered.
- the service right data pi 2, p22,... For the next period is transmitted from the license center device 20 or the service provider device 30 before the currently used service right data pi 1, p21,. It will be delivered. This distribution is, for example, This is executed by the license management unit 22 or the service management unit 32.
- the service right data pl l,... May not be updated periodically, for example, for a limited time service.
- both tables Tl and T2 can also function as one table, and as shown in FIG. 4, for each medium identifier SD-ID, a service encryption key kl corresponding to the service identifier ID l, kl2,..., and service rights IJ data pl l, ⁇ 21
- the license management unit 22 executes at least an initialization process, and executes a service right data distribution process as necessary.
- the license management unit 22 has, for example, the following functions (122-1) to (122-3) regarding the initialization processing.
- (122-2) A function of delivering the medium identifier SD—ID01 and the service encryption key kl1 to the service provider device 30.
- the service provider device 30 includes a storage device 31, a service management unit 32, an access control unit 33, and a service providing unit 34.
- the storage device 31 stores the service DB table T1, the right DB table T2, and the personal identification number table T3 from the service management unit 32 and the access control unit 33 in a readable and writable manner.
- the service DB table T1 and the rights DB table T2 are the same as those described above.
- the personal identification number table T3 stores a user ID and a personal identification number for each medium identifier SD-ID.
- This password number table T3 is for preventing unauthorized use of the secure storage medium SD by performing normal password authentication even if the secure storage medium SD is lost, for example. However, even if the password number table T3 is omitted, the service right data pl l,... Are updated regularly, so that the loss when the secure storage medium SD is lost can be minimized.
- the service management unit 32 performs at least initialization processing, and if necessary, This executes data distribution processing. In the case of the initialization process, the service management unit 32 transmits the medium identifier received from the license center device 20 as shown in FIG. 6 or FIG.
- SD the service in the storage device 31 by associating the ID01 and the service encryption key kl1 with each other
- the service right data p11 is stored in the right DB table T2 of the storage device 31.
- the service right data pi1 is encrypted by the encryption key kl1 in the storage device 31, and the obtained encrypted service right data is obtained.
- the access control unit 33 executes a login process after the completion of the initialization process or the service right data distribution process by the service management unit 32, and executes an access control to the user terminal 10 according to the result. It is.
- the access control unit 33 has the following functions (f33-l) — (f33-4) as shown in FIG.
- the service providing unit 34 provides a predetermined service to the user terminal 10 to which access is permitted by the access control unit 33.
- the portable secure storage medium SD is mounted on the interface unit 11 of the user terminal 10 by the operator.
- the user terminal 10 executes an initialization process according to an operation of the operator. Specifically, as shown in FIG. 6, the user terminal 10 also reads the medium identifier SD-ID01 in the secure storage medium SD (ST1) and transmits the medium identifier SD-ID01 to the license center device 20 (ST2). ).
- the license management unit 22 sends the received medium identifier SD
- a service encryption key kll is generated corresponding to the service identifier, and written to the storage device 21.
- the license management unit 22 distributes the medium identifier SD-ID01 and the service encryption key k11 to the service provider device 30 by a secure communication technique such as a VPN (Virtual Private Network) (ST3).
- the service provider device 30 associates the medium identifier SD-ID01 and the service encryption key kl1 with each other and stores them in the service DB table T1 in the storage device 31.
- the license center device 20 distributes the service encryption key kl1 to the user terminal 10 by a secure communication technique such as SSL (Secure Sockets Layer) (ST4).
- SSL Secure Sockets Layer
- the user terminal 10 stores the delivered service encryption key kl 1 in the protection area 2 of the secure storage medium SD via the decryption unit 4 (ST5).
- the initialization process may include a process of registering the user ID and the password in the password table T3 of the service provider device 30 if necessary.
- the initialization process is not limited to the case where the secure storage medium SD prepared by the user is initialized as shown in FIG. 6, but is initialized by the license center L as shown in FIG. 7 or FIG.
- the secure storage medium SD may be delivered to the user's home U.
- Fig. 7 shows the case of delivery to user home U via service provider P
- Fig. 8 shows the case of delivery directly to user home U.
- the license center L serves the secure storage medium SD after initialization.
- Deliver to supplier P (ST11).
- the license center L separately sends the table data of the medium identifier SD-ID01 and the service encryption key kl1 to the service provider P.
- the service provider P reads the sent table data card medium identifier SD-ID01 and the service encryption key kl l and writes them in the respective tables Tl and T2 of the storage device 31, and then stores the secure storage medium SD in the user home.
