WO2006132143A1 - 認証システム、認証装置、端末装置及び検証装置 - Google Patents
認証システム、認証装置、端末装置及び検証装置 Download PDFInfo
- Publication number
- WO2006132143A1 WO2006132143A1 PCT/JP2006/311075 JP2006311075W WO2006132143A1 WO 2006132143 A1 WO2006132143 A1 WO 2006132143A1 JP 2006311075 W JP2006311075 W JP 2006311075W WO 2006132143 A1 WO2006132143 A1 WO 2006132143A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- information
- blur
- authentication
- digital signature
- authentication information
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
Definitions
- the present invention relates to an authentication system that accurately authenticates an individual while ensuring the privacy of a certificate holder with respect to certificate data authenticated by a third party such as an identification card.
- the service provider when obtaining personal information from users, the service provider must make sure that the personal information obtained is correct, that is, the user must declare his / her accurate personal information without any false statements. There is a request to confirm that On the other hand, there is a request that the user side does not want to provide personal information more than necessary to the service provider side. In order to satisfy both the service provider side and the user side request, the service provider side has more personal information than necessary while guaranteeing the legitimacy of the personal information provided by the user side. The realization of a mechanism that does not require provision is desired.
- FIG. 1 is a block diagram of an authentication system using the electronic sanitization method.
- This authentication system authenticates the content of the message and gives a digital signature, receives the signed message with the signature generator 90 that generates the signed message, and if necessary, Signed with electronic sumi It consists of an electronic sanitizer 91 sent to the verifier 92 and a signature verifier 92 that verifies the validity of the signed message that has been “electronically sanitized” received from the electronic sanitizer 91.
- the signature generator 90 generates a digital signature S for a message M consisting of several data blocks.
- the message M is composed of several data blocks.
- the electronic sanitizer 91 having received the message M and the digital signature S verifies the digital signature if necessary, and then “sanitizes” some of the four data blocks for the message M. .
- the electronic sanitizer 91 electronically sanitizes “Taro Yamada”.
- Message M says “Taro Yamada has admitted the crime” and conceals the part of “Taro Yamada”.
- the message Ms after sanitization created in this way and the signature S added to the original message M are sent to the signature verifier 92.
- the signature verifier 92 verifies the validity of the sanitized message Ms by verifying that a certain relationship is established between the sanitized message Ms and the signature S.
- the signature verifier 92 can confirm that the message Ms was created by sanitizing a part of the original message M (in this example, “Taro Yamada I can't know what ")" was. In this way, with the electronic sanitization method, it is possible to authenticate the correctness of the message while keeping a part of the original message secret. It can be said that the validity of the contents (the criminal admitted the crime) can be confirmed while protecting the ilpathy (name of the criminal).
- Patent Document 1 Japanese Patent Laid-Open No. 2005-51734
- An object of the present invention is to provide an authentication system capable of confirming the validity of the authentication.
- the present invention provides a terminal device that presents blur information obtained by blurring proof information that is information to be proved, and the validity of the force information presented by the terminal device.
- An authentication system comprising a verification device for verifying authentication and an authentication device for supporting the issuance of legitimate blur information by the terminal device, the authentication device corresponding to at least one proof information and the proof information
- a digital signature is generated by applying a digital signature to information holding means for holding a plurality of blur information to be performed, and information including certification information and blur information held in the information holding means.
- Authentication information generating means for generating, as authentication information, information including a digital signature, the certification information, and the blur information, and a first transmission for transmitting the generated authentication information to the terminal device E Bei the stage, the terminal device, a first for receiving authentication information transmitted the authentication device power Based on an instruction from the receiving means and the user, accepts an instruction to select at least one blur image from among a plurality of pieces of blur information included in the authentication information received by the receiving means.
- Blur authentication information for generating, as blur authentication information, information including blur information receiving means, force information selected by the instructions received by the blur instruction receiving means, instruction information indicating the instructions, and the digital signature Generating means, and second transmitting means for transmitting the generated blur authentication information to the verification device, wherein the verification device receives the blur authentication information transmitted from the terminal device power.
- the blur authentication indicated by the instruction information included in the blur authentication information based on the digital signature included in the blur authentication information received by the receiving unit.
- a plurality of valid blur information is prepared in advance in the authentication device, and in the terminal device, the certification information is replaced with the blur information desired by the user and transmitted to the verification device. The validity of the information is verified.
- the user can replace the desired certification information with the blur information and present it, and the verification device that has received the blur information confirms that the blur information has been legitimately issued by the authentication device. be able to.
- the present invention can be realized not only as such an authentication system, but also as an authentication device alone, a terminal device alone, or a verification device constituting the authentication system. It can be realized as a program executed by a device or verification device, or as a computer-readable recording medium such as a CD-ROM on which the program is recorded.
- an authentication system that can change the identity information of a user to information-intensive content and can confirm the validity of the blurred content by a digital signature is realized. When it is done, there is an effect.
- FIG. 1 is a diagram showing a configuration of an authentication system according to the prior art of the present invention.
- FIG. 2 is a system configuration diagram showing the configuration of the authentication system according to the embodiment of the present invention.
- FIG. 3 is a communication sequence diagram showing communication exchange in the authentication system according to the embodiment of the present invention.
- FIG. 4 is a block diagram showing a configuration of a service utilization device according to the embodiment of the present invention.
- FIG. 5 is a diagram showing an example of a configuration of user identity information and blurring information according to the embodiment of the present invention.
- FIG. 6 is a block diagram showing a configuration of an authentication apparatus according to an embodiment of the present invention.
- FIG. 7 is a flowchart showing main operations of the authentication apparatus according to the embodiment of the present invention.
- FIG. 8 is a block diagram showing a configuration of a blurred address information database according to the embodiment of the present invention.
- FIG. 9 is a block diagram showing a configuration of an identity authentication information generation unit according to the embodiment of the present invention.
- FIG. 10 is a diagram showing an example of a configuration of divided identity authentication information according to the exemplary embodiment of the present invention.
- FIG. 11 is a block diagram showing a configuration of a blurred identity authentication information generation unit according to the embodiment of the present invention.
- FIG. 12 is a flowchart showing an operational procedure of a blurred identity authentication information generation unit according to the embodiment of the present invention.
- FIG. 13 is a diagram showing an example of a configuration of update additional information according to the embodiment of the present invention.
- FIG. 14 is a block diagram showing a configuration of a service providing apparatus according to an embodiment of the present invention.