- the license center L transmits the medium identifier SD-ID01 and the service encryption key kll obtained by initialization to the service provider device 30 by the license center device 20 (STla).
- the service provider device 30 writes the medium identifier SD-ID01 and the service encryption key kll in each table Tl, T2 of the storage device 31.
- the license center L delivers the initialized secure storage medium SD to the user home U (ST 12a).
- the initialization processing is completed in the same manner.
- the state of each device SD, 20, 30 when the initialization is completed is as shown in FIG. That is, the security storage medium SD has a medium identifier SD-ID01 in the system area 1 at the time of manufacturing, and the service encryption key kll is stored in the protection area 2 by the initialization processing.
- the license center device 20 writes the medium identifier SD-ID01 of the secure storage medium SD and the service encryption key kl 1 in the service DB table T 1 in the storage device 21.
- the service provider device 30 writes the medium identifier SD—ID01 of the secure storage medium SD and the service encryption key kl 1 in the service DB table T1 in the storage device 31! /, And, if necessary, a password. Table T3 is written.
- each device 20, 30 has the service encryption key kl 1 for the secure storage medium SD! /, But has the service right data pi 1! / ⁇ !, .
- the distribution process of the service right data will be described.
- the secure storage medium SD is mounted on the user terminal 10.
- the secure storage medium SD reads the medium identifier SD—ID01 by the operation of the operator (ST21) and transmits the medium identifier SD—ID01 to the license center device 20 as shown in FIG. (ST22).
- the license management unit 22 issues service right data pi1 corresponding to the service identifier for each received medium identifier SD-ID01 (ST23), and writes the service right data pi1 to the storage device 21.
- the license management unit 22 encrypts the service right data pi 1 using the medium identifier SD-ID01 and the service encryption key kl 1 corresponding to the service identifier.
- Step ST24 may use encrypted communication such as VPN or SSL from the viewpoint of ensuring security. This is the same in steps ST24f and ST24 'described later.
- the license center device 20 distributes the encrypted service right data Enc (kl l, pl l) to the user terminal 10 (ST25).
- the user terminal 10 writes the encrypted service right data Enc (kl l, pl l) in the user data area 3 of the secure storage medium SD (ST26).
- the distribution processing of the right data is completed.
- the distribution processing of the right data is not limited to the case where the license center device 20 issues the service right data pl l as shown in FIG. 10, and the service provider device 30 transmits the right data as shown in FIG. l may be issued in the form.
- step ST21 the user terminal 10 transmits the medium identifier SD—ID01 to the service provider device 30 (ST22a).
- the service management unit 32 issues service right data pl l corresponding to the service identifier for each received medium identifier SD-ID01 (ST23a), and writes it in the storage device 31. . Subsequently, the service management unit 32 encrypts the service right data pi1 using the medium identifier SD-ID01 and the service encryption key kl1 corresponding to the service identifier.
- the service management section 32 distributes the encrypted service right data Enc (kll, pll) obtained by the encryption to the user terminal 10 (ST25a).
- the user terminal 10 writes the encrypted service right data Enc (kll, pll) into the user data area 3 of the secure storage medium SD (ST26).
- the distribution processing of the right data is completed.
- the state of the license center device 20 after distribution of the right data is divided as shown in FIG. 12 or FIG. 13 depending on whether or not the license data is issued. That is, when issuing the service right data, the license center device 20 stores the service right data pi 1 in the storage device 21 in association with the service encryption key kl 1 of the secure storage medium SD as shown in FIG. Rights are written in the DB table T2.
- the service right data p11 is written in the right DB table T2 as shown in FIG.
- the secure storage medium SD and the service provider device 30 are in the same state in both FIG. 12 and FIG. That is, in the secure storage medium SD, the encrypted service right data En c (kll, p11) is stored in the user data area 3 by the right data distribution process in addition to the initialization completed state. In the service provider device 30, the service encryption key kl1 and the service right data pi1 of the secure storage medium SD are written in the right DB table T2 in the storage device 31!
- the user terminal 10 reads out the secure storage medium SD force medium identifier SD-ID01 (ST31) and logs in the medium identifier SD-ID01 and the login request. Is transmitted to the service provider device 30 (ST32).
- the service provider device 30 When the service provider device 30 receives the medium identifier SD-ID01 and the login request, the service provider device 30 refers to the tables Tl and T2 of the storage device 31, and refers to the service identifier ID1 and the service corresponding to the medium identifier SD-ID01. Read the right data pi1. Since the service right data pi1 is used for collation described later, it may be read out at the time of collation.
- the service provider device 30 After the completion, the service provider device 30 returns the service identifier ID1 to the user terminal 10 (ST33).
- the service identifier ID corresponding to the medium identifier SD-ID01 is not limited to one.
- the same service provider will receive multiple services.
- a plurality of search services such as an English document search service, a domestic academic society search service, and a patent publication search service are presented from the same service provider device 30.
- the charging system of each search service may be different.
- the service provider device 30 may return a service identifier corresponding to the clicked icon to the user terminal 10 as a response. Even if the difference is V, here, the case where one service identifier ID1 is returned from the beginning is described as an example.
- the user terminal 10 inputs the service identifier ID1 to the secure storage medium SD (ST34).
- the service identifier ID1 may be stored in the memory of the user terminal 10 without being input to the secure storage medium SD.
- the ST service identifier ID 1 is input to the secure storage medium SD.
- the fact that the service identifier ID may be input to the secure storage medium SD or may be stored in the memory of the user terminal 10 is the same in the following embodiments.
- the user terminal 10 shares the session key Ks with the secure storage medium SD (ST35).
- the secure storage medium SD encrypts the service encryption key kl1 corresponding to the service identifier ID1 with the session key Ks (ST36), and obtains an encrypted service encryption key Enc (Ks, kl1). Then, the secure storage medium SD transmits the encryption service encryption key Enc (Ks, kl l) and the encrypted service right data Enc (kl 1, pi 1) in the user data area 3 to the user terminal. Send to 10 (ST37).
- the user terminal 10 When the user terminal 10 also reads the encrypted service encryption key and the encrypted service right data from the secure storage medium SD, the user terminal 10 decrypts the encrypted service encryption key Enc (Ks, kll) using the session key Ks. (ST38).
- the user terminal 10 decrypts the encrypted service right data Enc (kl l, pi 1) based on the decrypted service encryption key kl 1 (ST39).
- Service rights data pi 1 is transmitted to the service provider device 30 (ST40).
- the service provider device 30 checks the service right data pi 1 with the corresponding latest service right data pi 1 in the storage device 31, and when they match, updates the service right data pi 1. Based on the schedule information, it is determined whether or not the service right data pi 1 is valid (ST41). The service provider device 30 notifies the user terminal 10 of the denial of the access when the result of the determination indicates invalid, and notifies the user terminal 10 of the access permission when the result of the determination indicates valid (ST42).
- the user terminal 10 Upon receiving this access permission or access denial notification, the user terminal 10 ends the login.
- the user terminal 10 when the user terminal 10 receives the access permission, the service is provided from the service provider device 30 by the operation of the operator. Further, when the user terminal 10 receives the access denial, the user terminal 10 may retry the login process or execute the inquiry process to the service provider device 30 or the license center device 20 by the operation of the operator.
- the service right data p11 is used for each medium identifier SD—ID01 of the secure storage medium SD and login is performed, an unauthorized person can log in the secure storage medium SD. Unless you use the password, you cannot log in even if an unauthorized person copies the authentication information. Also, if the secure storage medium SD is distributed to each individual belonging to a corporation, it can be applied to corporate users as well as individual users. That is, it is possible to provide a login system and a method that can be easily applied to corporate members and that can prevent unauthorized use even if the authentication information is copied.
- steps ST32 to ST34 are omitted in the log-in process, and in step ST40, the service right data pi 1 and the medium identifier SD—ID are transmitted to the service provider device 30.
- the effect of the present embodiment can be obtained even if the configuration is changed to the configuration in which the data is transmitted.
- the latest service right data pi 1 corresponding to the medium identifier SD-ID is read after step ST40.
- step ST40 is read as step ST40a-5 (FIGS. 21 and 33) or ST40f-3 (FIGS. 26 and 34).
- FIGS. 15 to 17 are schematic diagrams showing a configuration of a secure storage medium applied to the login system according to the second embodiment of the present invention or a modified example thereof, and FIGS. 18 to 20 are applied to the same system.
- FIG. 9 is a schematic diagram showing a configuration of a service DB table to be executed or a modification thereof.
- FIGS. 15 to 20 the same parts as those in the above-described drawings are denoted by the same reference numerals, and detailed description thereof will be omitted. Here, different parts will be mainly described. In each of the following embodiments, the same description will not be repeated.
- the present embodiment is a modification of the first embodiment, and relates to a step ST40 of transmitting the right data pi 1 at the time of login processing, for encrypting the right data pi 1 and transmitting the encrypted right data pi 1.
- the transmission key kr is shared by the secure storage medium SD and the service provider device 30.
- the secure storage medium SD stores the transmission key kl lr, kr or kl bar in the protected area as described in the following (1)-(3). (Key area) 2 Note that the “kl l bar” corresponds to a horizontal line above kl l in FIG.