- FIG. 15 is a block diagram showing a configuration of a digital signature verification unit according to the embodiment of the present invention.
- FIG. 16 is a flowchart showing an operation procedure of the digital signature verification unit according to the embodiment of the present invention.
- FIG. 17 is a diagram for explaining a hash calculation method according to a modification of the embodiment of the present invention.
- FIG. 18 is a diagram for explaining a hash calculation method according to a modification of the embodiment of the present invention.
- FIG. 2 is a system configuration diagram showing a configuration example of the authentication system according to the embodiment of the present invention.
- This authentication system can confirm the legitimacy of personal information without exposing personal information more than necessary, and can transmit only the minimum necessary information to be proved. It consists of a connected service utilization device 1, an authentication device 2, and service providing devices 3a to 3c.
- the service using device 1 is an example of a terminal device that presents the force information obtained by blurring the proof information that is information to be proved (in this case, information indicating the content of the proof information is ambiguous).
- the service providing devices 3a to 3c are examples of a verification device that verifies the validity of the falsified information presented by the service using device 1, and the authentication device 2 issues valid blur information from the service using device 1. It is an example of the authentication apparatus which assists.
- the service user uses the service utilization device 1 to use various services provided by the service provider using the service provision devices 3a to 3c.
- the service providing devices 3a to 3c request the presentation of user personal information necessary for service provision when the service user uses the service.
- the service providing devices 3a to 3c permit some personal information to be presented with obfuscated (abstracted) information that is not raw information. For example, with regard to name and address, only the name of the name is allowed to show the local name of the address (such as “Kinki region”).
- the service using device 1 holds an identification certificate issued by the authentication device 2 as a certification organization, and presents this identification certificate in response to the request for presentation of the personal information. This At this time, the service using device 1 receives the identification information obtained by performing the information blurring process on the above identification certificate according to the contents of the personal information requested by the service providing devices 3a to 3c. To present. For example, only the initials for “name” and the local name for “address” are presented.
- FIG. 3 is a communication sequence diagram showing communication exchange in this authentication system.
- the service using device 1 transmits identity authentication information issuance request data indicating that fact. Do (Sl).
- the authentication device 2 that has received the identity authentication information issuance request data generates identity authentication information including a plurality of pairs of identity information and blurred identity information based on the identity authentication information issuance request data (S2). Return the generated identity authentication information to the service using device 1 (S3)
- the service-using device 1 that has received the identity authentication information is included in the identity authentication information by changing the identity authentication information in accordance with the user's instruction (processing that blurs some items).
- Generates blurred identity authentication information here, a weak identity certificate
- desired identity information here, a weak identity certificate
- blurred identity information here, a weak identity certificate
- the service providing apparatuses 3a to 3c that have received the service use request data verify the blurring identity information included in the service use request data (S6), and if the validity is confirmed, the requested service is provided. Data is provided to the service using device 1 (S7).
- the authentication device 2 creates a digital signature generation key when the authentication system is started up, and keeps it secretly in the authentication device 2.
- a signature verification key for verifying the digital signature generated using the signature generation key is created at the same time, and is added to the service providing apparatuses 3a to 3c. Distribute and keep in these devices.
- the digital signature method using the public key cryptosystem is used as the digital signature. Since the digital signature method using the public key cryptosystem is a well-known technique, the details are not described here.
- the “identification procedure” is performed when the service user uses this authentication system for the first time. Through this procedure, the service user obtains the identification card necessary for using various services. The details of the ID card issuing procedure are described below.
- FIG. 4 is a block diagram showing a configuration example of the service use device 1 used by the service user to execute the “identification certificate issuing procedure” and the “service use procedure”.
- the service using device 1 is a personal computer or the like used by the service user, and includes a user identity information storage unit 10 that stores the identity information (user identity information) of the service user, and the identity from the user identity information.
- the authentication information issuance request data is created and sent to the authentication device 2 and sent to the authentication device 2.
- the identity authentication information receiving unit 12 that receives the identity authentication information sent from the authentication device 2 and the received identity authentication Identity authentication information storage unit 13 for storing information, identity authentication information display unit 14 for displaying stored identity authentication information in a form that can be seen by the service user, and blurring processing for identity authentication information from the service user Based on the instructions of the blur instruction receiving unit 15 that receives the instructions and the service user, the identity authentication information is subjected to a process based on the identity authentication information.
- Blur identity authentication information generation unit 16 that creates a service information and a service use request data sending unit that adds information indicating that service use is requested to the created blur identity authentication information and sends it to one of the service providing devices 3a to 3c. 17 and a service data receiving unit 18 that receives service data provided by any of the service providing apparatuses 3a to 3c.
- the service utilization apparatus 1 performs the following processing.
- the user identity information storage unit 10 transfers the stored user identity information to the identity authentication information issue request data sending unit 11.
- the user identity information is the service interest. It is the personal information of the user.
- An example of user identity information is shown in Fig. 5 (a).
- the user identity information 41 includes name information 410 indicating the service user's name in Kanji and Roman letters, “Taro Yamada ZYAMADA TAROJ” and age information indicating “24 years old”.
- address information 412 indicating “Osaka Prefecture Kadoma Daimon Kadoma 1006” as the address.
- the identity authentication information issuance request data sending unit 11 adds message information requesting issuance of the identity authentication information based on the user identity information to the user identity information 41! As a result, identification authentication information issuance request data is created and sent to the authentication device 2 (Sl in FIG. 3)).
- FIG. 6 is a block diagram illustrating a configuration example of the authentication device 2.
- the authentication device 2 includes an identity authentication information issuance request data receiving unit 20 that receives the identity authentication information issuance request data sent from the service using device 1, and user identity information included in the received identity authentication information issuance request data.
- User identity information confirmation unit 21 confirms that 41 is accurate as personal information of the service user, and blur data that is the source data for performing “blurring” on user identity information 41
- An information generation unit for blur 22 that generates information
- an identity authentication information generation unit 23 that generates identity authentication information by applying a digital signature based on user identity information 41 and blur information
- an identity authentication information transmitting unit 24 for sending the identity authentication information to the service using device 1.
- FIG. 7 is a flowchart showing main operations of authentication device 2 shown in FIG.
- the identity authentication information issuance request data receiving unit 20 receives the identity authentication information issuance request data, and converts the user identity information 41 included in the identity authentication information issuance request data to the user identity information confirmation unit 21 for blurring. The information is transferred to the information generation unit 22 and the identity authentication information generation unit 23.