- Each service encryption key kl l has a transmission key kl lr.
- Each service encryption key kl 1 has a transmission key kl 1 bar obtained by inverting the bit of kl 1
- the service DB tables Tlra, Tlrb, and Tlrc store the transmission key kl lr, kr, or kl l in the same manner as (1)-(3) above. It has a bar.
- the user terminal 10 replaces the above-described function of transmitting the decrypted service right data pi 1 to the service provider device 30 with the following functions (fl 0-1) — (fl 0- 3) is provided.
- the service provider device 30 has the following function (f30-l) — ( ⁇ 2) instead of the above-mentioned function for collation.
- steps ST31 to ST39 are executed as described above. That is, the user terminal 10 receives the service ID from the service provider device 30 by the login request. Further, the user terminal 10 shares the session key Ks with the secure storage medium SD, and decrypts and obtains the service encryption key kl 1 and the service right data pi 1!
- the secure storage medium SD encrypts the transmission key kl lr corresponding to the service encryption key kl l with the session key Ks (ST40a-1), and obtains the obtained encrypted transmission key Enc (Ks, kl lr) is sent to the user terminal 10 (ST40a-2).
- the user terminal 10 decrypts the read encryption key for transmission Enc (Ks, kl lr) with the session key Ks (ST40a-3), and uses the obtained transmission key kl lr for the service right data pi 1 Is encrypted (ST40a-4).
- the user terminal 10 transmits the encrypted right service data obtained by the encrypted
- Enc (kl lr, pl l) is transmitted to the service provider device 30 (ST40a-5).
- the service provider device 30 decrypts the received encrypted service right data with the shared transmission key kl lr (ST40a-6), and stores the obtained service right data pl l in the storage device 3.
- the service provider apparatus 30 executes steps ST41 to ST42.
- FIG. 22 is a schematic diagram showing the configuration of a secure storage medium applied to the login system according to the third embodiment of the present invention
- FIG. 23 is a schematic diagram showing the configuration of a rights DB table applied to the system. is there.
- the present embodiment is a modification of the first embodiment, and a function of login time information (timed login information) t (eg, FA (t)) instead of the service right data pi 1 described above.
- timed login information timed login information
- FA (t) is a function (password function) for calculating the password for service ID1.
- FB (t) is a password function for service ID2.
- any password function of the same or different format can be used for each service identifier.
- the nosword function FA (t) will be described as a representative example.
- the password function FA (t) is a function whose format is determined in advance for each service identifier.
- a second-order polynomial with a low order is used. are doing.
- variable t is login time information (year / month / day time data), but is not necessarily limited to time information, and may be a random number, for example.
- Such a password function FA (t) has coefficients a, a
- each secure storage medium SD and service identifier ID 1 and constant a
- the function specification data ⁇ a "3 k, ⁇ b-H ... is stored as the service rights data pll, pl2, ... in the rights DB table T2.
- the user terminal 10 and each of the devices 20, 30 replace the service right data ⁇ 11, pi2,.
- the login unit 13 of the user terminal 10 has the following functions (fl3-10)-(fl3-15).
- the access control unit 33 of the service provider device 30 has the following functions (133-10)-(133-14).
- the login time information tO is encrypted using the service encryption key kl 1, and the obtained encrypted login time Enc (kl l, tO) and the read service identifier ID 1 are transmitted to the user terminal 10.
- ( ⁇ 3-13) Function to compare function value FA (tO) received from user terminal 10 with function value FA (tO) calculated at the time of receiving a login request.
- the user terminal 10 transmits the medium identifier SD-ID01 read from the secure storage medium SD card to the license center device 20 by the operation of the operator as shown in FIG. 24 (ST21-ST22). .
- the license management unit 22 sends the received medium identifier SD
- function designation data a, a, a for designating the function FA (t) corresponding to the service identifier are issued (ST23f), and written into the storage device 21.
- the license center device 20 After exercising, the license center device 20 transmits the function specification data (a-3a) before this encryption.
- the license center device 20 transmits the encryption key specification data Enc (kll, (a ' ⁇ ⁇
- the user terminal 10 writes the encryption function specification data Enc (kll, (a ⁇ a>) in the user data area 3 of the secure storage medium SD.
- the updated function specification data (a '"a") may be used.
- the user terminal 10 transmits the medium identifier SD—ID01 read from the secure storage medium SD and the login request to the service provider device 30 as described above. (ST31-ST32).