- the user identity information confirmation unit 21 confirms that the user identity information 41 transferred from the identity authentication information issuance request data reception unit 20 is correct (S10 in FIG. 7).
- the authentication device 2 is connected to a resident card database held by a public institution such as a city hall through a network. Can confirm that it is correct . Only when it is confirmed that the user identity information 41 is correct, the following processing is continued. If it is found to be illegal, the following processing is not performed and the processing is terminated.
- the force information generation unit 22 performs the following operation on the name information 410, age information 411, and address information 412 included in the user identity information 41 received from the service using device 1 as follows.
- Force information is generated (Sl l in Fig. 7).
- Figure 5 (b) shows an example of the information for force reduction.
- the name information 410 the first letter of each first name and last name in the Roman alphabet is taken out to create an initial notation of the name, and generated as full name information 440.
- the first letter “Y” and the first letter “ ⁇ ” of the last name of the Roman name notation “YAMADA TARO” are extracted, and the initial notation “T. To do.
- age information 411 the age notation in which the first digit of the age is changed to zero is referred to as blur age information 441.
- the age information “441” is obtained by changing the first place “4” of the age “24 years old” to “0” and setting the age notation “20s”.
- the blurred address information 442 is generated based on the blurred address information database stored in advance in the blur information generating unit 22.
- FIG. 8 shows an example of the blurred address information database 42 held in the information generating unit 22 for the bookmark.
- the blurred address information database 42 includes blurred address information rules 420 to 424.
- the blurred address information rule 420 indicates that the address information “Tokyo” is converted into the blurred address information “Kanto region”. In the example shown in Fig.
- the blurred address information 442 is "Kinki region”.
- the blur information 44 composed of the full name information 440, the blur age information 441, and the blur address information 442 generated in this manner is generated and sent to the identity authentication information generation unit 23 in a fifth.
- the identification authentication information generation unit 23 is based on the user identification information 41 transferred from the identification authentication information issuance request data reception unit 20 and the blur information 44 transferred from the blur information generation unit 22. Then, identification authentication information is generated (S12 in FIG. 7).
- FIG. 9 is a block diagram illustrating a configuration example of the identity authentication information generation unit 23.
- Identification information The information generation unit 23 includes a data division unit 230 that divides the user identification information 41 transferred from the identification authentication information issuance request data reception unit 20, a random number generation unit 231 that generates random numbers, and a data division unit 230.
- a random number adding unit 232 that adds a random number to each of the divided pieces of user identity information 41, an intermediate hash value generating unit 233 that generates an intermediate hash value by performing a no-shake calculation, and a blurring to the generated intermediate hash value
- the hash information addition unit 234 for adding the blurring information 44 transferred from the information generation unit 22 and the information obtained by the blur information addition unit 234 perform a hash calculation to obtain a final hash value.
- the final hash value generation unit 235 to generate, the signature generation key storage unit 236 for storing the signature generation key for generating the digital signature, and the final hash value obtained by the final hash value generation unit 235
- Signature creation unit 237 for creating a digital signature, user identification information 41 divided by the data division unit 230, a random number generated by the random number generation unit 231, a digital signature created by the signature creation unit 237, and a force information It comprises a sending data creation unit 238 that creates identity authentication information to be sent to the service using device 1 from the blurring information 44 transferred from the generation unit 22.
- the operation (S2 in FIG. 3) of the identity authentication information generation unit 23 will be described.
- the data dividing unit 230 divides the input user identity information 41 and transfers it to the random number adding unit 232 and the sending data creating unit 238. Specifically, in FIG. 5 (a), the user identity information 41 is divided into three data of name information 410, age information 411, and address information 412, and transferred to the random number addition unit 232 and the sending data creation unit 238. To do.
- the random number generation unit 231 generates three random values rl, r2, and r3 and transfers them to the random number addition unit 232 and the transmission data creation unit 238.
- the number of generated random numbers is equal to the number of divided data generated in the data dividing unit 230, and so on.
- the random number adding unit 232 converts the name information 410, age information 411, and address information 412 into numerical data ml, m2, and m3, respectively, based on predetermined rules.
- ASCII code power may be converted into a numerical value.
- the resulting numerical data ml, m2, and m3 are combined with the random numbers rl, r2, and r3 generated by the random number generator 231 to obtain ml II rl, m2
- “II” represents data combination (for example, digit concatenation).
- the intermediate hash value generation unit 233 receives the data m transferred from the random number addition unit 232 1 II rl, m2
- Hash (X) means that a predetermined hash calculation Hash is performed on the data X, and the result is Y.
- Hash any known hash method may be used.
- the SHA1 method may be used.
- the blur information adding unit 234 converts the blur information 44 transferred from the blur information generation unit 22 into the power information name 440, blur age information 441, and blur address information 442.
- the data is divided into three data, and each data is converted into numerical data bl, b2, b3 based on a predetermined rule.
- the predetermined rules used here and ASCII code power may be converted to numerical values.
- the numerical data bl, b2, and b3 generated in this way are combined with the intermediate hash values il, i2, and i3 to generate combined data il II bl, 12 II b2, 13
- the final hash value generation unit 235 performs the following hash calculation on the data il II bl, 12 II b2, and 13 II b3 transferred from the powerful information adding unit 234.
- the final hash values hl, h2, and h3 are generated and transferred to the signature creation unit 237.
- the signature generation key storage unit 236 stores a signature generation key created when the authentication system is started up. After the processing by the final hash value generation unit 235, the signature generation key storage unit 236
- the signature generation key is stored and transferred to the signature generation unit 237.
- the signature creation unit 237 uses the signature generation key transferred from the signature generation key storage unit 236 to generate a digital signature based on the final hash values hl, h2, and h3. Specifically, the digital signature S is generated by the following calculation.
- S Sig (Ks, hi
- Ks represents a signature generation key
- S Sig (K, D) represents that a digital signature S based on data D is generated using the signature generation key K. Since the method for generating a digital signature is publicly known, details thereof are not described here.
- the digital signature S generated as described above is transferred to the sending data creation unit 238.
- the sending data creation unit 238 creates identity authentication information 43 as shown in FIG. 10 from the user identity information 41, random numbers rl, r2, r3, blurring information 44, and digital signature S. .
- “1”, “2”, and “3” are assigned as index values to the name information 410, the age information 411, and the address information 412, respectively, included in the user identity information 41.