- the service provider device 30 When the service provider device 30 receives the medium identifier SD—ID01 and the login request, the service provider device 30 refers to each of the tables Tl and T2 of the storage device 31 to provide the service identifier ID1 and the service cipher corresponding to the medium identifier SD—ID01. Key kl l and function specification data ⁇ a
- the service provider device 30 obtains the function-related data ⁇ a
- the function value FA (tO) is calculated by substituting the login time information tO related to the time at which the login request was received into the number FA (t).
- the service provider apparatus 30 encrypts the login time information tO using the service encryption key kl1, obtains the obtained encrypted login time Enc (kl l, tO), and reads it out.
- the service identifier ID1 is returned to the user terminal 10 (ST33f).
- the user terminal 10 inputs the service identifier ID1 to the secure storage medium SD (ST34) and shares the session key Ks with the secure storage medium SD (ST35).
- the secure storage medium SD encrypts the service encryption key kll (ST36), as described above, to obtain an encryption service encryption key Enc (Ks, kll). After that, the secure storage medium SD stores the encryption service encryption key Enc (Ks, kl 1) and the encryption function designation data Enc (kl l, (a ⁇ a) in the user data area 3.
- the user terminal 10 When the user terminal 10 reads the encrypted service encryption key and the encryption function specification data from the secure storage medium SD, the user terminal 10 decrypts the encrypted service encryption key Enc (Ks, kll) using the session key Ks. (ST38).
- the user terminal 10 Based on the decrypted service encryption key kl 1, the user terminal 10 generates the encryption function designation data Enc (kll, (a ⁇ 3
- Enc (kl l, tO) is decoded (ST40f-l). After that, the user terminal 10 substitutes the login time information tO into the password function FA (t) obtained from the function specification data a'3.
- the user terminal 10 transmits the function value FA (tO) to the service provider device 30 (ST 40f-3).
- the service provider apparatus 30 calculates the received function value FA (tO) before the step ST33f.
- the function value FA (tO) is compared with the received function value FA (tO), and if they match, the received function value FA (tO) is determined to be valid (ST41f), and access permission is notified to the user terminal 10 (ST42).
- the secure storage medium SD Since the user logs in using 210, unlike the conventional method, even if the user ID and password are copied, they are not illegally used. Also, if the secure storage medium SD is distributed to each individual belonging to a corporation, it can be applied to corporate users as well as individual users. That is, it is possible to provide a login system that can be easily applied to corporate members and that can prevent unauthorized use even if authentication information is copied.
- the same operation and effect as in the first embodiment can be obtained even if the configuration using function designation data is used instead of the service right data in the first embodiment.
- the login is performed using the login time information tO and the first and second function values calculated for each medium identifier of the secure storage medium, the unauthorized person does not use the secure storage medium SD.
- the secure storage medium is distributed to each individual belonging to a corporation, it can be applied to corporation users as well as individual users. That is, it is possible to provide a login system that can be easily applied to corporate members and that can prevent unauthorized use even if authentication information is copied.
- FIG. 27 is a schematic diagram showing a configuration of a login system according to the fourth embodiment of the present invention
- FIG. 28 is a schematic diagram showing a configuration of a service DB table applied to the system.
- the present embodiment is a modification of the first embodiment.
- the secure storage medium SDx dedicated to the specific service the user terminal 10 as the dedicated player, and the service DB
- the table is configured using Tlx! / [0148]
- the secure storage medium SDx has a service encryption key kl1 dedicated to a specific service in the protection area 2 and a service encryption key for another service in the above-described function. There is no configuration.
- the processing function of the service identifier ID is omitted with the omission of the service identifier ID in the above-described functions.
- the service DB table Tlx is provided as shown in Fig. 28, with each medium identifier SD—ID1, ID2, ...
- a service-specific encryption key kl, k21,... Is a DB table dedicated to the specific service.
- the user terminal 10 reads out the secure storage medium SD force medium identifier SD-ID01 at the time of login by the operator's operation (ST31), and also reads this medium identifier SD-ID01. And a login request containing a password (PIN)
- the service provider apparatus 30 Upon receiving the medium identifier SD-ID01 and the login request, the service provider apparatus 30 refers to the password table T3 of the storage device 31, and determines the password corresponding to the medium identifier SD-ID01 and the password in the login request. The password is compared with the personal identification number, and only when the two match, the user is notified of the password authentication permission to the user terminal 10 (ST33x).
- step ST35 Upon receiving the authentication permission for the password, the user terminal 10 executes the processing of step ST35 and thereafter described above.
- the secure storage medium SDx dedicated to a specific service and the service DB table Tlx are provided and the service identifier ID is omitted, the same operation and effect as those of the first embodiment are obtained. Can be obtained.
- the present embodiment is not limited to the modification of the first embodiment, but can be similarly implemented as a modification of the second or third embodiment.
- a service DB table Tlrax, Tlrbx or Tlrcx dedicated to a specific service is provided as shown in FIG. 30 to FIG. 32, and as shown in FIG. , Step ST3 described above 3.
- step ST33x of returning a password authentication permission may be used.
- step ST33xf for returning a password authentication permission may be used instead of the above-described steps ST33 and ST34.
- the method described in each of the above embodiments can be executed by a computer as a program such as a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), It can also be stored on a storage medium such as a magneto-optical disk (MO) or semiconductor memory and distributed.
- a program such as a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), It can also be stored on a storage medium such as a magneto-optical disk (MO) or semiconductor memory and distributed.
- a program such as a magnetic disk (floppy (registered trademark) disk, hard disk, etc.), an optical disk (CD-ROM, DVD, etc.), It can also be stored on a storage medium such as a magneto-optical disk (MO) or semiconductor memory and distributed.
- MO magneto-optical disk
- the storage medium may be in any form as long as it can store a program and can be read by a computer.
- an operating system OS
- database management software MW (middleware)
- network software and the like are operated on a computer based on instructions of a program installed in the computer. A part of each processing for realizing the embodiment may be executed.
- the storage medium in the present invention is not limited to a medium independent of a computer, but also includes a storage medium in which a program transmitted via a LAN, the Internet, or the like is downloaded and stored or temporarily stored.
- the number of storage media is not limited to one, and a case where the processing in the present embodiment is executed from a plurality of media is also included in the storage medium of the present invention, and any medium configuration may be used.
- the computer executes each process in the present embodiment based on a program stored in a storage medium, and includes a single device such as a computer and a plurality of devices connected to a network. Any configuration such as a connected system may be used.
- the computer in the present invention is not limited to a personal computer, but also includes an arithmetic processing unit, a microcomputer, and the like included in information processing equipment, and is capable of realizing the functions of the present invention by a program.
- the invention of the present application is not limited to the above-described embodiment as it is, but is not limited to the above-described embodiment. Can be modified by modifying the constituent elements without departing from the scope of the invention. Further, various inventions can be formed by appropriately combining a plurality of constituent elements disclosed in the above embodiments. For example, some components, such as all components shown in the embodiment, may be deleted. Further, components of different embodiments may be appropriately combined.
- the login system and method of the present invention can be easily applied to corporate members, and are suitable for preventing unauthorized use even if authentication information is copied.
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP05721398A EP1744251A4 (en) | 2004-04-01 | 2005-03-24 | LOG-IN SYSTEM AND PROCEDURE |
US11/283,826 US20060080526A1 (en) | 2004-04-01 | 2005-11-22 | Login system and method |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2004109111A JP2005293357A (ja) | 2004-04-01 | 2004-04-01 | ログインシステム及び方法 |