- “1”, “2”, and “3” are added as index information to the blurry name information 440, the blur age information 441, and the blur address information 442 included in the blur information 44, respectively.
- the identification authentication information 43 includes blur block information 450, random number rl (451), random number r2 (452), random number r3 (453) and additional digital information 45 and digital signature S (46).
- the force block information 450 and the random numbers rl to r3 (45 1 to 453) are assigned index values “0”, “1”, “2”, and “3”, respectively.
- the force block information 450 indicates which of the identity authentication information 43 is the identity information for which the information is “blurred” by an index value.
- the authentication device 2 At the time when the authentication device 2 generates the identity authentication information 43, there is no identity information for which the information is ⁇ blurred '', so data representing ⁇ none '' is set as the force block information 450 !, (As described later, the block information 450 is set by the service using device 1.) 0 In this way, the sending data creation unit 238 creates the identity authentication information 43 and transmits the identity authentication information. Transfer to part 24. Then, the identity authentication information transmitting unit 24 sends the identity authentication information 43 to the service using device 1.
- the service using device 1 receives the identity authentication information 43 sent from the authentication device 2 at the identity authentication information receiving unit 12 as shown in FIG. 4 (S3 in FIG. 3).
- the identity authentication information receiving unit 12 transfers the received identity authentication information 43 to the identity authentication information storage unit 13.
- the identity authentication information storage unit 13 stores the identity authentication information 43.
- the “service use procedure” is executed when the service user uses the service using device 1 and the service provider uses the service provided by the service providing devices 3a to 3c. Is done. Before executing the service use procedure, the service use device 1 needs to have issued the identification authentication information 43 from the authentication device 2 by executing the above-mentioned “identification certificate issuance procedure”.
- Figure 2 shows the case where service providers A, B, and C provide three services A, B, and C, respectively, in the authentication system. At this time, service provider A provides service using service providing apparatus 3a, service provider B uses service providing apparatus 3b, and service provider C provides service providing apparatus 3c. The service user selects one of the services to be used, and the service providing device capability corresponding to the service is also provided by using the service using device 1. Below, when a service provider uses service A, the same procedure is used when using services B and C to explain the service use procedure.
- the service use device 1 that has received an instruction to use the service A from the service user is stored in the identity authentication information storage unit 13 shown in FIG.
- the authentication information 43 is transferred to the identity authentication information display unit 14.
- the identity authentication information display unit 14 displays name information 410, age information 411, and address information 412 among the information included in the transferred identity authentication information 43, and displays the displayed user identity.
- a message that asks the service user which information to “blur” is displayed.
- the service user who confirms the display contents inputs data for instructing which to perform “blurring” to the service using device 1 from the three pieces of information, and the service using device 1 receives the force instruction receiving unit.
- the instruction is accepted.
- an instruction to “blur” the name information 410 and the address information 412 has a service user power.
- a service user may freely specify which information in the user identity information is to be “blurred”, or a restriction determined in advance by the service to be used.
- the service user may specify below. For example, in the case of a service that requires accurate age information of the user, it is a condition for using the service that age information should not be “blurred”. , Age information Therefore, it is not possible to give an instruction to “blur”.
- the blur instruction receiving unit 15 that has received the force instruction transfers the blur instruction to the force identity authentication information generation unit 16.
- the blur identity authentication information generation unit 16 uses the identity authentication information 43 input from the identity authentication information storage unit 13 and the blur instruction transferred from the force instruction reception unit 15 to Identity authentication information is generated (S4 in Fig. 3). Details of the processing will be described below.
- FIG. 11 is a block diagram illustrating a configuration example of the strong identity authentication information generation unit 16.
- the blur identification authentication information generation unit 16 uses the identification authentication information 43 transferred from the identification authentication information storage unit 13 as a plurality of data (user identification information 41, blurring information 44, additional information 45, digital signature 46).
- a data dividing unit 160 that divides the data into two parts, a half-value generating unit 163, an attached-calorie information updating unit 164, a force for transferring the blurred portion designation information indicating an instruction from the blurring instruction receiving unit 15, a partial designation unit 161, Based on the blur part instruction information from the force part designation unit 161! /,
- the user identity information 47 is obtained by performing the force processing using the force information 44 on the user identity information 41.
- An intermediate hash value is calculated by performing a hash calculation on the user identity information 41 based on the data enhancement unit 162 to be generated, the blurring portion designation information from the force fraction designation unit 161 and the additional information 45.
- Hash value generator 163 An additional information updating unit 164 that generates the updated calorie information 48 by updating the additional information 45 with the intermediate hash value from the intermediate hash value generating unit 163 based on the blurred portion specifying information from the partial specifying unit 161, and a digital It consists of a data concatenation unit 165 that concatenates the signature 46, the blur information 44, the update additional information 48, and the blur user identity information 47 to create blur identity authentication information.
- the data dividing unit 160 receives the identity authentication information 43 transferred from the identity authentication information storage unit 13 and divides it into a plurality of data. Specifically, it is divided into four pieces of user identity information 41, force information 44, additional information 45, and digital signature 46 as shown in FIG. Then, the user identity information 41 is transferred to the data blurring unit 162 and the intermediate / shock value generating unit 163, and the blurring information 44 is transferred to the data force unit 162 and the data connection unit 16. 5, the additional information 45 is transferred to the intermediate hash value generation unit 163 and the additional information update unit 164, and the digital signature 46 is transferred to the data connection unit 165.
- the blur part designation unit 161 receives the blur instruction, and transfers the blur part designation information indicating the instruction to the data blur unit 162, the intermediate hash value generation unit 163, and the additional information update unit 164.
- the blurred portion designation information is information indicating that the blur processing is performed on the name information and the address information. For example, from the “1” and “3” which are the indent values of the name information and the address information. Information.
- the data compression unit 162 follows the blur portion designation information transferred from the force portion designation unit 161 with respect to the user identity information 41 transferred from the data division unit 160.
- the information for blurring 44 is used to “blur” the information to generate blurred user identity information (S20 in FIG. 12).
- the name information 410 of the user identity information 41 is replaced with the blur name information 440 of the blur information 44 and the user identity information Replace address information 412 of 41 with blurred information 44 of blurred information 44.
- the blur user identity information 47 as shown in FIG. 13 is generated.
- the name “Taro Yamada Z YAMADA TARO” is focused on the initial notation of “T. Y”, and the address “Osaka Prefecture Kadoma Daimon Kadoma 1006” is “Kinki region”. It will be done. Then, the data compression unit 162 transfers the user identification information 47 thus obtained to the data connection unit 165.