JP2004-109111 | 2004-04-01 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/283,826 Continuation US20060080526A1 (en) | 2004-04-01 | 2005-11-22 | Login system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2005098639A1 true WO2005098639A1 (ja) | 2005-10-20 |
WO2005098639A9 WO2005098639A9 (ja) | 2008-02-14 |
Family
ID=35125263
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/005384 WO2005098639A1 (ja) | 2004-04-01 | 2005-03-24 | ログインシステム及び方法 |
Country Status (6)
Country | Link |
---|---|
US (1) | US20060080526A1 (ja) |
EP (1) | EP1744251A4 (ja) |
JP (1) | JP2005293357A (ja) |
KR (1) | KR100785715B1 (ja) |
CN (1) | CN1788263A (ja) |
WO (1) | WO2005098639A1 (ja) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104283688A (zh) * | 2014-10-11 | 2015-01-14 | 东软集团股份有限公司 | 一种USBKey安全认证系统及安全认证方法 |
Families Citing this family (20)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100599174B1 (ko) * | 2004-12-16 | 2006-07-12 | 삼성전자주식회사 | 프로파일 정보를 이용한 서비스 제공방법 및 서비스제공시스템 |
US7765373B1 (en) * | 2006-06-27 | 2010-07-27 | Siliconsystems, Inc. | System for controlling use of a solid-state storage subsystem |
US8108692B1 (en) * | 2006-06-27 | 2012-01-31 | Siliconsystems, Inc. | Solid-state storage subsystem security solution |
US20110022850A1 (en) * | 2006-07-26 | 2011-01-27 | Hondar Lee | Access control for secure portable storage device |
FR2906380B1 (fr) * | 2006-09-27 | 2008-12-19 | Trusted Logic Sa | Systeme et procede de securisation de donnees. |
US8166515B2 (en) * | 2006-10-30 | 2012-04-24 | Microsoft Corporation | Group policy for unique class identifier devices |
US7971232B2 (en) * | 2006-10-30 | 2011-06-28 | Microsoft Corporation | Setting group policy by device ownership |
EP2063638A1 (fr) * | 2007-11-26 | 2009-05-27 | Nagravision S.A. | Méthode d'évaluation de droits d'utilisateurs stockés dans un module de sécurité |
JP2009230745A (ja) * | 2008-02-29 | 2009-10-08 | Toshiba Corp | バックアップ及びリストアの方法、プログラム、及びサーバ |
US8356184B1 (en) | 2009-06-25 | 2013-01-15 | Western Digital Technologies, Inc. | Data storage device comprising a secure processor for maintaining plaintext access to an LBA table |
CN102906713A (zh) * | 2010-05-27 | 2013-01-30 | 富士通株式会社 | 信息处理系统以及系统控制器 |
JP2012027530A (ja) * | 2010-07-20 | 2012-02-09 | Dainippon Printing Co Ltd | ワンタイムパスワード生成装置、サーバー装置、認証システム、方法、プログラム、記録媒体 |
JP5774417B2 (ja) * | 2011-08-31 | 2015-09-09 | Jr東日本メカトロニクス株式会社 | 読書装置、制御方法、及びプログラム |
JP5845742B2 (ja) * | 2011-09-07 | 2016-01-20 | ソニー株式会社 | 情報処理装置、情報処理方法、およびプログラム |
US9305142B1 (en) | 2011-12-19 | 2016-04-05 | Western Digital Technologies, Inc. | Buffer memory protection unit |
CN103581108B (zh) | 2012-07-19 | 2017-05-03 | 阿里巴巴集团控股有限公司 | 一种登录验证方法、客户端、服务器及系统 |
JP6091286B2 (ja) * | 2013-03-28 | 2017-03-08 | 三菱スペース・ソフトウエア株式会社 | ファイル管理システムおよびファイル管理方法 |
CN105187447B (zh) * | 2015-09-30 | 2018-06-08 | 成都汇合乾元科技有限公司 | 一种终端安全登录方法 |
CN105208031B (zh) * | 2015-09-30 | 2018-06-08 | 成都汇合乾元科技有限公司 | 一种终端认证方法 |
CN106878245B (zh) * | 2016-07-18 | 2020-04-24 | 阿里巴巴集团控股有限公司 | 图形码信息提供、获取方法、装置及终端 |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003162691A (ja) * | 2001-11-26 | 2003-06-06 | Sony Corp | データ処理システム、メモリデバイス、データ処理装置、およびデータ処理方法、並びにコンピュータ・プログラム |
JP2003178034A (ja) * | 2001-12-07 | 2003-06-27 | Dainippon Printing Co Ltd | 認証システム、広告システム、サーバ、端末装置 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH1032568A (ja) * | 1996-07-15 | 1998-02-03 | Ishikawajima Harima Heavy Ind Co Ltd | 暗号化伝送方法 |
JP4395302B2 (ja) * | 1999-04-27 | 2010-01-06 | パナソニック株式会社 | 半導体メモリカード及びその制御方法 |
WO2001029791A1 (en) * | 1999-10-21 | 2001-04-26 | Tresor Tv Produktions Gmbh | Improved chip card and method for interacting with same |
JP2002009763A (ja) * | 2000-06-26 | 2002-01-11 | Sanyo Electric Co Ltd | データ再生装置、それを用いた端末装置、および再生方法 |
JP2002149612A (ja) * | 2000-11-06 | 2002-05-24 | Mycal Card Kk | 認証システム |
JP2002189801A (ja) * | 2000-12-21 | 2002-07-05 | Sony Corp | サービス提供システム、管理サーバ、サービスプロバイダ、端末装置、記録媒体発行装置、サービス提供方法、記録媒体 |
JP2004264898A (ja) * | 2003-02-10 | 2004-09-24 | Toshiba Corp | コンテンツ処理端末、著作権管理システム、及びこれ等の方法 |
US7568111B2 (en) * | 2003-11-11 | 2009-07-28 | Nokia Corporation | System and method for using DRM to control conditional access to DVB content |
-
2004
- 2004-04-01 JP JP2004109111A patent/JP2005293357A/ja active Pending
-
2005
- 2005-03-24 KR KR1020057024095A patent/KR100785715B1/ko not_active IP Right Cessation
- 2005-03-24 CN CNA2005800004001A patent/CN1788263A/zh active Pending
- 2005-03-24 WO PCT/JP2005/005384 patent/WO2005098639A1/ja not_active Application Discontinuation
- 2005-03-24 EP EP05721398A patent/EP1744251A4/en not_active Withdrawn
- 2005-11-22 US US11/283,826 patent/US20060080526A1/en not_active Abandoned
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003162691A (ja) * | 2001-11-26 | 2003-06-06 | Sony Corp | データ処理システム、メモリデバイス、データ処理装置、およびデータ処理方法、並びにコンピュータ・プログラム |
JP2003178034A (ja) * | 2001-12-07 | 2003-06-27 | Dainippon Printing Co Ltd | 認証システム、広告システム、サーバ、端末装置 |
Non-Patent Citations (2)
Title |
---|
See also references of EP1744251A4 * |
TOSHIBA CORP.: "SD Card o Riyo shita Digital Chosakuken Hogo Gijutsu no Kaihatsu ni Tsuite", 17 July 2003 (2003-07-17), XP002992887, Retrieved from the Internet <URL:http://www.toshiba.co.jp/about/press/2003_07/pr_j1702.htm> [retrieved on 20050617] * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104283688A (zh) * | 2014-10-11 | 2015-01-14 | 东软集团股份有限公司 | 一种USBKey安全认证系统及安全认证方法 |
CN104283688B (zh) * | 2014-10-11 | 2017-12-29 | 东软集团股份有限公司 | 一种USBKey安全认证系统及安全认证方法 |
Also Published As
Publication number | Publication date |
---|---|
CN1788263A (zh) | 2006-06-14 |
US20060080526A1 (en) | 2006-04-13 |
WO2005098639A9 (ja) | 2008-02-14 |
KR20060031628A (ko) | 2006-04-12 |
EP1744251A4 (en) | 2010-04-14 |
KR100785715B1 (ko) | 2007-12-18 |
JP2005293357A (ja) | 2005-10-20 |
EP1744251A1 (en) | 2007-01-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2005098639A1 (ja) | ログインシステム及び方法 | |
US11178143B2 (en) | System, method and apparatus for device authentication | |
CN110875821B (zh) | 密码学区块链互操作 | |
US7496756B2 (en) | Content usage-right management system and management method | |
US9721071B2 (en) | Binding of cryptographic content using unique device characteristics with server heuristics | |
US7975312B2 (en) | Token passing technique for media playback devices | |
US8572372B2 (en) | Method for selectively enabling access to file systems of mobile terminals | |
Popescu et al. | A DRM security architecture for home networks | |
EP3585023B1 (en) | Data protection method and system | |
JP2000098885A (ja) | コンテンツ管理方法及びコンテンツ記憶システム | |
CN105103488A (zh) | 借助相关联的数据的策略施行 | |
KR20050008626A (ko) | 정보 처리 장치 및 방법, 정보 처리 시스템, 기록 매체,및 프로그램 | |
CN102084373A (zh) | 备份存储在安全存储设备中的数字内容 | |
JP2003530635A (ja) | 機密情報を安全に記憶するシステム及び方法と、このシステム及び方法で使用されるデジタルコンテンツ配信装置及びサーバー | |
JP4525609B2 (ja) | 権限管理サーバ、権限管理方法、権限管理プログラム | |
WO2019163040A1 (ja) | アクセス管理システム、及びそのプログラム | |
JPH05298174A (ja) | 遠隔ファイルアクセスシステム | |
US20030065930A1 (en) | Encryption/decryption apparatus and method | |
JP2003085048A (ja) | バックアップデータ管理システム、バックアップデータ管理方法、および情報処理装置、並びにコンピュータ・プログラム | |
JP2003087237A (ja) | コンテンツ利用管理システム、コンテンツ利用管理方法、および情報処理装置、並びにコンピュータ・プログラム | |
JP2004280401A (ja) | コンテンツ配信システム、装置及びプログラム | |
TWI766171B (zh) | 帳戶資料處理方法及帳戶資料處理系統 | |
TWI389534B (zh) | 單一登錄系統與方法及其電腦可讀取媒體 | |
TWM585941U (zh) | 帳戶資料處理系統 | |
JP2003085143A (ja) | パスワード管理システム、パスワード管理方法、および情報処理装置、並びにコンピュータ・プログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NA NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2005721398 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11283826 Country of ref document: US |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 1020057024095 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: 20058004001 Country of ref document: CN |
|
WWP | Wipo information: published in national office |
Ref document number: 1020057024095 Country of ref document: KR |
|
WWP | Wipo information: published in national office |
Ref document number: 11283826 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2005721398 Country of ref document: EP |