- the intermediate hash value generation unit 163 performs the user identification information 41 and additional information transferred from the data division unit 160 in accordance with the watermark part specification information transferred from the powerful part specification unit 161.
- the intermediate hash value is calculated from 45 (S21 in Fig. 12). Specifically, first, from the user identification information 41, the index value “1” is obtained from the blurring portion designation information “name information (index value“ 1 ”) and address information (index value“ 3 ”) is blurred”. And “3” information (name information 410 and address information 412) are extracted and converted into numerical data ml and m3 according to the conversion rules described above.
- index values “1” and “3” that is, random numbers rl and r3
- an intermediate hash value and i3 are generated by the following calculation.
- the generated intermediate value, the sh value il, i3 is transferred to the additional information update unit 164. To do.
- the additional information update unit 164 uses the intermediate hash values il and i3 transferred from the intermediate hash value generation unit 163 according to the blurring portion specification information transferred from the force portion specification unit 161.
- the additional information 45 transferred from the data dividing unit 160 is updated (S22 in FIG. 12). Specifically, from the blurring part designation information “name information (index value“ 1 ”) and address information (index value“ 3 ”) are blurred”, the index values “1” and “ The information of “3” (name information 410 and address information 412) is replaced with the intermediate hash values il and i3, respectively, and the additional information is updated.
- “1” and “3” are stored in the data area of the index value “0” for displaying the block.
- FIG. 13 shows the update additional information 48 obtained by updating the additional information 45 by the additional information update unit 164.
- the update additional information 48 is composed of the powerful block information 480, the intermediate hash value il (481), the random number r2 (482), and the intermediate hash value i3 (483).
- the additional information update unit 164 transfers the update additional information 48 obtained as a result of the update to the data concatenation unit 165.
- the data connection unit 165 includes the forced user identification information 47 transferred from the data compression unit 162, the blur information 44 and the digital signature 46 transferred from the data division unit 160, and The update additional information 48 transferred from the additional information update unit 164 is combined to generate blurring identity authentication information (S23 in FIG. 12).
- Figure 13 shows the blur identity authentication information 49.
- the blurred identity authentication information 49 thus created is transferred to the service use request data sending unit 17, and the processing of the blurred identity authentication information generating unit 16 is completed.
- the service use request data sending unit 17 sends a message requesting the use of service A to the blur identity authentication information 49 generated by the blur identity authentication information 49.
- the attached data is sent to the service providing device 3a as service use request data (S5 in Fig. 3).
- FIG. 14 is a block diagram showing a configuration example of the service providing device 3a (3b, 3c).
- the service providing device 3a (3b, 3c) extracts the blur identification authentication information 49 from the service use request data received from the service using device 1 and divides the data into a data dividing unit 30 and a signature verification key for verifying the digital signature.
- the operation details of the service providing device 3a (3b, 3c) will be described below.
- the data dividing unit 30 extracts the blur identity authentication information 49 included in the service use request data received from the service using device 1, and further converts the blur identity authentication information 49 into the blur user identity information 47, The information is divided into blur information 44, update additional information 48, and digital signature 46. Then, the falsified user identity information 47 is transferred to the user identity information confirmation unit 33 and the digital signature verification unit 32, and the blurring information 44, the update additional information 48, and the digital signature 46 are transferred to the digital signature verification unit 32. .
- the signature verification key storage unit 31 transfers the stored signature verification key to the digital signature verification unit 32.
- the digital signature verification unit 32 uses the signature verification key transferred from the signature verification key storage unit 31 to perform digital processing based on the blur user identity information 47, the blur information 44, and the update additional information 48.
- the signature 46 is verified (S6 in Fig. 3). Details are explained below.
- FIG. 15 is a block diagram showing an example of the internal configuration of the digital signature verification unit 32.
- the digital signature verification unit 32 includes an intermediate hash value extraction unit 320 that extracts an intermediate hash value and a random number from the update additional information 48, and an intermediate hash that calculates an intermediate hash value from the user identification information 47 and the random number.
- Value generator 321 and intermediate hash value and blur user identity information 47 The final hash value generation unit 322 that calculates the final hash value from the force information 44 and the update additional information 48, and the signature check unit that verifies the validity of the final hash value and the digital signature 46 using the signature verification key 323 It consists of.
- the intermediate hash value extraction unit 320 refers to the block information 480 of the update additional information 48 and knows that the blocks 1 and 3 are subjected to the processing. Then, the intermediate hash values il (481) and i3 (483) are extracted from the areas where the index values are 1 and 3, and transferred to the final hash value generation unit 322 (S30 in FIG. 16).
- the intermediate hash value generation unit 321 refers to the updated block information 480 of the update additional information 48 and knows that the block 2 has not been subjected to the blurring process. Then, the random number r2 (482) is read from the area of the index value power ⁇ . Also, age information 471 with an index value of 2 is acquired from the force user identity information 47, and converted into numerical data m2 based on a predetermined conversion rule. Then, the intermediate node value and the hash value i2 are calculated by the following calculation formula, and transferred to the final node value generator 322 (S31 in FIG. 16).
- the final hash value generation unit 322 refers to the block information 480 of the update additional information 48 and knows that the blocks 1 and 3 are subjected to the processing. Then, the intermediate hash value extraction unit 320 receives the intermediate hash values il (481) and i3 (483). On the other hand, the name information 470 and the address information 472 are obtained from the area where the index value of the blur user identity information 47 is 1 and 3, and based on a predetermined conversion rule, the numerical data b 1 and Convert to b3. Also, the blur age information 441 is obtained from the area where the index value of the blur information 44 is 2 (the block is subjected to the squeezing process), and is converted into numerical data b2 according to a predetermined conversion rule. Further, the intermediate hash value generation unit 321 receives the intermediate hash value i2.
- the signature checking unit 323 checks the validity of the final hash values hl, h2, h3 and the digital signature S using the signature verification key Kp as follows, and checks the verification result Result.
- the data is transferred to the service data sending permission unit 35 shown in FIG. 14 (S33 in FIG. 16).
- Result Verify (Kp, d, S) verifies whether digital signature S is a valid digital signature of data d using verification key Kp, and returns the result (OK or NG). Means to be Result.
- the user identity information confirmation unit 33 confirms the content of the blurred user identity information 47. Specifically, for example, when the service is limited to those over 20 years old, the age information 471 is checked to check that the service is over 20 years old. If there is no problem as a result of the check, the user identity information 47 is transferred to the user identity information storage unit 34. If a problem is found, the subsequent processing is not performed and the service user is notified that the service provision is refused.
- the user identity information storage unit 34 adds the user identity information 47 to the service user list and registers the user data.
- the service data transmission permission unit 35 After confirming that the verification result Result is OK and the user identity information storage unit 34 has completed user registration successfully, the service data transmission permission unit 35 transmits a service data transmission permission signal. Is sent to the service data sending unit 37.
- the service data sending unit 37 sends the service data stored in the service data storage unit 36 to the service using device 1 (S7 in Fig. 3).
- service data for example, content such as music and movies, and information such as maps can be considered.
- the service using device 1 receives the service data sent from the service providing device 3a (3b, 3c) at the service data receiving unit 18.
- the name information and the address information are blurred.
- the only way to restore the original name information and address information from before the blur identification authentication information 49 is the intermediate hash values il (481) and i3 included in the update additional information 48 is From (483), based on the following formula, name information (numerical data) ml and address information (numerical data) m3 can only be calculated backward.
- rl and r3 are random number data, which cannot be understood by an analyst who seeks the original user identity information from the blur identity authentication information 49. Since Hash is a no-shush function, ml II rl cannot be calculated from the no-shesh value il by back calculation. Therefore, the analyst predicts ml II rl and repeats the trial to test whether the result obtained by calculating Hash for the predicted value matches il. Become. Therefore, if the data size of ml II rl is large enough, the number of trials required to find the correct ml
- candidates can be narrowed down to some extent from name information “T. ⁇ ” (limited to the name of initial ⁇ . ⁇ ), so the number of trials can be reduced Random number rl Since it is a completely random value, it cannot be narrowed down to ml. Therefore, if the random number has a sufficient data length (for example, 64 bits or more), even if candidates can be narrowed down for ml, there will be no safety problem.
- the service user instructs the service using device 1 to perform blurring processing on the name information 410 and the address information 412, and the service using device 1 performs the blurring process. It was.
- the digital signature S is generated by the authentication device 2 as follows.
- the final hash value is calculated in the signature verification process. Since bl, b2, and b3 used in are calculated as values bl ', b2', and b3 'different from those at the time of signature generation, the final hash values hl, h2, and h3 that are different from hl, h2, and h3 , Force is calculated. Therefore, if any one of bl, b2, and b3 is different, the signature verification is rejected because the signature verification is performed for a value different from hi II h2 II h3.
- the service using device 1 sets the name “Taro Yamada ZYAMADA TARO” written in the identity authentication information (in this embodiment, the identification card) to.
- the identity authentication information in this embodiment, the identification card
- the information can be “blurred” and sent to the service providing device 3a.
- the service providing apparatus 3a confirms that the identity authentication information (blurred identity authentication information) for which the “blurring” has been performed is correctly “blurred” for the original authentic U identity authentication information power. It can be confirmed by signature verification. That is, it is possible to realize an authentication system in which the identity authentication information can be blurred on the user side without requiring the assistance of a certificate authority.
- text information indicating the identity of a user or the like is targeted, but this can be anything as long as it is information that can be numerical, for example, image information and audio information. May be.
- the one-way function is not limited to the hash function, and the hash method and the digital signature method to be used are not limited to a specific method.
- the present embodiment there are three powers as name information, age information, and address information as user identity information.
- the present invention is not limited to this type and number.
- the data targeted by the authentication system is not limited to user identity information.
- the authentication device generates user identity information blur information that is submitted by the user, but this user information is created by the user together with the user identity information. You may make it submit.
- the authentication device issues the identity authentication information when it is determined to be correct by checking whether the content of the user identity information submitted by the user is correctly blurred. You may make it do.
- the force information is a force generated by obscuring the contents of the user identity information.
- the information is not limited to this, and the contents are not logically contradictory to each other.
- the service providing devices 3a to 3c should confirm that the force information included in the blur authentication information sent from the service using device 1 is logically consistent with the corresponding certification information. Good.
- a list of blur information that is not logically inconsistent with the certification information is maintained, and when the blur information in the list is received, the certification information and the blur information are not logically consistent (or It is determined that the information is conceptually including the contents of the lighting information.
- the service providing devices 3a to 3c for example, have the proof information and logic that “I like apples” when the force information sent from the service using device 1 is “I like oranges”. If there is no contradiction, it can be determined that the blurred information is valid.
- one piece of blur information corresponds to the name information.
- there are a plurality of pieces of blur information and the user is confident.
- the method will be described below.
- the example has been described in the case where the user identity information has three identity information powers, such as name, age, and address.
- identity information powers such as name, age, and address.
- the digital signature generation, blurring process, and digital signature verification process in the embodiment can be summarized as follows.
- [0129] Select a hash value to be sent to the signature verifier as follows. First, the index “4” of the selected force information b4 is converted to a binary number “100”. Here, reverse “01” of “100” to get “101”, and select hlOl. Next, delete the end of “100” to get “10”. Here, the last 01 of “10” is inverted to obtain “11”, and hi 1 is selected. Furthermore, the end of “10” is deleted to obtain “1”. Invert 01 of “1” to get “0” and select 110. According to the above procedure, hl01, hll, and hO are selected. This procedure can be illustrated by the tree in Figure 18.
- Blur identity information b4 random number r4, hash value hl01, hl l, hO and force, and final hash value h are calculated.
- a digital signature S is generated using a signature generation key.
- an authentication system can be realized in which a plurality of pieces of strength information can be set for one piece of identity information.
- this modification the case where there is one piece of user identity information has been described, but this can also be applied by an obvious extension even when it consists of a plurality of pieces of user identity information.
- the electronic blur function as in the present invention can also be realized by the following method, which is an improvement of the "electronic sanitizing technique" described in the prior art.
- Each of the above devices is specifically a microprocessor, ROM, RAM, hard disk.
- This is a computer system that consists of a disk unit, display unit, keyboard, mouse, and so on.
- a computer program is stored in the RAM or hard disk unit.
- Each device achieves its function by the microprocessor operating according to the computer program.
- the computer program is configured by combining a plurality of instruction codes indicating instructions to the computer in order to achieve a predetermined function.
- a part or all of the constituent elements constituting each of the above devices may be constituted by one system LSI (Large Scale Integration).
- a system LSI is an ultra-multifunctional LSI that is manufactured by integrating multiple components on a single chip. Specifically, it is a computer system that includes a microprocessor, ROM, RAM, and so on. It is. A computer program is stored in the RAM. Microprocessor power The system LSI achieves its functions by operating according to the above computer program.
- each of the above devices may be configured with an IC card or a single module force that can be attached to and detached from each device!
- the IC card or the module is a computer system composed of a microprocessor, ROM, RAM, and the like.
- the IC card or the module may include the super multifunctional LSI.
- the IC card or the module achieves its functions by the microprocessor operating according to the computer program. This IC card or module may be tamper resistant! /.
- the present invention may be the method described above.
- the present invention may be a computer program that realizes these methods by a computer, or may be a digital signal that also has the computer program power.
- the present invention provides a computer-readable recording medium capable of reading the computer program or the digital signal, such as a flexible disk, hard disk, CD-ROM, MO, DVD, DVD-ROM, DVD-RAM, BD. (Blu-ray Disc), recorded on a semiconductor memory or the like. Also, it may be the above digital signal recorded on these recording media.
- the present invention may transmit the computer program or the digital signal via an electric communication line, a wireless or wired communication line, a network typified by the Internet, data transmission, or the like.
- the present invention may be a computer system including a microprocessor and a memory, wherein the memory stores the computer program, and the microprocessor operates according to the computer program. .
- the program or the digital signal is recorded on the recording medium and transferred, or the program or the digital signal is transferred via the network or the like. It may be implemented by a computer system.
- the authentication system according to the present invention is a system for authenticating certificate data such as personal information, and in particular, a user who has received a part of the content of the authentication data generated by the authentication device.
- certificate data such as personal information
- it is useful as a user authentication system that can make anonymity of users because it has!
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
Claims
Priority Applications (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP06756910A EP1890451A1 (en) | 2005-06-10 | 2006-06-02 | Authentication system, authentication device, terminal, and verifying device |
JP2007520076A JP4892478B2 (ja) | 2005-06-10 | 2006-06-02 | 認証システム、認証装置、端末装置及び検証装置 |
US11/916,643 US8850210B2 (en) | 2005-06-10 | 2006-06-02 | Authentication system, authentication device, terminal, and verifying device |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2005170628 | 2005-06-10 | ||
JP2005-170628 | 2005-06-10 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006132143A1 true WO2006132143A1 (ja) | 2006-12-14 |
Family
ID=37498343
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2006/311075 WO2006132143A1 (ja) | 2005-06-10 | 2006-06-02 | 認証システム、認証装置、端末装置及び検証装置 |
Country Status (5)
Country | Link |
---|---|
US (1) | US8850210B2 (ja) |
EP (1) | EP1890451A1 (ja) |
JP (1) | JP4892478B2 (ja) |
CN (1) | CN101194463A (ja) |
WO (1) | WO2006132143A1 (ja) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010097942A1 (ja) * | 2009-02-27 | 2010-09-02 | 富士通株式会社 | 電子署名プログラム、電子署名装置、および電子署名方法 |
WO2011077737A1 (ja) * | 2009-12-25 | 2011-06-30 | 日本電気株式会社 | 条件判断システム、および条件判断方法 |
WO2011142327A1 (ja) * | 2010-05-10 | 2011-11-17 | 日本電気株式会社 | 情報処理装置、制御方法及びプログラム |
WO2021117904A1 (ja) * | 2019-12-12 | 2021-06-17 | 株式会社bitFlyer Blockchain | 証明書データをデジタルに利用可能にするための装置、方法及びそのためのプログラム |
Families Citing this family (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CA2714784A1 (en) * | 2009-09-17 | 2011-03-17 | Royal Canadian Mint/Monnaie Royale Canadienne | Message storage and transfer system |
US8880880B2 (en) * | 2011-07-29 | 2014-11-04 | Qualcomm Incorporated | Facilitating access control in peer-to-peer overlay networks |
CN104504075A (zh) * | 2014-12-23 | 2015-04-08 | 北京奇虎科技有限公司 | 信息模糊处理方法及装置 |
KR102560769B1 (ko) * | 2018-09-21 | 2023-07-28 | 삼성전자주식회사 | 신분 정보를 제공하는 장치 및 그 시스템 |
CN112989309B (zh) * | 2021-05-21 | 2021-08-20 | 统信软件技术有限公司 | 基于多方授权的登录方法、认证方法、系统及计算设备 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003345752A (ja) * | 2002-05-24 | 2003-12-05 | Ntt Data Corp | 認証管理サーバ及びプログラム |
JP2005051734A (ja) | 2003-07-15 | 2005-02-24 | Hitachi Ltd | 電子文書の真正性保証方法および電子文書の公開システム |
JP2005050311A (ja) * | 2003-07-16 | 2005-02-24 | Nippon Telegr & Teleph Corp <Ntt> | サービス提供方法及びシステム |
Family Cites Families (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1997009817A2 (en) * | 1995-08-27 | 1997-03-13 | Aliroo Ltd. | Document processing |
US6401206B1 (en) * | 1997-03-06 | 2002-06-04 | Skylight Software, Inc. | Method and apparatus for binding electronic impressions made by digital identities to documents |
GB2327831B (en) * | 1997-07-23 | 2002-10-09 | Chantilley Corp Ltd | Document or message security arrangements |
KR100241349B1 (ko) * | 1997-09-11 | 2000-02-01 | 정선종 | 문서의 전자적 공증 방법 |
JP2000099469A (ja) * | 1998-09-17 | 2000-04-07 | Nippon Telegr & Teleph Corp <Ntt> | 開放型分散ネットワークにおける認証及び権限付与方法 |
US6560620B1 (en) * | 1999-08-03 | 2003-05-06 | Aplix Research, Inc. | Hierarchical document comparison system and method |
US6978367B1 (en) * | 1999-10-21 | 2005-12-20 | International Business Machines Corporation | Selective data encryption using style sheet processing for decryption by a client proxy |
JP2001283122A (ja) | 2000-03-31 | 2001-10-12 | Dainippon Printing Co Ltd | スマートカードによる取引システムとそれに使用するスマートカード |
JP3578450B2 (ja) * | 2001-06-29 | 2004-10-20 | 株式会社東芝 | 電子文書の実名語/匿名語マップ作成装置及びプログラム、電子文書の匿名化装置及びプログラム、電子文書の実名化装置及びプログラム |
JP3973399B2 (ja) * | 2001-07-09 | 2007-09-12 | 株式会社スクウェア・エニックス | サーバ、情報処理方法、プログラムおよび記憶媒体 |
WO2003040963A1 (en) * | 2001-11-02 | 2003-05-15 | Medical Research Consultants L.P. | Knowledge management system |
US7475242B2 (en) * | 2001-12-18 | 2009-01-06 | Hewlett-Packard Development Company, L.P. | Controlling the distribution of information |
US7130445B2 (en) * | 2002-01-07 | 2006-10-31 | Xerox Corporation | Systems and methods for authenticating and verifying documents |
JP4366916B2 (ja) * | 2002-10-29 | 2009-11-18 | 富士ゼロックス株式会社 | 書類確認システム、書類確認方法、及び書類確認プログラム |
US7484107B2 (en) * | 2004-04-15 | 2009-01-27 | International Business Machines Corporation | Method for selective encryption within documents |
US7536635B2 (en) * | 2005-04-25 | 2009-05-19 | Microsoft Corporation | Enabling users to redact portions of a document |
-
2006
- 2006-06-02 US US11/916,643 patent/US8850210B2/en not_active Expired - Fee Related
- 2006-06-02 WO PCT/JP2006/311075 patent/WO2006132143A1/ja active Application Filing
- 2006-06-02 JP JP2007520076A patent/JP4892478B2/ja not_active Expired - Fee Related
- 2006-06-02 CN CN200680020629.6A patent/CN101194463A/zh active Pending
- 2006-06-02 EP EP06756910A patent/EP1890451A1/en not_active Withdrawn
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2003345752A (ja) * | 2002-05-24 | 2003-12-05 | Ntt Data Corp | 認証管理サーバ及びプログラム |
JP2005051734A (ja) | 2003-07-15 | 2005-02-24 | Hitachi Ltd | 電子文書の真正性保証方法および電子文書の公開システム |
JP2005050311A (ja) * | 2003-07-16 | 2005-02-24 | Nippon Telegr & Teleph Corp <Ntt> | サービス提供方法及びシステム |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2010097942A1 (ja) * | 2009-02-27 | 2010-09-02 | 富士通株式会社 | 電子署名プログラム、電子署名装置、および電子署名方法 |
JP5174233B2 (ja) * | 2009-02-27 | 2013-04-03 | 富士通株式会社 | 電子署名プログラム、電子署名装置、および電子署名方法 |
US8566597B2 (en) | 2009-02-27 | 2013-10-22 | Fujitsu Limited | Digital signature program, digital signature apparatus, and digital signature method |
WO2011077737A1 (ja) * | 2009-12-25 | 2011-06-30 | 日本電気株式会社 | 条件判断システム、および条件判断方法 |
JP5733218B2 (ja) * | 2009-12-25 | 2015-06-10 | 日本電気株式会社 | 条件判断システム、および条件判断方法 |
WO2011142327A1 (ja) * | 2010-05-10 | 2011-11-17 | 日本電気株式会社 | 情報処理装置、制御方法及びプログラム |
JP5796574B2 (ja) * | 2010-05-10 | 2015-10-21 | 日本電気株式会社 | 情報処理装置、制御方法及びプログラム |
WO2021117904A1 (ja) * | 2019-12-12 | 2021-06-17 | 株式会社bitFlyer Blockchain | 証明書データをデジタルに利用可能にするための装置、方法及びそのためのプログラム |
JP7162634B2 (ja) | 2019-12-12 | 2022-10-28 | 株式会社bitFlyer Blockchain | 証明書データをデジタルに利用可能にするための装置、方法及びそのためのプログラム |
Also Published As
Publication number | Publication date |
---|---|
EP1890451A1 (en) | 2008-02-20 |
JP4892478B2 (ja) | 2012-03-07 |
US20090106547A1 (en) | 2009-04-23 |
US8850210B2 (en) | 2014-09-30 |
JPWO2006132143A1 (ja) | 2009-01-08 |
CN101194463A (zh) | 2008-06-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11363015B2 (en) | Provisioning transferable access tokens | |
CN110692214B (zh) | 用于使用区块链的所有权验证的方法和系统 | |
US11341464B2 (en) | Purchase transaction system with encrypted payment card data | |
CN101765996B (zh) | 用于远程认证和交易签名的装置和方法 | |
WO2006132143A1 (ja) | 認証システム、認証装置、端末装置及び検証装置 | |
US9258296B2 (en) | System and method for generating a strong multi factor personalized server key from a simple user password | |
US7028180B1 (en) | System and method for usage of a role certificate in encryption and as a seal, digital stamp, and signature | |
DK1636680T3 (en) | Systems and methods for carrying out secure payment transactions using a formatted data structure | |
US20100153273A1 (en) | Systems for performing transactions at a point-of-sale terminal using mutating identifiers | |
KR20060080174A (ko) | 다수의 수신자에 보안 정보를 전송하는 방법 | |
JP2004023796A (ja) | 選択的に開示可能なデジタル証明書 | |
CN100388154C (zh) | 用于具有属性的用户证明签名的方法和系统 | |
KR20120017044A (ko) | 모바일 디바이스를 이용하는 개인 인증을 위한 시스템 및 방법 | |
GB2434724A (en) | Secure transactions using authentication tokens based on a device "fingerprint" derived from its physical parameters | |
CN103516524A (zh) | 安全验证方法和系统 | |
JP4696449B2 (ja) | 暗号化装置およびその方法 | |
JP5264548B2 (ja) | 認証システムおよび認証方法 | |
EP2747363A1 (en) | Transaction validation method using a communications device | |
CN113704734A (zh) | 基于分布式数字身份实现凭证验证的方法及相关装置 | |
CN106533681A (zh) | 一种支持部分出示的属性证明方法与系统 | |
JP5380368B2 (ja) | Icチップ発行システム、icチップ発行方法およびicチップ発行プログラム | |
JP3497936B2 (ja) | 個人認証方法 | |
JP2021100227A (ja) | IoT鍵管理システム,セキュアデバイス,IoTデバイス,デバイス管理装置およびセキュアエレメントの公開鍵証明書生成方法 | |
JP2004535619A (ja) | 安全な決済取引を行うシステムと方法 | |
JP2006004321A (ja) | セキュリティシステム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 200680020629.6 Country of ref document: CN |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2007520076 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 11916643 Country of ref document: US |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2006756910 Country of ref document: EP |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWP | Wipo information: published in national office |
Ref document number: 2006756910 Country of ref document: EP |